Total
276716 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-43458 | 1 Codetides | 1 Advanced Floating Content | 2025-01-10 | 4.1 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in Code Tides Advanced Floating Content plugin <= 1.2.1 versions. | ||||
| CVE-2024-56786 | 1 Linux | 1 Linux Kernel | 2025-01-10 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: bpf: put bpf_link's program when link is safe to be deallocated In general, BPF link's underlying BPF program should be considered to be reachable through attach hook -> link -> prog chain, and, pessimistically, we have to assume that as long as link's memory is not safe to free, attach hook's code might hold a pointer to BPF program and use it. As such, it's not (generally) correct to put link's program early before waiting for RCU GPs to go through. More eager bpf_prog_put() that we currently do is mostly correct due to BPF program's release code doing similar RCU GP waiting, but as will be shown in the following patches, BPF program can be non-sleepable (and, thus, reliant on only "classic" RCU GP), while BPF link's attach hook can have sleepable semantics and needs to be protected by RCU Tasks Trace, and for such cases BPF link has to go through RCU Tasks Trace + "classic" RCU GPs before being deallocated. And so, if we put BPF program early, we might free BPF program before we free BPF link, leading to use-after-free situation. So, this patch defers bpf_prog_put() until we are ready to perform bpf_link's deallocation. At worst, this delays BPF program freeing by one extra RCU GP, but that seems completely acceptable. Alternatively, we'd need more elaborate ways to determine BPF hook, BPF link, and BPF program lifetimes, and how they relate to each other, which seems like an unnecessary complication. Note, for most BPF links we still will perform eager bpf_prog_put() and link dealloc, so for those BPF links there are no observable changes whatsoever. Only BPF links that use deferred dealloc might notice slightly delayed freeing of BPF programs. Also, to reduce code and logic duplication, extract program put + link dealloc logic into bpf_link_dealloc() helper. | ||||
| CVE-2023-2972 | 1 Antfu | 1 Utils | 2025-01-10 | 9.8 Critical |
| Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3. | ||||
| CVE-2022-44734 | 1 Bestwebsoft | 1 Car Rental | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in BestWebSoft Car Rental by BestWebSoft plugin <= 1.1.2 versions. | ||||
| CVE-2022-45849 | 1 Colorlib | 1 Activello Theme | 2025-01-10 | 5.4 Medium |
| Auth. (subscriber+) Reflected Cross-Site Scripting (XSS) vulnerability in Silkalns Activello theme <= 1.4.4 versions. | ||||
| CVE-2022-45838 | 1 Reputeinfosystems | 1 Arforms Form Builder | 2025-01-10 | 6.1 Medium |
| Unauth. Stored Cross-Site Scripting (XSS) vulnerability in Repute InfoSystems ARForms Form Builder plugin <= 1.5.5 versions. | ||||
| CVE-2022-45839 | 1 Webhelpagency | 1 Wha Puzzle | 2025-01-10 | 5.4 Medium |
| Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WHA WHA Puzzle plugin <= 1.0.9 versions. | ||||
| CVE-2022-44632 | 1 Content-repeater Project | 1 Content-repeater | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Denis Buka Content Repeater – Custom Posts Simplified plugin <= 1.1.13 versions. | ||||
| CVE-2022-45836 | 1 Wpdownloadmanager | 1 Download Manager | 2025-01-10 | 7.1 High |
| Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in W3 Eden, Inc. Download Manager plugin <= 3.2.59 versions. | ||||
| CVE-2022-44631 | 1 1app | 1 1app Business Forms | 2025-01-10 | 4.8 Medium |
| Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in 1app Technologies, Inc 1app Business Forms plugin <= 1.0.0 versions. | ||||
| CVE-2022-44582 | 1 Apptivo | 1 Apptivo Business Site Crm | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Apptivo Apptivo Business Site CRM plugin <= 3.0.12 versions. | ||||
| CVE-2024-50339 | 1 Glpi-project | 1 Glpi | 2025-01-10 | 5.3 Medium |
| GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue. | ||||
| CVE-2022-44594 | 1 Codebangers | 1 All In One Time Clock Lite | 2025-01-10 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Codebangers All in One Time Clock Lite plugin <= 1.3.320 versions. | ||||
| CVE-2023-24584 | 1 Gallagher | 2 Controller 6000, Controller 6000 Firmware | 2025-01-10 | 7.5 High |
| Controller 6000 is vulnerable to a buffer overflow via the Controller diagnostic web interface upload feature. This issue affects Controller 6000: before vCR8.80.230201a, before vCR8.70.230201a, before vCR8.60.230201b, before vCR8.50.230201a, all versions of vCR8.40 and prior. | ||||
| CVE-2022-47435 | 1 Wp-olivecart Project | 1 Wp-olivecart | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Olive Design WP-OliveCart plugin <= 1.1.3 versions. | ||||
| CVE-2023-24386 | 1 Ai Contact Us Form Project | 1 Ai Contact Us Form | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Karishma Arora AI Contact Us Form plugin <= 1.0 versions. | ||||
| CVE-2023-24404 | 1 Rarathemes | 1 Vryasage Marketing Performance | 2025-01-10 | 7.1 High |
| Reflected Cross-Site Scripting (XSS) vulnerability in VryaSage Marketing Performance plugin <= 2.0.0 versions. | ||||
| CVE-2022-45361 | 1 0mk Shortener Project | 1 0mk Shortener | 2025-01-10 | 5.9 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Boris Kuzmanov 0mk Shortener plugin <= 0.2 versions. | ||||
| CVE-2023-23832 | 1 Ultimate Wp Query Search Filter Project | 1 Ultimate Wp Query Search Filter | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in TC Ultimate WP Query Search Filter plugin <= 1.0.10 versions. | ||||
| CVE-2023-23717 | 1 Portfolio Slideshow Project | 1 Portfolio Slideshow | 2025-01-10 | 6.5 Medium |
| Auth. (contributor+) Cross-Site Scripting (XSS) vulnerability in George Gecewicz Portfolio Slideshow plugin <= 1.13.0 versions. | ||||