| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| BigAntSoft BigAnt Server, up to and including version 5.6.06, is vulnerable to unauthenticated remote code execution via account registration. An unauthenticated remote attacker can create an administrative user through the default exposed SaaS registration mechanism. Once an administrator, the attacker can upload and execute arbitrary PHP code using the "Cloud Storage Addin," leading to unauthenticated code execution. |
| A security vulnerability has been detected in D-Link DI-7001 MINI 24.04.18B1. The affected element is an unknown function of the file /dbsrv.asp. Such manipulation of the argument str leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and may be used. |
| Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery (SSRF) allowing for arbitrary file read and network resource requests as the application user.
This issue affects Invoice Ninja: from 5.8.56 through 5.11.23. |
| An unrestricted file upload vulnerability in ShowDoc caused by improper validation of file extension allows execution of arbitrary PHP, leading to remote code execution.This issue affects ShowDoc: before 2.8.7. |
| The DB chooser functionality in Jalios JPlatform 10 SP6 before 10.0.6 improperly neutralizes special elements used in an SQL command allows for unauthenticated users to trigger SQL Injection.
This issue affects JPlatform before 10.0.6 and a PatchPlugin release 10.0.6 was issued 2023-02-06. |
| Improper Restriction of XML External Entity Reference vulnerability in Jalios JPlatform allows XML Injection.This issue affects all versions of JPlatform 10 before 10.0.8 (SP8). |
| Improper Neutralization of Input During Web Page Generation Cross-site Scripting vulnerability in Jalios JPlatform 10 allows for Reflected XSS and Stored XSS.This issue affects JPlatform 10: before 10.0.8 (SP8), before 10.0.7 (SP7), before 10.0.6 (SP6) and Jalios Workplace 6.2, Jalios Workplace 6.1, Jalios Workplace 6.0, and Jalios Workplace 5.3 to 5.5 |
| Insufficient input sanitization in the dashboard label or path can allow
an attacker to trigger a device error causing information disclosure or
data manipulation. |
| In the Linux kernel, the following vulnerability has been resolved:
misc: tps6594-pfsm: Add NULL pointer check in tps6594_pfsm_probe()
The returned value, pfsm->miscdev.name, from devm_kasprintf()
could be NULL.
A pointer check is added to prevent potential NULL pointer dereference.
This is similar to the fix in commit 3027e7b15b02
("ice: Fix some null pointer dereference issues in ice_ptp.c").
This issue is found by our static analysis tool. |
| In the Linux kernel, the following vulnerability has been resolved:
LoongArch: KVM: Avoid overflow with array index
The variable index is modified and reused as array index when modify
register EIOINTC_ENABLE. There will be array index overflow problem. |
| In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: eir: Fix possible crashes on eir_create_adv_data
eir_create_adv_data may attempt to add EIR_FLAGS and EIR_TX_POWER
without checking if that would fit. |
| Due to insufficient sanitization, an attacker can upload a specially
crafted configuration file to traverse directories and achieve remote
code execution with system-level permissions. |
| In the Linux kernel, the following vulnerability has been resolved:
block: don't use submit_bio_noacct_nocheck in blk_zone_wplug_bio_work
Bios queued up in the zone write plug have already gone through all all
preparation in the submit_bio path, including the freeze protection.
Submitting them through submit_bio_noacct_nocheck duplicates the work
and can can cause deadlocks when freezing a queue with pending bio
write plugs.
Go straight to ->submit_bio or blk_mq_submit_bio to bypass the
superfluous extra freeze protection and checks. |
| In the Linux kernel, the following vulnerability has been resolved:
nvmem: zynqmp_nvmem: unbreak driver after cleanup
Commit 29be47fcd6a0 ("nvmem: zynqmp_nvmem: zynqmp_nvmem_probe cleanup")
changed the driver to expect the device pointer to be passed as the
"context", but in nvmem the context parameter comes from nvmem_config.priv
which is never set - Leading to null pointer exceptions when the device is
accessed. |
| In the Linux kernel, the following vulnerability has been resolved:
ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()
ETDM2_IN_BE and ETDM1_OUT_BE are defined as COMP_EMPTY(),
in the case the codec dai_name will be null.
