CVE-2024-8439 - Rejected reason: Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that the issue does not pose a security risk as it falls within the expected functionality and security controls of the application.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8439
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45771 - RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the password parameter at /resource/runlogin.php.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45771
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44839 - RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the articleid parameter at /default/article.php.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44839
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44838 - RapidCMS v1.3.1 was discovered to contain a SQL injection vulnerability via the username parameter at /resource/runlogin.php.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44838
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44845 - DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the value parameter in the filter_string function.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44845
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44844 - DrayTek Vigor3900 v1.5.1.6 was discovered to contain an authenticated command injection vulnerability via the name parameter in the run_command function.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44844
Partager : LinkedIn / Twitter / Facebook
CVE-2024-34158 - Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-34158
Partager : LinkedIn / Twitter / Facebook
CVE-2024-34156 - Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion. This is a follow-up to CVE-2022-30635.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-34156
Partager : LinkedIn / Twitter / Facebook
CVE-2024-34155 - Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic due to stack exhaustion.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-34155
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7652 - An error in the ECMA-262 specification relating to Async Generators could have resulted in a type confusion, potentially leading to memory corruption and an exploitable crash. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7652
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8394 - When aborting the verification of an OTR chat session, an attacker could have caused a use-after-free bug leading to a potentially exploitable crash. This vulnerability affects Thunderbird < 128.2.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8394
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45295 - Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-45294. Reason: This candidate is a duplicate of CVE-2024-45294. Notes: All CVE users should reference CVE-2024-45294 instead of this candidate. This CVE was issued to a vulnerability that is dependent on CVE-2024-45294. According to rule 4.2.15 of the CVE CNA rules, "CNAs MUST NOT assign a different CVE ID to a Vulnerability that is fully interdependent with another Vulnerability. The Vulnerabilities are effectively the same single Vulnerability and MUST use one CVE ID."
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45295
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38642 - An improper certificate validation vulnerability has been reported to affect QuMagie. If exploited, the vulnerability could allow local network users to compromise the security of the system via unspecified vectors.
We have already fixed the vulnerability in the following version:
QuMagie 2.3.1 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38642
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38641 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network users to execute commands via unspecified vectors.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38641
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38640 - A cross-site scripting (XSS) vulnerability has been reported to affect Download Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Download Station 5.8.6.283 ( 2024/06/21 ) and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38640
Partager : LinkedIn / Twitter / Facebook
CVE-2024-32771 - An improper restriction of excessive authentication attempts vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local network authenticated administrators to perform an arbitrary number of authentication attempts via unspecified vectors.
QuTScloud is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2782 build 20240601 and later
QuTS hero h5.2.0.2782 build 20240601 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-32771
Partager : LinkedIn / Twitter / Facebook
CVE-2024-32763 - A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-32763
Partager : LinkedIn / Twitter / Facebook
CVE-2024-32762 - A cross-site scripting (XSS) vulnerability has been reported to affect QuLog Center. If exploited, the vulnerability could allow users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QuLog Center 1.8.0.872 ( 2024/06/17 ) and later
QuLog Center 1.7.0.827 ( 2024/06/17 ) and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-32762
Partager : LinkedIn / Twitter / Facebook
CVE-2024-27126 - A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
Notes Station 3 3.9.6 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-27126
Partager : LinkedIn / Twitter / Facebook
CVE-2024-27125 - A cross-site scripting (XSS) vulnerability has been reported to affect Helpdesk. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Helpdesk 3.3.1 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-27125
Partager : LinkedIn / Twitter / Facebook
CVE-2024-27122 - A cross-site scripting (XSS) vulnerability has been reported to affect Notes Station 3. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
Notes Station 3 3.9.6 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-27122
Partager : LinkedIn / Twitter / Facebook
CVE-2024-21906 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.8.2823 build 20240712 and later
QuTS hero h5.1.8.2823 build 20240712 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-21906
Partager : LinkedIn / Twitter / Facebook
CVE-2024-21904 - A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.7.2770 build 20240520 and later
QuTS hero h5.1.7.2770 build 20240520 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-21904
Partager : LinkedIn / Twitter / Facebook
CVE-2024-21903 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-21903
Partager : LinkedIn / Twitter / Facebook
CVE-2024-21898 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-21898
Partager : LinkedIn / Twitter / Facebook
CVE-2024-21897 - A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-21897
Partager : LinkedIn / Twitter / Facebook
CVE-2023-51368 - A NULL pointer dereference vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to launch a denial-of-service (DoS) attack via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-51368
Partager : LinkedIn / Twitter / Facebook
CVE-2023-51367 - A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-51367
Partager : LinkedIn / Twitter / Facebook
CVE-2023-51366 - A path traversal vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to read the contents of unexpected files and expose sensitive data via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-51366
Partager : LinkedIn / Twitter / Facebook
CVE-2023-50366 - A cross-site scripting (XSS) vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network.
We have already fixed the vulnerability in the following versions:
QTS 5.1.6.2722 build 20240402 and later
QuTS hero h5.1.6.2734 build 20240414 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-50366
Partager : LinkedIn / Twitter / Facebook
CVE-2023-50360 - A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.1 ( 2024/02/26 ) and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-50360
Partager : LinkedIn / Twitter / Facebook
CVE-2023-47563 - An OS command injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to execute commands via a network.
We have already fixed the vulnerability in the following version:
Video Station 5.8.2 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-47563
Partager : LinkedIn / Twitter / Facebook
CVE-2023-45038 - An improper authentication vulnerability has been reported to affect Music Station. If exploited, the vulnerability could allow users to compromise the security of the system via a network.
We have already fixed the vulnerability in the following version:
Music Station 5.4.0 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-45038
Partager : LinkedIn / Twitter / Facebook
CVE-2023-39300 - An OS command injection vulnerability has been reported to affect legacy QTS. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.3.6.2805 build 20240619 and later
QTS 4.3.4.2814 build 20240618 and later
QTS 4.3.3.2784 build 20240619 and later
QTS 4.2.6 build 20240618 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-39300
Partager : LinkedIn / Twitter / Facebook
CVE-2023-39298 - A missing authorization vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow local authenticated users to access data or perform actions that they should not be allowed to perform via unspecified vectors.
QuTScloud, is not affected.
We have already fixed the vulnerability in the following versions:
QTS 5.2.0.2737 build 20240417 and later
QuTS hero h5.2.0.2782 build 20240601 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-39298
Partager : LinkedIn / Twitter / Facebook
CVE-2023-34979 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2790 build 20240606 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-34979
Partager : LinkedIn / Twitter / Facebook
CVE-2023-34974 - An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute commands via a network.
QuTScloud, QVR, QES are not affected.
