Total
277587 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4775 | 1 Tinywebgallery | 1 Advanced Iframe | 2025-01-08 | 6.4 Medium |
| The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'advanced_iframe' shortcode in versions up to, and including, 2023.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. | ||||
| CVE-2024-46715 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysfs entries produce a kernel oops such as: [ 2203.527791] Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute [...] [ 2203.783416] Call trace: [ 2203.783429] iio_read_channel_info_avail from dev_attr_show+0x18/0x48 [ 2203.789807] dev_attr_show from sysfs_kf_seq_show+0x90/0x120 [ 2203.794181] sysfs_kf_seq_show from seq_read_iter+0xd0/0x4e4 [ 2203.798555] seq_read_iter from vfs_read+0x238/0x2a0 [ 2203.802236] vfs_read from ksys_read+0xa4/0xd4 [ 2203.805385] ksys_read from ret_fast_syscall+0x0/0x54 [ 2203.809135] Exception stack(0xe0badfa8 to 0xe0badff0) [ 2203.812880] dfa0: 00000003 b6f10f80 00000003 b6eab000 00020000 00000000 [ 2203.819746] dfc0: 00000003 b6f10f80 7ff00000 00000003 00000003 00000000 00020000 00000000 [ 2203.826619] dfe0: b6e1bc88 bed80958 b6e1bc94 b6e1bcb0 [ 2203.830363] Code: bad PC value [ 2203.832695] ---[ end trace 0000000000000000 ]--- | ||||
| CVE-2023-6099 | 1 Szjocat | 1 Facial Love Cloud Platform | 2025-01-08 | 7.3 High |
| A vulnerability classified as critical has been found in Shenzhen Youkate Industrial Facial Love Cloud Payment System up to 1.0.55.0.0.1. This affects an unknown part of the file /SystemMng.ashx of the component Account Handler. The manipulation of the argument operatorRole with the input 00 leads to improper privilege management. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-245061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-53199 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-audmix: Add NULL check in imx_audmix_probe devm_kasprintf() can return a NULL pointer on failure,but this returned value in imx_audmix_probe() is not checked. Add NULL check in imx_audmix_probe(), to handle kernel NULL pointer dereference error. | ||||
| CVE-2024-53200 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in hwss_setup_dpp This commit addresses a null pointer dereference issue in hwss_setup_dpp(). The issue could occur when pipe_ctx->plane_state is null. The fix adds a check to ensure `pipe_ctx->plane_state` is not null before accessing. This prevents a null pointer dereference. | ||||
| CVE-2023-6100 | 1 Maiwei Safety Production Control Platform Project | 1 Maiwei Safety Production Control Platform | 2025-01-08 | 5.3 Medium |
| A vulnerability classified as problematic was found in Maiwei Safety Production Control Platform 4.1. This vulnerability affects unknown code of the file /api/DataDictionary/GetItemList. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-245062 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2023-6101 | 1 Maiwei Safety Production Control Platform Project | 1 Maiwei Safety Production Control Platform | 2025-01-08 | 5.3 Medium |
| A vulnerability, which was classified as problematic, has been found in Maiwei Safety Production Control Platform 4.1. This issue affects some unknown processing of the file /TC/V2.7/ha.html of the component Intelligent Monitoring. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-245063. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-53201 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null check for pipe_ctx->plane_state in dcn20_program_pipe This commit addresses a null pointer dereference issue in dcn20_program_pipe(). Previously, commit 8e4ed3cf1642 ("drm/amd/display: Add null check for pipe_ctx->plane_state in dcn20_program_pipe") partially fixed the null pointer dereference issue. However, in dcn20_update_dchubp_dpp(), the variable pipe_ctx is passed in, and plane_state is accessed again through pipe_ctx. Multiple if statements directly call attributes of plane_state, leading to potential null pointer dereference issues. This patch adds necessary null checks to ensure stability. | ||||
| CVE-2023-6102 | 1 Maiwei Safety Production Control Platform Project | 1 Maiwei Safety Production Control Platform | 2025-01-08 | 5.3 Medium |
| A vulnerability, which was classified as problematic, was found in Maiwei Safety Production Control Platform 4.1. Affected is an unknown function of the file /Content/Plugins/uploader/FileChoose.html?fileUrl=/Upload/File/Pics/&parent. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-245064. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
