CVE |
CVSS |
Git URL |
Published |
Description |
CVE-2024-34455 |
- |
https://github.com/buildroot/buildroot/commit/0b2967e15800421efbdfe3a7a6061cf6bd84134d |
2024-05-03T19:15:07.950 |
Buildroot before 0b2967e lacks the sticky bit for the /dev/shm directory. |
CVE-2024-34453 |
- |
https://github.com/tznb1/twonav/issues/9#issuecomment-2022194939 |
2024-05-03T18:15:10.160 |
TwoNav 2.1.13 contains an SSRF vulnerability via the url paramater to index.php?c=api&method=read_data&type=connectivity_test (which reaches /system/api.php). |
CVE-2024-31673 |
- |
https://github.com/kliqqi-cms/kliqqi-cms/issues/265 |
2024-05-03T18:15:09.310 |
Kliqqi-CMS 2.0.2 is vulnerable to SQL Injection in load_data.php via the userid parameter. |
CVE-2024-31636 |
- |
https://github.com/lief-project/lief/issues/1038 |
2024-05-03T17:15:07.687 |
An issue in LIEF v.0.14.1 allows a local attacker to obtain sensitive information via the name parameter of the machd_reader.c component. |
CVE-2024-34449 |
- |
https://github.com/vanessa219/vditor/issues/1604 |
2024-05-03T16:15:11.520 |
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true. |
CVE-2024-34063 |
2.5 |
https://github.com/matrix-org/vodozemac/commit/297548cad4016ce448c4b5007c54db7ee39489d9 |
2024-05-03T10:15:08.690 |
vodozemac is an implementation of Olm and Megolm in pure Rust. Versions 0.5.0 and 0.5.1 of vodozemac have degraded secret zeroization capabilities, due to changes in third-party cryptographic dependencies (the Dalek crates), which moved secret zeroization capabilities behind a feature flag and defaulted this feature to off. The degraded zeroization capabilities could result in the production of more memory copies of encryption secrets and secrets could linger in memory longer than necessary. This marginally increases the risk of sensitive data exposure. This issue has been addressed in version 0.6.0 and users are advised to upgrade. There are no known workarounds for this vulnerability. |
CVE-2024-34408 |
- |
https://github.com/tencent/libpag/pull/2243 |
2024-05-03T06:15:13.883 |
Tencent libpag through 4.3.51 has an integer overflow in DecodeStream::checkEndOfFile() in codec/utils/DecodeStream.cpp via a crafted PAG (Portable Animated Graphics) file. |
CVE-2024-34403 |
- |
https://github.com/uriparser/uriparser/pull/186 |
2024-05-03T01:15:48.693 |
An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string. |
CVE-2024-34402 |
- |
https://github.com/uriparser/uriparser/pull/185 |
2024-05-03T01:15:48.633 |
An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow. |
CVE-2024-4216 |
7.4 |
https://github.com/pgadmin-org/pgadmin4/issues/7282 |
2024-05-02T18:15:07.757 |
pgAdmin <= 8.5 is affected by XSS vulnerability in /settings/store API response json payload. This vulnerability allows attackers to execute malicious script at the client end.
|
CVE-2024-3955 |
- |
https://github.com/pibrewing/craftbeerpi4/issues/132 |
2024-05-02T10:15:08.630 |
URL GET parameter "logtime" utilized within the "downloadlog" function from "cbpi/http_endpoints/http_system.py" is subsequently passed to the "os.system" function in "cbpi/controller/system_controller.py" without prior validation allowing to execute arbitrary code.This issue affects CraftBeerPi 4: from 4.0.0.58 (commit 563fae9) before 4.4.1.a1 (commit 57572c7).
|
CVE-2024-33431 |
- |
https://github.com/stsaz/phiola/issues/27 |
2024-05-01T19:15:27.283 |
An issue in phiola/src/afilter/conv.c:115 of phiola v2.0-rc22 allows a remote attacker to cause a denial of service via a crafted .wav file. |
CVE-2024-33430 |
- |
https://github.com/stsaz/phiola/issues/28 |
2024-05-01T19:15:27.223 |
An issue in phiola/src/afilter/pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. |
CVE-2024-33429 |
- |
https://github.com/stsaz/phiola/issues/30 |
2024-05-01T19:15:27.170 |
Buffer-Overflow vulnerability at pcm_convert.h:513 of phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via a crafted .wav file. |
CVE-2024-33428 |
- |
https://github.com/stsaz/phiola/issues/29 |
2024-05-01T19:15:27.120 |
Buffer-Overflow vulnerability at conv.c:68 of stsaz phiola v2.0-rc22 allows a remote attacker to execute arbitrary code via the a crafted .wav file. |
CVE-2024-34068 |
6.4 |
remote,bypass |
2024-05-03T18:15:09.773 |
Pterodactyl wings is the server control plane for Pterodactyl Panel. An authenticated user who has access to a game server is able to bypass the previously implemented access control (GHSA-6rg3-8h8x-5xfv) that prevents accessing internal endpoints of the node hosting Wings in the pull endpoint. This would allow malicious users to potentially access resources on local networks that would otherwise be inaccessible. This issue has been addressed in version 1.11.2 and users are advised to upgrade. Users unable to upgrade may enable the `api.disable_remote_download` option as a workaround. |
CVE-2024-34446 |
- |
sensitive,vpn |
2024-05-03T15:15:08.210 |
Mullvad VPN through 2024.1 on Android does not set a DNS server in the blocking state (after a hard failure to create a tunnel), and thus DNS traffic can leave the device. Data showing that the affected device was the origin of sensitive DNS requests may be observed and logged by operators of unintended DNS servers. |
CVE-2024-34073 |
7.8 |
remote,execution,command |
2024-05-03T11:15:22.447 |
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. In affected versions the capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils` module allows for potentially unsafe Operating System (OS) Command Injection if inappropriate command is passed as the “requirements_path” parameter. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. This issue has been addressed in version 2.214.3. Users are advised to upgrade. Users unable to upgrade should not override the “requirements_path” parameter of capture_dependencies function in `sagemaker.serve.save_retrive.version_1_0_0.save.utils`, and instead use the default value. |
CVE-2024-34072 |
7.8 |
remote,execution |
2024-05-03T11:15:22.260 |
sagemaker-python-sdk is a library for training and deploying machine learning models on Amazon SageMaker. The sagemaker.base_deserializers.NumpyDeserializer module before v2.218.0 allows potentially unsafe deserialization when untrusted data is passed as pickled object arrays. This consequently may allow an unprivileged third party to cause remote code execution, denial of service, affecting both confidentiality and integrity. Users are advised to upgrade to version 2.218.0. Users unable to upgrade should not pass pickled numpy object arrays which originated from an untrusted source, or that could have been tampered with. Only pass pickled numpy object arrays from trusted sources. |
CVE-2024-30302 |
5.5 |
sensitive,bypass |
2024-05-02T21:16:11.747 |
Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. |
CVE-2024-34392 |
8.1 |
remote,execution |
2024-05-02T19:15:06.333 |
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking the namespaces() function (which invokes _wrap__xmlNode_nsDef_get()) on a grand-child of a node that refers to an entity. This vulnerability can lead to denial of service and remote code execution. |
CVE-2024-34391 |
8.1 |
remote,execution,leak |
2024-05-02T19:15:06.177 |
libxmljs is vulnerable to a type confusion vulnerability when parsing a specially crafted XML while invoking a function on the result of attrs() that was called on a parsed node. This vulnerability might lead to denial of service (on both 32-bit systems and 64-bit systems), data leak, infinite loop and remote code execution (on 32-bit systems with the XML_PARSE_HUGE flag enabled).
|
CVE-2024-4215 |
7.4 |
authentication,sensitive,bypass |
2024-05-02T18:15:07.593 |
pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability. This vulnerability allows an attacker with knowledge of a legitimate account’s username and password may authenticate to the application and perform sensitive actions within the application, such as managing files and executing SQL queries, regardless of the account’s MFA enrollment status.
|
CVE-2024-4033 |
8.8 |
remote,execution |
2024-05-02T17:15:33.740 |
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aiovg_create_attachment_from_external_image_url function in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with contributor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. |
CVE-2024-3957 |
6.5 |
execution,unauthenticated |
2024-05-02T17:15:32.910 |
The Booster for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 7.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. |
CVE-2024-3870 |
5.3 |
unauthenticated,sensitive |
2024-05-02T17:15:31.743 |
The Contact Form 7 Database Addon – CFDB7 plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.6.8 via the cfdb7_before_send_mail function. This can allow unauthenticated attackers to extract sensitive data, such as Personally Identifiable Information, from files uploaded by users. |
CVE-2024-3849 |
8.8 |
execution,sensitive,bypass |
2024-05-02T17:15:31.563 |
The Click to Chat – HoliThemes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.35. This makes it possible for authenticated attackers, with contributor access or above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
CVE-2024-3734 |
6.5 |
execution,unauthenticated |
2024-05-02T17:15:30.900 |
The FOX – Currency Switcher Professional for WooCommerce plugin is vulnerable to Unauthenticated Arbitrary Shortcode Execution in versions up to, and including, 1.4.1.8. This allows unauthenticated attackers to execute arbitrary shortcodes. The severity and exploitability depends on what other plugins are installed and what shortcode functionality they provide. |
CVE-2024-3729 |
9.8 |
unauthenticated,authentication,bypass |
2024-05-02T17:15:30.730 |
The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'fea_encrypt' function in all versions up to, and including, 3.19.4. This makes it possible for unauthenticated attackers to manipulate the user processing forms, which can be used to add and edit administrator user for privilege escalation, or to automatically log in users for authentication bypass, or manipulate the post processing form that can be used to inject arbitrary web scripts. This can only be exploited if the 'openssl' php extension is not loaded on the server. |
CVE-2024-3717 |
5.3 |
unauthenticated,sensitive |
2024-05-02T17:15:29.987 |
The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.7.7 via the '/wp-content/uploads/wp_dndcf7_uploads/wpcf7-files' directory. This makes it possible for unauthenticated attackers to extract sensitive data uploaded via this plugin through a form. |
CVE-2024-3500 |
8.8 |
execution,sensitive,bypass |
2024-05-02T17:15:26.100 |
The ElementsKit Pro plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.6.0 via the Price Menu, Hotspot, and Advanced Toggle widgets. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
CVE-2024-3499 |
8.8 |
execution,sensitive,bypass |
2024-05-02T17:15:25.940 |
The ElementsKit Elementor addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.1.0 via the generate_navigation_markup function of the Onepage Scroll module. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. |
CVE-2024-3312 |
5.3 |
unauthenticated,sensitive |
2024-05-02T17:15:24.690 |
The Easy Custom Auto Excerpt plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.4.12. This makes it possible for unauthenticated attackers to obtain excerpts of password-protected posts. |
CVE-2024-2876 |
9.8 |
unauthenticated,sensitive |
2024-05-02T17:15:20.463 |
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'run' function of the 'IG_ES_Subscribers_Query' class in all versions up to, and including, 5.7.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. |
CVE-2024-2109 |
5.3 |
unauthenticated,sensitive |
2024-05-02T17:15:15.880 |
The Booster Extension plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.0 via the 'booster_extension_authorbox_shortcode_display' function. This makes it possible for unauthenticated attackers to extract sensitive data including user emails |
CVE-2024-1809 |
5.4 |
sensitive,leak |
2024-05-02T17:15:13.500 |
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on AJAX functions in combination with nonce leakage in all versions up to, and including, 5.2.3. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain certain sensitive information related to plugin settings. |
CVE-2024-1678 |
5.3 |
unauthenticated,sensitive,bypass |
2024-05-02T17:15:12.300 |
The Subway – Private Site Option plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.4 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's private site feature and view restricted page and post content. |