We have already fixed the vulnerability in the following versions:
QTS 4.5.4.2790 build 20240605 and later
QuTS hero h4.5.4.2626 build 20231225 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-34974
Partager : LinkedIn / Twitter / Facebook
CVE-2022-27592 - An unquoted search path or element vulnerability has been reported to affect QVR Smart Client. If exploited, the vulnerability could allow local authenticated administrators to execute unauthorized code or commands via unspecified vectors.
We have already fixed the vulnerability in the following version:
Windows 10 SP1, Windows 11, Mac OS, and Mac M1: QVR Smart Client 2.4.0.0570 and later
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2022-27592
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8517 - SPIP before 4.3.2, 4.2.16, and
4.1.18 is vulnerable to a command injection issue. A
remote and unauthenticated attacker can execute arbitrary operating system commands by sending a crafted multipart file upload HTTP request.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8517
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8509 - A vulnerability was found in Forklift Controller. There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value provides a 200 response with the requested information.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8509
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45758 - H2O.ai H2O through 3.46.0.4 allows attackers to arbitrarily set the JDBC URL, leading to deserialization attacks, file reads, and command execution. Exploitation can occur when an attacker has access to post to the ImportSQLTable URI with a JSON document containing a connection_url property with any typical JDBC Connection URL attack payload such as one that uses queryInterceptors.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45758
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45294 - The HL7 FHIR Core Artifacts repository provides the java core object handling code, with utilities (including validator), for the Fast Healthcare Interoperability Resources (FHIR) specification. Prior to version 6.3.23, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag could produce XML containing data from the host system. This impacts use cases where org.hl7.fhir.core is being used to within a host where external clients can submit XML. This issue has been patched in release 6.3.23. No known workarounds are available.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45294
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44408 - D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. The device allows unauthorized configuration file downloads, and the downloaded configuration files contain plaintext user passwords.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44408
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44402 - D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via msp_info.htm.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44402
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44401 - D-Link DI-8100G 17.12.20A1 is vulnerable to Command Injection via sub47A60C function in the upgrade_filter.asp file
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44401
Partager : LinkedIn / Twitter / Facebook
CVE-2024-25584 - Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be CR LF DOT CR LF. This causes Dovecot to convert single mail with LF DOT LF in middle, into two emails when relaying to SMTP. Dovecot will split mail with LF DOT LF into two mails. Upgrade to latest released version. No publicly available exploits are known.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-25584
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8428 - The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to change the email address of administrative user accounts which can then be leveraged to reset the administrative users password and gain access to their account.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8428
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7622 - The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. This makes it possible for authenticated attackers, with subscriber-level access and above, to send emails with arbitrary content to any individual through the vulnerable web server.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7622
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7611 - The Enter Addons – Ultimate Template Builder for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'tag' attribute of the Events Card widget in all versions up to, and including, 2.1.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7611
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7599 - The Advanced Sermons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘sermon_video_embed' parameter in all versions up to, and including, 3.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7599
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7493 - The WPCOM Member plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.5.2.1. This is due to the plugin allowing arbitrary data to be passed to wp_insert_user() during registration. This makes it possible for unauthenticated attackers to update their role to that of an administrator during registration.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7493
Partager : LinkedIn / Twitter / Facebook
CVE-2024-6445 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.This issue affects DataDiodeX: before v3.5.0.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6445
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44837 - A cross-site scripting (XSS) vulnerability in the component \bean\Manager.java of Drug v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the user parameter.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44837
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45405 - `gix-path` is a crate of the `gitoxide` project (an implementation of `git` written in Rust) dealing paths and their conversions. Prior to version 0.10.11, `gix-path` runs `git` to find the path of a configuration file associated with the `git` installation, but improperly resolves paths containing unusual or non-ASCII characters, in rare cases enabling a local attacker to inject configuration leading to code execution. Version 0.10.11 contains a patch for the issue.
In `gix_path::env`, the underlying implementation of the `installation_config` and `installation_config_prefix` functions calls `git config -l --show-origin` to find the path of a file to treat as belonging to the `git` installation. Affected versions of `gix-path` do not pass `-z`/`--null` to cause `git` to report literal paths. Instead, to cover the occasional case that `git` outputs a quoted path, they attempt to parse the path by stripping the quotation marks. The problem is that, when a path is quoted, it may change in substantial ways beyond the concatenation of quotation marks. If not reversed, these changes can result in another valid path that is not equivalent to the original.
On a single-user system, it is not possible to exploit this, unless `GIT_CONFIG_SYSTEM` and `GIT_CONFIG_GLOBAL` have been set to unusual values or Git has been installed in an unusual way. Such a scenario is not expected. Exploitation is unlikely even on a multi-user system, though it is plausible in some uncommon configurations or use cases. In general, exploitation is more likely to succeed if users are expected to install `git` themselves, and are likely to do so in predictable locations; locations where `git` is installed, whether due to usernames in their paths or otherwise, contain characters that `git` quotes by default in paths, such as non-English letters and accented letters; a custom `system`-scope configuration file is specified with the `GIT_CONFIG_SYSTEM` environment variable, and its path is in an unusual location or has strangely named components; or a `system`-scope configuration file is absent, empty, or suppressed by means other than `GIT_CONFIG_NOSYSTEM`. Currently, `gix-path` can treat a `global`-scope configuration file as belonging to the installation if no higher scope configuration file is available. This increases the likelihood of exploitation even on a system where `git` is installed system-wide in an ordinary way. However, exploitation is expected to be very difficult even under any combination of those factors.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45405
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45300 - alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, a race condition allows the user to bypass the limit on the number of promo codes and use the discount coupon multiple times. In "alf.io", an event organizer can apply price discounts by using promo codes to your events. The organizer can limit the number of promo codes that will be used for this, but the time-gap between checking the number of codes and restricting the use of the codes allows a threat actor to bypass the promo code limit. Version 2.0-M5 fixes this issue.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45300
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45299 - alf.io is an open source ticket reservation system for conferences, trade shows, workshops, and meetups. Prior to version 2.0-M5, the preloaded data as json is not escaped correctly, the administrator / event admin could break their own install by inserting non correctly escaped text. The Content-Security-Policy directive blocks any potential script execution. The administrator or event administrator can override the texts for customization purpose. The texts are not properly escaped. Version 2.0-M5 fixes this issue.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45299
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45040 - gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Prior to version 0.11.0, commitments to private witnesses in Groth16 as implemented break the zero-knowledge property. The vulnerability affects only Groth16 proofs with commitments. Notably, PLONK proofs are not affected. The vulnerability affects the zero-knowledge property of the proofs - in case the witness (secret or internal) values are small, then the attacker may be able to enumerate all possible choices to deduce the actual value. If the possible choices for the variables to be committed is large or there are many values committed, then it would be computationally infeasible to enumerate all valid choices. It doesn't affect the completeness/soundness of the proofs. The vulnerability has been fixed in version 0.11.0. The patch to fix the issue is to add additional randomized value to the list of committed value at proving time to mask the rest of the values which were committed. As a workaround, the user can manually commit to a randomized value.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45040
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45039 - gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized non-native multiplication, lookup checks etc. as random challenges, then it could impact the soundness of the whole circuit. However, using multiple commitments has been discouraged due to the additional cost to the verifier and it has not been supported in the recursive in-circuit Groth16 verifier and Solidity verifier. gnark's maintainers expect the impact of the issue be very small - only for the users who have implemented the native Groth16 verifier or are using it with multiple commitments. We do not have information of such users. The issue has been patched in version 0.11.0. As a workaround, users should follow gnark maintainers' recommendation to use only a single commitment and then derive in-circuit commitments as needed using the `std/multicommit` package.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45039
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44739 - Sourcecodester Simple Forum Website v1.0 has a SQL injection vulnerability in /php-sqlite-forum/?page=manage_user&id=.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44739
Partager : LinkedIn / Twitter / Facebook
CVE-2024-1744 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data.This issue affects Accord ORS: before 7.3.2.1.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-1744
Partager : LinkedIn / Twitter / Facebook
CVE-2023-52916 - In the Linux kernel, the following vulnerability has been resolved:
media: aspeed: Fix memory overwrite if timing is 1600x900
When capturing 1600x900, system could crash when system memory usage is
tight.