| CVE-2024-53207 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible deadlocks This fixes possible deadlocks like the following caused by hci_cmd_sync_dequeue causing the destroy function to run: INFO: task kworker/u19:0:143 blocked for more than 120 seconds. Tainted: G W O 6.8.0-2024-03-19-intel-next-iLS-24ww14 #1 "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. task:kworker/u19:0 state:D stack:0 pid:143 tgid:143 ppid:2 flags:0x00004000 Workqueue: hci0 hci_cmd_sync_work [bluetooth] Call Trace: <TASK> __schedule+0x374/0xaf0 schedule+0x3c/0xf0 schedule_preempt_disabled+0x1c/0x30 __mutex_lock.constprop.0+0x3ef/0x7a0 __mutex_lock_slowpath+0x13/0x20 mutex_lock+0x3c/0x50 mgmt_set_connectable_complete+0xa4/0x150 [bluetooth] ? kfree+0x211/0x2a0 hci_cmd_sync_dequeue+0xae/0x130 [bluetooth] ? __pfx_cmd_complete_rsp+0x10/0x10 [bluetooth] cmd_complete_rsp+0x26/0x80 [bluetooth] mgmt_pending_foreach+0x4d/0x70 [bluetooth] __mgmt_power_off+0x8d/0x180 [bluetooth] ? _raw_spin_unlock_irq+0x23/0x40 hci_dev_close_sync+0x445/0x5b0 [bluetooth] hci_set_powered_sync+0x149/0x250 [bluetooth] set_powered_sync+0x24/0x60 [bluetooth] hci_cmd_sync_work+0x90/0x150 [bluetooth] process_one_work+0x13e/0x300 worker_thread+0x2f7/0x420 ? __pfx_worker_thread+0x10/0x10 kthread+0x107/0x140 ? __pfx_kthread+0x10/0x10 ret_from_fork+0x3d/0x60 ? __pfx_kthread+0x10/0x10 ret_from_fork_asm+0x1b/0x30 </TASK> | ||||
| CVE-2024-53222 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: zram: fix NULL pointer in comp_algorithm_show() LTP reported a NULL pointer dereference as followed: CPU: 7 UID: 0 PID: 5995 Comm: cat Kdump: loaded Not tainted 6.12.0-rc6+ #3 Hardware name: QEMU KVM Virtual Machine, BIOS 0.0.0 02/06/2015 pstate: 40400005 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : __pi_strcmp+0x24/0x140 lr : zcomp_available_show+0x60/0x100 [zram] sp : ffff800088b93b90 x29: ffff800088b93b90 x28: 0000000000000001 x27: 0000000000400cc0 x26: 0000000000000ffe x25: ffff80007b3e2388 x24: 0000000000000000 x23: ffff80007b3e2390 x22: ffff0004041a9000 x21: ffff80007b3e2900 x20: 0000000000000000 x19: 0000000000000000 x18: 0000000000000000 x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000 x14: 0000000000000000 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000000 x10: ffff80007b3e2900 x9 : ffff80007b3cb280 x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000 x5 : 0000000000000040 x4 : 0000000000000000 x3 : 00656c722d6f7a6c x2 : 0000000000000000 x1 : ffff80007b3e2900 x0 : 0000000000000000 Call trace: __pi_strcmp+0x24/0x140 comp_algorithm_show+0x40/0x70 [zram] dev_attr_show+0x28/0x80 sysfs_kf_seq_show+0x90/0x140 kernfs_seq_show+0x34/0x48 seq_read_iter+0x1d4/0x4e8 kernfs_fop_read_iter+0x40/0x58 new_sync_read+0x9c/0x168 vfs_read+0x1a8/0x1f8 ksys_read+0x74/0x108 __arm64_sys_read+0x24/0x38 invoke_syscall+0x50/0x120 el0_svc_common.constprop.0+0xc8/0xf0 do_el0_svc+0x24/0x38 el0_svc+0x38/0x138 el0t_64_sync_handler+0xc0/0xc8 el0t_64_sync+0x188/0x190 The zram->comp_algs[ZRAM_PRIMARY_COMP] can be NULL in zram_add() if comp_algorithm_set() has not been called. User can access the zram device by sysfs after device_add_disk(), so there is a time window to trigger the NULL pointer dereference. Move it ahead device_add_disk() to make sure when user can access the zram device, it is ready. comp_algorithm_set() is protected by zram->init_lock in other places and no such problem. | ||||
| CVE-2024-5828 | 4 Hitachi, Linux, Microsoft and 1 more | 4 Tuning Manager, Linux Kernel, Windows and 1 more | 2025-01-08 | 8.6 High |
| Expression Language Injection vulnerability in Hitachi Tuning Manager on Windows, Linux, Solaris allows Code Injection.This issue affects Hitachi Tuning Manager: before 8.8.7-00. | ||||
