1756-EN2TR Series A, B Security Vulnerabilities
CVE-2024-6195 itsourcecode Tailoring Management System orderadd.php sql injection
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The....
6.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-6195 itsourcecode Tailoring Management System orderadd.php sql injection
A vulnerability has been found in itsourcecode Tailoring Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file orderadd.php. The manipulation of the argument customer leads to sql injection. The attack can be launched remotely. The....
6.3CVSS
0.0004EPSS
x-power.gr Cross Site Scripting vulnerability OBB-3937018
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix out-of-bound access of qmi_invoke_handler() Currently, there is no terminator entry for ath12k_qmi_msg_handlers hence facing below KASAN warning, ==================================================================....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix potential glock use-after-free on unmount When a DLM lockspace is released and there ares still locks in that lockspace, DLM will unlock those locks automatically. Commit fb6791d100d1b started exploiting this behavior to....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a specific 4th endpoint,....
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper endpoints with their...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: Avoid address calculations via out of bounds array indexing Before request->channels[] can be used, request->n_channels must be set. Additionally, address calculations for memory after the "channels" array need...
7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: kunit: Fix kthread reference There is a race condition when a kthread finishes after the deadline and before the call to kthread_stop(), which may lead to use after...
6.9AI Score
0.0004EPSS
bax.tools Cross Site Scripting vulnerability OBB-3937017
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A proof-of-concept User-Defined Reflective Loader (UDRL) which aims to recreate, integrate, and enhance Cobalt Strike's evasion features! Contributors: Contributor | Twitter | Notable Contributions ---|---|--- Bobby Cooke | @0xBoku | Project original author and maintainer Santiago Pecin |...
7.5AI Score
catalogueofcurrencies.com Cross Site Scripting vulnerability OBB-3937016
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: IBM Analytics Content Hub is affected by security vulnerabilities
Summary Security Bulletin: IBM Analytics Content Hub is affected, but not classified as vulnerable, based on current information, to vulnerabilities in Open Source Software. IBM Analytics Content Hub has addressed the applicable CVEs by upgrading the vulnerable libraries. Vulnerability Details **.....
8CVSS
8.8AI Score
0.004EPSS
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.9AI Score
0.0004EPSS
Undertow's url-encoded request path information can be broken on ajp-listener
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
6.6AI Score
0.0004EPSS
CVE-2024-6194 itsourcecode Tailoring Management System editmeasurement.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Tailoring Management System 1.0. Affected is an unknown function of the file editmeasurement.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has...
6.3CVSS
0.0004EPSS
CVE-2024-6193 itsourcecode Vehicle Management System driverprofile.php sql injection
A vulnerability, which was classified as critical, has been found in itsourcecode Vehicle Management System 1.0. This issue affects some unknown processing of the file driverprofile.php. The manipulation of the argument driverid leads to sql injection. The attack may be initiated remotely. The...
7.3CVSS
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: r8169: Fix possible ring buffer corruption on fragmented Tx packets. An issue was found on the RTL8125b when transmitting small fragmented packets, whereby invalid entries were inserted into the transmit ring buffer, subsequently.....
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: net: ti: icssg_prueth: Fix NULL pointer dereference in prueth_probe() In the prueth_probe() function, if one of the calls to emac_phy_connect() fails due to of_phy_connect() returning NULL, then the subsequent call to...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free of timer for log writer thread Patch series "nilfs2: fix log writer related issues". This bug fix series covers three nilfs2 log writer-related issues, including a timer use-after-free issue and...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential hang in nilfs_detach_log_writer() Syzbot has reported a potential hang in nilfs_detach_log_writer() called during nilfs2 unmount. Analysis revealed that this is because nilfs_segctor_sync(), which...
6.9AI Score
0.0004EPSS
Malicious code in wordpress-theme-core (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (80d5f0fae64f9ea46cc8e1c401dac2109bdf35aedbca211a71890a83dec4722f) The OpenSSF Package Analysis project identified 'wordpress-theme-core' @ 0.0.1 (npm) as malicious. It is considered malicious because: The...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: epoll: be better about file lifetimes epoll can call out to vfs_poll() with a file pointer that may race with the last 'fput()'. That would make f_count go down to zero, and while the ep->mtx locking means that the resulting fil...
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for the packet is 3 bytes....