The way to reproduce this issue:
1. Use 1600x900 to display on host
2. Mount ISO through 'Virtual media' on OpenBMC's web
3. Run script as below on host to do sha continuously
#!/bin/bash
while [ [1] ];
do
find /media -type f -printf '"%h/%f"\n' | xargs sha256sum
done
4. Open KVM on OpenBMC's web
The size of macro block captured is 8x8. Therefore, we should make sure
the height of src-buf is 8 aligned to fix this issue.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-52916
Partager : LinkedIn / Twitter / Facebook
CVE-2023-52915 - In the Linux kernel, the following vulnerability has been resolved:
media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer
In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf
is null and msg[i].len is zero, former checks on msg[i].buf would be
passed. Malicious data finally reach af9035_i2c_master_xfer. If accessing
msg[i].buf[0] without sanity check, null ptr deref would happen.
We add check on msg[i].len to prevent crash.
Similar commit:
commit 0ed554fd769a
("media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer()")
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-52915
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8427 - The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings and forms.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8427
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8317 - The WP AdCenter – Ad Manager & Adsense Ads plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ad_alignment' attribute in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8317
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8292 - The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to privilege escalation/account takeover in all versions up to, and including, 16.26.8. This is due to to plugin not properly verifying a user's identity during new order creation. This makes it possible for unauthenticated attackers to supply any email through the user_email field and update the password for that user during new order creation. This requires the commerce addon to be enabled in order to exploit.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8292
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7349 - The LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes plugin for WordPress is vulnerable to blind SQL Injection via the 'order' parameter in all versions up to, and including, 7.7.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7349
Partager : LinkedIn / Twitter / Facebook
CVE-2024-6792 - The WP ULike WordPress plugin before 4.7.2.1 does not properly sanitize user display names when rendering on a public page.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6792
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45751 - tgt (aka Linux target framework) before 1.0.93 attempts to achieve entropy by calling rand without srand. The PRNG seed is always 1, and thus the sequence of challenges is always identical.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45751
Partager : LinkedIn / Twitter / Facebook
CVE-2024-39585 - Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x, contain(s) an Use of Hard-coded Password vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Client-side request forgery and Information disclosure.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-39585
Partager : LinkedIn / Twitter / Facebook
CVE-2024-38486 - Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to Command execution.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-38486
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8480 - The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. This makes it possible for authenticated attackers, with Contributor-level access and above, to exploit the 'sirv_upload_file_by_chunks_callback' function, which lacks proper file type validation, allowing attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8480
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8247 - The Newsletters plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 4.9.9.2. This is due to the plugin not restricting what user meta can be updated as screen options. This makes it possible for authenticated attackers, with subscriber-level access and above, to escalate their privileges to that of an administrator. Please note that this only affects users with access to edit/update screen options, which means an administrator would need to grant lower privilege users with access to the Sent & Draft Emails page of the plugin in order for this to be exploited.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8247
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7415 - The Remember Me Controls plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.0.1. This is due to the plugin allowing direct access to the bootstrap.php file which has display_errors on. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7415
Partager : LinkedIn / Twitter / Facebook
CVE-2024-40865 - The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual keyboard may be inferred from Persona.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-40865
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44082 - In OpenStack Ironic before 26.0.1 and ironic-python-agent before 9.13.1, there is a vulnerability in image processing, in which a crafted image could be used by an authenticated user to exploit undesired behaviors in qemu-img, including possible unauthorized access to potentially sensitive data. The affected/fixed version details are: Ironic: =22.0.0 =23.1.0 =25.0.0
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44082
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45400 - ckeditor-plugin-openlink is a plugin for the CKEditor JavaScript text editor that extends the context menu with a possibility to open a link in a new tab. A vulnerability in versions of the plugin prior to 1.0.7 allowed a user to execute JavaScript code by abusing the link href attribute. The fix is available starting with version 1.0.7.
