OpenAirInterface CN5G AMF 安全漏洞

OpenAirInterface CN5G AMF is an OpenAirInterface open source application. A security vulnerability exists in OpenAirInterface CN5G AMF v2.0.0 and earlier versions, which stems from the presence of a buffer overflow that allows an attacker to trigger a denial of service DoS by setting up a respons...

Kashipara E-learning Management System 安全漏洞

Kashipara E-learning Management System is a learning management system from Kashipara. A security vulnerability exists in Kashipara E-learning Management System version 1.0, which is caused by an SQL injection in the parameter unit...

Fedora 41 : caddy (2024-bd8fe42929)

The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-bd8fe42929 advisory. Automatic update for caddy-2.8.4-1.fc41. Changelog Fri Jul 5 2024 Carl George - 2.8.4-1 - Update to version 2.8.4 rhbz2278549 - Resolves...

The software for creating and running NVIDIA Container Toolkit containers, as well as the NVIDIA GPU Operator resource management software, are vulnerable to being exploited by attackers, allowing them to alter arbitrary data.

The vulnerability of software for creating and running NVIDIA Container Toolkit containers, as well as software for managing NVIDIA GPU resources, is related to the swapping of the zero pointer due to concurrent access to resources. Exploiting this vulnerability allows a remote attacker to modify...

CVE-2024-50829

A SQL Injection vulnerability was found in /admin/editsubject.php in kashipara E-learning Management System Project 1.0 via the unit parameter...

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...

CVE-2024-52268

Cross-site scripting vulnerability exists in VK All in One Expansion Unit versions prior to 9.100.1.0. If this vulnerability is exploited, an arbitrary script may be executed on the web browser of the user who is accessing the web site using the product...

CVE-2024-52268

The CVE-2024-52268 entry concerns the VK All in One Expansion Unit WordPress plugin. A stored cross-site scripting (CWE-79) vulnerability affects versions prior to 9.100.1.0, allowing an attacker to execute arbitrary JavaScript in a user’s browser when visiting a site using the vulnerable plugin....

JVN#05136799: WordPress Plugin "VK All in One Expansion Unit" vulnerable to cross-site scripting

"Custom Alert Content" of WordPress Plugin "VK All in One Expansion Unit" provided by Vektor,Inc. contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the web site using the product. Solution Update...

VK All in One Expansion Unit 跨站脚本漏洞

VK All in One Expansion Unit is a plugin from Vektor for extending and enhancing the functionality of a website, which provides several functional modules and tools to help webmasters easily add various features and functionality. A cross-site scripting vulnerability previously existed in VK All ...

PT-2024-34471 · Inovance · Inovance Hcplc Am402-Cpu1608Tptn +2

Name of the Vulnerable Software and Affected Versions: Inovance HCPLC AM401-CPU1608TPTN version 21.38.0.0 Inovance HCPLC AM402-CPU1608TPTN version 41.38.0.0 Inovance HCPLC AM403-CPU1608TN version 81.38.0.0 Description: A buffer overflow in the RecvSocketData function allows attackers to cause a...

CVE-2024-21949

Improper validation of user input in the NPU driver could allow an attacker to provide a buffer with unexpected size, potentially leading to system crash...

kernel: perf: hisi: Fix use-after-free when register pmu fails

In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhpstateremoveinstance to call uncore pmu offline callback, whi...

kernel: drm/ast: Fix soft lockup

CVE-2024-35952 describes an issue in the Linux kernel's AST graphics driver. The problem occurs in the astdpsetonoff function, where a lack of proper synchronization with the DisplayPort Microcontroller Unit DPMCU can result in an infinite loop. This can cause a "soft lockup" in the host system,...

kernel: nvdimm: Fix memleak of pmu attr_groups in unregister_nvdimm_pmu()

In the Linux kernel, the following vulnerability has been resolved: nvdimm: Fix memleak of pmu attrgroups in unregisternvdimmpmu Memory pointed by 'ndpmu-pmu.attrgroups' is allocated in function 'registernvdimmpmu' and is lost after 'kfreendpmu' call in function 'unregisternvdimmpmu'...

kernel: clk: imx: scu: use _safe list iterator to avoid a use after free

A use-after-free flaw was found in the Linux kernel's i.MX system control unit clock driver in the error cleanup path. A local user can trigger this issue during clock initialization failure scenarios on i.MX hardware with System Control Unit firmware, where the cleanup loop incorrectly uses a...

kernel: wifi: cfg80211: handle 2x996 RU allocation in cfg80211_calculate_bitrate_he()

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: handle 2x996 RU allocation in cfg80211calculatebitratehe Currently NL80211RATEINFOHERUALLOC2x996 is not handled in cfg80211calculatebitratehe, leading to below warning: kernel: invalid HE MCS: bw:6, ru:6 kernel:...

AMD NPU driver 安全漏洞

AMD NPU driver is a driver for an NPU module from UltraMicroelectronics AMD. A security vulnerability exists in AMD NPU driver that stems from incorrect input validation. An attacker exploiting the vulnerability could provide specially crafted pointers that could lead to arbitrary code execution...