CVE-2024-1584 |
5.3 |
unauthenticated,authentication |
2024-05-02T17:15:11.960 |
The Analytify – Google Analytics Dashboard For WordPress (GA4 analytics made easy) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpa_check_authentication' function in all versions up to, and including, 5.2.1. This makes it possible for unauthenticated attackers to modify the site's Google Analytics tracking ID. |
CVE-2024-1567 |
8.2 |
remote,execution,unauthenticated |
2024-05-02T17:15:11.603 |
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to limited file uploads due to missing file type validation in the 'file_validity' function in all versions up to, and including, 1.3.94. This makes it possible for unauthenticated attackers to upload dangerous file types such as .svgz on the affected site's server which may make cross-site scripting or remote code execution possible. |
CVE-2024-0615 |
5.3 |
unauthenticated,sensitive |
2024-05-02T17:15:09.360 |
The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated attackers to extract post titles, IDs, slugs, statuses and other information including post content. This includes published content only. |
CVE-2024-31966 |
- |
command,sensitive |
2024-05-02T16:15:08.020 |
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker with administrative privilege to conduct an argument injection attack due to insufficient parameter sanitization. A successful exploit could allow an attacker to access sensitive information, modify system configuration or execute arbitrary commands. |
CVE-2024-31964 |
- |
unauthenticated,authentication,bypass |
2024-05-02T16:15:07.913 |
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an unauthenticated attacker to conduct an authentication bypass attack due to improper authentication control. A successful exploit could allow an attacker to modify system configuration settings and potentially cause a denial of service. |
CVE-2024-31963 |
- |
command,sensitive |
2024-05-02T16:15:07.863 |
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker to conduct a buffer overflow attack due to insufficient bounds checking and input sanitization. A successful exploit could allow an attacker to gain access to sensitive information, modify system configuration or execute arbitrary commands within the context of the system. |
CVE-2024-4406 |
8.8 |
remote,execution |
2024-05-02T15:15:07.670 |
Xiaomi Pro 13 GetApps integral-dialog-page Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the integral-dialog-page.html file. When parsing the integralInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22332. |
CVE-2024-4405 |
8.8 |
remote,execution |
2024-05-02T15:15:07.427 |
Xiaomi Pro 13 mimarket manual-upgrade Cross-Site Scripting Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the manual-upgrade.html file. When parsing the manualUpgradeInfo parameter, the process does not properly sanitize user-supplied data, which can lead to the injection of an arbitrary script. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22379. |
CVE-2024-33292 |
- |
remote,sensitive |
2024-05-01T19:15:26.857 |
SQL Injection vulnerability in Realisation MGSD v.1.0 allows a remote attacker to obtain sensitive information via the id parameter. |
CVE-2024-29011 |
7.5 |
authentication,bypass |
2024-05-01T19:15:22.627 |
Use of hard-coded password in the GMS ECM endpoint leading to authentication bypass vulnerability.
This issue affects GMS: 9.3.4 and earlier versions.
|
CVE-2024-25458 |
- |
remote,sensitive |
2024-05-01T19:15:22.333 |
An issue in CYCZCAM, SHIX ZHAO, SHIXCAM A9 Camera (circuit board identifier A9-48B-V1.0) firmware v.CYCAM_48B_BC01_v87_0903 allows a remote attacker to obtain sensitive information via a crafted request to a UDP port. |
CVE-2024-24313 |
- |
remote,sensitive |
2024-05-01T19:15:22.140 |
An issue in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/FormModel.php and QRModel.php component. |
CVE-2024-24312 |
- |
remote,sensitive |
2024-05-01T19:15:22.087 |
SQL injection vulnerability in Vaales Technologies V_QRS v.2024-01-17 allows a remote attacker to obtain sensitive information via the Models/UserModel.php component. |
CVE-2024-33078 |
- |
remote,execution |
2024-05-01T18:15:24.283 |
Tencent Libpag v4.3 is vulnerable to Buffer Overflow. A user can send a crafted image to trigger a overflow leading to remote code execution. |
CVE-2024-20378 |
7.5 |
remote,unauthenticated,authentication,sensitive |
2024-05-01T17:15:28.660 |
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to retrieve sensitive information from an affected device.
