6.5
CVE-2024-12266 - ELEX WooCommerce Dynamic Pricing and Discounts <= 2.1.7 - Missing Authorization
The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the elex_dp_export_rules() and elex_dp_import_rules() functions in all versions up to, and including, 2.1.7. This makes it possible for unauthentβ¦
8.1
CVE-2024-47515 - Pagure: generate_archive() follows symbolic links in temporary clones
A vulnerability was found in Pagure. Support of symbolic links during repository archiving of repositories allows the disclosure of local files. This flaw allows a malicious user to take advantage of the Pagure instance.
5.4
CVE-2024-9427 - Koji: escape html tag characters in the query string
A vulnerability in Koji was found. An unsanitized input allows for an XSS attack. Javascript code from a malicious link could be reflected in the resulting web page. It is not expected to be able to submit an action or make a change in Koji due to existing XSS protections in the code
5.6
CVE-2024-56826 - Openjpeg: heap buffer overflow in bin/common/color.c
A flaw was found in the OpenJPEG project. A heap buffer overflow condition may be triggered when certain options are specified while using the opj_decompress utility. This can lead to an application crash or other undefined behavior.
5.5
CVE-2024-53148 - comedi: Flush partial mappings in error case
In the Linux kernel, the following vulnerability has been resolved: comedi: Flush partial mappings in error case If some remap_pfn_range() calls succeeded before one failed, we still have buffer pages mapped into the userspace page tables when we drop the buffer reference with comedi_buf_map_put(β¦
5.5
CVE-2024-53163 - crypto: qat/qat_420xx - fix off by one in uof_get_name()
In the Linux kernel, the following vulnerability has been resolved: crypto: qat/qat_420xx - fix off by one in uof_get_name() This is called from uof_get_name_420xx() where "num_objs" is the ARRAY_SIZE() of fw_objs[]. The > needs to be >= to prevent an out of bounds access.
4.7
CVE-2024-53160 - rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu
In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in __mod_timer / kvfree_call_rcu KCSAN reports a data race when access the krcp->monitor_work.timer.expires variable in the schedule_delayed_monitor_work() function: <snip> BUG: KCSAN: data-race in __moβ¦
5.5
CVE-2024-53158 - soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get()
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: geni-se: fix array underflow in geni_se_clk_tbl_get() This loop is supposed to break if the frequency returned from clk_round_rate() is the same as on the previous iteration. However, that check doesn't make sense on β¦
7.8
CVE-2024-53156 - wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service()
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: add range check for conn_rsp_epid in htc_connect_service() I found the following bug in my fuzzer: UBSAN: array-index-out-of-bounds in drivers/net/wireless/ath/ath9k/htc_hst.c:26:51 index 255 is out of range forβ¦
5.5
CVE-2024-53152 - PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert()
In the Linux kernel, the following vulnerability has been resolved: PCI: tegra194: Move controller cleanups to pex_ep_event_pex_rst_deassert() Currently, the endpoint cleanup function dw_pcie_ep_cleanup() and EPF deinit notify function pci_epc_deinit_notify() are called during the execution of peβ¦