06/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45400
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45589 - RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45589
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45176 - An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper input validation, the C-MOR web interface is vulnerable to reflected cross-site scripting (XSS) attacks. It was found out that different functions are prone to reflected cross-site scripting attacks due to insufficient user input validation.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45176
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45175 - An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Sensitive information is stored in cleartext. It was found out that sensitive information, for example login credentials of cameras, is stored in cleartext. Thus, an attacker with filesystem access, for example exploiting a path traversal attack, has access to the login data of all configured cameras, or the configured FTP server.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45175
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45171 - An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to upload dangerous files, for instance PHP code, to the C-MOR system. By analyzing the C-MOR web interface, it was found out that the upload functionality for backup files allows an authenticated user to upload arbitrary files. The only condition is that the filename contains a .cbkf string. Therefore, webshell.cbkf.php is considered a valid file name for the C-MOR web application. Uploaded files are stored within the directory "/srv/www/backups" on the C-MOR system, and can thus be accessed via the URL https:///backup/upload_. Due to broken access control, low-privileged authenticated users can also use this file upload functionality.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45171
Partager : LinkedIn / Twitter / Facebook
CVE-2024-42885 - SQL Injection vulnerability in ESAFENET CDG 5.6 and before allows an attacker to execute arbitrary code via the id parameter of the data.jsp page.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-42885
Partager : LinkedIn / Twitter / Facebook
CVE-2023-51712 - An issue was discovered in Trusted Firmware-M through 2.0.0. The lack of argument verification in the logging subsystem allows attackers to read sensitive data via the login function.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2023-51712
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8445 - The fix for CVE-2024-2199 in 389-ds-base was insufficient to cover all scenarios. In certain product versions, an authenticated user may cause a server crash while modifying `userPassword` using malformed input.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8445
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45178 - An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper user input validation, it is possible to download arbitrary files from the C-MOR system via a path traversal attack. It was found out that different functionalities are vulnerable to path traversal attacks, due to insufficient user input validation. For instance, the download functionality for backups provided by the script download-bkf.pml is vulnerable to a path traversal attack via the parameter bkf. This enables an authenticated user to download arbitrary files as Linux user www-data from the C-MOR system. Another path traversal attack is in the script show-movies.pml, which can be exploited via the parameter cam.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45178
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45173 - An issue was discovered in za-internet C-MOR Video Surveillance 5.2401. Due to improper privilege management concerning sudo privileges, C-MOR is vulnerable to a privilege escalation attack. The Linux user www-data running the C-MOR web interface can execute some OS commands as root via Sudo without having to enter the root password. These commands, for example, include cp, chown, and chmod, which enable an attacker to modify the system's sudoers file in order to execute all commands with root privileges. Thus, it is possible to escalate the limited privileges of the user www-data to root privileges.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-45173
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44587 - itsourcecode Alton Management System 1.0 is vulnerable to SQL Injection in /noncombo_save.php via the "menu" parameter.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-44587
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8463 - File upload restriction bypass vulnerability in PHPGurukul Job Portal 1.0, the exploitation of which could allow an authenticated user to execute an RCE via webshell.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8463
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8462 - A vulnerability was found in Windmill 1.380.0. It has been classified as problematic. Affected is an unknown function of the file backend/windmill-api/src/users.rs of the component HTTP Request Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. Upgrading to version 1.390.1 is able to address this issue. The patch is identified as acfe7786152f036f2476f93ab5536571514fa9e3. It is recommended to upgrade the affected component.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8462
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8461 - A vulnerability, which was classified as problematic, was found in D-Link DNS-320 2.02b01. This affects an unknown part of the file /cgi-bin/discovery.cgi of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8461
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7884 - When a canister method is called via ic_cdk::call* , a new Future CallFuture is created and can be awaited by the caller to get the execution result. Internally, the state of the Future is tracked and stored in a struct called CallFutureState. A bug in the polling implementation of the CallFuture allows multiple references to be held for this internal state and not all references were dropped before the Future is resolved. Since we have unaccounted references held, a copy of the internal state ended up being persisted in the canister's heap and thus causing a memory leak.
Impact Canisters built in Rust with ic_cdk and ic_cdk_timers are affected. If these canisters call a canister method, use timers or heartbeat, they will likely leak a small amount of memory on every such operation. In the worst case, this could lead to heap memory exhaustion triggered by an attacker. Motoko based canisters are not affected by the bug.
PatchesThe patch has been backported to all minor versions between >= 0.8.0,
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7884
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7605 - The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. This makes it possible for authenticated attackers, with Contributor-level access and above, to update plugin options, potentially disrupting the service.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-7605
Partager : LinkedIn / Twitter / Facebook
CVE-2022-4529 - The Security, Antivirus, Firewall – S.A.F plugin for WordPress is vulnerable to IP Address Spoofing in versions up to, and including, 2.3.5. This is due to insufficient restrictions on where the IP Address information is being retrieved for request logging and login restrictions. Attackers can supply the X-Forwarded-For header with with a different IP Address that will be logged and can be used to bypass settings that may have blocked out an IP address from logging in.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2022-4529
Partager : LinkedIn / Twitter / Facebook
CVE-2022-3556 - The Cab fare calculator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the vehicle title setting in versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with administrative privileges to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2022-3556
Partager : LinkedIn / Twitter / Facebook
CVE-2024-6929 - The Dynamic Featured Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘dfiFeatured' parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6929
Partager : LinkedIn / Twitter / Facebook
CVE-2024-6894 - The RD Station plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 5.3.2 due to insufficient input sanitization and output escaping of post metaboxes added by the plugin. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6894
Partager : LinkedIn / Twitter / Facebook
CVE-2024-6332 - The Booking for Appointments and Events Calendar – Amelia Premium and Lite plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the 'ameliaButtonCommand' function in all versions up to, and including, Premium 7.7 and Lite 1.2.3. This makes it possible for unauthenticated attackers to access employee calendar details, including Google Calendar OAuth tokens in the premium version.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6332
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8363 - The Share This Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's STI Buttons shortcode in all versions up to, and including, 2.02 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-8363
Partager : LinkedIn / Twitter / Facebook
CVE-2024-5309 - The Form Vibes – Database Manager for Forms plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the fv_export_csv, reset_settings, save_settings, save_columns_settings, get_analytics_data, get_event_logs_data, delete_submissions, and get_submissions functions in all versions up to, and including, 1.4.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform multiple unauthorized actions. NOTE: This vulnerability is partially fixed in version 1.4.12.
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-5309
Partager : LinkedIn / Twitter / Facebook
CVE-2024-6835 - The Ivory Search – WordPress Search Plugin plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 5.5.6 via the ajax_load_posts function. This makes it possible for unauthenticated attackers to extract text data from password-protected posts using the boolean-based attack on the AJAX search form
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6835
Partager : LinkedIn / Twitter / Facebook
CVE-2024-6846 - The Chatbot with ChatGPT WordPress plugin before 2.4.5 does not validate access on some REST routes, allowing for an unauthenticated user to purge error and chat logs
05/09/2024 | https://cve.nohackme.com/index.php?action=detail&id=CVE-2024-6846
Partager : LinkedIn / Twitter / Facebook
Les annonces ayant été modifiées dernièrement
CVE-2024-45307 - SudoBot, a Discord moderation bot, is vulnerable to privilege escalation and exploit of the `-config` command in versions prior to 9.26.7. Anyone is theoretically able to update any configuration of the bot and potentially gain control over the bot's settings. Every version of v9 before v9.26.7 is affected. Other versions (e.g. v8) are not affected. Users should upgrade to version 9.26.7 to receive a patch. A workaround would be to create a command permission overwrite in the Database. A SQL statement provided in the GitHub Security Advisor can be executed to create a overwrite that disallows users without `ManageGuild` permission to run the `-config` command. Run the SQL statement for every server the bot is in, and replace `` with the appropriate Guild ID each time.