Avoid a crash if the device tree is not assigning a codec
to these links.
[ 1.179936] Unable to handle kernel NULL pointer dereference at virtual address 0000000000000000
[ 1.181065] Mem abort info:
[ 1.181420] ESR = 0x0000000096000004
[ 1.181892] EC = 0x25: DABT (current EL), IL = 32 bits
[ 1.182576] SET = 0, FnV = 0
[ 1.182964] EA = 0, S1PTW = 0
[ 1.183367] FSC = 0x04: level 0 translation fault
[ 1.183983] Data abort info:
[ 1.184406] ISV = 0, ISS = 0x00000004, ISS2 = 0x00000000
[ 1.185097] CM = 0, WnR = 0, TnD = 0, TagAccess = 0
[ 1.185766] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0
[ 1.186439] [0000000000000000] user address but active_mm is swapper
[ 1.187239] Internal error: Oops: 0000000096000004 [#1] PREEMPT SMP
[ 1.188029] Modules linked in:
[ 1.188420] CPU: 7 UID: 0 PID: 70 Comm: kworker/u32:1 Not tainted 6.14.0-rc4-next-20250226+ #85
[ 1.189515] Hardware name: Radxa NIO 12L (DT)
[ 1.190065] Workqueue: events_unbound deferred_probe_work_func
[ 1.190808] pstate: 40400009 (nZcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 1.191683] pc : __pi_strcmp+0x24/0x140
[ 1.192170] lr : mt8195_mt6359_soc_card_probe+0x224/0x7b0
[ 1.192854] sp : ffff800083473970
[ 1.193271] x29: ffff800083473a10 x28: 0000000000001008 x27: 0000000000000002
[ 1.194168] x26: ffff800082408960 x25: ffff800082417db0 x24: ffff800082417d88
[ 1.195065] x23: 000000000000001e x22: ffff800082dbf480 x21: ffff800082dc07b8
[ 1.195961] x20: 0000000000000000 x19: 0000000000000013 x18: 00000000ffffffff
[ 1.196858] x17: 000000040044ffff x16: 005000f2b5503510 x15: 0000000000000006
[ 1.197755] x14: ffff800082407af0 x13: 6e6f69737265766e x12: 692d6b636f6c6374
[ 1.198651] x11: 0000000000000002 x10: ffff80008240b920 x9 : 0000000000000018
[ 1.199547] x8 : 0101010101010101 x7 : 0000000000000000 x6 : 0000000000000000
[ 1.200443] x5 : 0000000000000000 x4 : 8080808080000000 x3 : 303933383978616d
[ 1.201339] x2 : 0000000000000000 x1 : ffff80008240b920 x0 : 0000000000000000
[ 1.202236] Call trace:
[ 1.202545] __pi_strcmp+0x24/0x140 (P)
[ 1.203029] mtk_soundcard_common_probe+0x3bc/0x5b8
[ 1.203644] platform_probe+0x70/0xe8
[ 1.204106] really_probe+0xc8/0x3a0
[ 1.204556] __driver_probe_device+0x84/0x160
[ 1.205104] driver_probe_device+0x44/0x130
[ 1.205630] __device_attach_driver+0xc4/0x170
[ 1.206189] bus_for_each_drv+0x8c/0xf8
[ 1.206672] __device_attach+0xa8/0x1c8
[ 1.207155] device_initial_probe+0x1c/0x30
[ 1.207681] bus_probe_device+0xb0/0xc0
[ 1.208165] deferred_probe_work_func+0xa4/0x100
[ 1.208747] process_one_work+0x158/0x3e0
[ 1.209254] worker_thread+0x2c4/0x3e8
[ 1.209727] kthread+0x134/0x1f0
[ 1.210136] ret_from_fork+0x10/0x20
[ 1.210589] Code: 54000401 b50002c6 d503201f f86a6803 (f8408402)
[ 1.211355] ---[ end trace 0000000000000000 ]--- |
| In the Linux kernel, the following vulnerability has been resolved:
PM: EM: Fix potential division-by-zero error in em_compute_costs()
When the device is of a non-CPU type, table[i].performance won't be
initialized in the previous em_init_performance(), resulting in division
by zero when calculating costs in em_compute_costs().
