CVE-2024-50165 bpf: Preserve param->string when parsing mount options

In the Linux kernel, the following vulnerability has been resolved: bpf: Preserve param-string when parsing mount options In bpfparseparam, keep the value of param-string intact so it can be freed later. Otherwise, the kmalloc area pointed to by param-string will be leaked as shown below:...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the failure to properly preserve param-string when parsing the mount option...

CVE-2024-52020

Netgear R8500 v1.0.2.160 was discovered to contain a command injection vulnerability in the wangateway parameter at wizfix2.cgi. This vulnerability allows attackers to execute arbitrary OS commands via a crafted request...

GHSA-J9WP-X5Q5-XH2F Funadmin Cross-site Scripting vulnerability

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

CVE-2024-48228

An issue was found in funadmin 5.0.2. The selectfiles method in \backend\controller\sys\Attachh.php directly stores the passed parameters and values into the param parameter without filtering, resulting in Cross Site Scripting XSS...

SUSE CVE-2024-47712

In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix potential RCU dereference issue in wilcparsejoinbssparam In the wilcparsejoinbssparam function, the TSF field of the ies structure is accessed after the RCU read-side critical section is unlocked. According to...

Malicious code in capi-param-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e4506a65382f9502c37e84c02f2a48ef665a903470e3c981ab60a5c8ef9f6d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-9438 Malicious code in capi-param-builder (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6e4506a65382f9502c37e84c02f2a48ef665a903470e3c981ab60a5c8ef9f6d5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-8942

Vulnerability in Scriptcase version 9.4.019 that consists of a Cross-Site Scripting XSS, due to the lack of input validation, affecting the “idformmsgtitle” parameter, among others. This vulnerability could allow a remote user to send a specially crafted URL to a victim and retrieve their...

PT-2024-13392 · Temenos · Temenos T24 Browser

Name of the Vulnerable Software and Affected Versions: Temenos T24 Browser version R19.40 Description: A reflected Cross-Site Scripting XSS issue was discovered, allowing a remote attacker to execute arbitrary JavaScript code. This is achieved via the skin parameter in the "about.jsp" and...

PT-2024-7569 · Ptzoptics · Ptzoptics Pt30X-Sdi/Ndi-Xx

Name of the Vulnerable Software and Affected Versions: PTZOptics PT30X-SDI/NDI-xx versions prior to 6.3.40 Description: The issue is related to insufficient authentication in PTZOptics cameras. When requests are sent without an HTTP Authorization header to the /cgi-bin/param.cgi endpoint, the...

VulnCheck KEV: CVE-2024-8956

PTZOptics PT30X-SDI/NDI cameras contain an insecure direct object reference IDOR vulnerability that allows a remote, attacker to bypass authentication for the /cgi-bin/param.cgi CGI script. If combined with CVE-2024-8957, this can lead to remote code execution as root...

SourceCodester Sentiment Based Movie Rating System SQL注入漏洞

SourceCodester Sentiment Based Movie Rating System is an open source movie rating system from SourceCodester. A SQL injection vulnerability exists in SourceCodester Sentiment Based Movie Rating System version 1.0, which originates from an unknown function in the user registration handler file...

CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

CVE-2024-5991

In function MatchDomainName, input param str is treated as a NULL terminated string despite being user provided and unchecked. Specifically, the function X509checkhost takes in a pointer and length to check against, with no requirements that it be NULL terminated. If a caller was attempting to do...

CVE-2023-6987

The String locator plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'sql-column' parameter in all versions up to, and including, 2.6.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary w...

CVE-2022-48921 sched/fair: Fix fault in reweight_entity

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweightentity Syzbot found a GPF in reweightentity. This has been bisected to commit 4ef0c5c6b5ba "kernel/sched: Fix schedfork access an invalid schedtaskgroup" There is a race between schedpostfork and...

OSV-2024-728 Negative-size-param in pdf_resize_resource_arrays

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=70967 Crash type: Negative-size-param Crash state: pdfresizeresourcearrays processcmaptext pdftextprocess...

CVE-2024-33015

Transient DOS while parsing SCAN RNR IE when bytes received from AP is such that the size of the last param of IE is less than neighbor report...