4721 matches found
CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...
CVE-2024-9933 WatchTowerHQ <= 3.10.1 - Authentication Bypass to Administrator due to Missing Empty Value Check
The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.10.1. This is due to the 'watchtowerotatoken' default value is empty, and the not empty check is missing in the 'PasswordLessAccess::login' function. This makes it possible for...
PT-2024-39948 · WordPress · Watchtowerhq
Name of the Vulnerable Software and Affected Versions: WatchTowerHQ plugin for WordPress versions up to, and including, 3.9.6 Description: The issue is related to authentication bypass. This is due to the watchtower ota token default value being empty and the missing not empty check in the Passwo...
GHSA-HF59-7RWQ-785M In AshPostgres, empty, atomic, non-bulk actions, policy bypass for side-effects vulnerability.
Impact What kind of vulnerability is it? Who is impacted? In certain very specific situations, it was possible for the policies of an update action to be skipped. This occurred only on "empty" update actions no changing fields, and would allow their hooks side effects to be performed when they...
BELL-CVE-2024-47708
Bulletin has no description...
PT-2024-9137 · Unknown · Ashpostgres
Name of the Vulnerable Software and Affected Versions: AshPostgres versions 2.0.0 through 2.4.9 Description: The issue is related to the skipping of policies in update actions under specific conditions, allowing side effects to be triggered when they should not have been. This occurs only on...
CVE-2022-48996
In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs: fix wrong empty schemes assumption under online tuning in damonsysfssetschemes Commit da87878010e5 "mm/damon/sysfs: support online inputs update" made 'damonsysfssetschemes' to be called for running DAMON context,...
SUSE CVE-2024-50011
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
AZL-51242 CVE-2024-50035 affecting package kernel for versions less than 6.6.57.1-1
In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...
UBUNTU-CVE-2024-50035
In the Linux kernel, the following vulnerability has been resolved: ppp: fix pppasyncencode illegal access syzbot reported an issue in pppasyncencode 1 In this case, pppoesendmsg is called with a zero size. Then pppasyncencode is called with an empty skb. BUG: KMSAN: uninit-value in pppasyncencod...
CVE-2024-50011
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
DEBIAN-CVE-2024-50011
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
UBUNTU-CVE-2024-50011
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
CVE-2024-50011
CVE-2024-50011 is a Linux kernel vulnerability describing an ASoC: Intel soc-acpi-intel-rpl-match issue where an empty item is required in struct snd_soc_acpi_link_adr[]. The root cause is the absence of a links_num and the test !link->num_adr to end the loop in hda_sdw_machine_select(), which...
CVE-2024-50011 ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: soc-acpi-intel-rpl-match: add missing empty item There is no linksnum in struct sndsocacpimach , and we test !link-numadr as a condition to end the loop in hdasdwmachineselect. So an empty item in struct...
DEBIAN-CVE-2024-49904
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...
AZL-51554 CVE-2024-49904 affecting package kernel 5.15.200.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...
AZL-51413 CVE-2024-49904 affecting package kernel 6.6.126.1-1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...
UBUNTU-CVE-2024-49904
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: add list empty check to avoid null pointer issue Add list empty check to avoid null pointer issues in some corner cases. - listforeachentrysafe...
UBUNTU-CVE-2024-49876
In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix UAF around queue destruction We currently do stuff like queuing the final destruction step on a random system wq, which will outlive the driver instance. With bad timing we can teardown the driver with one or more wor...