Medium
CVSS: 5.5
Yayın: 2025-01-21 13:15:08
In the Linux kernel, the following vulnerability has been resolved:
exfat: fix the infinite loop in exfat_readdir()
If the file system is corrupted so that a cluster is linked to
itself in the cluster chain, and there is an unused directory
entry i…
Medium
CVSS: 5.5
Yayın: 2025-01-21 13:15:07
In the Linux kernel, the following vulnerability has been resolved:
riscv: Fix sleeping in invalid context in die()
die() can be called in exception handler, and therefore cannot sleep.
However, die() takes spinlock_t which can sleep with PREEMPT_R…
Medium
CVSS: 5.3
Yayın: 2025-01-21 12:15:27
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability allows an attacker to modify an email to contain the ‘+’ symbol to access the application and win prizes as many times as wanted.
Medium
CVSS: 5.3
Yayın: 2025-01-21 12:15:27
Input validation vulnerability in Qualifio's Wheel of Fortune. This vulnerability could allow an attacker to modify a single email to contain upper and lower case characters in order to access the application and win prizes as many times as wanted.
Medium
CVSS: 5.5
Yayın: 2025-01-21 12:15:27
In the Linux kernel, the following vulnerability has been resolved:
net/sctp: Prevent autoclose integer overflow in sctp_association_init()
While by default max_autoclose equals to INT_MAX / HZ, one may set
net.sctp.max_autoclose to UINT_MAX. There…
Unknown
CVSS: -
Yayın: 2025-01-21 12:15:27
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
Medium
CVSS: 5.5
Yayın: 2025-01-21 12:15:27
In the Linux kernel, the following vulnerability has been resolved:
RDMA/bnxt_re: Fix max SGEs for the Work Request
Gen P7 supports up to 13 SGEs for now. WQE software structure
can hold only 6 now. Since the max send sge is reported as
13, the sta…
Medium
CVSS: 5.5
Yayın: 2025-01-21 12:15:27
In the Linux kernel, the following vulnerability has been resolved:
RDMA/hns: Fix accessing invalid dip_ctx during destroying QP
If it fails to modify QP to RTR, dip_ctx will not be attached. And
during detroying QP, the invalid dip_ctx pointer wil…
Medium
CVSS: 4.7
Yayın: 2025-01-21 12:15:27
In the Linux kernel, the following vulnerability has been resolved:
fgraph: Add READ_ONCE() when accessing fgraph_array[]
In __ftrace_return_to_handler(), a loop iterates over the fgraph_array[]
elements, which are fgraph_ops. The loop checks if an…
Medium
CVSS: 5.5
Yayın: 2025-01-21 12:15:26
In the Linux kernel, the following vulnerability has been resolved:
gve: guard XSK operations on the existence of queues
This patch predicates the enabling and disabling of XSK pools on the
existence of queues. As it stands, if the interface is dow…
Medium
CVSS: 5.5
Yayın: 2025-01-21 12:15:26
In the Linux kernel, the following vulnerability has been resolved:
gve: guard XDP xmit NDO on existence of xdp queues
In GVE, dedicated XDP queues only exist when an XDP program is installed
and the interface is up. As such, the NDO XDP XMIT callb…
Medium
CVSS: 5.5
Yayın: 2025-01-21 12:15:26
In the Linux kernel, the following vulnerability has been resolved:
selinux: ignore unknown extended permissions
When evaluating extended permissions, ignore unknown permissions instead
of calling BUG(). This commit ensures that future permissions…
Medium
CVSS: 5.5
Yayın: 2025-01-21 12:15:26
In the Linux kernel, the following vulnerability has been resolved:
tracing: Have process_string() also allow arrays
In order to catch a common bug where a TRACE_EVENT() TP_fast_assign()
assigns an address of an allocated string to the ring buffer…
Medium
CVSS: 6.4
Yayın: 2025-01-21 11:15:10
The Betheme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom JS functionality in all versions up to, and including, 27.6.1 due to insufficient input sanitization and output escaping on user supplied attributes…
Medium
CVSS: 6.5
Yayın: 2025-01-21 11:15:10
An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to /api/log_entries/summary. This can be carried out by users with read access to the Observability-Logs feature in Kibana.
Medium
CVSS: 6.5
Yayın: 2025-01-21 11:15:09
An allocation of resources without limits or throttling in Elasticsearch can lead to an OutOfMemoryError exception resulting in a crash via a specially crafted query using an SQL function.
Medium
CVSS: 5.5
Yayın: 2025-01-21 11:15:09
Improper handling of alternate encoding occurs when Elastic Defend on Windows systems attempts to scan a file or process encoded as a multibyte character. This leads to an uncaught exception causing Elastic Defend to crash which in turn will prevent…
Medium
CVSS: 6.1
Yayın: 2025-01-21 11:15:09
The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to updat…
Medium
CVSS: 5.3
Yayın: 2025-01-21 11:15:09
The Social Share, Social Login and Social Comments Plugin – Super Socializer plugin for WordPress is vulnerable to Limited SQL Injection via the ‘SuperSocializerKey’ parameter in all versions up to, and including, 7.14 due to insufficient escaping on…
Medium
CVSS: 6.4
Yayın: 2025-01-21 11:15:08
The FireCask Like & Share Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'width' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible…