Vulnerability ID : CVE-2024-2227

First published on : 22-03-2024 16:15:09
Last modified on : 22-03-2024 19:02:10

Description :
This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227.

CVE ID : CVE-2024-2227
Source : psirt@sailpoint.com
CVSS Score : 10.0

References :
https://www.sailpoint.com/security-advisories/ | source : psirt@sailpoint.com

Vulnerability : CWE-22

Vulnerability ID : CVE-2022-36407

First published on : 25-03-2024 06:15:08
Last modified on : 25-03-2024 13:47:14

Description :
Insertion of Sensitive Information into Log File vulnerability in Hitachi Virtual Storage Platform, Hitachi Virtual Storage Platform VP9500, Hitachi Virtual Storage Platform G1000, G1500, Hitachi Virtual Storage Platform F1500, Hitachi Virtual Storage Platform 5100, 5500, 5100H, 5500H, Hitachi Virtual Storage Platform 5200, 5600, 5200H, 5600H, Hitachi Unified Storage VM, Hitachi Virtual Storage Platform G100, G200, G400, G600, G800, Hitachi Virtual Storage Platform F400, F600, F800, Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, Hitachi Virtual Storage Platform F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H allows local users to gain sensitive information.This issue affects Hitachi Virtual Storage Platform: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform VP9500: before DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00; Hitachi Virtual Storage Platform G1000, G1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform F1500: before DKCMAIN Ver. 80-06-92-00/00, SVP Ver. 80-06-87/00; Hitachi Virtual Storage Platform 5100, 5500,5100H, 5500H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Virtual Storage Platform 5200, 5600,5200H, 5600H: before DKCMAIN Ver. 90-08-81-00/00, SVP Ver. 90-08-81/00, before DKCMAIN Ver. 90-08-62-00/00, SVP Ver. 90-08-62/00, before DKCMAIN Ver. 90-08-43-00/00, SVP Ver. 90-08-43/00; Hitachi Unified Storage VM: before DKCMAIN Ver. 73-03-75-X0/00, SVP Ver. 73-03-74/00, before DKCMAIN Ver. 73(75)-03-75-X0/00, SVP Ver. 73(75)-03-74/00; Hitachi Virtual Storage Platform G100, G200, G400, G600, G800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform F400, F600, F800: before DKCMAIN Ver. 83-06-19-X0/00, SVP Ver. 83-06-20-X0/00, before DKCMAIN Ver. 83-05-47-X0/00, SVP Ver. 83-05-51-X0/00; Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform F350, F370, F700, F900: before DKCMAIN Ver. 88-08-09-XX/00, SVP Ver. 88-08-11-X0/02; Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H: before DKCMAIN Ver. 93-06-81-X0/00, SVP Ver. 93-06-81-X0/00, before DKCMAIN Ver. 93-06-62-X0/00, SVP Ver. 93-06-62-X0/00, before DKCMAIN Ver. 93-06-43-X0/00, SVP Ver. 93-06-43-X0/00.

CVE ID : CVE-2022-36407
Source : hirt@hitachi.co.jp
CVSS Score : 9.9

References :
https://www.hitachi.com/products/it/storage-solutions/sec_info/2024/2022_313.html | source : hirt@hitachi.co.jp

Vulnerability : CWE-532

Vulnerability ID : CVE-2024-2722

First published on : 22-03-2024 14:15:09
Last modified on : 22-03-2024 15:34:43

Description :
SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

CVE ID : CVE-2024-2722
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2723

First published on : 22-03-2024 14:15:09
Last modified on : 22-03-2024 15:34:43

Description :
SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

CVE ID : CVE-2024-2723
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2724

First published on : 22-03-2024 14:15:09
Last modified on : 22-03-2024 15:34:43

Description :
SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query.

CVE ID : CVE-2024-2724
Source : cve-coordination@incibe.es
CVSS Score : 9.8

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | source : cve-coordination@incibe.es

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-28861

First published on : 22-03-2024 17:15:07
Last modified on : 22-03-2024 19:02:10

Description :
Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue.

CVE ID : CVE-2024-28861
Source : security-advisories@github.com
CVSS Score : 9.8

References :
https://github.com/FriendsOfSymfony1/symfony1/commit/0bd9d59c69221f49bfc8be8b871b79e12d7d171a | source : security-advisories@github.com
https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-pv9j-c53q-h433 | source : security-advisories@github.com

Vulnerability : CWE-502

Vulnerability ID : CVE-2024-29185

First published on : 22-03-2024 17:15:08
Last modified on : 22-03-2024 19:02:10

Description :
FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue.

CVE ID : CVE-2024-29185
Source : security-advisories@github.com
CVSS Score : 9.0

References :
https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7p9x-ch4c-vqj9 | source : security-advisories@github.com

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-2865

First published on : 25-03-2024 14:15:09
Last modified on : 25-03-2024 16:43:06

Description :
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: through 25032024.

CVE ID : CVE-2024-2865
Source : iletisim@usom.gov.tr
CVSS Score : 9.8

References :
https://www.usom.gov.tr/bildirim/tr-24-0229 | source : iletisim@usom.gov.tr

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2862

First published on : 25-03-2024 07:15:50
Last modified on : 25-03-2024 13:47:14

Description :
This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant.

CVE ID : CVE-2024-2862
Source : product.security@lge.com
CVSS Score : 9.1

References :
https://lgsecurity.lge.com/bulletins/idproducts#updateDetails | source : product.security@lge.com

Vulnerability : CWE-287

Vulnerability ID : CVE-2024-2873

First published on : 25-03-2024 22:37:19
Last modified on : 25-03-2024 22:37:19

Description :
A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access.

CVE ID : CVE-2024-2873
Source : facts@wolfssl.com
CVSS Score : 9.1

References :
https://github.com/wolfSSL/wolfssh/pull/670 | source : facts@wolfssl.com
https://github.com/wolfSSL/wolfssh/pull/671 | source : facts@wolfssl.com
https://www.wolfssl.com/docs/security-vulnerabilities/ | source : facts@wolfssl.com

Vulnerability : CWE-287

Vulnerability ID : CVE-2024-2805

First published on : 22-03-2024 03:15:08
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2805
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257660 | source : cna@vuldb.com
https://vuldb.com/?id.257660 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2806

First published on : 22-03-2024 05:15:48
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2806
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257661 | source : cna@vuldb.com
https://vuldb.com/?id.257661 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2807

First published on : 22-03-2024 05:15:48
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2807
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257662 | source : cna@vuldb.com
https://vuldb.com/?id.257662 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2808

First published on : 22-03-2024 05:15:49
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2808
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257663 | source : cna@vuldb.com
https://vuldb.com/?id.257663 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2809

First published on : 22-03-2024 06:15:08
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2809
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257664 | source : cna@vuldb.com
https://vuldb.com/?id.257664 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2810

First published on : 22-03-2024 06:15:10
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2810
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257665 | source : cna@vuldb.com
https://vuldb.com/?id.257665 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2811

First published on : 22-03-2024 06:15:11
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2811
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257666 | source : cna@vuldb.com
https://vuldb.com/?id.257666 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2813

First published on : 22-03-2024 07:15:47
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2813
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257668 | source : cna@vuldb.com
https://vuldb.com/?id.257668 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2814

First published on : 22-03-2024 07:15:47
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2814
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257669 | source : cna@vuldb.com
https://vuldb.com/?id.257669 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2815

First published on : 22-03-2024 08:15:09
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2815
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257670 | source : cna@vuldb.com
https://vuldb.com/?id.257670 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2850

First published on : 24-03-2024 02:15:07
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2850
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257774 | source : cna@vuldb.com
https://vuldb.com/?id.257774 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2852

First published on : 24-03-2024 05:15:09
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2852
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257776 | source : cna@vuldb.com
https://vuldb.com/?id.257776 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2855

First published on : 24-03-2024 06:15:11
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2855
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257779 | source : cna@vuldb.com
https://vuldb.com/?id.257779 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-2856

First published on : 24-03-2024 07:15:08
Last modified on : 25-03-2024 13:15:48

Description :
A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2856
Source : cna@vuldb.com
CVSS Score : 8.8

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257780 | source : cna@vuldb.com
https://vuldb.com/?id.257780 | source : cna@vuldb.com
https://vuldb.com/?submit.299741 | source : cna@vuldb.com

Vulnerability : CWE-121

Vulnerability ID : CVE-2024-28824

First published on : 22-03-2024 11:15:46
Last modified on : 22-03-2024 12:45:36

Description :
Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

CVE ID : CVE-2024-28824
Source : security@checkmk.com
CVSS Score : 8.8

References :
https://checkmk.com/werk/16198 | source : security@checkmk.com

Vulnerability : CWE-272
Vulnerability : CWE-807

Vulnerability ID : CVE-2024-0638

First published on : 22-03-2024 11:15:46
Last modified on : 22-03-2024 12:45:36

Description :
Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges.

CVE ID : CVE-2024-0638
Source : security@checkmk.com
CVSS Score : 8.2

References :
https://checkmk.com/werk/16232 | source : security@checkmk.com

Vulnerability : CWE-272

Vulnerability ID : CVE-2024-2025

First published on : 23-03-2024 02:15:47
Last modified on : 25-03-2024 01:51:01

Description :
The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code.

CVE ID : CVE-2024-2025
Source : security@wordfence.com
CVSS Score : 8.8

References :
https://plugins.trac.wordpress.org/changeset/3055634/wc4bp/trunk/class/includes/class-request-helper.php | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/78da9e79-399e-43e3-ac27-a162861cae71?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-25002

First published on : 25-03-2024 14:15:09
Last modified on : 25-03-2024 16:43:06

Description :
Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device.

CVE ID : CVE-2024-25002
Source : psirt@bosch.com
CVSS Score : 8.8

References :
https://psirt.bosch.com/security-advisories/BOSCH-SA-152190.html | source : psirt@bosch.com

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-27299

First published on : 25-03-2024 19:15:57
Last modified on : 25-03-2024 19:15:57

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6.

CVE ID : CVE-2024-27299
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw | source : security-advisories@github.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-28107

First published on : 25-03-2024 19:15:58
Last modified on : 25-03-2024 19:15:58

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6.

CVE ID : CVE-2024-28107
Source : security-advisories@github.com
CVSS Score : 8.8

References :
https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r | source : security-advisories@github.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-29194

First published on : 24-03-2024 19:15:07
Last modified on : 25-03-2024 01:51:01

Description :
OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815.

CVE ID : CVE-2024-29194
Source : security-advisories@github.com
CVSS Score : 8.3

References :
https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c | source : security-advisories@github.com
https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq | source : security-advisories@github.com

Vulnerability : CWE-639

Vulnerability ID : CVE-2024-28850

First published on : 25-03-2024 19:15:58
Last modified on : 25-03-2024 19:15:58

Description :
WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site's database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event.

CVE ID : CVE-2024-28850
Source : security-advisories@github.com
CVSS Score : 8.1

References :
https://github.com/johnbillion/wp-crontrol/releases/tag/1.16.2 | source : security-advisories@github.com
https://github.com/johnbillion/wp-crontrol/security/advisories/GHSA-9xvf-cjvf-ff5q | source : security-advisories@github.com

Vulnerability : CWE-494

Vulnerability ID : CVE-2024-29184

First published on : 22-03-2024 17:15:08
Last modified on : 22-03-2024 19:02:10

Description :
FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, the Support Agent User can inject malicious scripts into their signature, which will then be executed when viewed by the Administrator. The application protects users against XSS attacks by enforcing a CSP policy, the CSP Policy is: `script-src 'self' 'nonce-abcd' `. The CSP policy only allows the inclusion of JS files that are present on the application server and doesn't allow any inline script or script other than nonce-abcd. The CSP policy was bypassed by uploading a JS file to the server by a POST request to /conversation/upload endpoint. After this, a working XSS payload was crafted by including the uploaded JS file link as the src of the script. This bypassed the CSP policy and XSS attacks became possible. The impact of this vulnerability is severe as it allows an attacker to compromise the FreeScout Application. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. Alternatively, the attacker can elevate the privileges of a low-privileged user to Administrator, further compromising the security of the application. Attackers can steal sensitive information such as login credentials, session tokens, personal identifiable information (PII), and financial data. The vulnerability can also lead to defacement of the Application. Version 1.8.128 contains a patch for this issue.

CVE ID : CVE-2024-29184
Source : security-advisories@github.com
CVSS Score : 8.0

References :
https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-fffc-phh8-5h4v | source : security-advisories@github.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-29188

First published on : 24-03-2024 20:15:08
Last modified on : 25-03-2024 01:51:01

Description :
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5.

CVE ID : CVE-2024-29188
Source : security-advisories@github.com
CVSS Score : 7.9

References :
https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg | source : security-advisories@github.com
https://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742 | source : security-advisories@github.com
https://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a | source : security-advisories@github.com

Vulnerability : CWE-59

Vulnerability ID : CVE-2024-29190

First published on : 22-03-2024 23:15:07
Last modified on : 25-03-2024 01:51:01

Description :
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue.

CVE ID : CVE-2024-29190
Source : security-advisories@github.com
CVSS Score : 7.5

References :
https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link | source : security-advisories@github.com
https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/5a8eeee73c5f504a6c3abdf2a139a13804efdb77 | source : security-advisories@github.com
https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3 | source : security-advisories@github.com

Vulnerability : CWE-918

Vulnerability ID : CVE-2024-29187

First published on : 24-03-2024 20:15:08
Last modified on : 25-03-2024 01:51:01

Description :
WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5.

CVE ID : CVE-2024-29187
Source : security-advisories@github.com
CVSS Score : 7.3

References :
https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r | source : security-advisories@github.com
https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7 | source : security-advisories@github.com
https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9 | source : security-advisories@github.com

Vulnerability : CWE-732

Vulnerability ID : CVE-2024-28105

First published on : 25-03-2024 19:15:58
Last modified on : 25-03-2024 19:15:58

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6.

CVE ID : CVE-2024-28105
Source : security-advisories@github.com
CVSS Score : 7.2

References :
https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf | source : security-advisories@github.com

Vulnerability : CWE-434

Vulnerability ID : CVE-2024-1973

First published on : 25-03-2024 22:37:19
Last modified on : 25-03-2024 22:37:19

Description :
By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations.

CVE ID : CVE-2024-1973
Source : security@opentext.com
CVSS Score : 8.5

References :
https://portal.microfocus.com/s/article/KM000027861 | source : security@opentext.com

Vulnerability : CWE-269

Vulnerability ID : CVE-2024-2448

First published on : 22-03-2024 14:15:08
Last modified on : 22-03-2024 15:34:43

Description :
An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection.

CVE ID : CVE-2024-2448
Source : security@progress.com
CVSS Score : 8.4

References :
https://progress.com/loadmaster | source : security@progress.com
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 | source : security@progress.com

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-2449

First published on : 22-03-2024 14:15:09
Last modified on : 22-03-2024 15:34:43

Description :
A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator.

CVE ID : CVE-2024-2449
Source : security@progress.com
CVSS Score : 7.5

References :
https://progress.com/loadmaster | source : security@progress.com
https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 | source : security@progress.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-24832

First published on : 23-03-2024 15:15:07
Last modified on : 25-03-2024 01:51:01

Description :
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

CVE ID : CVE-2024-24832
Source : audit@patchstack.com
CVSS Score : 8.2

References :
https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2024-2864

First published on : 25-03-2024 11:15:45
Last modified on : 25-03-2024 13:47:14

Description :
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5.

CVE ID : CVE-2024-2864
Source : audit@patchstack.com
CVSS Score : 7.3

References :
https://patchstack.com/database/vulnerability/youzify-moderation/wordpress-youzify-buddypress-moderation-plugin-2-0-0-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-1603

First published on : 23-03-2024 19:15:07
Last modified on : 25-03-2024 01:51:01

Description :
paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file.

CVE ID : CVE-2024-1603
Source : security@huntr.dev
CVSS Score : 8.2

References :
https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e | source : security@huntr.dev

Vulnerability : CWE-73

Vulnerability ID : CVE-2024-24892

First published on : 25-03-2024 07:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1.

CVE ID : CVE-2024-24892
Source : securities@openeuler.org
CVSS Score : 8.1

References :
https://gitee.com/src-openeuler/migration-tools/pulls/12 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275 | source : securities@openeuler.org

Vulnerability : CWE-269
Vulnerability : CWE-78

Vulnerability ID : CVE-2024-24897

First published on : 25-03-2024 07:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0.

CVE ID : CVE-2024-24897
Source : securities@openeuler.org
CVSS Score : 8.1

References :
https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45 | source : securities@openeuler.org
https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273 | source : securities@openeuler.org

Vulnerability : CWE-77

Vulnerability ID : CVE-2024-24890

First published on : 25-03-2024 07:15:49
Last modified on : 25-03-2024 13:47:14

Description :
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2.

CVE ID : CVE-2024-24890
Source : securities@openeuler.org
CVSS Score : 7.8

References :
https://gitee.com/src-openeuler/gala-gopher/pulls/81 | source : securities@openeuler.org
https://gitee.com/src-openeuler/gala-gopher/pulls/82 | source : securities@openeuler.org
https://gitee.com/src-openeuler/gala-gopher/pulls/85 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279 | source : securities@openeuler.org

Vulnerability : CWE-78

Vulnerability ID : CVE-2021-33633

First published on : 23-03-2024 12:15:07
Last modified on : 25-03-2024 01:51:01

Description :
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-ceres on Linux allows Command Injection. This vulnerability is associated with program files ceres/function/util.Py. This issue affects aops-ceres: from 1.3.0 through 1.4.1.

CVE ID : CVE-2021-33633
Source : securities@openeuler.org
CVSS Score : 7.3

References :
https://gitee.com/src-openeuler/aops-ceres/pulls/158 | source : securities@openeuler.org
https://gitee.com/src-openeuler/aops-ceres/pulls/159 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1159 | source : securities@openeuler.org

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-24899

First published on : 25-03-2024 07:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0.

CVE ID : CVE-2024-24899
Source : securities@openeuler.org
CVSS Score : 7.2

References :
https://gitee.com/src-openeuler/aops-zeus/pulls/107 | source : securities@openeuler.org
https://gitee.com/src-openeuler/aops-zeus/pulls/108 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294 | source : securities@openeuler.org

Vulnerability : CWE-78

Vulnerability ID : CVE-2021-33632

First published on : 25-03-2024 07:15:49
Last modified on : 25-03-2024 13:47:14

Description :
Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in openEuler iSulad on Linux allows Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions. This vulnerability is associated with program files https://gitee.Com/openeuler/iSulad/blob/master/src/cmd/isulad/main.C. This issue affects iSulad: 2.0.18-13, from 2.1.4-1 through 2.1.4-2.

CVE ID : CVE-2021-33632
Source : securities@openeuler.org
CVSS Score : 7.0

References :
https://gitee.com/src-openeuler/iSulad/pulls/639 | source : securities@openeuler.org
https://gitee.com/src-openeuler/iSulad/pulls/640 | source : securities@openeuler.org
https://gitee.com/src-openeuler/iSulad/pulls/645 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1287 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1289 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1290 | source : securities@openeuler.org
https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1307 | source : securities@openeuler.org

Vulnerability : CWE-367

Vulnerability ID : CVE-2024-1848

First published on : 22-03-2024 11:15:46
Last modified on : 22-03-2024 12:45:36

Description :
Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file.

CVE ID : CVE-2024-1848
Source : 3DS.Information-Security@3ds.com
CVSS Score : 7.8

References :
https://www.3ds.com/vulnerability/advisories | source : 3DS.Information-Security@3ds.com

Vulnerability : CWE-125
Vulnerability : CWE-416
Vulnerability : CWE-787
Vulnerability : CWE-843
Vulnerability : CWE-908

Vulnerability ID : CVE-2024-2725

First published on : 22-03-2024 14:15:10
Last modified on : 22-03-2024 15:34:43

Description :
Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application.

CVE ID : CVE-2024-2725
Source : cve-coordination@incibe.es
CVSS Score : 7.5

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | source : cve-coordination@incibe.es

Vulnerability : CWE-200

Vulnerability ID : CVE-2023-5685

First published on : 22-03-2024 19:15:07
Last modified on : 25-03-2024 01:51:01

Description :
A flaw was found in XNIO. The XNIO NotifierState that can cause a Stack Overflow Exception when the chain of notifier states becomes problematically large can lead to uncontrolled resource management and a possible denial of service (DoS).

CVE ID : CVE-2023-5685
Source : secalert@redhat.com
CVSS Score : 7.5

References :
https://access.redhat.com/security/cve/CVE-2023-5685 | source : secalert@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=2241822 | source : secalert@redhat.com

Vulnerability : CWE-400

Vulnerability ID : CVE-2024-29059

First published on : 23-03-2024 00:15:09
Last modified on : 25-03-2024 01:51:01

Description :
.NET Framework Information Disclosure Vulnerability

CVE ID : CVE-2024-29059
Source : secure@microsoft.com
CVSS Score : 7.5

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 | source : secure@microsoft.com

Vulnerability ID : CVE-2024-21505

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions.

CVE ID : CVE-2024-21505
Source : report@snyk.io
CVSS Score : 7.5

References :
https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80 | source : report@snyk.io
https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 | source : report@snyk.io

Vulnerability : CWE-1321

Vulnerability ID : CVE-2024-2425

First published on : 25-03-2024 21:15:47
Last modified on : 25-03-2024 21:15:47

Description :
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it.

CVE ID : CVE-2024-2425
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.5

References :
https://https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-20

Vulnerability ID : CVE-2024-2426

First published on : 25-03-2024 21:15:47
Last modified on : 25-03-2024 21:15:47

Description :
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it.

CVE ID : CVE-2024-2426
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.5

References :
https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-20

Vulnerability ID : CVE-2024-2427

First published on : 25-03-2024 21:15:47
Last modified on : 25-03-2024 21:15:47

Description :
A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover.

CVE ID : CVE-2024-2427
Source : PSIRT@rockwellautomation.com
CVSS Score : 7.5

References :
https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html | source : PSIRT@rockwellautomation.com

Vulnerability : CWE-20

Vulnerability ID : CVE-2024-2228

First published on : 22-03-2024 16:15:09
Last modified on : 22-03-2024 19:02:10

Description :
This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population.

CVE ID : CVE-2024-2228
Source : psirt@sailpoint.com
CVSS Score : 7.1

References :
https://www.sailpoint.com/security-advisories/ | source : psirt@sailpoint.com

Vulnerability : CWE-269

Vulnerability ID : CVE-2024-29034

First published on : 24-03-2024 20:15:07
Last modified on : 25-03-2024 01:51:01

Description :
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6.

CVE ID : CVE-2024-29034
Source : security-advisories@github.com
CVSS Score : 6.8

References :
https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477 | source : security-advisories@github.com
https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw | source : security-advisories@github.com

Vulnerability : CWE-436
Vulnerability : CWE-79

Vulnerability ID : CVE-2024-28243

First published on : 25-03-2024 20:15:07
Last modified on : 25-03-2024 20:15:07

Description :
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

CVE ID : CVE-2024-28243
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 | source : security-advisories@github.com
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w | source : security-advisories@github.com

Vulnerability : CWE-674

Vulnerability ID : CVE-2024-28244

First published on : 25-03-2024 20:15:08
Last modified on : 25-03-2024 20:15:08

Description :
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10.

CVE ID : CVE-2024-28244
Source : security-advisories@github.com
CVSS Score : 6.5

References :
https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2 | source : security-advisories@github.com
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc | source : security-advisories@github.com

Vulnerability : CWE-674

Vulnerability ID : CVE-2024-28245

First published on : 25-03-2024 20:15:08
Last modified on : 25-03-2024 20:15:08

Description :
KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

CVE ID : CVE-2024-28245
Source : security-advisories@github.com
CVSS Score : 6.3

References :
https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 | source : security-advisories@github.com
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h | source : security-advisories@github.com

Vulnerability : CWE-116

Vulnerability ID : CVE-2024-28183

First published on : 25-03-2024 15:15:52
Last modified on : 25-03-2024 16:43:06

Description :
ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1.

CVE ID : CVE-2024-28183
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://github.com/espressif/esp-idf/commit/3305cb4d235182067936f8e940e6db174e25b4b2 | source : security-advisories@github.com
https://github.com/espressif/esp-idf/commit/4c95aa445d4e84f01f86b6f3a552aa299276abf3 | source : security-advisories@github.com
https://github.com/espressif/esp-idf/commit/534e3ad1fa68526a5f989fb2163856d6b7cd2c87 | source : security-advisories@github.com
https://github.com/espressif/esp-idf/commit/7003f1ef0dffc73c34eb153d1b0710babb078149 | source : security-advisories@github.com
https://github.com/espressif/esp-idf/commit/b2cdc0678965790f49afeb6e6b0737cd24433a05 | source : security-advisories@github.com
https://github.com/espressif/esp-idf/commit/c33b9e1426121ce8cccf1a94241740be9cff68de | source : security-advisories@github.com
https://github.com/espressif/esp-idf/commit/f327ddf6adab0c28d395975785727b2feef57803 | source : security-advisories@github.com
https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8 | source : security-advisories@github.com

Vulnerability : CWE-367

Vulnerability ID : CVE-2024-29041

First published on : 25-03-2024 21:15:46
Last modified on : 25-03-2024 21:15:46

Description :
Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3.

CVE ID : CVE-2024-29041
Source : security-advisories@github.com
CVSS Score : 6.1

References :
https://expressjs.com/en/4x/api.html#res.location | source : security-advisories@github.com
https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd | source : security-advisories@github.com
https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 | source : security-advisories@github.com
https://github.com/expressjs/express/pull/5539 | source : security-advisories@github.com
https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc | source : security-advisories@github.com
https://github.com/koajs/koa/issues/1800 | source : security-advisories@github.com

Vulnerability : CWE-1286
Vulnerability : CWE-601

Vulnerability ID : CVE-2024-27300

First published on : 25-03-2024 19:15:57
Last modified on : 25-03-2024 19:15:57

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6.

CVE ID : CVE-2024-27300
Source : security-advisories@github.com
CVSS Score : 5.5

References :
https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx | source : security-advisories@github.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-28246

First published on : 25-03-2024 20:15:08
Last modified on : 25-03-2024 20:15:08

Description :
KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability.

CVE ID : CVE-2024-28246
Source : security-advisories@github.com
CVSS Score : 5.5

References :
https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de | source : security-advisories@github.com
https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329 | source : security-advisories@github.com

Vulnerability : CWE-184
Vulnerability : CWE-697

Vulnerability ID : CVE-2024-29042

First published on : 22-03-2024 17:15:07
Last modified on : 22-03-2024 19:02:10

Description :
Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue.

CVE ID : CVE-2024-29042
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4 | source : security-advisories@github.com
https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3 | source : security-advisories@github.com
https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj | source : security-advisories@github.com

Vulnerability : CWE-20

Vulnerability ID : CVE-2024-29186

First published on : 22-03-2024 17:15:08
Last modified on : 22-03-2024 19:02:10

Description :
Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library. The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value. Precisely, the `mb_convert_encoding` function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value. An attacker could send specifically crafted requests which would force the server into performing long operations with a consequent long billed duration. The attack has the following requirements and limitations: The Lambda should use the Event-Driven Function runtime and the `RequestHandlerInterface` handler and should implement at least an endpoint accepting POST requests; the attacker can send requests up to 6MB long (this is enough to cause a billed duration between 400ms and 500ms with the default 1024MB RAM Lambda image of Bref); and if the Lambda uses a PHP runtime <= php-82, the impact is higher as the billed duration in the default 1024MB RAM Lambda image of Bref could be brought to more than 900ms for each request. Notice that the vulnerability applies only to headers read from the request body as the request header has a limitation which allows a total maximum size of ~10KB. Version 2.1.17 contains a fix for this issue.

CVE ID : CVE-2024-29186
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://github.com/brefphp/bref/commit/5f7c0294628dbcec6305f638ff7e2dba8a1c2f45 | source : security-advisories@github.com
https://github.com/brefphp/bref/security/advisories/GHSA-j4hq-f63x-f39r | source : security-advisories@github.com

Vulnerability : CWE-400

Vulnerability ID : CVE-2024-29025

First published on : 25-03-2024 20:15:08
Last modified on : 25-03-2024 20:15:08

Description :
Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final.

CVE ID : CVE-2024-29025
Source : security-advisories@github.com
CVSS Score : 5.3

References :
https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3 | source : security-advisories@github.com
https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c | source : security-advisories@github.com
https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v | source : security-advisories@github.com

Vulnerability : CWE-770

Vulnerability ID : CVE-2024-28108

First published on : 25-03-2024 19:15:58
Last modified on : 25-03-2024 19:15:58

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6.

CVE ID : CVE-2024-28108
Source : security-advisories@github.com
CVSS Score : 4.7

References :
https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634 | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh | source : security-advisories@github.com

Vulnerability : CWE-79
Vulnerability : CWE-80

Vulnerability ID : CVE-2023-45824

First published on : 25-03-2024 19:15:57
Last modified on : 25-03-2024 19:15:57

Description :
OroPlatform is a PHP Business Application Platform (BAP). A logged in user can access page state data of pinned pages of other users by pageId hash. This vulnerability is fixed in 5.1.4.

CVE ID : CVE-2023-45824
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/oroinc/platform/commit/cf94df7595afca052796e26b299d2ce031e289cd | source : security-advisories@github.com
https://github.com/oroinc/platform/security/advisories/GHSA-vxq2-p937-3px3 | source : security-advisories@github.com

Vulnerability : CWE-200

Vulnerability ID : CVE-2023-48296

First published on : 25-03-2024 19:15:57
Last modified on : 25-03-2024 19:15:57

Description :
OroPlatform is a PHP Business Application Platform (BAP). Navigation history, most viewed and favorite navigation items are returned to storefront user in JSON navigation response if ID of storefront user matches ID of back-office user. This vulnerability is fixed in 5.1.4.

CVE ID : CVE-2023-48296
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/oroinc/orocommerce/commit/41c526498012d44cd88852c63697f1ef53b61db8 | source : security-advisories@github.com
https://github.com/oroinc/orocommerce/security/advisories/GHSA-v7px-46v9-5qwp | source : security-advisories@github.com

Vulnerability : CWE-200

Vulnerability ID : CVE-2024-28106

First published on : 25-03-2024 19:15:58
Last modified on : 25-03-2024 19:15:58

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6.

CVE ID : CVE-2024-28106
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a | source : security-advisories@github.com
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r | source : security-advisories@github.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-29179

First published on : 25-03-2024 21:15:47
Last modified on : 25-03-2024 21:15:47

Description :
phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks.

CVE ID : CVE-2024-29179
Source : security-advisories@github.com
CVSS Score : 4.3

References :
https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 | source : security-advisories@github.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2392

First published on : 22-03-2024 02:15:08
Last modified on : 22-03-2024 12:45:36

Description :
The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2392
Source : security@wordfence.com
CVSS Score : 6.5

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051797%40blocksy-companion&new=3051797%40blocksy-companion&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2500

First published on : 22-03-2024 02:15:09
Last modified on : 22-03-2024 12:45:36

Description :
The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2500
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://themes.trac.wordpress.org/browser/colormag/3.1.6/inc/template-tags.php#L845 | source : security@wordfence.com
https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=221537%40colormag&new=221537%40colormag&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/a4b44d89-6f1e-4a23-91ea-e79fc3221183?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1697

First published on : 23-03-2024 02:15:46
Last modified on : 25-03-2024 01:51:01

Description :
The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1697
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775 | source : security@wordfence.com
https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2131

First published on : 23-03-2024 02:15:47
Last modified on : 25-03-2024 01:51:01

Description :
The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2131
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048903%40move-addons&new=3048903%40move-addons&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2202

First published on : 23-03-2024 03:15:12
Last modified on : 25-03-2024 01:51:01

Description :
The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2202
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php#L911 | source : security@wordfence.com
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31 | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2468

First published on : 23-03-2024 03:15:12
Last modified on : 25-03-2024 01:51:01

Description :
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2468
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-1049

First published on : 23-03-2024 04:15:08
Last modified on : 25-03-2024 01:51:01

Description :
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-1049
Source : security@wordfence.com
CVSS Score : 6.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-0957

First published on : 22-03-2024 02:15:07
Last modified on : 22-03-2024 12:45:36

Description :
The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing.

CVE ID : CVE-2024-0957
Source : security@wordfence.com
CVSS Score : 6.1

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2688

First published on : 23-03-2024 03:15:13
Last modified on : 25-03-2024 01:51:01

Description :
The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

CVE ID : CVE-2024-2688
Source : security@wordfence.com
CVSS Score : 5.4

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2080

First published on : 22-03-2024 02:15:08
Last modified on : 22-03-2024 12:45:36

Description :
The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private.

CVE ID : CVE-2024-2080
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054831%40wp-poll&new=3054831%40wp-poll&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/84f57623-b6a6-4717-857d-93fa9d279882?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2024-2326

First published on : 23-03-2024 04:15:08
Last modified on : 25-03-2024 01:51:01

Description :
The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE ID : CVE-2024-2326
Source : security@wordfence.com
CVSS Score : 4.3

References :
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail= | source : security@wordfence.com
https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve | source : security@wordfence.com

Vulnerability ID : CVE-2022-38057

First published on : 25-03-2024 12:15:08
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in ThemeHunk Advance WordPress Search Plugin.This issue affects Advance WordPress Search Plugin: from n/a through 1.2.1.

CVE ID : CVE-2022-38057
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/th-advance-product-search/wordpress-th-advance-product-search-plugin-1-1-4-unauthenticated-plugin-settings-reset-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-27608

First published on : 25-03-2024 12:15:10
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in WP Swings Points and Rewards for WooCommerce.This issue affects Points and Rewards for WooCommerce: from n/a through 1.5.0.

CVE ID : CVE-2023-27608
Source : audit@patchstack.com
CVSS Score : 6.5

References :
https://patchstack.com/database/vulnerability/points-and-rewards-for-woocommerce/wordpress-points-and-rewards-for-woocommerce-plugin-1-5-0-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2022-44626

First published on : 25-03-2024 12:15:08
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in Squirrly SEO Plugin by Squirrly SEO.This issue affects SEO Plugin by Squirrly SEO: from n/a through 12.1.20.

CVE ID : CVE-2022-44626
Source : audit@patchstack.com
CVSS Score : 6.3

References :
https://patchstack.com/database/vulnerability/squirrly-seo/wordpress-squirrly-seo-peaks-plugin-12-1-20-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-37886

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.

CVE ID : CVE-2023-37886
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/realhomes/wordpress-realhomes-theme-4-0-2-broken-access-control-vulnerability-2?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2022-45351

First published on : 25-03-2024 12:15:08
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

CVE ID : CVE-2022-45351
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-5?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2022-45352

First published on : 25-03-2024 12:15:09
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

CVE ID : CVE-2022-45352
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-2?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2022-45356

First published on : 25-03-2024 12:15:09
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

CVE ID : CVE-2022-45356
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-3?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2022-45851

First published on : 25-03-2024 12:15:09
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in ShareThis ShareThis Dashboard for Google Analytics.This issue affects ShareThis Dashboard for Google Analytics: from n/a through 3.1.4.

CVE ID : CVE-2022-45851
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/googleanalytics/wordpress-sharethis-dashboard-for-google-analytics-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-22699

First published on : 25-03-2024 12:15:09
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in MainWP MainWP Wordfence Extension.This issue affects MainWP Wordfence Extension: from n/a through 4.0.7.

CVE ID : CVE-2023-22699
Source : audit@patchstack.com
CVSS Score : 5.4

References :
https://patchstack.com/database/vulnerability/mainwp-wordfence-extension/wordpress-mainwp-wordfence-extension-plugin-4-0-7-subscriber-arbitrary-plugin-activation-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2024-24835

First published on : 23-03-2024 15:15:07
Last modified on : 25-03-2024 01:51:01

Description :
Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4.

CVE ID : CVE-2024-24835
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2024-24840

First published on : 23-03-2024 15:15:07
Last modified on : 25-03-2024 01:51:01

Description :
Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11.

CVE ID : CVE-2024-24840
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-4-11-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-30480

First published on : 25-03-2024 05:15:49
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in Sparkle WP Educenter.This issue affects Educenter: from n/a through 1.5.5.

CVE ID : CVE-2023-30480
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/educenter/wordpress-educenter-theme-1-5-1-broken-access-control?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-33923

First published on : 25-03-2024 05:15:49
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0.

CVE ID : CVE-2023-33923
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/hashone/wordpress-hashone-theme-1-3-0-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/viral-news/wordpress-viral-news-theme-1-4-5-authenticated-arbitrary-plugin-activation-vulnerability?_s_id=cve | source : audit@patchstack.com
https://patchstack.com/database/vulnerability/viral/wordpress-viral-theme-1-8-0-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-37885

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in InspiryThemes RealHomes.This issue affects RealHomes: from n/a through 4.0.2.

CVE ID : CVE-2023-37885
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/realhomes/wordpress-realhomes-theme-4-0-2-broken-access-control-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2022-45349

First published on : 25-03-2024 12:15:08
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in Muffingroup Betheme.This issue affects Betheme: from n/a through 26.6.1.

CVE ID : CVE-2022-45349
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/betheme/wordpress-betheme-theme-26-6-1-broken-access-control-vulnerability-4?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2023-25039

First published on : 25-03-2024 12:15:10
Last modified on : 25-03-2024 13:47:14

Description :
Missing Authorization vulnerability in CodePeople Google Maps CP.This issue affects Google Maps CP: from n/a through 1.0.43.

CVE ID : CVE-2023-25039
Source : audit@patchstack.com
CVSS Score : 4.3

References :
https://patchstack.com/database/vulnerability/codepeople-post-map/wordpress-google-maps-cp-plugin-1-0-43-missing-authorization-leading-to-feedback-submission-vulnerability?_s_id=cve | source : audit@patchstack.com

Vulnerability : CWE-862

Vulnerability ID : CVE-2024-2776

First published on : 22-03-2024 00:15:07
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2776
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257610 | source : cna@vuldb.com
https://vuldb.com/?id.257610 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2777

First published on : 22-03-2024 00:15:08
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611.

CVE ID : CVE-2024-2777
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%202.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257611 | source : cna@vuldb.com
https://vuldb.com/?id.257611 | source : cna@vuldb.com

Vulnerability : CWE-89

Vulnerability ID : CVE-2024-2812

First published on : 22-03-2024 07:15:46
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2812
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257667 | source : cna@vuldb.com
https://vuldb.com/?id.257667 | source : cna@vuldb.com

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-2824

First published on : 22-03-2024 18:15:08
Last modified on : 22-03-2024 19:02:10

Description :
A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711.

CVE ID : CVE-2024-2824
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip | source : cna@vuldb.com
https://github.com/Matthias-Wandel/jhead/issues/84 | source : cna@vuldb.com
https://vuldb.com/?ctiid.257711 | source : cna@vuldb.com
https://vuldb.com/?id.257711 | source : cna@vuldb.com

Vulnerability : CWE-122

Vulnerability ID : CVE-2024-2825

First published on : 22-03-2024 19:15:08
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257715.

CVE ID : CVE-2024-2825
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://gitee.com/lakernote/easy-admin/issues/I98ZTA | source : cna@vuldb.com
https://vuldb.com/?ctiid.257715 | source : cna@vuldb.com
https://vuldb.com/?id.257715 | source : cna@vuldb.com

Vulnerability : CWE-24

Vulnerability ID : CVE-2024-2826

First published on : 22-03-2024 19:15:08
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716.

CVE ID : CVE-2024-2826
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://gitee.com/lakernote/easy-admin/issues/I98ZTA | source : cna@vuldb.com
https://vuldb.com/?ctiid.257716 | source : cna@vuldb.com
https://vuldb.com/?id.257716 | source : cna@vuldb.com

Vulnerability : CWE-611

Vulnerability ID : CVE-2024-2827

First published on : 22-03-2024 19:15:09
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257717 was assigned to this vulnerability.

CVE ID : CVE-2024-2827
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://gitee.com/lakernote/easy-admin/issues/I98ZTA | source : cna@vuldb.com
https://vuldb.com/?ctiid.257717 | source : cna@vuldb.com
https://vuldb.com/?id.257717 | source : cna@vuldb.com

Vulnerability : CWE-918

Vulnerability ID : CVE-2024-2828

First published on : 22-03-2024 20:15:07
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2828
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://gitee.com/lakernote/easy-admin/commit/23165d8cb569048c531150f194fea39f8800b8d5 | source : cna@vuldb.com
https://gitee.com/lakernote/easy-admin/issues/I98YSR | source : cna@vuldb.com
https://vuldb.com/?ctiid.257718 | source : cna@vuldb.com
https://vuldb.com/?id.257718 | source : cna@vuldb.com

Vulnerability : CWE-918

Vulnerability ID : CVE-2024-2849

First published on : 23-03-2024 18:15:07
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2849
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/CveSecLook/cve/issues/1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.257770 | source : cna@vuldb.com
https://vuldb.com/?id.257770 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerability ID : CVE-2024-2851

First published on : 24-03-2024 03:15:09
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2851
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257775 | source : cna@vuldb.com
https://vuldb.com/?id.257775 | source : cna@vuldb.com

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-2853

First published on : 24-03-2024 05:15:10
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2853
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257777 | source : cna@vuldb.com
https://vuldb.com/?id.257777 | source : cna@vuldb.com

Vulnerability : CWE-78

Vulnerability ID : CVE-2024-2854

First published on : 24-03-2024 06:15:08
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2854
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257778 | source : cna@vuldb.com
https://vuldb.com/?id.257778 | source : cna@vuldb.com

Vulnerability : CWE-78

Vulnerability ID : CVE-2020-36825

First published on : 24-03-2024 12:15:08
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability has been found in cyberaz0r WebRAT up to 20191222 and classified as critical. This vulnerability affects the function download_file of the file Server/api.php. The manipulation of the argument name leads to unrestricted upload. The attack can be initiated remotely. The patch is identified as 0c394a795b9c10c07085361e6fcea286ee793701. It is recommended to apply a patch to fix this issue. VDB-257782 is the identifier assigned to this vulnerability.

CVE ID : CVE-2020-36825
Source : cna@vuldb.com
CVSS Score : 6.3

References :
https://github.com/cyberaz0r/WebRAT/commit/0c394a795b9c10c07085361e6fcea286ee793701 | source : cna@vuldb.com
https://vuldb.com/?ctiid.257782 | source : cna@vuldb.com
https://vuldb.com/?id.257782 | source : cna@vuldb.com

Vulnerability : CWE-434

Vulnerability ID : CVE-2024-2816

First published on : 22-03-2024 08:15:10
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2816
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257671 | source : cna@vuldb.com
https://vuldb.com/?id.257671 | source : cna@vuldb.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2817

First published on : 22-03-2024 08:15:10
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2817
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257672 | source : cna@vuldb.com
https://vuldb.com/?id.257672 | source : cna@vuldb.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2820

First published on : 22-03-2024 16:15:10
Last modified on : 22-03-2024 19:02:10

Description :
A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2820
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/E1CHO/demo/blob/main/26.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257707 | source : cna@vuldb.com
https://vuldb.com/?id.257707 | source : cna@vuldb.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2821

First published on : 22-03-2024 16:15:10
Last modified on : 22-03-2024 19:02:10

Description :
A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2821
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/E1CHO/demo/blob/main/27.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257708 | source : cna@vuldb.com
https://vuldb.com/?id.257708 | source : cna@vuldb.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2822

First published on : 22-03-2024 17:15:09
Last modified on : 22-03-2024 19:02:10

Description :
A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2822
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/E1CHO/demo/blob/main/29.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257709 | source : cna@vuldb.com
https://vuldb.com/?id.257709 | source : cna@vuldb.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2823

First published on : 22-03-2024 17:15:09
Last modified on : 22-03-2024 19:02:10

Description :
A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVE ID : CVE-2024-2823
Source : cna@vuldb.com
CVSS Score : 4.3

References :
https://github.com/lcg-22266/cms/blob/main/1.md | source : cna@vuldb.com
https://vuldb.com/?ctiid.257710 | source : cna@vuldb.com
https://vuldb.com/?id.257710 | source : cna@vuldb.com

Vulnerability : CWE-352

Vulnerability ID : CVE-2024-2726

First published on : 22-03-2024 14:15:10
Last modified on : 22-03-2024 15:34:43

Description :
Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration.

CVE ID : CVE-2024-2726
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | source : cve-coordination@incibe.es

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2727

First published on : 22-03-2024 14:15:10
Last modified on : 22-03-2024 15:34:43

Description :
HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message.

CVE ID : CVE-2024-2727
Source : cve-coordination@incibe.es
CVSS Score : 6.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | source : cve-coordination@incibe.es

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2728

First published on : 22-03-2024 14:15:10
Last modified on : 22-03-2024 15:34:43

Description :
Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol.

CVE ID : CVE-2024-2728
Source : cve-coordination@incibe.es
CVSS Score : 4.1

References :
https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | source : cve-coordination@incibe.es

Vulnerability : CWE-200

Vulnerability ID : CVE-2022-32751

First published on : 22-03-2024 16:15:07
Last modified on : 22-03-2024 19:02:10

Description :
IBM Security Verify Directory 10.0.0 could disclose sensitive server information that could be used in further attacks against the system. IBM X-Force ID: 228437.

CVE ID : CVE-2022-32751
Source : psirt@us.ibm.com
CVSS Score : 5.3

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228437 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7145001 | source : psirt@us.ibm.com

Vulnerability : CWE-200

Vulnerability ID : CVE-2022-32754

First published on : 22-03-2024 16:15:08
Last modified on : 22-03-2024 19:02:10

Description :
IBM Security Verify Directory 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 228445.

CVE ID : CVE-2022-32754
Source : psirt@us.ibm.com
CVSS Score : 4.8

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228445 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7145001 | source : psirt@us.ibm.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2022-32753

First published on : 22-03-2024 16:15:07
Last modified on : 22-03-2024 19:02:10

Description :
IBM Security Verify Directory 10.0.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 228444.

CVE ID : CVE-2022-32753
Source : psirt@us.ibm.com
CVSS Score : 4.5

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228444 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7145001 | source : psirt@us.ibm.com

Vulnerability : CWE-326

Vulnerability ID : CVE-2024-2863

First published on : 25-03-2024 07:15:51
Last modified on : 25-03-2024 13:47:14

Description :
This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant.

CVE ID : CVE-2024-2863
Source : product.security@lge.com
CVSS Score : 5.3

References :
https://lgsecurity.lge.com/bulletins/idproducts#updateDetails | source : product.security@lge.com

Vulnerability : CWE-35

Vulnerability ID : CVE-2024-25964

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service.

CVE ID : CVE-2024-25964
Source : security_alert@emc.com
CVSS Score : 5.3

References :
https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities | source : security_alert@emc.com

Vulnerability : CWE-385

Vulnerability ID : CVE-2024-21914

First published on : 25-03-2024 22:37:19
Last modified on : 25-03-2024 22:37:19

Description :
A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product.

CVE ID : CVE-2024-21914
Source : PSIRT@rockwellautomation.com
CVSS Score : 5.3

References :
https://www.rockwellautomation.com/en-us/support/advisory.SD1663.html | source : PSIRT@rockwellautomation.com

Vulnerability ID : CVE-2024-26247

First published on : 22-03-2024 22:15:50
Last modified on : 25-03-2024 01:51:01

Description :
Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CVE ID : CVE-2024-26247
Source : secure@microsoft.com
CVSS Score : 4.7

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26247 | source : secure@microsoft.com

Vulnerability ID : CVE-2024-29057

First published on : 22-03-2024 22:15:50
Last modified on : 25-03-2024 01:51:01

Description :
Microsoft Edge (Chromium-based) Spoofing Vulnerability

CVE ID : CVE-2024-29057
Source : secure@microsoft.com
CVSS Score : 4.3

References :
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29057 | source : secure@microsoft.com

Vulnerability ID : CVE-2024-1742

First published on : 22-03-2024 11:15:46
Last modified on : 22-03-2024 12:45:36

Description :
Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list.

CVE ID : CVE-2024-1742
Source : security@checkmk.com
CVSS Score : 3.8

References :
https://checkmk.com/werk/16234 | source : security@checkmk.com

Vulnerability : CWE-214

Vulnerability ID : CVE-2024-2778

First published on : 22-03-2024 01:15:07
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612.

CVE ID : CVE-2024-2778
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%203.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257612 | source : cna@vuldb.com
https://vuldb.com/?id.257612 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2779

First published on : 22-03-2024 01:15:08
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability.

CVE ID : CVE-2024-2779
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%204.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257613 | source : cna@vuldb.com
https://vuldb.com/?id.257613 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2780

First published on : 22-03-2024 02:15:09
Last modified on : 22-03-2024 12:45:36

Description :
A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257614 is the identifier assigned to this vulnerability.

CVE ID : CVE-2024-2780
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%205.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257614 | source : cna@vuldb.com
https://vuldb.com/?id.257614 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2024-2832

First published on : 23-03-2024 06:15:08
Last modified on : 25-03-2024 01:51:01

Description :
A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752.

CVE ID : CVE-2024-2832
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/comeony/vuln_report/blob/main/Online%20Shopping%20System%20-%20vuln%201.pdf | source : cna@vuldb.com
https://vuldb.com/?ctiid.257752 | source : cna@vuldb.com
https://vuldb.com/?id.257752 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2020-36826

First published on : 25-03-2024 07:15:49
Last modified on : 25-03-2024 13:47:14

Description :
A vulnerability was found in AwesomestCode LiveBot. It has been classified as problematic. Affected is the function parseSend of the file js/parseMessage.js. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. Upgrading to version 0.1 is able to address this issue. The name of the patch is 57505527f838d1e46e8f93d567ba552a30185bfa. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-257784.

CVE ID : CVE-2020-36826
Source : cna@vuldb.com
CVSS Score : 3.5

References :
https://github.com/AwesomestCode/LiveBot/commit/57505527f838d1e46e8f93d567ba552a30185bfa | source : cna@vuldb.com
https://github.com/AwesomestCode/LiveBot/releases/tag/0.1 | source : cna@vuldb.com
https://vuldb.com/?ctiid.257784 | source : cna@vuldb.com
https://vuldb.com/?id.257784 | source : cna@vuldb.com

Vulnerability : CWE-79

Vulnerability ID : CVE-2022-32756

First published on : 22-03-2024 16:15:08
Last modified on : 22-03-2024 19:02:10

Description :
IBM Security Verify Directory 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 228507.

CVE ID : CVE-2022-32756
Source : psirt@us.ibm.com
CVSS Score : 2.7

References :
https://exchange.xforce.ibmcloud.com/vulnerabilities/228507 | source : psirt@us.ibm.com
https://www.ibm.com/support/pages/node/7145001 | source : psirt@us.ibm.com

Vulnerability : CWE-209

Vulnerability ID : CVE-2023-23349

First published on : 22-03-2024 17:15:07
Last modified on : 22-03-2024 19:02:10

Description :
Kaspersky has fixed a security issue in Kaspersky Password Manager (KPM) for Windows that allowed a local user to recover the auto-filled credentials from a memory dump when the KPM extension for Google Chrome is used. To exploit the issue, an attacker must trick a user into visiting a login form of a website with the saved credentials, and the KPM extension must autofill these credentials. The attacker must then launch a malware module to steal those specific credentials.

CVE ID : CVE-2023-23349
Source : vulnerability@kaspersky.com
CVSS Score : 2.2

References :
https://support.kaspersky.com/vulnerability/list-of-advisories/12430#180324 | source : vulnerability@kaspersky.com

Vulnerability : CWE-316

Vulnerability ID : CVE-2024-28441

First published on : 22-03-2024 02:15:08
Last modified on : 22-03-2024 12:45:36

Description :
File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint.

CVE ID : CVE-2024-28441
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/iamHuFei/HVVault/blob/main/webapp/%E9%AD%94%E6%96%B9%E7%BD%91%E8%A1%A8/magicflu-mailupdate-jsp-fileupload.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-25807

First published on : 22-03-2024 03:15:07
Last modified on : 22-03-2024 12:45:36

Description :
Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album.

CVE ID : CVE-2024-25807
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Hebing123/cve/issues/17 | source : cve@mitre.org

Vulnerability ID : CVE-2024-26557

First published on : 22-03-2024 03:15:07
Last modified on : 22-03-2024 12:45:36

Description :
Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter.

CVE ID : CVE-2024-26557
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Hebing123/cve/issues/18 | source : cve@mitre.org

Vulnerability ID : CVE-2024-25808

First published on : 22-03-2024 04:15:11
Last modified on : 22-03-2024 12:45:36

Description :
Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function.

CVE ID : CVE-2024-25808
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/Hebing123/cve/issues/17 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29271

First published on : 22-03-2024 04:15:11
Last modified on : 22-03-2024 12:45:36

Description :
Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php.

CVE ID : CVE-2024-29271
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/givanz/VvvebJs/commit/c0c0545b44b23acc288ef907fb498ce15b9b576e | source : cve@mitre.org
https://github.com/givanz/VvvebJs/issues/342 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29272

First published on : 22-03-2024 04:15:11
Last modified on : 22-03-2024 12:45:36

Description :
Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php.

CVE ID : CVE-2024-29272
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/givanz/VvvebJs/commit/c6422cfd4d835c2fa6d512645e30015f24538ef0 | source : cve@mitre.org
https://github.com/givanz/VvvebJs/issues/343 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29273

First published on : 22-03-2024 04:15:11
Last modified on : 22-03-2024 12:45:36

Description :
There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document.

CVE ID : CVE-2024-29273
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zyx0814/dzzoffice/issues/244 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29275

First published on : 22-03-2024 05:15:47
Last modified on : 22-03-2024 12:45:36

Description :
SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php.

CVE ID : CVE-2024-29275
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/seacms-net/CMS/issues/15 | source : cve@mitre.org

Vulnerability ID : CVE-2024-25168

First published on : 22-03-2024 12:15:07
Last modified on : 22-03-2024 12:45:36

Description :
SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface.

CVE ID : CVE-2024-25168
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/biantaibao/snow_SQL/blob/main/report.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-28559

First published on : 22-03-2024 12:15:07
Last modified on : 22-03-2024 12:45:36

Description :
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component.

CVE ID : CVE-2024-28559
Source : cve@mitre.org
CVSS Score : /

References :
https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 | source : cve@mitre.org
https://gitee.com/niushop-team/niushop_b2c_v5 | source : cve@mitre.org
https://v5.niuteam.cn | source : cve@mitre.org
https://v5.niuteam.cn/ | source : cve@mitre.org
https://www.niushop.com/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-28560

First published on : 22-03-2024 12:15:07
Last modified on : 22-03-2024 12:45:36

Description :
SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component.

CVE ID : CVE-2024-28560
Source : cve@mitre.org
CVSS Score : /

References :
https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 | source : cve@mitre.org
https://gitee.com/niushop-team/niushop_b2c_v5 | source : cve@mitre.org
https://v5.niuteam.cn | source : cve@mitre.org
https://www.niushop.com/ | source : cve@mitre.org

Vulnerability ID : CVE-2023-41099

First published on : 22-03-2024 15:15:15
Last modified on : 22-03-2024 15:34:43

Description :
In the Windows installer in Atos Eviden CardOS API before 5.5.5.2811, Local Privilege Escalation can occur.(from a regular user to SYSTEM).

CVE ID : CVE-2023-41099
Source : cve@mitre.org
CVSS Score : /

References :
https://support.bull.com/ols/product/security/psirt/security-bulletins/cardos-api-local-privilege-escalation-psirt-358-tlp-clear-version-2-6-cve-2023-41099/view | source : cve@mitre.org

Vulnerability ID : CVE-2024-28593

First published on : 22-03-2024 15:15:15
Last modified on : 22-03-2024 15:34:43

Description :
The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle."

CVE ID : CVE-2024-28593
Source : cve@mitre.org
CVSS Score : /

References :
https://docs.moodle.org/403/en/Using_Chat | source : cve@mitre.org
https://gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt | source : cve@mitre.org
https://medium.com/%40lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe | source : cve@mitre.org

Vulnerability ID : CVE-2024-29865

First published on : 22-03-2024 15:15:15
Last modified on : 22-03-2024 15:34:43

Description :
Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form.

CVE ID : CVE-2024-29865
Source : cve@mitre.org
CVSS Score : /

References :
https://servicedesk.logpoint.com/hc/en-us/articles/17710372214045-Self-XSS-on-LDAP-authentication | source : cve@mitre.org

Vulnerability ID : CVE-2024-29338

First published on : 22-03-2024 17:15:08
Last modified on : 22-03-2024 19:02:10

Description :
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2.

CVE ID : CVE-2024-29338
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/PWwwww123/cms/blob/main/1.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-29366

First published on : 22-03-2024 17:15:08
Last modified on : 22-03-2024 19:02:10

Description :
A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03.

CVE ID : CVE-2024-29366
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/20Yiju/DLink/blob/master/DIR-845L/CI.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-29385

First published on : 22-03-2024 17:15:08
Last modified on : 22-03-2024 19:02:10

Description :
DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function.

CVE ID : CVE-2024-29385
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/songah119/Report/blob/main/CI-1.md | source : cve@mitre.org
https://www.dlink.com/en/security-bulletin/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-29499

First published on : 22-03-2024 17:15:08
Last modified on : 22-03-2024 19:02:10

Description :
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2.

CVE ID : CVE-2024-29499
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/daddywolf/cms/blob/main/1.md | source : cve@mitre.org

Vulnerability ID : CVE-2024-23755

First published on : 23-03-2024 22:15:07
Last modified on : 25-03-2024 01:51:01

Description :
ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode.

CVE ID : CVE-2024-23755
Source : cve@mitre.org
CVSS Score : /

References :
https://clickup.com/security/disclosures | source : cve@mitre.org
https://clickup.com/terms/security-policy | source : cve@mitre.org
https://www.electronjs.org/blog/statement-run-as-node-cves | source : cve@mitre.org
https://www.electronjs.org/docs/latest/tutorial/fuses | source : cve@mitre.org

Vulnerability ID : CVE-2024-24725

First published on : 23-03-2024 23:15:07
Last modified on : 25-03-2024 01:51:01

Description :
Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI.

CVE ID : CVE-2024-24725
Source : cve@mitre.org
CVSS Score : /

References :
https://gibbonedu.org/download/ | source : cve@mitre.org
https://www.exploit-db.com/exploits/51903 | source : cve@mitre.org

Vulnerability ID : CVE-2018-25100

First published on : 24-03-2024 01:15:45
Last modified on : 25-03-2024 01:51:01

Description :
The Mojolicious module before 7.66 for Perl may leak cookies in certain situations related to multiple similar cookies for the same domain. This affects Mojo::UserAgent::CookieJar.

CVE ID : CVE-2018-25100
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/mojolicious/mojo/commit/c16a56a9d6575ddc53d15e76d58f0ebcb0eeb149 | source : cve@mitre.org
https://github.com/mojolicious/mojo/issues/1185 | source : cve@mitre.org
https://github.com/mojolicious/mojo/pull/1192 | source : cve@mitre.org
https://metacpan.org/dist/Mojolicious/changes | source : cve@mitre.org

Vulnerability ID : CVE-2020-36827

First published on : 24-03-2024 01:15:45
Last modified on : 25-03-2024 01:51:01

Description :
The XAO::Web module before 1.84 for Perl mishandles < and > characters in JSON output during use of json-embed in Web::Action.

CVE ID : CVE-2020-36827
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/amaltsev/XAO-Web/commit/20dd1d3bc5b811503f5722a16037b60197fe7ef4 | source : cve@mitre.org
https://metacpan.org/dist/XAO-Web/changes | source : cve@mitre.org

Vulnerability ID : CVE-2024-30156

First published on : 24-03-2024 01:15:45
Last modified on : 25-03-2024 01:51:01

Description :
Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack.

CVE ID : CVE-2024-30156
Source : cve@mitre.org
CVSS Score : /

References :
https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security | source : cve@mitre.org
https://varnish-cache.org/security/VSV00014.html | source : cve@mitre.org

Vulnerability ID : CVE-2024-30161

First published on : 24-03-2024 01:15:45
Last modified on : 25-03-2024 01:51:01

Description :
In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer.

CVE ID : CVE-2024-30161
Source : cve@mitre.org
CVSS Score : /

References :
https://codereview.qt-project.org/c/qt/qtbase/+/544314 | source : cve@mitre.org

Vulnerability ID : CVE-2024-30187

First published on : 25-03-2024 08:15:36
Last modified on : 25-03-2024 13:47:14

Description :
Anope before 2.0.15 does not prevent resetting the password of a suspended account.

CVE ID : CVE-2024-30187
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5 | source : cve@mitre.org
https://github.com/anope/anope/issues/351 | source : cve@mitre.org

Vulnerability ID : CVE-2024-28386

First published on : 25-03-2024 14:15:09
Last modified on : 25-03-2024 16:43:06

Description :
An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component.

CVE ID : CVE-2024-28386
Source : cve@mitre.org
CVSS Score : /

References :
http://fastmagsync.com | source : cve@mitre.org
http://home-madeio.com | source : cve@mitre.org
https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html | source : cve@mitre.org
https://www.home-made.io/module-fastmag-sync-prestashop/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-28387

First published on : 25-03-2024 14:15:09
Last modified on : 25-03-2024 16:43:06

Description :
An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component.

CVE ID : CVE-2024-28387
Source : cve@mitre.org
CVSS Score : /

References :
https://axonaut.com/integration/detail/prestashop | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2024/03/19/axonaut.html | source : cve@mitre.org

Vulnerability ID : CVE-2024-28393

First published on : 25-03-2024 14:15:09
Last modified on : 25-03-2024 16:43:06

Description :
SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method.

CVE ID : CVE-2024-28393
Source : cve@mitre.org
CVSS Score : /

References :
https://addons.prestashop.com/fr/paiement-en-plusieurs-fois/87023-scalapay-payez-en-3-fois-sans-frais.html | source : cve@mitre.org
https://security.friendsofpresta.org/modules/2024/03/19/scalapay.html | source : cve@mitre.org

Vulnerability ID : CVE-2024-28434

First published on : 25-03-2024 14:15:09
Last modified on : 25-03-2024 16:43:06

Description :
The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code.

CVE ID : CVE-2024-28434
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434 | source : cve@mitre.org
https://github.com/twentyhq/twenty | source : cve@mitre.org

Vulnerability ID : CVE-2024-28435

First published on : 25-03-2024 14:15:09
Last modified on : 25-03-2024 16:43:06

Description :
The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload.

CVE ID : CVE-2024-28435
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435 | source : cve@mitre.org
https://github.com/twentyhq/twenty | source : cve@mitre.org

Vulnerability ID : CVE-2024-25175

First published on : 25-03-2024 15:15:52
Last modified on : 25-03-2024 16:43:06

Description :
An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack.

CVE ID : CVE-2024-25175
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/jet-pentest/CVE-2024-25175 | source : cve@mitre.org
https://www.kickidler.com/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-29650

First published on : 25-03-2024 15:15:52
Last modified on : 25-03-2024 16:43:06

Description :
An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components.

CVE ID : CVE-2024-29650
Source : cve@mitre.org
CVSS Score : /

References :
https://gist.github.com/tariqhawis/1bc340ca5ea6ae115c9ab9665cfd5921 | source : cve@mitre.org
https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b | source : cve@mitre.org

Vulnerability ID : CVE-2024-30202

First published on : 25-03-2024 15:15:52
Last modified on : 25-03-2024 16:43:06

Description :
In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23.

CVE ID : CVE-2024-30202
Source : cve@mitre.org
CVSS Score : /

References :
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb | source : cve@mitre.org
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 | source : cve@mitre.org
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 | source : cve@mitre.org

Vulnerability ID : CVE-2024-30203

First published on : 25-03-2024 15:15:52
Last modified on : 25-03-2024 16:43:06

Description :
In Emacs before 29.3, Gnus treats inline MIME contents as trusted.

CVE ID : CVE-2024-30203
Source : cve@mitre.org
CVSS Score : /

References :
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804 | source : cve@mitre.org
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 | source : cve@mitre.org

Vulnerability ID : CVE-2024-30204

First published on : 25-03-2024 15:15:52
Last modified on : 25-03-2024 16:43:06

Description :
In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.

CVE ID : CVE-2024-30204
Source : cve@mitre.org
CVSS Score : /

References :
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c | source : cve@mitre.org
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 | source : cve@mitre.org

Vulnerability ID : CVE-2024-30205

First published on : 25-03-2024 15:15:52
Last modified on : 25-03-2024 16:43:06

Description :
In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23.

CVE ID : CVE-2024-30205
Source : cve@mitre.org
CVSS Score : /

References :
https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 | source : cve@mitre.org
https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 | source : cve@mitre.org
https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d | source : cve@mitre.org

Vulnerability ID : CVE-2024-29515

First published on : 25-03-2024 19:15:59
Last modified on : 25-03-2024 19:15:59

Description :
File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component.

CVE ID : CVE-2024-29515
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/zzq66/cve7/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-29666

First published on : 25-03-2024 19:15:59
Last modified on : 25-03-2024 19:15:59

Description :
Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component.

CVE ID : CVE-2024-29666
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/whgojp/cve-reports/wiki/There-is-a-weak-password-in-the-CMSV6-vehicle-monitoring-platform-system | source : cve@mitre.org

Vulnerability ID : CVE-2024-29440

First published on : 25-03-2024 21:15:47
Last modified on : 25-03-2024 21:15:47

Description :
An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.

CVE ID : CVE-2024-29440
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yashpatelphd/CVE-2024-29440 | source : cve@mitre.org

Vulnerability ID : CVE-2023-47430

First published on : 25-03-2024 22:37:19
Last modified on : 25-03-2024 22:37:19

Description :
Stack-buffer-overflow vulnerability in ReadyMedia (MiniDLNA) v1.3.3 allows attackers to cause a denial of service via via the SendContainer() function at tivo_commands.c.

CVE ID : CVE-2023-47430
Source : cve@mitre.org
CVSS Score : /

References :
https://sourceforge.net/p/minidlna/bugs/361/ | source : cve@mitre.org
https://sourceforge.net/projects/minidlna/ | source : cve@mitre.org

Vulnerability ID : CVE-2024-29442

First published on : 25-03-2024 22:37:19
Last modified on : 25-03-2024 22:37:19

Description :
An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information.

CVE ID : CVE-2024-29442
Source : cve@mitre.org
CVSS Score : /

References :
https://github.com/yashpatelphd/CVE-2024-29442 | source : cve@mitre.org

Vulnerability ID : CVE-2024-29943

First published on : 22-03-2024 13:15:07
Last modified on : 22-03-2024 15:34:43

Description :
An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1.

CVE ID : CVE-2024-29943
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1886849 | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2024-15/ | source : security@mozilla.org

Vulnerability ID : CVE-2024-29944

First published on : 22-03-2024 13:15:07
Last modified on : 25-03-2024 17:15:51

Description :
An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1.

CVE ID : CVE-2024-29944
Source : security@mozilla.org
CVSS Score : /

References :
https://bugzilla.mozilla.org/show_bug.cgi?id=1886852 | source : security@mozilla.org
https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2024-15/ | source : security@mozilla.org
https://www.mozilla.org/security/advisories/mfsa2024-16/ | source : security@mozilla.org

Vulnerability ID : CVE-2023-4063

First published on : 22-03-2024 18:15:07
Last modified on : 22-03-2024 19:02:10

Description :
Certain HP OfficeJet Pro printers are potentially vulnerable to a Denial of Service when using an improper eSCL URL GET request.

CVE ID : CVE-2023-4063
Source : hp-security-alert@hp.com
CVSS Score : /

References :
https://support.hp.com/us-en/document/ish_10321463-10321488-16/hpsbpi03927 | source : hp-security-alert@hp.com

Vulnerability ID : CVE-2024-28041

First published on : 25-03-2024 04:15:08
Last modified on : 25-03-2024 13:47:14

Description :
HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command.

CVE ID : CVE-2024-28041
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU93546510/ | source : vultures@jpcert.or.jp
https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ | source : vultures@jpcert.or.jp

Vulnerability ID : CVE-2024-29071

First published on : 25-03-2024 04:15:09
Last modified on : 25-03-2024 13:47:14

Description :
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings.

CVE ID : CVE-2024-29071
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU93546510/ | source : vultures@jpcert.or.jp
https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ | source : vultures@jpcert.or.jp

Vulnerability ID : CVE-2024-21865

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell.

CVE ID : CVE-2024-21865
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU93546510/ | source : vultures@jpcert.or.jp
https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ | source : vultures@jpcert.or.jp

Vulnerability ID : CVE-2024-29009

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in.

CVE ID : CVE-2024-29009
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/jp/JVN86206017/ | source : vultures@jpcert.or.jp
https://wordpress.org/plugins/easy-popup-show/ | source : vultures@jpcert.or.jp

Vulnerability ID : CVE-2024-29216

First published on : 25-03-2024 07:15:50
Last modified on : 25-03-2024 13:47:14

Description :
Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware.

CVE ID : CVE-2024-29216
Source : vultures@jpcert.or.jp
CVSS Score : /

References :
https://jvn.jp/en/vu/JVNVU90671953/ | source : vultures@jpcert.or.jp
https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download | source : vultures@jpcert.or.jp

Vulnerability ID : CVE-2024-1231

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack

CVE ID : CVE-2024-1231
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/7d3968d9-61ed-4c00-8764-0360cf03255e/ | source : contact@wpscan.com

Vulnerability ID : CVE-2024-1232

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack

CVE ID : CVE-2024-1232
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/2a29b509-4cd5-43c8-84f4-f86251dd28f8/ | source : contact@wpscan.com

Vulnerability ID : CVE-2024-1564

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode

CVE ID : CVE-2024-1564
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/ecb1e36f-9c6e-4754-8878-03c97194644d/ | source : contact@wpscan.com

Vulnerability ID : CVE-2024-1962

First published on : 25-03-2024 05:15:50
Last modified on : 25-03-2024 13:47:14

Description :
The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack

CVE ID : CVE-2024-1962
Source : contact@wpscan.com
CVSS Score : /

References :
https://wpscan.com/vulnerability/469486d4-7677-4d66-83c0-a6b9ac7c503b/ | source : contact@wpscan.com

Vulnerability ID : CVE-2021-47136

First published on : 25-03-2024 09:15:07
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT originally contained only single value tc_skb_ext->chain its users used to just assign the chain value without setting whole extension memory to zero first. This assumption changed when TC_SKB_EXT extension was extended with additional fields but not all users were updated to initialize the new fields which leads to use of uninitialized memory afterwards. UBSAN log: [ 778.299821] UBSAN: invalid-load in net/openvswitch/flow.c:899:28 [ 778.301495] load of value 107 is not a valid value for type '_Bool' [ 778.303215] CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.12.0-rc7+ #2 [ 778.304933] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.13.0-0-gf21b5a4aeb02-prebuilt.qemu.org 04/01/2014 [ 778.307901] Call Trace: [ 778.308680] <IRQ> [ 778.309358] dump_stack+0xbb/0x107 [ 778.310307] ubsan_epilogue+0x5/0x40 [ 778.311167] __ubsan_handle_load_invalid_value.cold+0x43/0x48 [ 778.312454] ? memset+0x20/0x40 [ 778.313230] ovs_flow_key_extract.cold+0xf/0x14 [openvswitch] [ 778.314532] ovs_vport_receive+0x19e/0x2e0 [openvswitch] [ 778.315749] ? ovs_vport_find_upcall_portid+0x330/0x330 [openvswitch] [ 778.317188] ? create_prof_cpu_mask+0x20/0x20 [ 778.318220] ? arch_stack_walk+0x82/0xf0 [ 778.319153] ? secondary_startup_64_no_verify+0xb0/0xbb [ 778.320399] ? stack_trace_save+0x91/0xc0 [ 778.321362] ? stack_trace_consume_entry+0x160/0x160 [ 778.322517] ? lock_release+0x52e/0x760 [ 778.323444] netdev_frame_hook+0x323/0x610 [openvswitch] [ 778.324668] ? ovs_netdev_get_vport+0xe0/0xe0 [openvswitch] [ 778.325950] __netif_receive_skb_core+0x771/0x2db0 [ 778.327067] ? lock_downgrade+0x6e0/0x6f0 [ 778.328021] ? lock_acquire+0x565/0x720 [ 778.328940] ? generic_xdp_tx+0x4f0/0x4f0 [ 778.329902] ? inet_gro_receive+0x2a7/0x10a0 [ 778.330914] ? lock_downgrade+0x6f0/0x6f0 [ 778.331867] ? udp4_gro_receive+0x4c4/0x13e0 [ 778.332876] ? lock_release+0x52e/0x760 [ 778.333808] ? dev_gro_receive+0xcc8/0x2380 [ 778.334810] ? lock_downgrade+0x6f0/0x6f0 [ 778.335769] __netif_receive_skb_list_core+0x295/0x820 [ 778.336955] ? process_backlog+0x780/0x780 [ 778.337941] ? mlx5e_rep_tc_netdevice_event_unregister+0x20/0x20 [mlx5_core] [ 778.339613] ? seqcount_lockdep_reader_access.constprop.0+0xa7/0xc0 [ 778.341033] ? kvm_clock_get_cycles+0x14/0x20 [ 778.342072] netif_receive_skb_list_internal+0x5f5/0xcb0 [ 778.343288] ? __kasan_kmalloc+0x7a/0x90 [ 778.344234] ? mlx5e_handle_rx_cqe_mpwrq+0x9e0/0x9e0 [mlx5_core] [ 778.345676] ? mlx5e_xmit_xdp_frame_mpwqe+0x14d0/0x14d0 [mlx5_core] [ 778.347140] ? __netif_receive_skb_list_core+0x820/0x820 [ 778.348351] ? mlx5e_post_rx_mpwqes+0xa6/0x25d0 [mlx5_core] [ 778.349688] ? napi_gro_flush+0x26c/0x3c0 [ 778.350641] napi_complete_done+0x188/0x6b0 [ 778.351627] mlx5e_napi_poll+0x373/0x1b80 [mlx5_core] [ 778.352853] __napi_poll+0x9f/0x510 [ 778.353704] ? mlx5_flow_namespace_set_mode+0x260/0x260 [mlx5_core] [ 778.355158] net_rx_action+0x34c/0xa40 [ 778.356060] ? napi_threaded_poll+0x3d0/0x3d0 [ 778.357083] ? sched_clock_cpu+0x18/0x190 [ 778.358041] ? __common_interrupt+0x8e/0x1a0 [ 778.359045] __do_softirq+0x1ce/0x984 [ 778.359938] __irq_exit_rcu+0x137/0x1d0 [ 778.360865] irq_exit_rcu+0xa/0x20 [ 778.361708] common_interrupt+0x80/0xa0 [ 778.362640] </IRQ> [ 778.363212] asm_common_interrupt+0x1e/0x40 [ 778.364204] RIP: 0010:native_safe_halt+0xe/0x10 [ 778.365273] Code: 4f ff ff ff 4c 89 e7 e8 50 3f 40 fe e9 dc fe ff ff 48 89 df e8 43 3f 40 fe eb 90 cc e9 07 00 00 00 0f 00 2d 74 05 62 00 fb f4 <c3> 90 e9 07 00 00 00 0f 00 2d 64 05 62 00 f4 c3 cc cc 0f 1f 44 00 [ 778.369355] RSP: 0018:ffffffff84407e48 EFLAGS: 00000246 [ 778.370570] RAX ---truncated---

CVE ID : CVE-2021-47136
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/86ab133b695ed7ba1f8786b12f4ca43137ad8c18 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9453d45ecb6c2199d72e73c993e9d98677a2801b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ac493452e937b8939eaf2d24cac51a4804b6c20e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47137

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory allocation fails, DMA should reuse the previous skb and mapping and drop the packet. This patch also increments rx drop counter.

CVE ID : CVE-2021-47137
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/46dd4abced3cb2c912916f4a5353e0927db0c4a2 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5ac72351655f8b033a2935646f53b7465c903418 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8bb1077448d43a871ed667520763e3b9f9b7975d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c7718ee96dbc2f9c5fc3b578abdf296dd44b9c20 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47138

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these invalid values in the register can lead to out-of-bound memory access. So, fix by using the saved server TID base when clearing filters.

CVE ID : CVE-2021-47138
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/02f03883fdb10ad7e66717c70ea163a8d27ae6e7 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/0bf49b3c8d8b3a43ce09f1b2db70e5484d31fcdf | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/285207a558ab456aa7d8aa877ecc7e91fcc51710 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/88c380df84fbd03f9b137c2b9d0a44b9f2f553b0 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47139

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and usable. In this case, if user try to change the channel number or ring param, it may cause the hns3_set_rx_cpu_rmap() being called twice, and report bug. [47199.416502] hns3 0000:35:00.0 eth1: set channels: tqp_num=1, rxfh=0 [47199.430340] hns3 0000:35:00.0 eth1: already uninitialized [47199.438554] hns3 0000:35:00.0: rss changes from 4 to 1 [47199.511854] hns3 0000:35:00.0: Channels changed, rss_size from 4 to 1, tqps from 4 to 1 [47200.163524] ------------[ cut here ]------------ [47200.171674] kernel BUG at lib/cpu_rmap.c:142! [47200.177847] Internal error: Oops - BUG: 0 [#1] PREEMPT SMP [47200.185259] Modules linked in: hclge(+) hns3(-) hns3_cae(O) hns_roce_hw_v2 hnae3 vfio_iommu_type1 vfio_pci vfio_virqfd vfio pv680_mii(O) [last unloaded: hclge] [47200.205912] CPU: 1 PID: 8260 Comm: ethtool Tainted: G O 5.11.0-rc3+ #1 [47200.215601] Hardware name: , xxxxxx 02/04/2021 [47200.223052] pstate: 60400009 (nZCv daif +PAN -UAO -TCO BTYPE=--) [47200.230188] pc : cpu_rmap_add+0x38/0x40 [47200.237472] lr : irq_cpu_rmap_add+0x84/0x140 [47200.243291] sp : ffff800010e93a30 [47200.247295] x29: ffff800010e93a30 x28: ffff082100584880 [47200.254155] x27: 0000000000000000 x26: 0000000000000000 [47200.260712] x25: 0000000000000000 x24: 0000000000000004 [47200.267241] x23: ffff08209ba03000 x22: ffff08209ba038c0 [47200.273789] x21: 000000000000003f x20: ffff0820e2bc1680 [47200.280400] x19: ffff0820c970ec80 x18: 00000000000000c0 [47200.286944] x17: 0000000000000000 x16: ffffb43debe4a0d0 [47200.293456] x15: fffffc2082990600 x14: dead000000000122 [47200.300059] x13: ffffffffffffffff x12: 000000000000003e [47200.306606] x11: ffff0820815b8080 x10: ffff53e411988000 [47200.313171] x9 : 0000000000000000 x8 : ffff0820e2bc1700 [47200.319682] x7 : 0000000000000000 x6 : 000000000000003f [47200.326170] x5 : 0000000000000040 x4 : ffff800010e93a20 [47200.332656] x3 : 0000000000000004 x2 : ffff0820c970ec80 [47200.339168] x1 : ffff0820e2bc1680 x0 : 0000000000000004 [47200.346058] Call trace: [47200.349324] cpu_rmap_add+0x38/0x40 [47200.354300] hns3_set_rx_cpu_rmap+0x6c/0xe0 [hns3] [47200.362294] hns3_reset_notify_init_enet+0x1cc/0x340 [hns3] [47200.370049] hns3_change_channels+0x40/0xb0 [hns3] [47200.376770] hns3_set_channels+0x12c/0x2a0 [hns3] [47200.383353] ethtool_set_channels+0x140/0x250 [47200.389772] dev_ethtool+0x714/0x23d0 [47200.394440] dev_ioctl+0x4cc/0x640 [47200.399277] sock_do_ioctl+0x100/0x2a0 [47200.404574] sock_ioctl+0x28c/0x470 [47200.409079] __arm64_sys_ioctl+0xb4/0x100 [47200.415217] el0_svc_common.constprop.0+0x84/0x210 [47200.422088] do_el0_svc+0x28/0x34 [47200.426387] el0_svc+0x28/0x70 [47200.431308] el0_sync_handler+0x1a4/0x1b0 [47200.436477] el0_sync+0x174/0x180 [47200.441562] Code: 11000405 79000c45 f8247861 d65f03c0 (d4210000) [47200.448869] ---[ end trace a01efe4ce42e5f34 ]--- The process is like below: excuting hns3_client_init | register_netdev() | hns3_set_channels() | | hns3_set_rx_cpu_rmap() hns3_reset_notify_uninit_enet() | | | quit without calling function | hns3_free_rx_cpu_rmap for flag | HNS3_NIC_STATE_INITED is unset. | | | hns3_reset_notify_init_enet() | | set HNS3_NIC_STATE_INITED call hns3_set_rx_cpu_rmap()-- crash Fix it by calling register_netdev() at the end of function hns3_client_init().

CVE ID : CVE-2021-47139
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/0921a0620b5077796fddffb22a8e6bc635a4bb50 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a289a7e5c1d49b7d47df9913c1cc81fb48fab613 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a663c1e418a3b5b8e8edfad4bc8e7278c312d6fc | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47140

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Clear DMA ops when switching domain Since commit 08a27c1c3ecf ("iommu: Add support to change default domain of an iommu group") a user can switch a device between IOMMU and direct DMA through sysfs. This doesn't work for AMD IOMMU at the moment because dev->dma_ops is not cleared when switching from a DMA to an identity IOMMU domain. The DMA layer thus attempts to use the dma-iommu ops on an identity domain, causing an oops: # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/unbind # echo identity > /sys/bus/pci/devices/0000:00:05.0/iommu_group/type # echo 0000:00:05.0 > /sys/sys/bus/pci/drivers/e1000e/bind ... BUG: kernel NULL pointer dereference, address: 0000000000000028 ... Call Trace: iommu_dma_alloc e1000e_setup_tx_resources e1000e_open Since iommu_change_dev_def_domain() calls probe_finalize() again, clear the dma_ops there like Vt-d does.

CVE ID : CVE-2021-47140
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/d6177a6556f853785867e2ec6d5b7f4906f0d809 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f3f2cf46291a693eab21adb94171b0128c2a9ec1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47141

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL pointer dereference if the driver is unloaded.

CVE ID : CVE-2021-47141
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/5218e919c8d06279884aa0baf76778a6817d5b93 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5278c75266c5094d3c0958793bf12fc90300e580 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/821149ee88c206fa37e79c1868cc270518484876 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/da21a35c00ff1a1794d4f166d3b3fa8db4d0f6fb | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47142

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG_PAGEALLOC NOPTI [ 1235.989074] Call Trace: [ 1235.991751] sg_free_table+0x17/0x20 [ 1235.995667] amdgpu_ttm_backend_unbind.cold+0x4d/0xf7 [amdgpu] [ 1236.002288] amdgpu_ttm_backend_destroy+0x29/0x130 [amdgpu] [ 1236.008464] ttm_tt_destroy+0x1e/0x30 [ttm] [ 1236.013066] ttm_bo_cleanup_memtype_use+0x51/0xa0 [ttm] [ 1236.018783] ttm_bo_release+0x262/0xa50 [ttm] [ 1236.023547] ttm_bo_put+0x82/0xd0 [ttm] [ 1236.027766] amdgpu_bo_unref+0x26/0x50 [amdgpu] [ 1236.032809] amdgpu_amdkfd_gpuvm_alloc_memory_of_gpu+0x7aa/0xd90 [amdgpu] [ 1236.040400] kfd_ioctl_alloc_memory_of_gpu+0xe2/0x330 [amdgpu] [ 1236.046912] kfd_ioctl+0x463/0x690 [amdgpu]

CVE ID : CVE-2021-47142
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/0707c3fea8102d211631ba515ef2159707561b0d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/1e5c37385097c35911b0f8a0c67ffd10ee1af9a2 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/3293cf3513d69f00c14d43e2020826d45ea0e46a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7398c2aab4da960761ec182d04d6d5abbb4a226e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/952ab3f9f48eb0e8050596d41951cf516be6b122 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a849e218556f932576c0fb1c5a88714b61709a17 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/d4ea141fd4b40636a8326df5a377d9c5cf9b3faa | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f98cdf084405333ee2f5be548a91b2d168e49276 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47143

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net/smc: remove device from smcd_dev_list after failed device_add() If the device_add() for a smcd_dev fails, there's no cleanup step that rolls back the earlier list_add(). The device subsequently gets freed, and we end up with a corrupted list. Add some error handling that removes the device from the list.

CVE ID : CVE-2021-47143
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/40588782f1016c655ae1d302892f61d35af96842 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/444d7be9532dcfda8e0385226c862fd7e986f607 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8b2cdc004d21a7255f219706dca64411108f7897 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47144

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu: fix refcount leak [Why] the gem object rfb->base.obj[0] is get according to num_planes in amdgpufb_create, but is not put according to num_planes [How] put rfb->base.obj[0] in amdgpu_fbdev_destroy according to num_planes

CVE ID : CVE-2021-47144
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/599e5d61ace952b0bb9bd942b198bbd0cfded1d7 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/95a4ec905e51a30c64cf2d78b04a7acbeae5ca94 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9fdb8ed37a3a44f9c49372b69f87fd5f61cb3240 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/dde2656e0bbb2ac7d83a7bd95a8d5c3c95bbc009 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/fa7e6abc75f3d491bc561734312d065dc9dc2a77 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47145

First published on : 25-03-2024 09:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not BUG_ON in link_to_fixup_dir While doing error injection testing I got the following panic kernel BUG at fs/btrfs/tree-log.c:1862! invalid opcode: 0000 [#1] SMP NOPTI CPU: 1 PID: 7836 Comm: mount Not tainted 5.13.0-rc1+ #305 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.13.0-2.fc32 04/01/2014 RIP: 0010:link_to_fixup_dir+0xd5/0xe0 RSP: 0018:ffffb5800180fa30 EFLAGS: 00010216 RAX: fffffffffffffffb RBX: 00000000fffffffb RCX: ffff8f595287faf0 RDX: ffffb5800180fa37 RSI: ffff8f5954978800 RDI: 0000000000000000 RBP: ffff8f5953af9450 R08: 0000000000000019 R09: 0000000000000001 R10: 000151f408682970 R11: 0000000120021001 R12: ffff8f5954978800 R13: ffff8f595287faf0 R14: ffff8f5953c77dd0 R15: 0000000000000065 FS: 00007fc5284c8c40(0000) GS:ffff8f59bbd00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fc5287f47c0 CR3: 000000011275e002 CR4: 0000000000370ee0 Call Trace: replay_one_buffer+0x409/0x470 ? btree_read_extent_buffer_pages+0xd0/0x110 walk_up_log_tree+0x157/0x1e0 walk_log_tree+0xa6/0x1d0 btrfs_recover_log_trees+0x1da/0x360 ? replay_one_extent+0x7b0/0x7b0 open_ctree+0x1486/0x1720 btrfs_mount_root.cold+0x12/0xea ? __kmalloc_track_caller+0x12f/0x240 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 vfs_kern_mount.part.0+0x71/0xb0 btrfs_mount+0x10d/0x380 ? vfs_parse_fs_string+0x4d/0x90 legacy_get_tree+0x24/0x40 vfs_get_tree+0x22/0xb0 path_mount+0x433/0xa10 __x64_sys_mount+0xe3/0x120 do_syscall_64+0x3d/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae We can get -EIO or any number of legitimate errors from btrfs_search_slot(), panicing here is not the appropriate response. The error path for this code handles errors properly, simply return the error.

CVE ID : CVE-2021-47145
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/0eaf383c6a4a83c09f60fd07a1bea9f1a9181611 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/0ed102453aa1cd12fefde8f6b60b9519b0b1f003 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6eccfb28f8dca70c9b1b3bb3194ca54cbe73a9fa | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/76bfd8ac20bebeae599452a03dfc5724c0475dcf | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7e13db503918820e6333811cdc6f151dcea5090a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/91df99a6eb50d5a1bc70fff4a09a0b7ae6aab96d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b545442133580dcb2f2496133bf850824d41255c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e934c4ee17b33bafb0444f2f9766cda7166d3c40 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47146

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: mld: fix panic in mld_newpack() mld_newpack() doesn't allow to allocate high order page, only order-0 allocation is allowed. If headroom size is too large, a kernel panic could occur in skb_put(). Test commands: ip netns del A ip netns del B ip netns add A ip netns add B ip link add veth0 type veth peer name veth1 ip link set veth0 netns A ip link set veth1 netns B ip netns exec A ip link set lo up ip netns exec A ip link set veth0 up ip netns exec A ip -6 a a 2001:db8:0::1/64 dev veth0 ip netns exec B ip link set lo up ip netns exec B ip link set veth1 up ip netns exec B ip -6 a a 2001:db8:0::2/64 dev veth1 for i in {1..99} do let A=$i-1 ip netns exec A ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::1 remote 2001:db8:$A::2 encaplimit 100 ip netns exec A ip -6 a a 2001:db8:$i::1/64 dev ip6gre$i ip netns exec A ip link set ip6gre$i up ip netns exec B ip link add ip6gre$i type ip6gre \ local 2001:db8:$A::2 remote 2001:db8:$A::1 encaplimit 100 ip netns exec B ip -6 a a 2001:db8:$i::2/64 dev ip6gre$i ip netns exec B ip link set ip6gre$i up done Splat looks like: kernel BUG at net/core/skbuff.c:110! invalid opcode: 0000 [#1] SMP DEBUG_PAGEALLOC KASAN PTI CPU: 0 PID: 7 Comm: kworker/0:1 Not tainted 5.12.0+ #891 Workqueue: ipv6_addrconf addrconf_dad_work RIP: 0010:skb_panic+0x15d/0x15f Code: 92 fe 4c 8b 4c 24 10 53 8b 4d 70 45 89 e0 48 c7 c7 00 ae 79 83 41 57 41 56 41 55 48 8b 54 24 a6 26 f9 ff <0f> 0b 48 8b 6c 24 20 89 34 24 e8 4a 4e 92 fe 8b 34 24 48 c7 c1 20 RSP: 0018:ffff88810091f820 EFLAGS: 00010282 RAX: 0000000000000089 RBX: ffff8881086e9000 RCX: 0000000000000000 RDX: 0000000000000089 RSI: 0000000000000008 RDI: ffffed1020123efb RBP: ffff888005f6eac0 R08: ffffed1022fc0031 R09: ffffed1022fc0031 R10: ffff888117e00187 R11: ffffed1022fc0030 R12: 0000000000000028 R13: ffff888008284eb0 R14: 0000000000000ed8 R15: 0000000000000ec0 FS: 0000000000000000(0000) GS:ffff888117c00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007f8b801c5640 CR3: 0000000033c2c006 CR4: 00000000003706f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 skb_put.cold.104+0x22/0x22 ip6_mc_hdr.isra.26.constprop.46+0x12a/0x600 ? rcu_read_lock_sched_held+0x91/0xc0 mld_newpack+0x398/0x8f0 ? ip6_mc_hdr.isra.26.constprop.46+0x600/0x600 ? lock_contended+0xc40/0xc40 add_grhead.isra.33+0x280/0x380 add_grec+0x5ca/0xff0 ? mld_sendpack+0xf40/0xf40 ? lock_downgrade+0x690/0x690 mld_send_initial_cr.part.34+0xb9/0x180 ipv6_mc_dad_complete+0x15d/0x1b0 addrconf_dad_completed+0x8d2/0xbb0 ? lock_downgrade+0x690/0x690 ? addrconf_rs_timer+0x660/0x660 ? addrconf_dad_work+0x73c/0x10e0 addrconf_dad_work+0x73c/0x10e0 Allowing high order page allocation could fix this problem.

CVE ID : CVE-2021-47146
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/020ef930b826d21c5446fdc9db80fd72a791bc21 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/0e35b7457b7b6e73ffeaaca1a577fdf1af0feca1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/17728616a4c85baf0edc975c60ba4e4157684d9a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/221142038f36d9f28b64e83e954774da4d4ccd17 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/37d697759958d111439080bab7e14d2b0e7b39f5 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4b77ad9097067b31237eeeee0bf70f80849680a0 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a76fb9ba545289379acf409653ad5f74417be59c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/beb39adb150f8f3b516ddf7c39835a9788704d23 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47147

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: Fix a resource leak in an error handling path If an error occurs after a successful 'pci_ioremap_bar()' call, it must be undone by a corresponding 'pci_iounmap()' call, as already done in the remove function.

CVE ID : CVE-2021-47147
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/0e38e702f1152479e6afac34f151dbfd99417f99 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9c1bb37f8cad5e2ee1933fa1da9a6baa7876a8e4 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47148

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: fix a buffer overflow in otx2_set_rxfh_context() This function is called from ethtool_set_rxfh() and "*rss_context" comes from the user. Add some bounds checking to prevent memory corruption.

CVE ID : CVE-2021-47148
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/389146bc6d2bbb20714d06624b74856320ce40f7 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e5cc361e21648b75f935f9571d4003aaee480214 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47149

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: fujitsu: fix potential null-ptr-deref In fmvj18x_get_hwinfo(), if ioremap fails there will be NULL pointer deref. To fix this, check the return value of ioremap and return -1 to the caller in case of failure.

CVE ID : CVE-2021-47149
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/22049c3d40f08facd1867548716a484dad6b3251 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/52202be1cd996cde6e8969a128dc27ee45a7cb5e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6dbf1101594f7c76990b63c35b5a40205a914b6b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/71723a796ab7881f491d663c6cd94b29be5fba50 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7883d3895d0fbb0ba9bff0f8665f99974b45210f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b92170e209f7746ed72eaac98f2c2f4b9af734e6 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c4f1c23edbe921ab2ecd6140d700e756cd44c5f7 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f14bf57a08779a5dee9936f63ada0149ea89c5e6 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47150

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: fec: fix the potential memory leak in fec_enet_init() If the memory allocated for cbd_base is failed, it should free the memory allocated for the queues, otherwise it causes memory leak. And if the memory allocated for the queues is failed, it can return error directly.

CVE ID : CVE-2021-47150
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/15102886bc8f5f29daaadf2d925591d564c17e9f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/20255d41ac560397b6a07d8d87dcc5e2efc7672a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/32a1777fd113335c3f70dc445dffee0ad1c6870f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/619fee9eb13b5d29e4267cb394645608088c28a8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8ee7ef4a57a9e1228b6f345aaa70aa8951c7e9cd | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47151

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: interconnect: qcom: bcm-voter: add a missing of_node_put() Add a missing of_node_put() in of_bcm_voter_get() to avoid the reference leak.

CVE ID : CVE-2021-47151
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/4e3cea8035b6f1b9055e69cc6ebf9fa4e50763ae | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/93d1dbe7043b3c9492bdf396b2e98a008435b55b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a00593737f8bac2c9e97b696e7ff84a4446653e8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47152

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data stream corruption Maxim reported several issues when forcing a TCP transparent proxy to use the MPTCP protocol for the inbound connections. He also provided a clean reproducer. The problem boils down to 'mptcp_frag_can_collapse_to()' assuming that only MPTCP will use the given page_frag. If others - e.g. the plain TCP protocol - allocate page fragments, we can end-up re-using already allocated memory for mptcp_data_frag. Fix the issue ensuring that the to-be-expanded data fragment is located at the current page frag end. v1 -> v2: - added missing fixes tag (Mat)

CVE ID : CVE-2021-47152
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/18e7f0580da15cac1e79d73683ada5a9e70980f8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/29249eac5225429b898f278230a6ca2baa1ae154 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/3267a061096efc91eda52c2a0c61ba76e46e4b34 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47153

First published on : 25-03-2024 09:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunately, the interrupt handler (i801_isr) is not prepared for this situation and will try to process the interrupt as if it was signaling the end of a successful transaction. In the case of a block transaction, this can result in an out-of-range memory access. This condition was reproduced several times by syzbot: https://syzkaller.appspot.com/bug?extid=ed71512d469895b5b34e https://syzkaller.appspot.com/bug?extid=8c8dedc0ba9e03f6c79e https://syzkaller.appspot.com/bug?extid=c8ff0b6d6c73d81b610e https://syzkaller.appspot.com/bug?extid=33f6c360821c399d69eb https://syzkaller.appspot.com/bug?extid=be15dc0b1933f04b043a https://syzkaller.appspot.com/bug?extid=b4d3fd1dfd53e90afd79 So disable interrupts while trying to reset the bus. Interrupts will be enabled again for the following transaction.

CVE ID : CVE-2021-47153
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/04cc05e3716ae31b17ecdab7bc55c8170def1b8b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/09c9e79f4c10cfb6b9e0e1b4dd355232e4b5a3b3 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/1f583d3813f204449037cd2acbfc09168171362a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b523feb7e8e44652f92f3babb953a976e7ccbbef | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c70e1ba2e7e65255a0ce004f531dd90dada97a8c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/dfa8929e117b0228a7765f5c3f5988a4a028f3c6 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e4d8716c3dcec47f1557024add24e1f3c09eb24b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f9469082126cebb7337db3992d143f5e4edfe629 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47158

First published on : 25-03-2024 10:15:07
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: dsa: sja1105: add error handling in sja1105_setup() If any of sja1105_static_config_load(), sja1105_clocking_setup() or sja1105_devlink_setup() fails, we can't just return in the middle of sja1105_setup() or memory will leak. Add a cleanup path.

CVE ID : CVE-2021-47158
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/987e4ab8b8a4fcbf783069e03e7524cd39ffd563 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/cec279a898a3b004411682f212215ccaea1cd0fb | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/dd8609f203448ca6d58ae71461208b3f6b0329b0 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47159

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix a crash if ->get_sset_count() fails If ds->ops->get_sset_count() fails then it "count" is a negative error code such as -EOPNOTSUPP. Because "i" is an unsigned int, the negative error code is type promoted to a very high value and the loop will corrupt memory until the system crashes. Fix this by checking for error codes and changing the type of "i" to just int.

CVE ID : CVE-2021-47159
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/0f2cb08c57edefb0e7b5045e0e3e9980a3d3aa37 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7b22466648a4f8e3e94f57ca428d1531866d1373 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a269333fa5c0c8e53c92b5a28a6076a28cde3e83 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/caff86f85512b8e0d9830e8b8b0dfe13c68ce5b6 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ce5355f140a7987011388c7e30c4f8fbe180d3e8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47160

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mt7530: fix VLAN traffic leaks PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link add br1 type bridge vlan_filtering 1 ip link set swp0 master br0 ip link set swp1 master br1 ip link set br0 type bridge vlan_filtering 0 ip link set br1 type bridge vlan_filtering 0 # traffic in br0 and br1 will start leaking to each other As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the PCR_MATRIX write from mt7530_port_set_vlan_aware.

CVE ID : CVE-2021-47160
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/474a2ddaa192777522a7499784f1d60691cd831a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4fe4e1f48ba119bdbc7c897c83b04ba0d08f5488 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/82ae35b6c14feae5f216913d5b433e143c756d4e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ae389812733b1b1e8e07fcc238e41db166b5c78d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b91117b66fe875723a4e79ec6263526fffdb44d2 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47161

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: spi: spi-fsl-dspi: Fix a resource leak in an error handling path 'dspi_request_dma()' should be undone by a 'dspi_release_dma()' call in the error handling path of the probe function, as already done in the remove function

CVE ID : CVE-2021-47161
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/00450ed03a17143e2433b461a656ef9cd17c2f1d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/10a089bae827ec30ad9b6cb7048020a62fae0cfa | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/12391be4724acc9269e1845ccbd881df37de4b56 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/15d1cc4b4b585f9a2ce72c52cca004d5d735bdf1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/680ec0549a055eb464dce6ffb4bfb736ef87236e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/fe6921e3b8451a537e01c031b8212366bb386e3e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47162

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: tipc: skb_linearize the head skb when reassembling msgs It's not a good idea to append the frag skb to a skb's frag_list if the frag_list already has skbs from elsewhere, such as this skb was created by pskb_copy() where the frag_list was cloned (all the skbs in it were skb_get'ed) and shared by multiple skbs. However, the new appended frag skb should have been only seen by the current skb. Otherwise, it will cause use after free crashes as this appended frag skb are seen by multiple skbs but it only got skb_get called once. The same thing happens with a skb updated by pskb_may_pull() with a skb_cloned skb. Li Shuang has reported quite a few crashes caused by this when doing testing over macvlan devices: [] kernel BUG at net/core/skbuff.c:1970! [] Call Trace: [] skb_clone+0x4d/0xb0 [] macvlan_broadcast+0xd8/0x160 [macvlan] [] macvlan_process_broadcast+0x148/0x150 [macvlan] [] process_one_work+0x1a7/0x360 [] worker_thread+0x30/0x390 [] kernel BUG at mm/usercopy.c:102! [] Call Trace: [] __check_heap_object+0xd3/0x100 [] __check_object_size+0xff/0x16b [] simple_copy_to_iter+0x1c/0x30 [] __skb_datagram_iter+0x7d/0x310 [] __skb_datagram_iter+0x2a5/0x310 [] skb_copy_datagram_iter+0x3b/0x90 [] tipc_recvmsg+0x14a/0x3a0 [tipc] [] ____sys_recvmsg+0x91/0x150 [] ___sys_recvmsg+0x7b/0xc0 [] kernel BUG at mm/slub.c:305! [] Call Trace: [] <IRQ> [] kmem_cache_free+0x3ff/0x400 [] __netif_receive_skb_core+0x12c/0xc40 [] ? kmem_cache_alloc+0x12e/0x270 [] netif_receive_skb_internal+0x3d/0xb0 [] ? get_rx_page_info+0x8e/0xa0 [be2net] [] be_poll+0x6ef/0xd00 [be2net] [] ? irq_exit+0x4f/0x100 [] net_rx_action+0x149/0x3b0 ... This patch is to fix it by linearizing the head skb if it has frag_list set in tipc_buf_append(). Note that we choose to do this before calling skb_unshare(), as __skb_linearize() will avoid skb_copy(). Also, we can not just drop the frag_list either as the early time.

CVE ID : CVE-2021-47162
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/436d650d374329a591c30339a91fa5078052ed1e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4b1761898861117c97066aea6c58f68a7787f0bf | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5489f30bb78ff0dafb4229a69632afc2ba20765c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/64d17ec9f1ded042c4b188d15734f33486ed9966 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6da24cfc83ba4f97ea44fc7ae9999a006101755c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ace300eecbccaa698e2b472843c74a5f33f7dce8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b2c8d28c34b3070407cb1741f9ba3f15d0284b8b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b7df21cf1b79ab7026f545e7bf837bd5750ac026 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47163

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: tipc: wait and exit until all work queues are done On some host, a crash could be triggered simply by repeating these commands several times: # modprobe tipc # tipc bearer enable media udp name UDP1 localip 127.0.0.1 # rmmod tipc [] BUG: unable to handle kernel paging request at ffffffffc096bb00 [] Workqueue: events 0xffffffffc096bb00 [] Call Trace: [] ? process_one_work+0x1a7/0x360 [] ? worker_thread+0x30/0x390 [] ? create_worker+0x1a0/0x1a0 [] ? kthread+0x116/0x130 [] ? kthread_flush_work_fn+0x10/0x10 [] ? ret_from_fork+0x35/0x40 When removing the TIPC module, the UDP tunnel sock will be delayed to release in a work queue as sock_release() can't be done in rtnl_lock(). If the work queue is schedule to run after the TIPC module is removed, kernel will crash as the work queue function cleanup_beareri() code no longer exists when trying to invoke it. To fix it, this patch introduce a member wq_count in tipc_net to track the numbers of work queues in schedule, and wait and exit until all work queues are done in tipc_exit_net().

CVE ID : CVE-2021-47163
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/04c26faa51d1e2fe71cf13c45791f5174c37f986 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5195ec5e365a2a9331bfeb585b613a6e94f98dba | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b9f5b7ad4ac3af006443f535b1ce7bff1d130d7d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/d1f76dfadaf8f47ed1753f97dbcbd41c16215ffa | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47164

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is without an upper dev. After setting the upper dev with bond_master_upper_dev_link() there is a second event and in that event we have an upper dev.

CVE ID : CVE-2021-47164
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/2e4b0b95a489259f9d35a3db17023061f8f3d587 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/83026d83186bc48bb41ee4872f339b83f31dfc55 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/bdfd3593a8248eea6ecfcbf7b47b56b86515672d | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47165

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unable to handle kernel NULL pointer dereference at virtual address 0000000000000038 ... pc : meson_drv_shutdown+0x24/0x50 lr : platform_drv_shutdown+0x20/0x30 ... Call trace: meson_drv_shutdown+0x24/0x50 platform_drv_shutdown+0x20/0x30 device_shutdown+0x158/0x360 kernel_restart_prepare+0x38/0x48 kernel_restart+0x18/0x68 __do_sys_reboot+0x224/0x250 __arm64_sys_reboot+0x24/0x30 ... Simply check if the priv struct has been allocated before using it.

CVE ID : CVE-2021-47165
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/4ce2bf20b4a6e307e114847d60b2bf40a6a1fac0 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7cfc4ea78fc103ea51ecbacd9236abb5b1c490d2 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b4298d33c1fcce511ffe84d8d3de07e220300f9b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b4b91033a0b11fe9ade58156cd9168f89f4a8c1a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/d66083c0d6f5125a4d982aa177dd71ab4cd3d212 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e256a0eb43e17209e347409a80805b1659398d68 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47166

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list.

CVE ID : CVE-2021-47166
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/0d0ea309357dea0d85a82815f02157eb7fcda39f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2fe1cac336b55a1f79e603e9ce3552c3623e90eb | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/40f139a6d50c232c0d1fd1c5e65a845c62db0ede | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7087db95c0a06ab201b8ebfac6a7ec1e34257997 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/785917316b25685c9b3a2a88f933139f2de75e33 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b291baae24f876acd5a5dd57d0bb2bbac8a68b0c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c757c1f1e65d89429db1409429436cf40d47c008 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e8b8418ce14ae66ee55179901edd12191ab06a9e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47167

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change the test in nfs_pageio_do_add_request() to be more robust by checking whether or not the list is empty rather than relying on the value of pg_count.

CVE ID : CVE-2021-47167
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/15ac6f14787649e8ebd75c142e2c5d2a243c8490 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/1fc5f4eb9d31268ac3ce152d74ad5501ad24ca3e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/56517ab958b7c11030e626250c00b9b1a24b41eb | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ee21cd3aa8548e0cbc8c67a80b62113aedd2d101 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47168

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->data[] buffer. I reversed the size of the arguments to put the variable on the left.

CVE ID : CVE-2021-47168
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/769b01ea68b6c49dc3cde6adf7e53927dacbd3a8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/945ebef997227ca8c20bad7f8a8358c8ee57a84a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9b367fe770b1b80d7bf64ed0d177544a44405f6e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9d280ab53df1d4a1043bd7a9e7c6a2f9cfbfe040 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b287521e9e94bb342ebe5fd8c3fd7db9aef4e6f1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/d34fb628f6ef522f996205a9e578216bbee09e84 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e411df81cd862ef3d5b878120b2a2fef0ca9cdb1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f299522eda1566cbfbae4b15c82970fc41b03714 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47169

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if the firmware don't exists, function just return without initializing ports of 'rp2_card'. But now the interrupt handler function has been registered, and when an interrupt comes, 'rp2_uart_interrupt' may access those ports then causing NULL pointer dereference or other bugs. Because the driver does some initialization work in 'rp2_fw_cb', in order to make the driver ready to handle interrupts, 'request_firmware' should be used instead of asynchronous 'request_firmware_nowait'. This report reveals it: INFO: trying to register non-static key. the code is fine but needs lockdep annotation. turning off the locking correctness validator. CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0xec/0x156 lib/dump_stack.c:118 assign_lock_key kernel/locking/lockdep.c:727 [inline] register_lock_class+0x14e5/0x1ba0 kernel/locking/lockdep.c:753 __lock_acquire+0x187/0x3750 kernel/locking/lockdep.c:3303 lock_acquire+0x124/0x340 kernel/locking/lockdep.c:3907 __raw_spin_lock include/linux/spinlock_api_smp.h:142 [inline] _raw_spin_lock+0x32/0x50 kernel/locking/spinlock.c:144 spin_lock include/linux/spinlock.h:329 [inline] rp2_ch_interrupt drivers/tty/serial/rp2.c:466 [inline] rp2_asic_interrupt.isra.9+0x15d/0x990 drivers/tty/serial/rp2.c:493 rp2_uart_interrupt+0x49/0xe0 drivers/tty/serial/rp2.c:504 __handle_irq_event_percpu+0xfb/0x770 kernel/irq/handle.c:149 handle_irq_event_percpu+0x79/0x150 kernel/irq/handle.c:189 handle_irq_event+0xac/0x140 kernel/irq/handle.c:206 handle_fasteoi_irq+0x232/0x5c0 kernel/irq/chip.c:725 generic_handle_irq_desc include/linux/irqdesc.h:155 [inline] handle_irq+0x230/0x3a0 arch/x86/kernel/irq_64.c:87 do_IRQ+0xa7/0x1e0 arch/x86/kernel/irq.c:247 common_interrupt+0xf/0xf arch/x86/entry/entry_64.S:670 </IRQ> RIP: 0010:native_safe_halt+0x28/0x30 arch/x86/include/asm/irqflags.h:61 Code: 00 00 55 be 04 00 00 00 48 c7 c7 00 c2 2f 8c 48 89 e5 e8 fb 31 e7 f8 8b 05 75 af 8d 03 85 c0 7e 07 0f 00 2d 8a 61 65 00 fb f4 <5d> c3 90 90 90 90 90 90 0f 1f 44 00 00 55 48 89 e5 41 57 41 56 41 RSP: 0018:ffff88806b71fcc8 EFLAGS: 00000246 ORIG_RAX: ffffffffffffffde RAX: 0000000000000000 RBX: ffffffff8bde7e48 RCX: ffffffff88a21285 RDX: 0000000000000000 RSI: 0000000000000004 RDI: ffffffff8c2fc200 RBP: ffff88806b71fcc8 R08: fffffbfff185f840 R09: fffffbfff185f840 R10: 0000000000000001 R11: fffffbfff185f840 R12: 0000000000000002 R13: ffffffff8bea18a0 R14: 0000000000000000 R15: 0000000000000000 arch_safe_halt arch/x86/include/asm/paravirt.h:94 [inline] default_idle+0x6f/0x360 arch/x86/kernel/process.c:557 arch_cpu_idle+0xf/0x20 arch/x86/kernel/process.c:548 default_idle_call+0x3b/0x60 kernel/sched/idle.c:93 cpuidle_idle_call kernel/sched/idle.c:153 [inline] do_idle+0x2ab/0x3c0 kernel/sched/idle.c:263 cpu_startup_entry+0xcb/0xe0 kernel/sched/idle.c:369 start_secondary+0x3b8/0x4e0 arch/x86/kernel/smpboot.c:271 secondary_startup_64+0xa4/0xb0 arch/x86/kernel/head_64.S:243 BUG: unable to handle kernel NULL pointer dereference at 0000000000000010 PGD 8000000056d27067 P4D 8000000056d27067 PUD 56d28067 PMD 0 Oops: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 2 PID: 0 Comm: swapper/2 Not tainted 4.19.177-gdba4159c14ef-dirty #45 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59- gc9ba5276e321-prebuilt.qemu.org 04/01/2014 RIP: 0010:readl arch/x86/include/asm/io.h:59 [inline] RIP: 0010:rp2_ch_interrupt drivers/tty/serial/rp2.c:472 [inline] RIP: 0010:rp2_asic_interrupt.isra.9+0x181/0x990 drivers/tty/serial/rp2.c: 493 Co ---truncated---

CVE ID : CVE-2021-47169
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/016002848c82eeb5d460489ce392d91fe18c475c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/1cc57cb32c84e059bd158494f746b665fc14d1b1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/1e04d5d5fe5e76af68f834e1941fcbfa439653be | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/35265552c7fe9553c75e324c80f45e28ff14eb6e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/6a931ceb0b9401fe18d0c500e08164bf9cc7be4b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/915452f40e2f495e187276c4407a4f567ec2307e | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9b07b6973f7359e2dd6a9fe6db0c142634c823b7 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c697244ce940ec07e2d745ccb63ca97fc0266fbc | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47170

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. This isn't a bug in the kernel; it's merely an invalid request from the user and the usbfs code does handle it correctly. In theory the same thing can happen with async transfers, or with the packet descriptor table for isochronous transfers. To prevent the MM subsystem from complaining about these bad allocation requests, add the __GFP_NOWARN flag to the kmalloc calls for these buffers.

CVE ID : CVE-2021-47170
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/2ab21d6e1411999b5fb43434f421f00bf50002eb | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2c835fede13e03f2743a333e4370b5ed2db91e83 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4f2629ea67e7225c3fd292c7fe4f5b3c9d6392de | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/8d83f109e920d2776991fa142bb904d985dca2ed | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9f7cb3f01a10d9064cf13b3d26fb7e7a5827d098 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47171

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [<ffffffff84245b62>] kmalloc include/linux/slab.h:556 [inline] [<ffffffff84245b62>] kzalloc include/linux/slab.h:686 [inline] [<ffffffff84245b62>] smsc75xx_bind+0x7a/0x334 drivers/net/usb/smsc75xx.c:1460 [<ffffffff82b5b2e6>] usbnet_probe+0x3b6/0xc30 drivers/net/usb/usbnet.c:1728

CVE ID : CVE-2021-47171
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/200dbfcad8011e50c3cec269ed7b980836eeb1fa | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/22c840596af0c09068b6cf948616e6496e59e07f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/46a8b29c6306d8bbfd92b614ef65a47c900d8e70 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/635ac38b36255d3cfb8312cf7c471334f4d537e0 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/70c886ac93f87ae7214a0c69151a28a8075dd95b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9e6a3eccb28779710cbbafc4f4258d92509c6d07 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/9e6b8c1ff9d997e1fa16cbd2d60739adf6dc1bbc | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b95fb96e6339e34694dd578fb6bde3575b01af17 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47172

First published on : 25-03-2024 10:15:08
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug was introduced as part of a fix to ensure we didn't rely on the ordering of child nodes. So we need to support arbitrary ordering but they all need to be there somewhere. Note I hit this when using qemu to test the rest of this series. Arguably this isn't the best fix, but it is probably the most minimal option for backporting etc. Alexandru's sign-off is here because he carried this patch in a larger set that Jonathan then applied.

CVE ID : CVE-2021-47172
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/26da8040eccc6c6b0e415e9a3baf72fd39eb2fdc | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f2a772c51206b0c3f262e4f6a3812c89a650191b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f49149964d2423fb618fb6b755bb1eaa431cca2c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f70122825076117787b91e7f219e21c09f11a5b9 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47173

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced object 0xffff888101113800 (size 2048): comm "kworker/0:1", pid 7, jiffies 4294956777 (age 28.870s) hex dump (first 32 bytes): ff ff ff ff 31 00 00 00 00 00 00 00 00 00 00 00 ....1........... 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 ................ backtrace: [<ffffffff82b8e822>] kmalloc include/linux/slab.h:554 [inline] [<ffffffff82b8e822>] kzalloc include/linux/slab.h:684 [inline] [<ffffffff82b8e822>] usb_alloc_dev+0x32/0x450 drivers/usb/core/usb.c:582 [<ffffffff82b98441>] hub_port_connect drivers/usb/core/hub.c:5129 [inline] [<ffffffff82b98441>] hub_port_connect_change drivers/usb/core/hub.c:5363 [inline] [<ffffffff82b98441>] port_event drivers/usb/core/hub.c:5509 [inline] [<ffffffff82b98441>] hub_event+0x1171/0x20c0 drivers/usb/core/hub.c:5591 [<ffffffff81259229>] process_one_work+0x2c9/0x600 kernel/workqueue.c:2275 [<ffffffff81259b19>] worker_thread+0x59/0x5d0 kernel/workqueue.c:2421 [<ffffffff81261228>] kthread+0x178/0x1b0 kernel/kthread.c:292 [<ffffffff8100227f>] ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:294

CVE ID : CVE-2021-47173
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/36b5ff1db1a4ef4fdbc2bae364344279f033ad88 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/386918878ce4cd676e4607233866e03c9399a46a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5394ae9d8c7961dd93807fdf1b12a1dde96b0a55 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/5f46b2410db2c8f26b8bb91b40deebf4ec184391 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/7889c70e6173ef358f3cd7578db127a489035a42 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a3c3face38cb49932c62adcc1289914f1c742096 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/bcb30cc8f8befcbdbcf7a016e4dfd4747c54a364 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/dcb4b8ad6a448532d8b681b5d1a7036210b622de | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47174