07/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45307
Partager : LinkedIn / Twitter / Facebook
CVE-2024-42495 - Credentials to access device configuration were transmitted using an unencrypted protocol. These credentials would allow read-only access to network configuration information and terminal configuration data.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-42495
Partager : LinkedIn / Twitter / Facebook
CVE-2024-39278 - Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-39278
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8395 - FlyCASS CASS and KCM systems did not correctly filter SQL queries, which
made them vulnerable to attack by outside attackers with no
authentication.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8395
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45159 - An issue was discovered in Mbed TLS 3.x before 3.6.1. With TLS 1.3, when a server enables optional authentication of the client, if the client-provided certificate does not have appropriate values in if keyUsage or extKeyUsage extensions, then the return value of mbedtls_ssl_get_verify_result() would incorrectly have the MBEDTLS_X509_BADCERT_KEY_USAGE and MBEDTLS_X509_BADCERT_KEY_USAGE bits clear. As a result, an attacker that had a certificate valid for uses other than TLS client authentication would nonetheless be able to use it for TLS client authentication. Only TLS 1.3 servers were affected, and only with optional authentication (with required authentication, the handshake would be aborted with a fatal alert).
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45159
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45158 - An issue was discovered in Mbed TLS 3.6 before 3.6.1. A stack buffer overflow in mbedtls_ecdsa_der_to_raw() and mbedtls_ecdsa_raw_to_der() can occur when the bits parameter is larger than the largest supported curve. In some configurations with PSA disabled, all values of bits are affected. (This never happens in internal library calls, but can affect applications that call these functions directly.)
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45158
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45157 - An issue was discovered in Mbed TLS before 2.28.9 and 3.x before 3.6.1, in which the user-selected algorithm is not used. Unlike previously documented, enabling MBEDTLS_PSA_HMAC_DRBG_MD_TYPE does not cause the PSA subsystem to use HMAC_DRBG: it uses HMAC_DRBG only when MBEDTLS_PSA_CRYPTO_EXTERNAL_RNG and MBEDTLS_CTR_DRBG_C are disabled.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45157
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7591 - Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects:
* LoadMaster: 7.2.40.0 and above
* ECS: All versions
* Multi-Tenancy: 7.1.35.4 and above
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7591
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45401 - stripe-cli is a command-line tool for the payment processor Stripe. A vulnerability exists in stripe-cli starting in version 1.11.1 and prior to version 1.21.3 where a plugin package containing a manifest with a malformed plugin shortname installed using the --archive-url or --archive-path flags can overwrite arbitrary files. The update in version 1.21.3 addresses the path traversal vulnerability by removing the ability to install plugins from an archive URL or path. There has been no evidence of exploitation of this vulnerability.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45401
Partager : LinkedIn / Twitter / Facebook
CVE-2024-42491 - Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.24.3, 20.9.3, and 21.4.3 of Asterisk and versions 18.9-cert12 and 20.7-cert2 of certified-asterisk, if Asterisk attempts to send a SIP request to a URI whose host portion starts with `.1` or `[.1]`, and res_resolver_unbound is loaded, Asterisk will crash with a SEGV. To receive a patch, users should upgrade to one of the following versions: 18.24.3, 20.9.3, 21.4.3, certified-18.9-cert12, certified-20.7-cert2. Two workarounds are available. Disable res_resolver_unbound by setting `noload = res_resolver_unbound.so` in modules.conf, or set `rewrite_contact = yes` on all PJSIP endpoints. NOTE: This may not be appropriate for all Asterisk configurations.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-42491
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45392 - SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45392
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44728 - Sourcecodehero Event Management System 1.0 allows Stored Cross-Site Scripting via parameters Full Name, Address, Email, and contact# in /clientdetails/admin/regester.php.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44728
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44727 - Sourcecodehero Event Management System1.0 is vulnerable to SQL Injection via the parameter 'username' in /event/admin/login.php.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44727
Partager : LinkedIn / Twitter / Facebook
CVE-2024-24759 - MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 23.12.4.2, a threat actor can bypass the server-side request forgery protection on the whole website with DNS Rebinding. The vulnerability can also lead to denial of service. Version 23.12.4.2 contains a patch.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-24759
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45098 - IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45098
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45097 - IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user to bypass intended access restrictions and conduct resource modification.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45097
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45096 - IBM Aspera Faspex 5.0.0 through 5.0.9 could allow a user with access to the package to obtain sensitive information through a directory listing.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45096
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8473 - Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through user_email parameter in /jobportal/admin/login.php.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8473
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8472 - Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through multiple parameters in /jobportal/index.php.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8472
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8471 - Cross-Site Scripting (XSS) vulnerability, whereby user-controlled input is not sufficiently encrypted. Exploitation of this vulnerability could allow an attacker to retrieve the session details of an authenticated user through JOBID and USERNAME parameters in /jobportal/process.php.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8471
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8470 - SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/vacancy/controller.php, and retrieve all the information stored in it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8470
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8469 - SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/employee/index.php, and retrieve all the information stored in it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8469
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8468 - SQL injection vulnerability, by which an attacker could send a specially designed query through search parameter in /jobportal/index.php, and retrieve all the information stored in it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8468
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8467 - SQL injection vulnerability, by which an attacker could send a specially designed query through id parameter in /jobportal/admin/category/index.php, and retrieve all the information stored in it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8467
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8466 - SQL injection vulnerability, by which an attacker could send a specially designed query through CATEGORY parameter in /jobportal/admin/category/controller.php, and retrieve all the information stored in it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8466
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8465 - SQL injection vulnerability, by which an attacker could send a specially designed query through user_id parameter in /jobportal/admin/user/controller.php, and retrieve all the information stored in it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8465
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8464 - SQL injection vulnerability, by which an attacker could send a specially designed query through JOBREGID parameter in /jobportal/admin/applicants/controller.php, and retrieve all the information stored in it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8464
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8460 - A vulnerability, which was classified as problematic, has been found in D-Link DNS-320 2.02b01. Affected by this issue is some unknown functionality of the file /cgi-bin/widget_api.cgi of the component Web Management Interface. The manipulation of the argument getHD/getSer/getSys leads to information disclosure. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Vendor was contacted early and confirmed that the product is end-of-life. It should be retired and replaced.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8460
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7381 - The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes available on the target site.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7381
Partager : LinkedIn / Twitter / Facebook
CVE-2024-7380 - The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to create or delete WordPress menus.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-7380
Partager : LinkedIn / Twitter / Facebook
CVE-2024-5957 - This vulnerability allows unauthenticated remote attackers to bypass authentication and gain APIs access of the Manager.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5957
Partager : LinkedIn / Twitter / Facebook
CVE-2024-5956 - This vulnerability allows unauthenticated remote attackers to bypass authentication and gain partial data access to the vulnerable Trellix IPS Manager with garbage data in response mostly
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-5956
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45107 - Acrobat Reader versions 20.005.30636, 24.002.20964, 24.001.30123, 24.002.20991 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45107
Partager : LinkedIn / Twitter / Facebook
CVE-2024-8178 - The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it.
Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-8178
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45063 - The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.
Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45063
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45287 - A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45287
Partager : LinkedIn / Twitter / Facebook
CVE-2024-41928 - Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-41928
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45006 - In the Linux kernel, the following vulnerability has been resolved:
xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration
re-enumerating full-speed devices after a failed address device command
can trigger a NULL pointer dereference.
Full-speed devices may need to reconfigure the endpoint 0 Max Packet Size
value during enumeration. Usb core calls usb_ep0_reinit() in this case,
which ends up calling xhci_configure_endpoint().
On Panther point xHC the xhci_configure_endpoint() function will
additionally check and reserve bandwidth in software. Other hosts do
this in hardware
If xHC address device command fails then a new xhci_virt_device structure
is allocated as part of re-enabling the slot, but the bandwidth table
pointers are not set up properly here.
This triggers the NULL pointer dereference the next time usb_ep0_reinit()
is called and xhci_configure_endpoint() tries to check and reserve
bandwidth
[46710.713538] usb 3-1: new full-speed USB device number 5 using xhci_hcd
[46710.713699] usb 3-1: Device not responding to setup address.
[46710.917684] usb 3-1: Device not responding to setup address.
[46711.125536] usb 3-1: device not accepting address 5, error -71
[46711.125594] BUG: kernel NULL pointer dereference, address: 0000000000000008
[46711.125600] #PF: supervisor read access in kernel mode
[46711.125603] #PF: error_code(0x0000) - not-present page
[46711.125606] PGD 0 P4D 0
[46711.125610] Oops: Oops: 0000 [#1] PREEMPT SMP PTI
[46711.125615] CPU: 1 PID: 25760 Comm: kworker/1:2 Not tainted 6.10.3_2 #1
[46711.125620] Hardware name: Gigabyte Technology Co., Ltd.
[46711.125623] Workqueue: usb_hub_wq hub_event [usbcore]
[46711.125668] RIP: 0010:xhci_reserve_bandwidth (drivers/usb/host/xhci.c
Fix this by making sure bandwidth table pointers are set up correctly
after a failed address device command, and additionally by avoiding
checking for bandwidth in cases like this where no actual endpoints are
added or removed, i.e. only context for default control endpoint 0 is
evaluated.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45006
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45002 - In the Linux kernel, the following vulnerability has been resolved:
rtla/osnoise: Prevent NULL dereference in error handling
If the "tool->data" allocation fails then there is no need to call
osnoise_free_top() and, in fact, doing so will lead to a NULL dereference.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45002
Partager : LinkedIn / Twitter / Facebook
CVE-2024-45000 - In the Linux kernel, the following vulnerability has been resolved:
fs/netfs/fscache_cookie: add missing "n_accesses" check
This fixes a NULL pointer dereference bug due to a data race which
looks like this:
BUG: kernel NULL pointer dereference, address: 0000000000000008
#PF: supervisor read access in kernel mode
#PF: error_code(0x0000) - not-present page
PGD 0 P4D 0
Oops: 0000 [#1] SMP PTI
CPU: 33 PID: 16573 Comm: kworker/u97:799 Not tainted 6.8.7-cm4all1-hp+ #43
Hardware name: HP ProLiant DL380 Gen9/ProLiant DL380 Gen9, BIOS P89 10/17/2018
Workqueue: events_unbound netfs_rreq_write_to_cache_work
RIP: 0010:cachefiles_prepare_write+0x30/0xa0
Code: 57 41 56 45 89 ce 41 55 49 89 cd 41 54 49 89 d4 55 53 48 89 fb 48 83 ec 08 48 8b 47 08 48 83 7f 10 00 48 89 34 24 48 8b 68 20 8b 45 08 4c 8b 38 74 45 49 8b 7f 50 e8 4e a9 b0 ff 48 8b 73 10
RSP: 0018:ffffb4e78113bde0 EFLAGS: 00010286
RAX: ffff976126be6d10 RBX: ffff97615cdb8438 RCX: 0000000000020000
RDX: ffff97605e6c4c68 RSI: ffff97605e6c4c60 RDI: ffff97615cdb8438
RBP: 0000000000000000 R08: 0000000000278333 R09: 0000000000000001
R10: ffff97605e6c4600 R11: 0000000000000001 R12: ffff97605e6c4c68
R13: 0000000000020000 R14: 0000000000000001 R15: ffff976064fe2c00
FS: 0000000000000000(0000) GS:ffff9776dfd40000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000008 CR3: 000000005942c002 CR4: 00000000001706f0
Call Trace:
? __die+0x1f/0x70
? page_fault_oops+0x15d/0x440
? search_module_extables+0xe/0x40
? fixup_exception+0x22/0x2f0
? exc_page_fault+0x5f/0x100
? asm_exc_page_fault+0x22/0x30
? cachefiles_prepare_write+0x30/0xa0
netfs_rreq_write_to_cache_work+0x135/0x2e0
process_one_work+0x137/0x2c0
worker_thread+0x2e9/0x400
? __pfx_worker_thread+0x10/0x10
kthread+0xcc/0x100
? __pfx_kthread+0x10/0x10
ret_from_fork+0x30/0x50
? __pfx_kthread+0x10/0x10
ret_from_fork_asm+0x1b/0x30
Modules linked in:
CR2: 0000000000000008
---[ end trace 0000000000000000 ]---
This happened because fscache_cookie_state_machine() was slow and was
still running while another process invoked fscache_unuse_cookie();
this led to a fscache_cookie_lru_do_one() call, setting the
FSCACHE_COOKIE_DO_LRU_DISCARD flag, which was picked up by
fscache_cookie_state_machine(), withdrawing the cookie via
cachefiles_withdraw_cookie(), clearing cookie->cache_priv.
At the same time, yet another process invoked
cachefiles_prepare_write(), which found a NULL pointer in this code
line:
struct cachefiles_object *object = cachefiles_cres_object(cres);
The next line crashes, obviously:
struct cachefiles_cache *cache = object->volume->cache;
During cachefiles_prepare_write(), the "n_accesses" counter is
non-zero (via fscache_begin_operation()). The cookie must not be
withdrawn until it drops to zero.
