213680 matches found
Spoofing
In the Linux kernel, the following vulnerability has been resolved: sched: Fix out-of-bound access in uclamp Util-clamp places tasks in different buckets based on their clamp values for performance reasons. However, the size of buckets is currently computed using a rounding division, which can le...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: iouring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in ioprovidebuffersprep. As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce "iouring: f...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in these stm32f7i2cxx serious functions. However, pmruntimegetsync will increment the PM reference...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix tx skb dma unmap The first pointer in the txp needs to be unmapped as well, otherwise it will leak DMA mapping entries...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615coredumpwork Similar to the issue fixed in mt7921coredumpwork, fix a possible memory leak in mt7615coredumpwork routine...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspipreparexferhardware pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix memory leak on object td Two error return paths are neglecting to free allocated object td, causing a memory leak. Fix this by returning via the error return path that securely kfree's td. Fixes clang scan-buil...
Cross site request forgery (csrf)
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7915: fix txrate reporting Properly check rateinfo to fix unexpected reporting. 1215.161863 Call trace: 1215.164307 cfg80211calculatebitrate+0x124/0x200 cfg80211 1215.170139 ieee80211supdatemetric+0x80/0xc0 mac80211...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venusprobe' If an error occurs after a successful 'oficcget' call, it must be undone. Use 'devmoficcget' instead of 'oficcget' to avoid the leak. Update the remove...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock when cloning inline extents and using qgroups There are a few exceptional cases where cloning an inline extent needs to copy the inline extent data into a page of the destination inode. When this happens, we e...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix panic during f2fsresizefs f2fsresizefs hangs in below callstack with testcase: - mkfs 16GB image & mount image - dd 8GB fileA - dd 8GB fileB - sync - rm fileA - sync - resize filesystem to 8GB kernel BUG at...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to avoid touching checkpointed data in getvictim In CP disabling mode, there are two issues when using LFS or SSR | ATSSR mode to select victim: 1. LFS is set to find source section during GC, the victim should have no...
Double free
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomispalloccssstatbufs The "s3abuf" is freed along with all the other items on the "asd-s3astats" list. It leads to a double free and a use after free...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in xiicxfer and xiici2cremove. However, pmruntimegetsync will increment the PM reference count even...
Cross site request forgery (csrf)
The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...
Cross site scripting
The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level acce...
Improper access control
Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within ...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seem to be free'ing pad. Fix these. Addresses-Coverity: "Resource leak"...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Free gadget structure only after freeing endpoints As part of commit e81a7018d93a "usb: dwc3: allocate gadget structure dynamically" the dwc3gadgetrelease was added which will free the dwc-gadget structure upon...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: crypto: sa2ul - Fix memory leak of rxd There are two error return paths that are not freeing rxd and causing memory leaks. Fix these. Addresses-Coverity: "Resource leak"...
Out-of-bounds
In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in doformat The function uses "type" as an array index: q = unitdrive.disktype-queue; Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ARM: 9064/1: hwbreakpoint: Do not directly check the event's overflowhandler hook The commit 1879445dfa7b "perf/core: Set event's default ::overflowhandler" set a default event-overflowhandler in perfeventalloc, and replace the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix crash in autoretire The retire logic uses the 2 lower bits of the pointer to the retire function to store flags. However, the autoretire function is not guaranteed to be aligned to a multiple of 4, which causes...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: mt76: mt7921: fix memory leak in mt7921coredumpwork Fix possible memory leak in mt7921coredumpwork...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: ACPI: scan: Fix a memory leak in an error handling path If 'acpidevicesetname' fails, we must free 'acpidevicebusid-busid' or there is a potential memory leak...
Design/Logic Flaw
In the Linux kernel, the following vulnerability has been resolved: sctp: do asoc update earlier in sctpsfdodupcooka There's a panic that occurs in a few of envs, the call trace is as below: general protection fault, ... 0x29acd70f1000a: 0000 1 SMP PTI RIP:...
Sql injection
The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cartcontents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes ...
Null pointer dereference
In the Linux kernel, the following vulnerability has been resolved: nvmet-rdma: Fix NULL deref when SEND is completed with error When running some traffic and taking down the link on peer, a retry counter exceeded error is received. This leads to nvmetrdmaerrorcomp which tried accessing the...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode leak on getattr error in fhtodentry...
Server side request forgery (ssrf)
The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...
Design/Logic Flaw
ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...
Design/Logic Flaw
The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...
Cross site request forgery (csrf)
The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...
Directory traversal
Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...
Design/Logic Flaw
A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack...
Heap overflow
A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...
Design/Logic Flaw
The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code...
Memory corruption
A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...
Buffer overflow
A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...
Cross site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333...
Unrestricted file upload
Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout...
Code injection
Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing...
Cross site scripting
A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim...
Design/Logic Flaw
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access...
Design/Logic Flaw
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access...
Design/Logic Flaw
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
Design/Logic Flaw
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
Design/Logic Flaw
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
Design/Logic Flaw
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...