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rcu-tasks: Fix show_rcu_tasks_trace_gp_kthread buffer overflow There is a possibility of buffer overflow in show_rcu_tasks_trace_gp_kthread() if counters, passed to sprintf() are huge. Counter numbers, needed for this are...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: rcu: Fix buffer overflow in print_cpu_stall_info() The rcuc-starvation output from print_cpu_stall_info() might overflow the buffer if there is a huge difference in jiffies difference. The situation might seem improbable, but...
7.4AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: pcie: handle randbuf allocation failure The kzalloc() in brcmf_pcie_download_fw_nvram() will return null if the physical memory has run out. As a result, if we use get_random_bytes() to generate random bytes in the....
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: libbpf: Prevent null-pointer dereference when prog to load has no BTF In bpf_objec_load_prog(), there's no guarantee that obj->btf is non-NULL when passing it to btf__fd(), and this function does not perform any check before...
6.9AI Score
0.0004EPSS
castlerock.com Cross Site Scripting vulnerability OBB-3937013
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
0.0004EPSS
A vulnerability classified as critical has been found in itsourcecode Student Management System 1.0. This affects an unknown part of the file login.php of the component Login Page. The manipulation of the argument user leads to sql injection. It is possible to initiate the attack remotely. The...
7.3CVSS
7.6AI Score
0.0004EPSS
A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The...
7.3CVSS
0.0004EPSS
A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The...
7.3CVSS
7.6AI Score
0.0004EPSS
Summary IBM i is vulnerable to a privilege escalation due to a user without privilege being able to configure a physical file trigger in Db2 for IBM i as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described in the...
7.4CVSS
6.6AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Farm Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched...
7.3CVSS
0.0004EPSS
Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...
7.1CVSS
6.5AI Score
0.0004EPSS
A vulnerability was found in itsourcecode Farm Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql injection. The attack may be launched...
7.3CVSS
7.5AI Score
0.0004EPSS
Cross Site Scripting (XSS) vulnerability in Averta Master Slider allows Reflected XSS.This issue affects Master Slider: from n/a through...
7.1CVSS
0.0004EPSS
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
7.4AI Score
0.0004EPSS
A vulnerability was found in Undertow. URL-encoded request path information can be broken for concurrent requests on ajp-listener, causing the wrong path to be processed and resulting in a possible denial of...
7.5CVSS
0.0004EPSS
AIX is vulnerable to security restrictions bypass due to cURL libcurl (CVE-2024-0853)
IBM SECURITY ADVISORY First Issued: Thu Jun 20 15:10:42 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/curl_advisory5.asc Security Bulletin: AIX is vulnerable to security restrictions bypass due to cURL libcurl...
5.3CVSS
6.2AI Score
0.001EPSS
cepstral.com Cross Site Scripting vulnerability OBB-3937012
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Can an attacker execute arbitrary commands on a remote server just by sending JSON? Yes, if the running code contains unsafe deserialization vulnerabilities. But how is that possible? In this blog post, we’ll describe how unsafe deserialization vulnerabilities work and how you can detect them in...
8.5AI Score
CVE-2024-6192 itsourcecode Loan Management System Login Page login.php sql injection
A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The...
7.3CVSS
0.0004EPSS
CVE-2024-6192 itsourcecode Loan Management System Login Page login.php sql injection
A vulnerability classified as critical was found in itsourcecode Loan Management System 1.0. This vulnerability affects unknown code of the file login.php of the component Login Page. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The...
7.3CVSS
7.6AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix reference count leak issues of ax25_dev The ax25_addr_ax25dev() and ax25_dev_device_down() exist a reference count leak issue of the object "ax25_dev". Memory leak issue in ax25_addr_ax25dev(): The reference count of the....
6.9AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Fix a race between readers and resize checks The reader code in rb_get_reader_page() swaps a new reader page into the ring buffer by doing cmpxchg on old->list.prev->next to point it to the new page. Following th...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: ALSA: Fix deadlocks with kctl removals at disconnection In snd_card_disconnect(), we set card->shutdown flag at the beginning, call callbacks and do sync for card->power_ref_sleep waiters at the end. The callback may delete a...
7.1AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the xattr nodes aren't...
6.7AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdown using WRITE_ONC...
6.7AI Score
0.0004EPSS