| CVE-2024-56541 | 1 Linux | 1 Linux Kernel | 2025-01-08 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix use-after-free in ath12k_dp_cc_cleanup() During ath12k module removal, in ath12k_core_deinit(), ath12k_mac_destroy() un-registers ah->hw from mac80211 and frees the ah->hw as well as all the ar's in it. After this ath12k_core_soc_destroy()-> ath12k_dp_free()-> ath12k_dp_cc_cleanup() tries to access one of the freed ar's from pending skb. This is because during mac destroy, driver failed to flush few data packets, which were accessed later in ath12k_dp_cc_cleanup() and freed, but using ar from the packet led to this use-after-free. BUG: KASAN: use-after-free in ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] Write of size 4 at addr ffff888150bd3514 by task modprobe/8926 CPU: 0 UID: 0 PID: 8926 Comm: modprobe Not tainted 6.11.0-rc2-wt-ath+ #1746 Hardware name: Intel(R) Client Systems NUC8i7HVK/NUC8i7HVB, BIOS HNKBLi70.86A.0067.2021.0528.1339 05/28/2021 Call Trace: <TASK> dump_stack_lvl+0x7d/0xe0 print_address_description.constprop.0+0x33/0x3a0 print_report+0xb5/0x260 ? kasan_addr_to_slab+0x24/0x80 kasan_report+0xd8/0x110 ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] ? ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] kasan_check_range+0xf3/0x1a0 __kasan_check_write+0x14/0x20 ath12k_dp_cc_cleanup.part.0+0x5e2/0xd40 [ath12k] ath12k_dp_free+0x178/0x420 [ath12k] ath12k_core_stop+0x176/0x200 [ath12k] ath12k_core_deinit+0x13f/0x210 [ath12k] ath12k_pci_remove+0xad/0x1c0 [ath12k] pci_device_remove+0x9b/0x1b0 device_remove+0xbf/0x150 device_release_driver_internal+0x3c3/0x580 ? __kasan_check_read+0x11/0x20 driver_detach+0xc4/0x190 bus_remove_driver+0x130/0x2a0 driver_unregister+0x68/0x90 pci_unregister_driver+0x24/0x240 ? find_module_all+0x13e/0x1e0 ath12k_pci_exit+0x10/0x20 [ath12k] __do_sys_delete_module+0x32c/0x580 ? module_flags+0x2f0/0x2f0 ? kmem_cache_free+0xf0/0x410 ? __fput+0x56f/0xab0 ? __fput+0x56f/0xab0 ? debug_smp_processor_id+0x17/0x20 __x64_sys_delete_module+0x4f/0x70 x64_sys_call+0x522/0x9f0 do_syscall_64+0x64/0x130 entry_SYSCALL_64_after_hwframe+0x4b/0x53 RIP: 0033:0x7f8182c6ac8b Commit 24de1b7b231c ("wifi: ath12k: fix flush failure in recovery scenarios") added the change to decrement the pending packets count in case of recovery which make sense as ah->hw as well all ar's in it are intact during recovery, but during core deinit there is no use in decrementing packets count or waking up the empty waitq as the module is going to be removed also ar's from pending skb's can't be used and the packets should just be released back. To fix this, avoid accessing ar from skb->cb when driver is being unregistered. Tested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.1.1-00214-QCAHKSWPL_SILICONZ-1 Tested-on: WCN7850 hw2.0 PCI WLAN.HMT.1.0.c5-00481-QCAHMTSWPL_V1.0_V2.0_SILICONZ-3 | ||||
| CVE-2024-3500 | 1 Wpmet | 1 Elementskit | 2025-01-08 | 8.8 High |
| The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. | ||||
| CVE-2024-6824 | 1 Leap13 | 1 Premium Addons For Elementor | 2025-01-08 | 4.3 Medium |
| The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'check_temp_validity' and 'update_template_title' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary content and update post and page titles. | ||||
| CVE-2025-22145 | 2025-01-08 | N/A | ||
| Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are at risk of arbitrary code ran on their servers. This vulnerability is fixed in 3.8.4 and 2.72.6. | ||||
| CVE-2024-54010 | 2025-01-08 | 3.4 Low | ||
| A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure. | ||||
| CVE-2024-53995 | 2025-01-08 | N/A | ||
| SickChill is an automatic video library manager for TV shows. A user-controlled `login` endpoint's `next_` parameter takes arbitrary content. Prior to commit c7128a8946c3701df95c285810eb75b2de18bf82, an authenticated attacker may use this to redirect the user to arbitrary destinations, leading to open redirect. Commit c7128a8946c3701df95c285810eb75b2de18bf82 changes the login page to redirect to `settings.DEFAULT_PAGE` instead of to the `next` parameter. | ||||
| CVE-2024-52869 | 2025-01-08 | N/A | ||
| Certain Teradata account-handling code through 2024-11-04, used with SUSE Enterprise Linux Server, mismanages groups. Specifically, when there is an operating system move from SUSE Enterprise Linux Server (SLES) 12 Service Pack (SP) 2 or 3 to SLES 15 SP2 on Teradata Database systems, some service/system user accounts, and possibly systems administrator created user accounts, are incorrectly assigned to groups that allow higher system-level privileges than intended for those user accounts. Depending on the usage of these accounts, this may lead to full system compromise. | ||||
| CVE-2024-13190 | 2025-01-08 | 6.3 Medium | ||
| A vulnerability classified as critical was found in ZeroWdd myblog 1.0. This vulnerability affects unknown code of the file src/main/resources/mapper/BlogMapper.xml. The manipulation of the argument findBlogList/getTotalBlogs leads to xml injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | ||||