Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1ispstop and rkisp1csidisable the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in the stop procedure. This is...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if its parent does no...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: restart beacon queue when hardware reset When a hardware reset is triggered, all registers are reset, so all queues are forced to stop in hardware interface. However, mac80211 will not automatically stop the queue. ...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: afunix: fix lockdep positive in skdiagdumpicons syzbot reported a lockdep splat 1. Blamed commit hinted about the possible lockdep violation, and code used unixstatelocknested in an attempt to silence lockdep. It is not sufficien...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating the priv-multicastlist in ipoibmcastjointask opens a window for ipoibmcastdevflush to remove the items while in the middle of iteration. If the mcast is...

Race condition

In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add mutex lock in control vblank irq Add a mutex lock to control vblank irq to synchronize vblank enable/disable operations happening from different threads to prevent race conditions while registering/unregistering...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its parent does not chan...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds Read in dtSearch Currently while searching for current page in the sorted entry table of the page there is a out of bound access. Added a bound check to fix the error. Dave: Set return code to -EIO...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: llc: call sockorphan at release time syzbot reported an interesting trace 1 caused by a stale sk-skwq pointer in a closed llc socket. In commit ff7b11aa481f "net: socket: set sock-sk to NULL after calling protoops::release" Eric...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: pdscore: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. 1 pdscadminqisr and the resulting work from queuework, i.e. pdscworkthread-pdscprocessadminq 2 pdscadminqpost...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uaf in jfsevictinode When the execution of diMountipimap fails, the object ipimap that has been released may be accessed in diFreeSpecial. Asynchronous ipimap release occurs when rcucore calls jfsfreenode. Therefore, whe...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: sysctl: Fix out of bounds access for empty sysctl registers When registering tables to the sysctl subsystem there is a check to see if header is a permanently empty directory used for mounts. This check evaluates the first elemen...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-fkuehlin 276 Not tainted...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diNewExt Syz report UBSAN: array-index-out-of-bounds in fs/jfs/jfsimap.c:2360:2 index -878706688 is out of range for type 'struct iagctl128' CPU: 1 PID: 5065 Comm: syz-executor282 Not tainted...

Cross site request forgery (csrf)

The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssafactoryreset function. This makes it...

Cross site scripting

The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'SassySocialShare' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such a...

Design/Logic Flaw

The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the totalordersections function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat...

Stack overflow

A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of...

Sql injection

Sourcecodester Lost and Found Information System's Version 1.0 is vulnerable to unauthenticated SQL Injection at "?page=items/view&id="...

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter at /customersupport/index.php?page=customerlist...

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the address parameter at /customersupport/index.php?page=newcustomer...

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the contact parameter at /customersupport/index.php?page=customerlist...

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the firstname parameter at /customersupport/index.php?page=customerlist...

Cross site scripting

A cross-site scripting XSS vulnerability in Customer Support System v1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the subject parameter at /customersupport/index.php?page=newticket...

Improper access control

An issue in Multilaser RE160V firmware v12.03.01.09pt and Multilaser RE163V firmware v12.03.01.10pt allows attackers to bypass the access control and gain complete access to the application via modifying a HTTP header...

Improper access control

An issue in Multilaser RE160 firmware v5.07.51ptMTL01 and v5.07.52ptMTL01 allows attackers to bypass the access control and gain complete access to the application via supplying a crafted cookie...

Improper access control

Multilaser RE160 v5.07.51ptMTL01 and v5.07.52ptMTL01, Multilaser RE160V v12.03.01.08pt and V12.03.01.09pt, and Multilaser RE163V v12.03.01.08pt allows attackers to bypass the access control and gain complete access to the application via supplying a crafted URL...

Design/Logic Flaw

TP-Link JetStream Smart Switch TL-SG2210P 5.0 Build 20211201 allows attackers to escalate privileges via modification of the 'tid' and 'usrlvl' values in GET requests...

Cross site request forgery (csrf)

Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request...

Buffer overflow

Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components...

Cross site scripting

OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users...

Cross site scripting

Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function...

Design/Logic Flaw

The ParseAddressList function incorrectly handles comments text within parentheses within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers...

Design/Logic Flaw

Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for...

Design/Logic Flaw

An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component...

Cross site scripting

Cross Site Scripting XSS vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components...

Design/Logic Flaw

An issue was discovered in the Archibus app 4.0.3 for iOS. There is an XSS vulnerability in the create work request feature of the maintenance module, via the description field. This allows an attacker to perform an action on behalf of the user, exfiltrate data, and so on...

Design/Logic Flaw

If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates...

Authorization

When following an HTTP redirect to a domain which is not a subdomain match or exact match of the initial domain, an http.Client does not forward sensitive headers such as "Authorization" or "Cookie". For example, a redirect from foo.com to www.foo.com will forward the Authorization header, but a...

Design/Logic Flaw

The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set...

Directory traversal

Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component...

Design/Logic Flaw

An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function...

Design/Logic Flaw

When parsing a multipart form either explicitly with Request.ParseMultipartForm or implicitly with Request.FormValue, Request.PostFormValue, or Request.FormFile, limits on the total size of the parsed form were not applied to the memory consumed while reading a single form line. This permits a...

Improper access control

Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator...

Design/Logic Flaw

Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The use...

Authentication flaw

Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable...

Input validation

Improper privilege management in Just-in-time JIT elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances...

Denial of service

An unauthenticated Denial-of-Service DoS vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service...

Information disclosure

Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKEAUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attacke...

Arbitrary file deletion

There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the...