Spoofing

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hcidev-lock and socket lock Commit eab2404ba798 "Bluetooth: Add BTPHY socket option" added a dependency between socket lock and hcidev-lock that could lead to deadlock. It turns out that...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Free local data after use Fixes the following memory leak in dclinkconstruct: unreferenced object 0xffffa03e81471400 size 1024: comm "amdmoduleload", pid 2486, jiffies 4294946026 age 10.544s hex dump first 32...

Out-of-bounds

In the Linux kernel, the following vulnerability has been resolved: ataflop: potential out of bounds in doformat The function uses "type" as an array index: q = unitdrive.disktype-queue; Unfortunately the bounds check on "type" isn't done until later in the function. Fix this by moving the bounds...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: venus: core: Fix some resource leaks in the error path of 'venusprobe' If an error occurs after a successful 'oficcget' call, it must be undone. Use 'devmoficcget' instead of 'oficcget' to avoid the leak. Update the remove...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: iouring: fix overflows checks in provide buffers Colin reported before possible overflow and sign extension problems in ioprovidebuffersprep. As Linus pointed out previous attempt did nothing useful, see d81269fecb8ce "iouring: f...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix shift-out-of-bounds in loadbalance Syzbot reported a handful of occurrences where an sd-nrbalancefailed can grow to much higher values than one would expect. A successful loadbalance resets it to 0; a failed one...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: fix use-after-free in zynqmpqspiexecop When handling op-addr, it is using the buffer "tmpbuf" which has been freed. This will trigger a use-after-free KASAN warning. Let's use temporary variables to store...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi14processtransaction The hdcpi2coffsets array did not have an entry for HDCPMESSAGEIDWRITECONTENTSTREAMTYPE so it led to an off by one read overflow. I added an entry and copied the 0x0 valu...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dmamapsingle fails The spi controller supports 44-bit address space on AXI in DMA mode, so set dmaaddrt width to 44-bit to avoid using a swiotlb mapping. In addition, if dmamapsingle fails...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfcprepelsiocb It is possible to call lpfcissueelsplogi passing a did for which no matching ndlp is found. A call is then made to lpfcprepelsiocb with a null pointer to a lpfcnodelist...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in vmbusopen The "openinfo" variable is added to the &vmbusconnection.chnmsglist, but the error handling frees "openinfo" without removing it from the list. This will result in a use after free...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspipreparexferhardware pmruntimegetsync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix it by replacing it with...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mt76: mt7615: fix memory leak in mt7615coredumpwork Similar to the issue fixed in mt7921coredumpwork, fix a possible memory leak in mt7615coredumpwork routine...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: crypto: sa2ul - Fix memory leak of rxd There are two error return paths that are not freeing rxd and causing memory leaks. Fix these. Addresses-Coverity: "Resource leak"...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: crypto: sun8i-ss - Fix memory leak of pad It appears there are several failure return paths that don't seem to be free'ing pad. Fix these. Addresses-Coverity: "Resource leak"...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix port event handling on init For some reason there might be a crash during ports creation if port events are handling at the same time because fw may send initial port event with down state. The crash...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: fix wild memory access when clearing fragments while testing re-assembly/re-fragmentation using actct, it's possible to observe a crash like the following one: KASAN: maybe wild-memory-access in range...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: xiic: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in xiicxfer and xiici2cremove. However, pmruntimegetsync will increment the PM reference count even...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: imx-lpi2c: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in lpi2cimxmasterenable. However, pmruntimegetsync will increment the PM reference count even faile...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in these stm32f7i2cxx serious functions. However, pmruntimegetsync will increment the PM reference...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: sprd: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in sprdi2cmasterxfer and sprdi2cremove. However, pmruntimegetsync will increment the PM reference count...

Double free

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Fix use after free in atomispalloccssstatbufs The "s3abuf" is freed along with all the other items on the "asd-s3astats" list. It leads to a double free and a use after free...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: imx: fix reference leak when pmruntimegetsync fails In i2cimxxfer and i2cimxremove, the pm reference count is not expected to be incremented on return. However, pmruntimegetsync will increment pm reference count even failed...

Path traversal

In the Linux kernel, the following vulnerability has been resolved: media: next staging: media: atomisp: fix memory leak of object flash In the case where the call to lm3554platformdatafunc returns an error there is a memory leak on the error return path of object flash. Fix this by adding an err...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: cadence: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in functions cdnsi2cmasterxfer and cdnsregslave. However, pmruntimegetsync will increment pm usage...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: aspeed: fix clock handling logic Video engine uses eclk and vclk for its clock sources and its reset control is coupled with eclk so the current clock enabling sequence works like below. Enable eclk De-assert Video Engine...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: i2c: img-scb: fix reference leak when pmruntimegetsync fails The PM reference count is not expected to be incremented on return in functions imgi2cxfer and imgi2cinit. However, pmruntimegetsync will increment the PM reference cou...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in statechange sk callback We are not changing anything in the TCP connection state so we should not take a writelock but rather a read lock. This caused a deadlock when running nvmet-tcp and...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix possible NULL pointer dereference of resource The platformgetresourcebyname can return NULL which would be immediately dereferenced by resourcesize. Instead dereference it after validating the resource...

Sql injection

The Conversios – Google Analytics 4 GA4, Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the eesyncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions ...

Design/Logic Flaw

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

Server side request forgery (ssrf)

The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApiHtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to...

Cross site request forgery (csrf)

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

Design/Logic Flaw

ospfteparsete in ospfd/ospfte.c in FRRouting FRR through 9.1 allows remote attackers to cause a denial of service ospfd daemon crash via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field...

Directory traversal

Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "mediafolder" parameter in the URL, an attacker in this case, an administrator can navigate beyond the intended directory the 'media/' directory to access sensitive files in other parts of the application's file system...

Design/Logic Flaw

A user who is privileged already manager or admin can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack...

Memory corruption

A memory corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...

Heap overflow

A heap corruption vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...

Design/Logic Flaw

The SE menu contains information used by Lexmark to diagnose device errors. A vulnerability in one of the SE menu routines can be leveraged by an attacker to execute arbitrary code...

Buffer overflow

A buffer overflow vulnerability has been identified in PostScript interpreter in various Lexmark devices. The vulnerability can be leveraged by an attacker to execute arbitrary code...

Cross site scripting

IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 273333...

Code injection

Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing...

Unrestricted file upload

Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout...

Cross site scripting

A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim...

Design/Logic Flaw

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access...

Design/Logic Flaw

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access...

Path traversal

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...