Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memorysection-usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that ZONENORMAL ZONEDEVICE ZONENORMAL...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function dmaasyncdevicechannelregister can fail. In case of failure, chan-local is freed with freepercpu, and chan-local is nullified. When dmaasyncdeviceunregister is called...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pmicglinkaltmode: fix port sanity check The PMIC GLINK altmode driver currently supports at most two ports. Fix the incomplete port sanity check on notifications to avoid accessing and corrupting memory beyond the port...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drmmodepageflipioctl we proceed to unref the fb and then retry the whole thing from the top. But we forget to...

Code injection

The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the acceptqueue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: PM: sleep: Fix possible deadlocks in core system-wide PM code It is reported that in low-memory situations the system-wide resume core code deadlocks, because asyncscheduledev executes its argument function synchronously if it...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parsexferevent such that a callback given to client can potentially queu...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from raw to noinc regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent $00, followed by all the FIFO data without having to...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmbdesc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smcrun nginx smcrun wrk -t 16 -c 1000 -d -H 'Connection...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: mm: migrate: fix getting incorrect page mapping during page migration When running stress-ng testing, we found below kernel crash after a few hours: Unable to handle kernel NULL pointer dereference at virtual address...

Design/Logic Flaw

The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts...

Cross site scripting

The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfioapmdevfiltermatrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filteri...

Cross site request forgery (csrf)

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request...

Spoofing

The Login as User or Customer WordPress plugin through 3.8 does not prevent users to log in as any other user on the site...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned BUG There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info device...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: riscv: Fix module loading free order Reverse order of kfree calls to resolve use-after-free error...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbdnlpolicy Similar to a reported issue check the commit b33fb5b801c6 "net: qualcomm: rmnet: fix global oob in rmnetpolicy", my local fuzzer finds another global out-of-bounds read for policy...

Cross site scripting

The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpfxdpadjusttail and memory type is set to MEMTYPEXSKBUFFPOOL, null ptr dereference happens: 1136314.192256 BUG: kernel NULL pointer...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: mtk-jpeg: Fix use after free bug due to error path handling in mtkjpegdecdevicerun In mtkjpegprobe, &jpeg-jobtimeoutwork is bound with mtkjpegjobtimeoutwork. In mtkjpegdecdevicerun, if error happens in mtkjpegsetdecdst, it...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit smealloc early with existing storage When smealloc is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fi...

Code injection

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...

Out-of-bounds

In smpprocsecreq of smpact.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote proximal/adjacent information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Out-of-bounds

In attpbuildvaluecmd of attprotocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

Out-of-bounds

In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation...

Input validation

In accesssecureservicefromtempbond of btmsec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Heap overflow

In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Heap overflow

In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Out-of-bounds

In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution...

Design/Logic Flaw

In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitatio...

Design/Logic Flaw

In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Input validation

In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

Information disclosure

In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Information disclosure

In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

Out-of-bounds

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

Input validation

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

Out-of-bounds

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

Input validation

An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

Out-of-bounds

An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions...

Privilege escalation

Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 EOL allows local user to escalate privileges...

Design/Logic Flaw

An off-by-one error flaw was found in the udevListInterfacesByStatus function in libvirt when the number of interfaces exceeds the size of the names array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of...

Buffer overflow

Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.:Satera MF740C Series/Satera MF640C...

Default credentials

If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Default credentials

If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default...

Design/Logic Flaw

A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secretcoder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched...

Cross site request forgery (csrf)

A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclos...

Command injection

A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.85220230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be...