The counter is checked by fscache_cookie_state_machine() before
switching to FSCACHE_COOKIE_STATE_RELINQUISHING and
FSCACHE_COOKIE_STATE_WITHDRAWING (in "case
FSCACHE_COOKIE_STATE_FAILED"), but not for
FSCACHE_COOKIE_STATE_LRU_DISCARDING ("case
FSCACHE_COOKIE_STATE_ACTIVE").
This patch adds the missing check. With a non-zero access counter,
the function returns and the next fscache_end_cookie_access() call
will queue another fscache_cookie_state_machine() call to handle the
still-pending FSCACHE_COOKIE_DO_LRU_DISCARD.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-45000
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44999 - In the Linux kernel, the following vulnerability has been resolved:
gtp: pull network headers in gtp_dev_xmit()
syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1]
We must make sure the IPv4 or Ipv6 header is pulled in skb->head
before accessing fields in them.
Use pskb_inet_may_pull() to fix this issue.
[1]
BUG: KMSAN: uninit-value in ipv6_pdp_find drivers/net/gtp.c:220 [inline]
BUG: KMSAN: uninit-value in gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]
BUG: KMSAN: uninit-value in gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281
ipv6_pdp_find drivers/net/gtp.c:220 [inline]
gtp_build_skb_ip6 drivers/net/gtp.c:1229 [inline]
gtp_dev_xmit+0x1424/0x2540 drivers/net/gtp.c:1281
__netdev_start_xmit include/linux/netdevice.h:4913 [inline]
netdev_start_xmit include/linux/netdevice.h:4922 [inline]
xmit_one net/core/dev.c:3580 [inline]
dev_hard_start_xmit+0x247/0xa20 net/core/dev.c:3596
__dev_queue_xmit+0x358c/0x5610 net/core/dev.c:4423
dev_queue_xmit include/linux/netdevice.h:3105 [inline]
packet_xmit+0x9c/0x6c0 net/packet/af_packet.c:276
packet_snd net/packet/af_packet.c:3145 [inline]
packet_sendmsg+0x90e3/0xa3a0 net/packet/af_packet.c:3177
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:745
__sys_sendto+0x685/0x830 net/socket.c:2204
__do_sys_sendto net/socket.c:2216 [inline]
__se_sys_sendto net/socket.c:2212 [inline]
__x64_sys_sendto+0x125/0x1d0 net/socket.c:2212
x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
Uninit was created at:
slab_post_alloc_hook mm/slub.c:3994 [inline]
slab_alloc_node mm/slub.c:4037 [inline]
kmem_cache_alloc_node_noprof+0x6bf/0xb80 mm/slub.c:4080
kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:583
__alloc_skb+0x363/0x7b0 net/core/skbuff.c:674
alloc_skb include/linux/skbuff.h:1320 [inline]
alloc_skb_with_frags+0xc8/0xbf0 net/core/skbuff.c:6526
sock_alloc_send_pskb+0xa81/0xbf0 net/core/sock.c:2815
packet_alloc_skb net/packet/af_packet.c:2994 [inline]
packet_snd net/packet/af_packet.c:3088 [inline]
packet_sendmsg+0x749c/0xa3a0 net/packet/af_packet.c:3177
sock_sendmsg_nosec net/socket.c:730 [inline]
__sock_sendmsg+0x30f/0x380 net/socket.c:745
__sys_sendto+0x685/0x830 net/socket.c:2204
__do_sys_sendto net/socket.c:2216 [inline]
__se_sys_sendto net/socket.c:2212 [inline]
__x64_sys_sendto+0x125/0x1d0 net/socket.c:2212
x64_sys_call+0x3799/0x3c10 arch/x86/include/generated/asm/syscalls_64.h:45
do_syscall_x64 arch/x86/entry/common.c:52 [inline]
do_syscall_64+0xcd/0x1e0 arch/x86/entry/common.c:83
entry_SYSCALL_64_after_hwframe+0x77/0x7f
CPU: 0 UID: 0 PID: 7115 Comm: syz.1.515 Not tainted 6.11.0-rc1-syzkaller-00043-g94ede2a3e913 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44999
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44998 - In the Linux kernel, the following vulnerability has been resolved:
atm: idt77252: prevent use after free in dequeue_rx()
We can't dereference "skb" after calling vcc->push() because the skb
is released.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44998
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44997 - In the Linux kernel, the following vulnerability has been resolved:
net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb()
When there are multiple ap interfaces on one band and with WED on,
turning the interface down will cause a kernel panic on MT798X.
Previously, cb_priv was freed in mtk_wed_setup_tc_block() without
marking NULL,and mtk_wed_setup_tc_block_cb() didn't check the value, too.
Assign NULL after free cb_priv in mtk_wed_setup_tc_block() and check NULL
in mtk_wed_setup_tc_block_cb().
----------
Unable to handle kernel paging request at virtual address 0072460bca32b4f5
Call trace:
mtk_wed_setup_tc_block_cb+0x4/0x38
0xffffffc0794084bc
tcf_block_playback_offloads+0x70/0x1e8
tcf_block_unbind+0x6c/0xc8
...
---------
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44997
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44995 - In the Linux kernel, the following vulnerability has been resolved:
net: hns3: fix a deadlock problem when config TC during resetting
When config TC during the reset process, may cause a deadlock, the flow is
as below:
pf reset start
?
?
......
setup tc ?
? ?
? DOWN: napi_disable()
napi_disable()(skip) ?
? ?
? ?
...... ......
? ?
? ?
napi_enable() ?
?
UINIT: netif_napi_del()
?
?
......
?
?
INIT: netif_napi_add()
?
?
...... global reset start
? ?
? ?
UP: napi_enable()(skip) ......
? ?
? ?
...... napi_disable()
In reset process, the driver will DOWN the port and then UINIT, in this
case, the setup tc process will UP the port before UINIT, so cause the
problem. Adds a DOWN process in UINIT to fix it.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44995
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44993 - In the Linux kernel, the following vulnerability has been resolved:
drm/v3d: Fix out-of-bounds read in `v3d_csd_job_run()`
When enabling UBSAN on Raspberry Pi 5, we get the following warning:
[ 387.894977] UBSAN: array-index-out-of-bounds in drivers/gpu/drm/v3d/v3d_sched.c:320:3
[ 387.903868] index 7 is out of range for type '__u32 [7]'
[ 387.909692] CPU: 0 PID: 1207 Comm: kworker/u16:2 Tainted: G WC 6.10.3-v8-16k-numa #151
[ 387.919166] Hardware name: Raspberry Pi 5 Model B Rev 1.0 (DT)
[ 387.925961] Workqueue: v3d_csd drm_sched_run_job_work [gpu_sched]
[ 387.932525] Call trace:
[ 387.935296] dump_backtrace+0x170/0x1b8
[ 387.939403] show_stack+0x20/0x38
[ 387.942907] dump_stack_lvl+0x90/0xd0
[ 387.946785] dump_stack+0x18/0x28
[ 387.950301] __ubsan_handle_out_of_bounds+0x98/0xd0
[ 387.955383] v3d_csd_job_run+0x3a8/0x438 [v3d]
[ 387.960707] drm_sched_run_job_work+0x520/0x6d0 [gpu_sched]
[ 387.966862] process_one_work+0x62c/0xb48
[ 387.971296] worker_thread+0x468/0x5b0
[ 387.975317] kthread+0x1c4/0x1e0
[ 387.978818] ret_from_fork+0x10/0x20
[ 387.983014] ---[ end trace ]---
This happens because the UAPI provides only seven configuration
registers and we are reading the eighth position of this u32 array.