Since the 'cost' algorithm is only used for EAS energy efficiency
calculations and is currently not utilized by other device drivers, we
should add the _is_cpu_device(dev) check to prevent this division-by-zero
issue. |
| In the Linux kernel, the following vulnerability has been resolved:
idpf: convert control queue mutex to a spinlock
With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated
on module load:
[ 324.701677] BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578
[ 324.701684] in_atomic(): 1, irqs_disabled(): 0, non_block: 0, pid: 1582, name: NetworkManager
[ 324.701689] preempt_count: 201, expected: 0
[ 324.701693] RCU nest depth: 0, expected: 0
[ 324.701697] 2 locks held by NetworkManager/1582:
[ 324.701702] #0: ffffffff9f7be770 (rtnl_mutex){....}-{3:3}, at: rtnl_newlink+0x791/0x21e0
[ 324.701730] #1: ff1100216c380368 (_xmit_ETHER){....}-{2:2}, at: __dev_open+0x3f0/0x870
[ 324.701749] Preemption disabled at:
[ 324.701752] [<ffffffff9cd23b9d>] __dev_open+0x3dd/0x870
[ 324.701765] CPU: 30 UID: 0 PID: 1582 Comm: NetworkManager Not tainted 6.15.0-rc5+ #2 PREEMPT(voluntary)
[ 324.701771] Hardware name: Intel Corporation M50FCP2SBSTD/M50FCP2SBSTD, BIOS SE5C741.86B.01.01.0001.2211140926 11/14/2022
[ 324.701774] Call Trace:
[ 324.701777] <TASK>
[ 324.701779] dump_stack_lvl+0x5d/0x80
[ 324.701788] ? __dev_open+0x3dd/0x870
[ 324.701793] __might_resched.cold+0x1ef/0x23d
<..>
[ 324.701818] __mutex_lock+0x113/0x1b80
<..>
[ 324.701917] idpf_ctlq_clean_sq+0xad/0x4b0 [idpf]
[ 324.701935] ? kasan_save_track+0x14/0x30
[ 324.701941] idpf_mb_clean+0x143/0x380 [idpf]
<..>
[ 324.701991] idpf_send_mb_msg+0x111/0x720 [idpf]
[ 324.702009] idpf_vc_xn_exec+0x4cc/0x990 [idpf]
[ 324.702021] ? rcu_is_watching+0x12/0xc0
[ 324.702035] idpf_add_del_mac_filters+0x3ed/0xb50 [idpf]
<..>
[ 324.702122] __hw_addr_sync_dev+0x1cf/0x300
[ 324.702126] ? find_held_lock+0x32/0x90
[ 324.702134] idpf_set_rx_mode+0x317/0x390 [idpf]
[ 324.702152] __dev_open+0x3f8/0x870
[ 324.702159] ? __pfx___dev_open+0x10/0x10
[ 324.702174] __dev_change_flags+0x443/0x650
<..>
[ 324.702208] netif_change_flags+0x80/0x160
[ 324.702218] do_setlink.isra.0+0x16a0/0x3960
<..>
[ 324.702349] rtnl_newlink+0x12fd/0x21e0
The sequence is as follows:
rtnl_newlink()->
__dev_change_flags()->
__dev_open()->
dev_set_rx_mode() - > # disables BH and grabs "dev->addr_list_lock"
idpf_set_rx_mode() -> # proceed only if VIRTCHNL2_CAP_MACFILTER is ON
__dev_uc_sync() ->
idpf_add_mac_filter ->
idpf_add_del_mac_filters ->
idpf_send_mb_msg() ->
idpf_mb_clean() ->
idpf_ctlq_clean_sq() # mutex_lock(cq_lock)
Fix by converting cq_lock to a spinlock. All operations under the new
lock are safe except freeing the DMA memory, which may use vunmap(). Fix
by requesting a contiguous physical memory for the DMA mapping. |
| In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_ffa: Fix memory leak by freeing notifier callback node
Commit e0573444edbf ("firmware: arm_ffa: Add interfaces to request
notification callbacks") adds support for notifier callbacks by allocating
and inserting a callback node into a hashtable during registration of
notifiers. However, during unregistration, the code only removes the
node from the hashtable without freeing the associated memory, resulting
in a memory leak.
Resolve the memory leak issue by ensuring the allocated notifier callback
node is properly freed after it is removed from the hashtable entry. |
| In the Linux kernel, the following vulnerability has been resolved:
firmware: arm_ffa: Replace mutex with rwlock to avoid sleep in atomic context
The current use of a mutex to protect the notifier hashtable accesses
can lead to issues in the atomic context. It results in the below
kernel warnings:
| BUG: sleeping function called from invalid context at kernel/locking/mutex.c:258
| in_atomic(): 1, irqs_disabled(): 1, non_block: 0, pid: 9, name: kworker/0:0
| preempt_count: 1, expected: 0
| RCU nest depth: 0, expected: 0
| CPU: 0 UID: 0 PID: 9 Comm: kworker/0:0 Not tainted 6.14.0 #4
| Workqueue: ffa_pcpu_irq_notification notif_pcpu_irq_work_fn
| Call trace:
| show_stack+0x18/0x24 (C)
| dump_stack_lvl+0x78/0x90
| dump_stack+0x18/0x24
| __might_resched+0x114/0x170
| __might_sleep+0x48/0x98
| mutex_lock+0x24/0x80
| handle_notif_callbacks+0x54/0xe0
| notif_get_and_handle+0x40/0x88
| generic_exec_single+0x80/0xc0
| smp_call_function_single+0xfc/0x1a0
| notif_pcpu_irq_work_fn+0x2c/0x38
| process_one_work+0x14c/0x2b4
| worker_thread+0x2e4/0x3e0
| kthread+0x13c/0x210
| ret_from_fork+0x10/0x20
To address this, replace the mutex with an rwlock to protect the notifier
hashtable accesses. This ensures that read-side locking does not sleep and
multiple readers can acquire the lock concurrently, avoiding unnecessary
contention and potential deadlocks. Writer access remains exclusive,
preserving correctness.
This change resolves warnings from lockdep about potential sleep in
atomic context. |
| In the Linux kernel, the following vulnerability has been resolved:
mm/vmalloc: fix data race in show_numa_info()
The following data-race was found in show_numa_info():
==================================================================
BUG: KCSAN: data-race in vmalloc_info_show / vmalloc_info_show
read to 0xffff88800971fe30 of 4 bytes by task 8289 on cpu 0:
show_numa_info mm/vmalloc.c:4936 [inline]
vmalloc_info_show+0x5a8/0x7e0 mm/vmalloc.c:5016
seq_read_iter+0x373/0xb40 fs/seq_file.c:230
proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299
....
write to 0xffff88800971fe30 of 4 bytes by task 8287 on cpu 1:
show_numa_info mm/vmalloc.c:4934 [inline]
vmalloc_info_show+0x38f/0x7e0 mm/vmalloc.c:5016
seq_read_iter+0x373/0xb40 fs/seq_file.c:230
proc_reg_read_iter+0x11e/0x170 fs/proc/inode.c:299
....
value changed: 0x0000008f -> 0x00000000
==================================================================
According to this report,there is a read/write data-race because
m->private is accessible to multiple CPUs. To fix this, instead of
allocating the heap in proc_vmalloc_init() and passing the heap address to
m->private, vmalloc_info_show() should allocate the heap. |
