5.3
CVE-2023-4027 - Radio Player <= 2.0.73 - Missing Authorization to Settings Update
The Radio Player plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_settings function in versions up to, and including, 2.0.73. This makes it possible for unauthenticated attackers to update plugin settings.
7.2
CVE-2022-1751 - Skitter Slideshow <= 2.5.2 - Unauthenticated Server-Side Request Forgery
The Skitter Slideshow plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.5.2 via the /image.php file. This makes it possible for unauthenticated attackers to make web requests to arbitrary locations originating from the web application and can β¦
9.8
CVE-2024-6459 - News Element Elementor Blog Magazine < 1.0.6 - Unauthenticated LFI
The News Element Elementor Blog Magazine WordPress plugin before 1.0.6 is vulnerable to Local File Inclusion via the template parameter. This makes it possible for unauthenticated attacker to include and execute PHP files on the server, allowing the execution of any PHP code in those files.
10
CVE-2024-6500 - InPost for WooCommerce <= 1.4.0 and InPost PL <= 1.4.4 - Missing Authorization to Unauthenticated Aβ¦
The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability check on the 'parse_request' function in all versions up to, and including, 1.4.0 (for InPost for WooCommerce) as well as 1.4.4 (for InPost PL)β¦
5.5
CVE-2024-43816 - scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned. In lpfc_prep_embed_io, β¦
8.8
CVE-2024-43847 - wifi: ath12k: fix invalid memory access while processing fragmented packets
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix invalid memory access while processing fragmented packets The monitor ring and the reo reinject ring share the same ring mask index. When the driver receives an interrupt for the reo reinject ring, the monitor rβ¦
3.3
CVE-2024-43841 - wifi: virt_wifi: avoid reporting connection success with wrong SSID
In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the warning: WARN_ON(bss_β¦
5.5
CVE-2024-43818 - ASoC: amd: Adjust error handling in case of absent codec device
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpi_get_first_physical_node() can return NULL in several cases (no such device, ACPI table error, reference count drop to 0, etc). Existing check just emit error meβ¦
5.5
CVE-2024-42299 - fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Update log->page_{mask,bits} if log->page_size changed If an NTFS file system is mounted to another system with different PAGE_SIZE from the original system, log->page_size will change in log_replay(), but log->page_{maβ¦
5.5
CVE-2024-42267 - riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error()
In the Linux kernel, the following vulnerability has been resolved: riscv/mm: Add handling for VM_FAULT_SIGSEGV in mm_fault_error() Handle VM_FAULT_SIGSEGV in the page fault path so that we correctly kill the process and we don't BUG() the kernel.