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_begin_mask+0xae/0xe0 [709732.358793] Modules linked in: binfmt_misc nft_nat nft_chain_nat nf_nat nft_counter nft_ct nf_tables nf_conntrack_netlink nfnetlink 8021q garp stp mrp llc vrf intel_rapl_msr intel_rapl_common skx_edac nfit libnvdimm ipmi_ssif x86_pkg_temp_thermal intel_powerclamp coretemp crc32_pclmul mgag200 ghash_clmulni_intel drm_kms_helper cec aesni_intel drm libaes crypto_simd cryptd glue_helper mei_me dell_smbios iTCO_wdt evdev intel_pmc_bxt iTCO_vendor_support dcdbas pcspkr rapl dell_wmi_descriptor wmi_bmof sg i2c_algo_bit watchdog mei acpi_ipmi ipmi_si button nf_conntrack nf_defrag_ipv6 nf_defrag_ipv4 ipmi_devintf ipmi_msghandler ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 dm_mod raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor sd_mod t10_pi crc_t10dif crct10dif_generic raid6_pq libcrc32c crc32c_generic raid1 raid0 multipath linear md_mod ahci libahci tg3 libata xhci_pci libphy xhci_hcd ptp usbcore crct10dif_pclmul crct10dif_common bnxt_en crc32c_intel scsi_mod [709732.358941] pps_core i2c_i801 lpc_ich i2c_smbus wmi usb_common [709732.358957] CPU: 3 PID: 456 Comm: jbd2/dm-0-8 Not tainted 5.10.0-0.bpo.5-amd64 #1 Debian 5.10.24-1~bpo10+1 [709732.358959] Hardware name: Dell Inc. PowerEdge R440/04JN2K, BIOS 2.9.3 09/23/2020 [709732.358964] RIP: 0010:kernel_fpu_begin_mask+0xae/0xe0 [709732.358969] Code: ae 54 24 04 83 e3 01 75 38 48 8b 44 24 08 65 48 33 04 25 28 00 00 00 75 33 48 83 c4 10 5b c3 65 8a 05 5e 21 5e 76 84 c0 74 92 <0f> 0b eb 8e f0 80 4f 01 40 48 81 c7 00 14 00 00 e8 dd fb ff ff eb [709732.358972] RSP: 0018:ffffbb9700304740 EFLAGS: 00010202 [709732.358976] RAX: 0000000000000001 RBX: 0000000000000003 RCX: 0000000000000001 [709732.358979] RDX: ffffbb9700304970 RSI: ffff922fe1952e00 RDI: 0000000000000003 [709732.358981] RBP: ffffbb9700304970 R08: ffff922fc868a600 R09: ffff922fc711e462 [709732.358984] R10: 000000000000005f R11: ffff922ff0b27180 R12: ffffbb9700304960 [709732.358987] R13: ffffbb9700304b08 R14: ffff922fc664b6c8 R15: ffff922fc664b660 [709732.358990] FS: 0000000000000000(0000) GS:ffff92371fec0000(0000) knlGS:0000000000000000 [709732.358993] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [709732.358996] CR2: 0000557a6655bdd0 CR3: 000000026020a001 CR4: 00000000007706e0 [709732.358999] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [709732.359001] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [709732.359003] PKRU: 55555554 [709732.359005] Call Trace: [709732.359009] <IRQ> [709732.359035] nft_pipapo_avx2_lookup+0x4c/0x1cba [nf_tables] [709732.359046] ? sched_clock+0x5/0x10 [709732.359054] ? sched_clock_cpu+0xc/0xb0 [709732.359061] ? record_times+0x16/0x80 [709732.359068] ? plist_add+0xc1/0x100 [709732.359073] ? psi_group_change+0x47/0x230 [709732.359079] ? skb_clone+0x4d/0xb0 [709732.359085] ? enqueue_task_rt+0x22b/0x310 [709732.359098] ? bnxt_start_xmit+0x1e8/0xaf0 [bnxt_en] [709732.359102] ? packet_rcv+0x40/0x4a0 [709732.359121] nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359133] nft_do_chain+0x350/0x500 [nf_tables] [709732.359152] ? nft_lookup_eval+0x59/0x160 [nf_tables] [709732.359163] ? nft_do_chain+0x364/0x500 [nf_tables] [709732.359172] ? fib4_rule_action+0x6d/0x80 [709732.359178] ? fib_rules_lookup+0x107/0x250 [709732.359184] nft_nat_do_chain+0x8a/0xf2 [nft_chain_nat] [709732.359193] nf_nat_inet_fn+0xea/0x210 [nf_nat] [709732.359202] nf_nat_ipv4_out+0x14/0xa0 [nf_nat] [709732.359207] nf_hook_slow+0x44/0xc0 [709732.359214] ip_output+0xd2/0x100 [709732.359221] ? __ip_finish_output+0x210/0x210 [709732.359226] ip_forward+0x37d/0x4a0 [709732.359232] ? ip4_key_hashfn+0xb0/0xb0 [709732.359238] ip_subli ---truncated---

CVE ID : CVE-2021-47174
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/727a2b4fc951ee69847d4904d98961856ea9fbe6 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b1f45a26bd322525c14edd9504f6d46dfad679a4 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f0b3d338064e1fe7531f0d2977e35f3b334abfb4 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47175

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall action skbedit priority 0x10002 # ping 192.0.2.2 -I eth0 -c2 -w1 -q produces the following splat: BUG: KASAN: slab-out-of-bounds in fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] Read of size 4 at addr ffff888171306924 by task ping/942 CPU: 3 PID: 942 Comm: ping Not tainted 5.12.0+ #441 Hardware name: Red Hat KVM, BIOS 1.11.1-4.module+el8.1.0+4066+0f1aadab 04/01/2014 Call Trace: dump_stack+0x92/0xc1 print_address_description.constprop.7+0x1a/0x150 kasan_report.cold.13+0x7f/0x111 fq_pie_qdisc_enqueue+0x1314/0x19d0 [sch_fq_pie] __dev_queue_xmit+0x1034/0x2b10 ip_finish_output2+0xc62/0x2120 __ip_finish_output+0x553/0xea0 ip_output+0x1ca/0x4d0 ip_send_skb+0x37/0xa0 raw_sendmsg+0x1c4b/0x2d00 sock_sendmsg+0xdb/0x110 __sys_sendto+0x1d7/0x2b0 __x64_sys_sendto+0xdd/0x1b0 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae RIP: 0033:0x7fe69735c3eb Code: 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 f3 0f 1e fa 48 8d 05 75 42 2c 00 41 89 ca 8b 00 85 c0 75 14 b8 2c 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 75 c3 0f 1f 40 00 41 57 4d 89 c7 41 56 41 89 RSP: 002b:00007fff06d7fb38 EFLAGS: 00000246 ORIG_RAX: 000000000000002c RAX: ffffffffffffffda RBX: 000055e961413700 RCX: 00007fe69735c3eb RDX: 0000000000000040 RSI: 000055e961413700 RDI: 0000000000000003 RBP: 0000000000000040 R08: 000055e961410500 R09: 0000000000000010 R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff06d81260 R13: 00007fff06d7fb40 R14: 00007fff06d7fc30 R15: 000055e96140f0a0 Allocated by task 917: kasan_save_stack+0x19/0x40 __kasan_kmalloc+0x7f/0xa0 __kmalloc_node+0x139/0x280 fq_pie_init+0x555/0x8e8 [sch_fq_pie] qdisc_create+0x407/0x11b0 tc_modify_qdisc+0x3c2/0x17e0 rtnetlink_rcv_msg+0x346/0x8e0 netlink_rcv_skb+0x120/0x380 netlink_unicast+0x439/0x630 netlink_sendmsg+0x719/0xbf0 sock_sendmsg+0xe2/0x110 ____sys_sendmsg+0x5ba/0x890 ___sys_sendmsg+0xe9/0x160 __sys_sendmsg+0xd3/0x170 do_syscall_64+0x3c/0x80 entry_SYSCALL_64_after_hwframe+0x44/0xae The buggy address belongs to the object at ffff888171306800 which belongs to the cache kmalloc-256 of size 256 The buggy address is located 36 bytes to the right of 256-byte region [ffff888171306800, ffff888171306900) The buggy address belongs to the page: page:00000000bcfb624e refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x171306 head:00000000bcfb624e order:1 compound_mapcount:0 flags: 0x17ffffc0010200(slab|head|node=0|zone=2|lastcpupid=0x1fffff) raw: 0017ffffc0010200 dead000000000100 dead000000000122 ffff888100042b40 raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffff888171306800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffff888171306880: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc >ffff888171306900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ^ ffff888171306980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc ffff888171306a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fix fq_pie traffic path to avoid selecting 'q->flows + q->flows_cnt' as a valid flow: it's an address beyond the allocated memory.

CVE ID : CVE-2021-47175
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/7a1bdec12e43e29cc34a4394590337069d8812ce | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e6294c06e7c62ffdd5bf3df696d3a4fcbb753d3c | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e70f7a11876a1a788ceadf75e9e5f7af2c868680 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47176

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") renamed the verify_path function for ECKD but not for FBA and DIAG. This leads to a panic when the path verification function is called for a FBA or DIAG device. Fix by defining a wrapper function for dasd_generic_verify_path().

CVE ID : CVE-2021-47176
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/6a16810068e70959bc1df686424aa35ce05578f1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a16be88a3d7e5efcb59a15edea87a8bd369630c6 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/aa8579bc084673c651204f7cd0d6308a47dffc16 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/c0c8a8397fa8a74d04915f4d3d28cb4a5d401427 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47177

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors.

CVE ID : CVE-2021-47177
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/044bbe8b92ab4e542de7f6c93c88ea65cccd8e29 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/0ee74d5a48635c848c20f152d0d488bf84641304 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/22da9f4978381a99f1abaeaf6c9b83be6ab5ddd8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2ec5e9bb6b0560c90d315559c28a99723c80b996 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/ca466561eef36d1ec657673e3944eb6340bddb5b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f01134321d04f47c718bb41b799bcdeda27873d2 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47178

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Avoid smp_processor_id() in preemptible code The BUG message "BUG: using smp_processor_id() in preemptible [00000000] code" was observed for TCMU devices with kernel config DEBUG_PREEMPT. The message was observed when blktests block/005 was run on TCMU devices with fileio backend or user:zbc backend [1]. The commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper") triggered the symptom. The commit modified work queue to handle commands and changed 'current->nr_cpu_allowed' at smp_processor_id() call. The message was also observed at system shutdown when TCMU devices were not cleaned up [2]. The function smp_processor_id() was called in SCSI host work queue for abort handling, and triggered the BUG message. This symptom was observed regardless of the commit 1130b499b4a7 ("scsi: target: tcm_loop: Use LIO wq cmd submission helper"). To avoid the preemptible code check at smp_processor_id(), get CPU ID with raw_smp_processor_id() instead. The CPU ID is used for performance improvement then thread move to other CPU will not affect the code. [1] [ 56.468103] run blktests block/005 at 2021-05-12 14:16:38 [ 57.369473] check_preemption_disabled: 85 callbacks suppressed [ 57.369480] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1511 [ 57.369506] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1510 [ 57.369512] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1506 [ 57.369552] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369606] CPU: 4 PID: 1506 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.369613] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.369617] Call Trace: [ 57.369621] BUG: using smp_processor_id() in preemptible [00000000] code: fio/1507 [ 57.369628] dump_stack+0x6d/0x89 [ 57.369642] check_preemption_disabled+0xc8/0xd0 [ 57.369628] caller is __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369655] __target_init_cmd+0x157/0x170 [target_core_mod] [ 57.369695] target_init_cmd+0x76/0x90 [target_core_mod] [ 57.369732] tcm_loop_queuecommand+0x109/0x210 [tcm_loop] [ 57.369744] scsi_queue_rq+0x38e/0xc40 [ 57.369761] __blk_mq_try_issue_directly+0x109/0x1c0 [ 57.369779] blk_mq_try_issue_directly+0x43/0x90 [ 57.369790] blk_mq_submit_bio+0x4e5/0x5d0 [ 57.369812] submit_bio_noacct+0x46e/0x4e0 [ 57.369830] __blkdev_direct_IO_simple+0x1a3/0x2d0 [ 57.369859] ? set_init_blocksize.isra.0+0x60/0x60 [ 57.369880] generic_file_read_iter+0x89/0x160 [ 57.369898] blkdev_read_iter+0x44/0x60 [ 57.369906] new_sync_read+0x102/0x170 [ 57.369929] vfs_read+0xd4/0x160 [ 57.369941] __x64_sys_pread64+0x6e/0xa0 [ 57.369946] ? lockdep_hardirqs_on+0x79/0x100 [ 57.369958] do_syscall_64+0x3a/0x70 [ 57.369965] entry_SYSCALL_64_after_hwframe+0x44/0xae [ 57.369973] RIP: 0033:0x7f7ed4c1399f [ 57.369979] Code: 08 89 3c 24 48 89 4c 24 18 e8 7d f3 ff ff 4c 8b 54 24 18 48 8b 54 24 10 41 89 c0 48 8b 74 24 08 8b 3c 24 b8 11 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 04 24 e8 cd f3 ff ff 48 8b [ 57.369983] RSP: 002b:00007ffd7918c580 EFLAGS: 00000293 ORIG_RAX: 0000000000000011 [ 57.369990] RAX: ffffffffffffffda RBX: 00000000015b4540 RCX: 00007f7ed4c1399f [ 57.369993] RDX: 0000000000001000 RSI: 00000000015de000 RDI: 0000000000000009 [ 57.369996] RBP: 00000000015b4540 R08: 0000000000000000 R09: 0000000000000001 [ 57.369999] R10: 0000000000e5c000 R11: 0000000000000293 R12: 00007f7eb5269a70 [ 57.370002] R13: 0000000000000000 R14: 0000000000001000 R15: 00000000015b4568 [ 57.370031] CPU: 7 PID: 1507 Comm: fio Not tainted 5.13.0-rc1+ #34 [ 57.370036] Hardware name: System manufacturer System Product Name/PRIME Z270-A, BIOS 1302 03/15/2018 [ 57.370039] Call Trace: [ 57.370045] dump_stack+0x6d/0x89 [ 57.370056] ch ---truncated---

CVE ID : CVE-2021-47178
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/70ca3c57ff914113f681e657634f7fbfa68e1ad1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/a20b6eaf4f35046a429cde57bee7eb5f13d6857f | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47179

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_range argument. Unfortunately, pnfs_mark_matching_lsegs_return() doesn't check if we have a value here before dereferencing it, causing an oops. I'm able to hit this crash consistently when running connectathon basic tests on NFS v4.1/v4.2 against Ontap.

CVE ID : CVE-2021-47179
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/39785761feadf261bc5101372b0b0bbaf6a94494 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/42637ca25c7d7b5a92804a679af5192e8c1a9f48 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4e1ba532dbc1a0e19fc2458d74ab8d98680c4e42 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/aba3c7795f51717ae316f3566442dee7cc3eeccb | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b090d110e66636bca473fd8b98d5c97b555a965a | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/f9890652185b72b8de9ebeb4406037640b6e1b53 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67

Vulnerability ID : CVE-2021-47180

First published on : 25-03-2024 10:15:09
Last modified on : 25-03-2024 13:47:14

Description :
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xffff888111ea6800 (size 1024): comm "kworker/1:0", pid 19, jiffies 4294942308 (age 13.580s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 60 fd 0c 81 88 ff ff .........`...... 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ backtrace: [<000000004bc25d43>] kmalloc include/linux/slab.h:552 [inline] [<000000004bc25d43>] kzalloc include/linux/slab.h:682 [inline] [<000000004bc25d43>] nci_hci_allocate+0x21/0xd0 net/nfc/nci/hci.c:784 [<00000000c59cff92>] nci_allocate_device net/nfc/nci/core.c:1170 [inline] [<00000000c59cff92>] nci_allocate_device+0x10b/0x160 net/nfc/nci/core.c:1132 [<00000000006e0a8e>] nfcmrvl_nci_register_dev+0x10a/0x1c0 drivers/nfc/nfcmrvl/main.c:153 [<000000004da1b57e>] nfcmrvl_probe+0x223/0x290 drivers/nfc/nfcmrvl/usb.c:345 [<00000000d506aed9>] usb_probe_interface+0x177/0x370 drivers/usb/core/driver.c:396 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554 [<00000000f5009125>] driver_probe_device+0x84/0x100 drivers/base/dd.c:740 [<000000000ce658ca>] __device_attach_driver+0xee/0x110 drivers/base/dd.c:846 [<000000007067d05f>] bus_for_each_drv+0xb7/0x100 drivers/base/bus.c:431 [<00000000f8e13372>] __device_attach+0x122/0x250 drivers/base/dd.c:914 [<000000009cf68860>] bus_probe_device+0xc6/0xe0 drivers/base/bus.c:491 [<00000000359c965a>] device_add+0x5be/0xc30 drivers/base/core.c:3109 [<00000000086e4bd3>] usb_set_configuration+0x9d9/0xb90 drivers/usb/core/message.c:2164 [<00000000ca036872>] usb_generic_driver_probe+0x8c/0xc0 drivers/usb/core/generic.c:238 [<00000000d40d36f6>] usb_probe_device+0x5c/0x140 drivers/usb/core/driver.c:293 [<00000000bc632c92>] really_probe+0x159/0x4a0 drivers/base/dd.c:554

CVE ID : CVE-2021-47180
Source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
CVSS Score : /

References :
https://git.kernel.org/stable/c/0365701bc44e078682ee1224866a71897495c7ef | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/2c2fb2df46ea866b49fea5ec7112ec3cd4896c74 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/448a1cb12977f52142e6feb12022c59662d88dc1 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/4a621621c7af3cec21c47c349b30cd9c3cea11c8 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/65234f50a90b64b335cbb9164b8a98c2a0d031dd | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/af2a4426baf71163c0c354580ae98c7888a9aba7 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/b34cb7ac32cc8e5471dc773180ea9ae676b1a745 | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67
https://git.kernel.org/stable/c/e0652f8bb44d6294eeeac06d703185357f25d50b | source : 416baaa9-dc9f-4396-8d5f-8c081fb06d67