This vulnerability is due to a lack of authentication for specific endpoints of the web-based management interface on an affected device. An attacker could exploit this vulnerability by connecting to the affected device. A successful exploit could allow the attacker to gain unauthorized access to the device, enabling the recording of user credentials and traffic to and from the affected device, including VoIP calls that could be replayed. |
CVE-2024-20376 |
7.5 |
remote,unauthenticated |
2024-05-01T17:15:28.407 |
A vulnerability in the web-based management interface of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a DoS condition.
This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface of an affected device. A successful exploit could allow the attacker to cause the affected device to reload. |
CVE-2024-20357 |
5.9 |
remote,unauthenticated |
2024-05-01T17:15:28.143 |
A vulnerability in the XML service of Cisco IP Phone firmware could allow an unauthenticated, remote attacker to initiate phone calls on an affected device.
This vulnerability exists because bounds-checking does not occur while parsing XML requests. An attacker could exploit this vulnerability by sending a crafted XML request to an affected device. A successful exploit could allow the attacker to initiate calls or play sounds on the device. |
CVE-2024-33512 |
9.8 |
remote,execution,unauthenticated,authentication |
2024-05-01T15:15:15.257 |
There is a buffer overflow vulnerability in the underlying Local User Authentication Database service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|
CVE-2024-33511 |
9.8 |
remote,execution,unauthenticated |
2024-05-01T15:15:15.060 |
There is a buffer overflow vulnerability in the underlying Automatic Reporting service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|
CVE-2024-26305 |
9.8 |
remote,execution,unauthenticated |
2024-05-01T15:15:14.863 |
There is a buffer overflow vulnerability in the underlying Utility daemon that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|
CVE-2024-26304 |
9.8 |
remote,execution,unauthenticated |
2024-05-01T15:15:14.680 |
There is a buffer overflow vulnerability in the underlying L2/L3 Management service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI (Aruba's access point management protocol) UDP port (8211). Successful exploitation of this vulnerability results in the ability to execute arbitrary code as a privileged user on the underlying operating system.
|
CVE-2024-4059 |
- |
remote,leak |
2024-05-01T13:15:52.253 |
Out of bounds read in V8 API in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to leak cross-site data via a crafted HTML page. (Chromium security severity: High) |
CVE-2024-27391 |
- |
command,leak |
2024-05-01T13:15:51.750 |
In the Linux kernel, the following vulnerability has been resolved:
wifi: wilc1000: do not realloc workqueue everytime an interface is added
Commit 09ed8bfc5215 ("wilc1000: Rename workqueue from "WILC_wq" to
"NETDEV-wq"") moved workqueue creation in wilc_netdev_ifc_init in order to
set the interface name in the workqueue name. However, while the driver
needs only one workqueue, the wilc_netdev_ifc_init is called each time we
add an interface over a phy, which in turns overwrite the workqueue with a
new one. This can be observed with the following commands:
for i in $(seq 0 10)
do
iw phy phy0 interface add wlan1 type managed
iw dev wlan1 del
done
ps -eo pid,comm|grep wlan
39 kworker/R-wlan0
98 kworker/R-wlan1
102 kworker/R-wlan1
105 kworker/R-wlan1
108 kworker/R-wlan1
111 kworker/R-wlan1
114 kworker/R-wlan1
117 kworker/R-wlan1
120 kworker/R-wlan1
123 kworker/R-wlan1
126 kworker/R-wlan1
129 kworker/R-wlan1
Fix this leakage by putting back hif_workqueue allocation in
wilc_cfg80211_init. Regarding the workqueue name, it is indeed relevant to
set it lowercase, however it is not attached to a specific netdev, so
enforcing netdev name in the name is not so relevant. Still, enrich the
name with the wiphy name to make it clear which phy is using the workqueue. |