Therefore, fix the out-of-bounds read in `v3d_csd_job_run()` by
accessing only seven positions on the '__u32 [7]' array. The eighth
register exists indeed on V3D 7.1, but it isn't currently used. That
being so, let's guarantee that it remains unused and add a note that it
could be set in a future patch.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44993
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44992 - In the Linux kernel, the following vulnerability has been resolved:
smb/client: avoid possible NULL dereference in cifs_free_subrequest()
Clang static checker (scan-build) warning:
cifsglob.h:line 890, column 3
Access to field 'ops' results in a dereference of a null pointer.
Commit 519be989717c ("cifs: Add a tracepoint to track credits involved in
R/W requests") adds a check for 'rdata->server', and let clang throw this
warning about NULL dereference.
When 'rdata->credits.value != 0 && rdata->server == NULL' happens,
add_credits_and_wake_if() will call rdata->server->ops->add_credits().
This will cause NULL dereference problem. Add a check for 'rdata->server'
to avoid NULL dereference.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44992
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44990 - In the Linux kernel, the following vulnerability has been resolved:
bonding: fix null pointer deref in bond_ipsec_offload_ok
We must check if there is an active slave before dereferencing the pointer.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44990
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44989 - In the Linux kernel, the following vulnerability has been resolved:
bonding: fix xfrm real_dev null pointer dereference
We shouldn't set real_dev to NULL because packets can be in transit and
xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume
real_dev is set.
Example trace:
kernel: BUG: unable to handle page fault for address: 0000000000001030
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: #PF: supervisor write access in kernel mode
kernel: #PF: error_code(0x0002) - not-present page
kernel: PGD 0 P4D 0
kernel: Oops: 0002 [#1] PREEMPT SMP
kernel: CPU: 4 PID: 2237 Comm: ping Not tainted 6.7.7+ #12
kernel: Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-2.fc40 04/01/2014
kernel: RIP: 0010:nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: Code: e0 0f 0b 48 83 7f 38 00 74 de 0f 0b 48 8b 47 08 48 8b 37 48 8b 78 40 e9 b2 e5 9a d7 66 90 0f 1f 44 00 00 48 8b 86 80 02 00 00 80 30 10 00 00 01 b8 01 00 00 00 c3 0f 1f 80 00 00 00 00 0f 1f
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: RSP: 0018:ffffabde81553b98 EFLAGS: 00010246
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel:
kernel: RAX: 0000000000000000 RBX: ffff9eb404e74900 RCX: ffff9eb403d97c60
kernel: RDX: ffffffffc090de10 RSI: ffff9eb404e74900 RDI: ffff9eb3c5de9e00
kernel: RBP: ffff9eb3c0a42000 R08: 0000000000000010 R09: 0000000000000014
kernel: R10: 7974203030303030 R11: 3030303030303030 R12: 0000000000000000
kernel: R13: ffff9eb3c5de9e00 R14: ffffabde81553cc8 R15: ffff9eb404c53000
kernel: FS: 00007f2a77a3ad00(0000) GS:ffff9eb43bd00000(0000) knlGS:0000000000000000
kernel: CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
kernel: CR2: 0000000000001030 CR3: 00000001122ab000 CR4: 0000000000350ef0
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: Call Trace:
kernel:
kernel: ? __die+0x1f/0x60
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: ? page_fault_oops+0x142/0x4c0
kernel: ? do_user_addr_fault+0x65/0x670
kernel: ? kvm_read_and_reset_apf_flags+0x3b/0x50
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: ? exc_page_fault+0x7b/0x180
kernel: ? asm_exc_page_fault+0x22/0x30
kernel: ? nsim_bpf_uninit+0x50/0x50 [netdevsim]
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: ? nsim_ipsec_offload_ok+0xc/0x20 [netdevsim]
kernel: bond0: (slave eni0np1): making interface the new active one
kernel: bond_ipsec_offload_ok+0x7b/0x90 [bonding]
kernel: xfrm_output+0x61/0x3b0
kernel: bond0: (slave eni0np1): bond_ipsec_add_sa_all: failed to add SA
kernel: ip_push_pending_frames+0x56/0x80
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44989
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44964 - In the Linux kernel, the following vulnerability has been resolved:
idpf: fix memory leaks and crashes while performing a soft reset
The second tagged commit introduced a UAF, as it removed restoring
q_vector->vport pointers after reinitializating the structures.
This is due to that all queue allocation functions are performed here
with the new temporary vport structure and those functions rewrite
the backpointers to the vport. Then, this new struct is freed and
the pointers start leading to nowhere.
But generally speaking, the current logic is very fragile. It claims
to be more reliable when the system is low on memory, but in fact, it
consumes two times more memory as at the moment of running this
function, there are two vports allocated with their queues and vectors.
Moreover, it claims to prevent the driver from running into "bad state",
but in fact, any error during the rebuild leaves the old vport in the
partially allocated state.
Finally, if the interface is down when the function is called, it always
allocates a new queue set, but when the user decides to enable the
interface later on, vport_open() allocates them once again, IOW there's
a clear memory leak here.
Just don't allocate a new queue set when performing a reset, that solves
crashes and memory leaks. Readd the old queue number and reopen the
interface on rollback - that solves limbo states when the device is left
disabled and/or without HW queues enabled.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44964
Partager : LinkedIn / Twitter / Facebook
CVE-2024-44957 - In the Linux kernel, the following vulnerability has been resolved:
xen: privcmd: Switch from mutex to spinlock for irqfds
irqfd_wakeup() gets EPOLLHUP, when it is called by
eventfd_release() by way of wake_up_poll(&ctx->wqh, EPOLLHUP), which
gets called under spin_lock_irqsave(). We can't use a mutex here as it
will lead to a deadlock.
Fix it by switching over to a spin lock.
06/09/2024 | https://nvd.nist.gov/vuln/detail/CVE-2024-44957
Partager : LinkedIn / Twitter / Facebook