CVE-2024-41004 tracing: Build event generation tests only as modules

In the Linux kernel, the following vulnerability has been resolved: tracing: Build event generation tests only as modules The kprobes and synth event generation test modules add events and lock get a reference those event file reference in module init function, and unlock and delete it in module...

CVE-2024-38592

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate an extra slot in the ddpcomp array but mtkdrmcrtccreate never seemed to initialize it in the test case I ran. For me, this caused a late...

CVE-2024-38592 drm/mediatek: Init `ddp_comp` with devm_kcalloc()

In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Init ddpcomp with devmkcalloc In the case where connroutes is true we allocate an extra slot in the ddpcomp array but mtkdrmcrtccreate never seemed to initialize it in the test case I ran. For me, this caused a late...

UBUNTU-CVE-2024-26765

In the Linux kernel, the following vulnerability has been resolved: LoongArch: Disable IRQ before initfn for nonboot CPUs Disable IRQ before initfn for nonboot CPUs when hotplug, in order to silence such warnings and also avoid potential errors due to unexpected interrupts: WARNING: CPU: 1 PID: 0...

PT-2024-16751 · WordPress · Podlove Podcast Publisher

Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher plugin for WordPress versions prior to 4.0.12 Description: The issue arises from a missing capability check on the init download and init functions, allowing unauthorized access to data. This enables unauthenticated...

CVE-2024-22938

Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component...

Mozilla: Use-after-free in <code>nsDNSService</code>

The Mozilla Foundation Security Advisory describes this flaw as: A use-after-free was identified in the nsDNSService::Init. This issue appears to manifest rarely during start-up...

Yet Another Stars Rating < 3.4.4 - Missing Authorization via init

Description The Yet Another Stars Rating plugin for WordPress is vulnerable to unauthorized modification of data due to a missing check on the init function in versions up to, and including, 3.4.3. This makes it possible for unauthenticated attackers to vote on private or nonexistent posts...

Google Pixel Buffer Error Vulnerability

Google Pixel is a smartphone from Google, Inc. in the United States. A security vulnerability exists in Google Pixel, which stems from a missing boundary check issue in Init of protocolembmsadapter.cpp, which may result in out-of-bounds reads...

PT-2023-25237 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to a possible out of bounds read in the ProtocolEmbmsGlobalCellIdAdapter::Init function of protocolembmsadapter.cpp due to a missing bounds check. This could lead to...

GHSA-VP4F-WXGW-7X8X Improper Neutralization of Script in Attributes in @dcl/single-sign-on-client

Impact Improper input validation in the init function allows arbitrary javascript to be executed using the javascript: prefix ts SSO.init'javascript:alert"javascript successfully injected"' Patches This vulnerability was patched on version 0.1.0 Workarounds This vulnerability can be prevented if...

CVE-2023-3640 Kernel: x86/mm: a per-cpu entry area leak was identified through the init_cea_offsets function when prefetchnta and prefetcht2 instructions being used for the per-cpu entry area mapping to the user space

A possible unauthorized memory access flaw was found in the Linux kernel's cpuentryarea mapping of X86 CPU data to memory, where a user may guess the location of exception stacks or other important data. Based on the previous CVE-2023-0597, the 'Randomize per-cpu entry area' feature was implement...

Potential token duplication validation bypass

Lines of code Vulnerability details Impact Potential token duplication validation bypass Proof of Concept The loop statement in init function will check if there is duplicated token for a Well. function initstring memory name, string memory symbol public initializer ERC20Permitinitname;...

kernel: net: ipv6: unexport __init-annotated seg6_hmac_init()

In the Linux kernel, the following vulnerability has been resolved: net: ipv6: unexport init-annotated seg6hmacinit EXPORTSYMBOL and init is a bad combination because the .init.text section is freed up after the initialization. Hence, modules cannot use symbols annotated init. The access to a fre...

PT-2023-10253 · Openseamap · Openseamap Online Chart

Name of the Vulnerable Software and Affected Versions: OpenSeaMap online chart version 1.2 Description: A vulnerability was found in the function init of the file index.php. The manipulation of the argument mtext leads to cross site scripting. It is possible to launch the attack remotely...

PT-2023-33100 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.13 Description: A memory leak was discovered in the ipc mux init function. The issue was introduced in version v5.18 and is fixed in Linux Kernel version v6.0.13. Recommendations: For Linux Kernel versions...

PT-2023-34174 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to a WARNING in the ipr init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.86,...

PT-2023-10192 · Webdevstudios · Taxonomy-Switcher Plugin

Name of the Vulnerable Software and Affected Versions: WebDevStudios taxonomy-switcher Plugin versions up to 1.0.3 Description: A problematic issue was found in the WebDevStudios taxonomy-switcher Plugin, affecting the taxonomy switcher init function of the file taxonomy-switcher.php. This issue...

WordPress plugin WP Shamsi 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-35969 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.10 Description: The issue is related to a possible memory leak in the iio sysfs trig init function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel...