Design/Logic Flaw

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

Cross site scripting

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script...

Cross site scripting

Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field...

Path traversal

Any user can delete an arbitrary folder recursively on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization...

Sql injection

SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: core: Fix invalid error returning in mhiqueue mhiqueue returns an error when the doorbell is not accessible in the current state. This can happen when the device is in non M0 state, like M3, and needs to be waken-up pri...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix unconditional securitylockeddown call Currently, the lockdown state is queried unconditionally, even though its result is used only if the PERFSAMPLEREGSINTR bit is set in attr.sampletype. While that doesn't matter...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN: stack-out-of-bounds...

Double free

The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect AMQPVALUE failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987...

Double free

In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blkmqtagset in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blkmqtagset for the device fails, a followi...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure traceclockglobal to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following backtrace was extracted fro...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: tools/power turbostat: Fix offset overflow issue in index converting The idxtooffset function returns type int 32-bit signed, but MSRPKGENERGYSTAT is u32 and would be interpreted as a negative number. The end result is that it hi...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset controller with...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix setfmt error handling If there in an error during a setfmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating 4GiB of RAM and causin...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: iouring: fix shared sqpoll cancellation hangs 736.982891 INFO: task iou-sqp-4294:4295 blocked for more than 122 seconds. 736.982897 Call Trace: 736.982901 schedule+0x68/0xe0 736.982903 iouringcancelsqpoll+0xdb/0x110 736.982908...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imufmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX event handling We're starting from a TXQ label, not a TXQ type, so efxchannelgettxqueue is inappropriate and could return NULL, leading to panics...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: sfc: farch: fix TX queue lookup in TX flush done handling We're starting from a TXQ instance number 'qid', not a TXQ type, so efxgettxqueue is inappropriate and could return NULL, leading to panics...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ext4: always panic when errors=panic is specified Before commit 014c9caa29d3 "ext4: make ext4abort use ext4error", the following series of commands would trigger a panic: 1. mount /dev/sda -o ro,errors=panic test 2. mount /dev/sd...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being cleared. Since we...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: sfc: adjust efx-xdptxqueuecount with the real number of initialized queues efx-xdptxqueuecount is initially initialized to numpossiblecpus and is later used to allocate and traverse efx-xdptxqueues lookup array. However, we may e...

Open redirect

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

Integer overflow

In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpmreadlogefi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efitpmfinallogsize will at...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However, it never checks...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: net/sched: schfrag: fix stack OOB read while fragmenting IPv4 packets when 'actmirred' tries to fragment IPv4 packets that had been previously re-assembled using 'actct', splats like the following can be observed on kernels built...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtiofsprobe When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error that's when I realised the...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: NFS: fscontext: validate UDP retrans to prevent shift out-of-bounds Fix shift out-of-bounds in xprtcalcmajortimeo. This is caused by a garbage timeout retrans mount option being passed to nfs mount, in this case from syzkaller. I...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which leads to an...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2getenckey Avoid a warning if the error percolates back up: 440700.376476 CIFS VFS: \otters.example.com cryptmessage: Could not get encryption key 440700.386947 ------------ cut here...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: 14.816231 ------------ cut here ------------ 14.8162...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: ACPI: custommethod: fix potential use-after-free issue In cmwrite, buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be freed but subsequent cal...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: mtd: physmap: physmap-bt1-rom: Fix unintentional stack access Cast &data to char in order to avoid unintentionally accessing the stack. Notice that data is of type u32, so any increment to &data will be in the order of 4-byte...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxxmqueuecommand RIP: 0010:kmemcachefree+0xfa/0x1b0 Call Trace: qla2xxxmqueuecommand+0x2b5/0x2c0 qla2xxx scsiqueuerq+0x5e2/0xa40 blkmqtryissuedirectly+0x128/0x1d0 blkmqrequestissuedirectly+0x4e/0xb...

Null pointer dereference

In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Reserve extra IRQ vectors Commit a6dcfe08487e "scsi: qla2xxx: Limit interrupt vectors to number of CPUs" lowers the number of allocated MSI-X vectors to the number of CPUs. That breaks vector allocation assumptions...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix zcard and zqueue hot-unplug memleak Tests with kvm and a kmemdebug kernel showed, that on hot unplug the zcard and zqueue structs for the unplugged card or queue are not properly freed because of a mismatch with...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: pcigeneric: Remove WQMEMRECLAIM flag from state workqueue A recent change created a dedicated workqueue for the state-change work with WQHIGHPRI no strong reason for that and WQMEMRECLAIM flags, but the state-change wor...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Avoid potential use after free in MHI send It is possible that the MHI ulcallback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the offreg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vice versa. As a fix,...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: ovl: fix leaked dentry Since commit 6815f479ca90 "ovl: use only uppermetacopy state in ovllookup", overlayfs doesn't put temporary dentry when there is a metacopy error, which leads to dentry leaks when shutting down the related...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: vhost-vdpa: fix vmflags for virtqueue doorbell mapping The virtqueue doorbell is usually implemented via registeres but we don't provide the necessary vma-flags like VMPFNMAP. This may cause several issues e.g when userspace trie...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: Make global sysctls readonly in non-init netns These sysctls point to global variables: - NFSYSCTLCTMAX &nfconntrackmax - NFSYSCTLCTEXPECTMAX &nfctexpectmax - NFSYSCTLCTBUCKETS &nfconntrackhtablesizeuser...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: riscv/kprobe: fix kernel panic when invoking sysread traced by kprobe The execution of sysread end up hitting a BUGON in findgetblock after installing kprobe at sysread, the BUG message like the following: 65.708663 ------------...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: thermal/drivers/cpufreqcooling: Fix slab OOB issue Slab OOB issue is scanned by KASAN in cpupowertofreq. If power is limited below the power of OPP0 in EM table, it will cause slab out-of-bound issue with negative array index...

Design/Logic Flaw

In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvbmediadevicefree dvbmediadevicefree is leaking memory. Free dvbdev-adapter-conn before setting it to NULL, as documented in include/media/media-device.h: "The mediaentity instance itself must b...

Spoofing

In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmiommchostfree' call is missing in the remove function, in order to balance a 'tmiommchostalloc' call in the probe. This is done in the error handling path of the...

Sql injection

In the module "Import/Update Bulk Product from any Csv/Excel File Pro" baimporter up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions...

Path traversal

In the module "Account Manager | Sales Representative & Dealers | CRM" prestasalesmanager up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack...

Sql injection

A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/searchsalesreport.php. The manipulation of the argument customer leads to sql injection. The attack may...

Sql injection

A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /getmembershipamount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely...

Out-of-bounds

A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high...