CVE-2024-2506

The Popup Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting (XSS) via the plugin’s Custom JS functionality in all versions up to 4.2.7, due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation requires at least Contributor-level ...

CVE-2024-35357

Diño Physics School Assistant version 2.3 contains a SQL injection vulnerability in the delete_item path. The issue arises from unvalidated input passed through /classes/Master.php?f=delete_item with the id parameter, enabling SQL injection (public details confirm CVE-2024-35357 with a base score...

CVE-2024-36933 nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().

In the Linux kernel, the following vulnerability has been resolved: nsh: Restore skb-protocol,data,macheader for outer header in nshgsosegment. syzbot triggered various splats see 0 and links by a crafted GSO packet of VIRTIONETHDRGSOUDP layering the following protocols: ETHP8021AD + ETHPNSH +...

CVE-2024-36112

CVE-2024-36112 affects Nautobot: in 1.3.0–1.6.22 and 2.0.0–2.2.4, listing members of Dynamic Groups via the UI or API does not enforce member-object permissions, enabling a user with extras.view_dynamicgroup to see all Group members regardless of dcim.view_device. Fixed in Nautobot 1.6.23 and 2.2...

CVE-2024-5433

The CVE-2024-5433 vulnerability affects Campbell Scientific CSI Web Server (and RTMC Pro) and is caused by a path traversal flaw in a command that returns the most recent file matching a given expression. Versions 1.6 and earlier of the CSI Web Server (and RTMC Pro 5.x/4.x) are affected. An attac...

CVE-2024-33801

Affects: Campcodes Complete Web-Based School Management System v1.0. Vulnerable component: /model/get_subject_routing.php. Root cause: SQL injection via the id parameter that allows arbitrary SQL execution. Impact (per sources): high confidentiality, integrity, and availability implications; over...

CVE-2024-35324

CVE-2024-35324 affects Douchat 4.0.5 and is described as an arbitrary file upload vulnerability via the endpoint Public/Plugins/webuploader/server/preview.php. The CVSSv3.1 base score is 9.8 (CRITICAL) with network attack vector, no privileges required, no user interaction, and impacts to confide...

CVE-2024-24684

libigl v2.5.0 readOFF contains multiple stack-based buffer overflows in header parsing. A 1000-byte fixed-size header buffer and a unsafe fscanf on the header and on comment lines can overflow when processing specially crafted .off files, enabling potential memory corruption. Connected reports (T...

CVE-2024-5410

CVE-2024-5410 affects ORing IAP-420 web-interface (version 2.01e and earlier). The stored XSS vulnerability can be triggered by injecting JavaScript into the SSID input field, and the filename parameter in a configuration file upload is prone to command injection, potentially giving an attacker c...

libigl readOFF stack-based buffer overflow vulnerabilities

Talos Vulnerability Report TALOS-2023-1784 libigl readOFF stack-based buffer overflow vulnerabilities May 28, 2024 CVE Number CVE-2023-35950,CVE-2023-35953,CVE-2023-35952,CVE-2023-35951,CVE-2023-35949 SUMMARY Multiple stack-based buffer overflow vulnerabilities exist in the readOFF.cpp...

CVE-2021-47572

In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled !CONFIGIPV6 we'll hit a NULL pointer dereference1 in the error path of nhcreateipv6 due to calling...

CVE-2021-47549

CVE-2021-47549 affects the Linux kernel via the sata_fsl driver. The documented issue is a use-after-free (UAF) in sata_fsl_port_stop triggered during rmmod sata_fsl.ko on PPC64 GNU/Linux, where after port_stop is invoked, an ioread32 on hcr_base leads to a kernel OOPS and potential memory access...

CVE-2021-47448

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix possible stall on recvmsg recvmsg can enter an infinite loop if the caller provides the MSGWAITALL, the data present in the receive queue is not sufficient to fulfill the request, and no more data is received by the...

CentOS 8 : python3 (CESA-2024:3347)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:3347 advisory. - An issue was found in the CPython tempfile.TemporaryDirectory class affecting versions 3.12.1, 3.11.7, 3.10.13, 3.9.18, and 3.8.18 and prior. The...

CentOS 8 : resource-agents (CESA-2024:2952)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2024:2952 advisory. - urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't remove the HTTP request body when an HTTP redirect response...

CVE-2023-52772

In the Linux kernel, the following vulnerability has been resolved: afunix: fix use-after-free in unixstreamreadactor syzbot reported the following crash 1 After releasing unix socket lock, u-oobskb can be changed by another thread. We must temporarily increase skb refcount to make sure this othe...

CVE-2023-52822

...

CVE-2023-52737 btrfs: lock the inode in shared mode before starting fiemap

In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock VFS lock, it only locks a file range in the inode's io tree. This however can lead to a deadlock if we have a concurrent...

CVE-2021-47428

In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the GENCOMMONBODY macro for the normal path after it had finished, rather than jumping over it. By a small...

CVE-2021-47379

In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix UAF by grabbing blkcg lock before destroying blkg pd KASAN reports a use-after-free report when doing fuzz test: 693354.104835 ================================================================== 693354.105094 BUG:...