Total
271657 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-43853 | 1 Linux | 1 Linux Kernel | 2024-09-04 | N/A | 5.5 MEDIUM |
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgroup_lock In the cgroup_path_ns function. 2.$cat /proc/<pid>/cpuset repeatly. 3.$mount -t cgroup -o cpuset cpuset /sys/fs/cgroup/cpuset/ $umount /sys/fs/cgroup/cpuset/ repeatly. The race that cause this bug can be shown as below: (umount) | (cat /proc/<pid>/cpuset) css_release | proc_cpuset_show css_release_work_fn | css = task_get_css(tsk, cpuset_cgrp_id); css_free_rwork_fn | cgroup_path_ns(css->cgroup, ...); cgroup_destroy_root | mutex_lock(&cgroup_mutex); rebind_subsystems | cgroup_free_root | | // cgrp was freed, UAF | cgroup_path_ns_locked(cgrp,..); When the cpuset is initialized, the root node top_cpuset.css.cgrp will point to &cgrp_dfl_root.cgrp. In cgroup v1, the mount operation will allocate cgroup_root, and top_cpuset.css.cgrp will point to the allocated &cgroup_root.cgrp. When the umount operation is executed, top_cpuset.css.cgrp will be rebound to &cgrp_dfl_root.cgrp. The problem is that when rebinding to cgrp_dfl_root, there are cases where the cgroup_root allocated by setting up the root for cgroup v1 is cached. This could lead to a Use-After-Free (UAF) if it is subsequently freed. The descendant cgroups of cgroup v1 can only be freed after the css is released. However, the css of the root will never be released, yet the cgroup_root should be freed when it is unmounted. This means that obtaining a reference to the css of the root does not guarantee that css.cgrp->root will not be freed. Fix this problem by using rcu_read_lock in proc_cpuset_show(). As cgroup_root is kfree_rcu after commit d23b5c577715 ("cgroup: Make operations on the cgroup root_list RCU safe"), css->cgroup won't be freed during the critical section. To call cgroup_path_ns_locked, css_set_lock is needed, so it is safe to replace task_get_css with task_css. [1] https://syzkaller.appspot.com/bug?extid=9b1ff7be974a403aa4cd | |||||
CVE-2024-42314 | 1 Linux | 1 Linux Kernel | 2024-09-04 | N/A | 7.8 HIGH |
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting in a use-after-free. Fix this by computing 'add_size' before dropping our extent map reference. | |||||
CVE-2024-43772 | 1 Easytest | 1 Easytest Online Test Platform | 2024-09-04 | N/A | 9.8 CRITICAL |
SQL Injection in download student learning course function of Easytest Online Test Platform ver.24E01 and earlier allow remote attackers to execute arbitrary SQL commands via the uid parameter. | |||||
CVE-2024-45270 | 1 Majeedraza | 1 Carousel Slider | 2024-09-04 | N/A | 4.3 MEDIUM |
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Hero image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site. | |||||
CVE-2024-45269 | 1 Majeedraza | 1 Carousel Slider | 2024-09-04 | N/A | 4.3 MEDIUM |
WordPress plugin "Carousel Slider" provided by Sayful Islam contains a cross-site request forgery vulnerability on Carousel image selection feature. While logged in to the WordPress site with Carousel Slider plugin enabled, accessing a crafted page may cause a user to alter the contents of the WordPress site. | |||||
CVE-2024-8366 | 1 Code-projects | 1 Pharmacy Management System | 2024-09-04 | 5.0 MEDIUM | 4.7 MEDIUM |
A vulnerability was found in code-projects Pharmacy Management System 1.0. It has been classified as problematic. This affects an unknown part of the file /index.php?id=userProfileEdit of the component Update My Profile Page. The manipulation of the argument fname/lname/email with the input <script>alert(1)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-7821 | 2024-09-04 | N/A | N/A | ||
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. | |||||
CVE-2024-41435 | 2024-09-03 | N/A | 7.5 HIGH | ||
YugabyteDB v2.21.1.0 was discovered to contain a buffer overflow via the "insert into" parameter. | |||||
CVE-2024-8344 | 1 Campcodes | 1 Supplier Management System | 2024-09-03 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/edit_area.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-41226 | 1 Automationanywhere | 1 Automation 360 | 2024-09-03 | N/A | 7.8 HIGH |
A CSV injection vulnerability in Automation Anywhere Automation 360 version 21094 allows attackers to execute arbitrary code via a crafted payload. NOTE: Automation Anywhere disputes this report, arguing the attacker executes everything from the client side and does not attack the Control Room. The payload is being injected in the http Response from the client-side, so the owner of the Response and payload is the end user in this case. They contend that the server's security controls have no impact or role to play in this situation and therefore this is not a valid vulnerability. | |||||
CVE-2024-39579 | 1 Dell | 1 Powerscale Onefs | 2024-09-03 | N/A | 6.7 MEDIUM |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.0 contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | |||||
CVE-2024-39578 | 1 Dell | 1 Powerscale Onefs | 2024-09-03 | N/A | 6.3 MEDIUM |
Dell PowerScale OneFS versions 8.2.2.x through 9.8.0.1 contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | |||||
CVE-2024-5212 | 1 Tagdiv | 1 Tagdiv Composer | 2024-09-03 | N/A | 6.1 MEDIUM |
The tagDiv Composer plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘envato_code[]’ parameter in all versions up to, and including, 5.0 due to insufficient input sanitization and output escaping within the on_ajax_register_forum_user function. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. | |||||
CVE-2024-7936 | 1 Project Expense Monitoring System Project | 1 Project Expense Monitoring System | 2024-09-03 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as critical has been found in itsourcecode Project Expense Monitoring System 1.0. This affects an unknown part of the file transferred_report.php. The manipulation of the argument start/end/employee leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-7937 | 1 Project Expense Monitoring System Project | 1 Project Expense Monitoring System | 2024-09-03 | 6.5 MEDIUM | 9.8 CRITICAL |
A vulnerability classified as critical was found in itsourcecode Project Expense Monitoring System 1.0. This vulnerability affects unknown code of the file printtransfer.php. The manipulation of the argument transfer_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-7942 | 1 Rems | 1 Leads Manager Tool | 2024-09-03 | 4.0 MEDIUM | 5.4 MEDIUM |
A vulnerability has been found in SourceCodester Leads Manager Tool 1.0 and classified as problematic. This vulnerability affects unknown code of the file update-leads.php. The manipulation of the argument phone_number leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-7943 | 1 Adonesevangelista | 1 Laravel Property Management System | 2024-09-03 | 6.5 MEDIUM | 8.8 HIGH |
A vulnerability was found in itsourcecode Laravel Property Management System 1.0 and classified as critical. This issue affects the function upload of the file PropertiesController.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
CVE-2024-42901 | 2024-09-03 | N/A | 4.8 MEDIUM | ||
A CSV injection vulnerability in Lime Survey v6.5.12 allows attackers to execute arbitrary code via uploading a crafted CSV file. | |||||
CVE-2024-41436 | 2024-09-03 | N/A | 7.5 HIGH | ||
ClickHouse v24.3.3.102 was discovered to contain a buffer overflow via the component DB::evaluateConstantExpressionImpl. | |||||
CVE-2024-5763 | 1 Posimyth | 1 The Plus Addons For Elementor | 2024-09-03 | N/A | 5.4 MEDIUM |
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the video_date attribute within the plugin's Video widget in all versions up to, and including, 5.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |