In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released.
Max CVSS
7.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri.
Max CVSS
6.1
EPSS Score
0.05%
Published
2024-02-11
Updated
2024-02-16
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-11
Updated
2024-02-11
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-02-11
Updated
2024-02-12
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-02-11
Updated
2024-02-12
flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php.
Max CVSS
8.8
EPSS Score
0.06%
Published
2024-02-11
Updated
2024-02-12
A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
5.5
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-13
The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability.
Max CVSS
9.8
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Max CVSS
9.9
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2.
Max CVSS
10.0
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4.
Max CVSS
4.3
EPSS Score
0.04%
Published
2024-02-12
Updated
2024-02-12
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3.
Max CVSS
7.1
EPSS Score
0.05%
Published
2024-02-12
Updated
2024-02-16
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3.
Max CVSS
7.1
EPSS Score
0.05%
Published
2024-02-12
Updated
2024-02-16
Toggle Search Form
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!