Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> crypto: rng - Ensure set_ent is always present<br /> <br /> Ensure that set_ent is always set since only drbg provides it.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> serial: qcom-geni: Fix blocked task<br /> <br /> Revert commit 1afa70632c39 ("serial: qcom-geni: Enable PM runtime for<br /> serial driver") and its dependent commit 86fa39dd6fb7 ("serial:<br /> qcom-geni: Enable Serial on SA8255p Qualcomm platforms") because the<br /> first one causes regression - hang task on Qualcomm RB1 board (QRB2210)<br /> and unable to use serial at all during normal boot:<br /> <br /> INFO: task kworker/u16:0:12 blocked for more than 42 seconds.<br /> Not tainted 6.17.0-rc1-00004-g53e760d89498 #9<br /> "echo 0 &gt; /proc/sys/kernel/hung_task_timeout_secs" disables this message.<br /> task:kworker/u16:0 state:D stack:0 pid:12 tgid:12 ppid:2 task_flags:0x4208060 flags:0x00000010<br /> Workqueue: async async_run_entry_fn<br /> Call trace:<br /> __switch_to+0xe8/0x1a0 (T)<br /> __schedule+0x290/0x7c0<br /> schedule+0x34/0x118<br /> rpm_resume+0x14c/0x66c<br /> rpm_resume+0x2a4/0x66c<br /> rpm_resume+0x2a4/0x66c<br /> rpm_resume+0x2a4/0x66c<br /> __pm_runtime_resume+0x50/0x9c<br /> __driver_probe_device+0x58/0x120<br /> driver_probe_device+0x3c/0x154<br /> __driver_attach_async_helper+0x4c/0xc0<br /> async_run_entry_fn+0x34/0xe0<br /> process_one_work+0x148/0x290<br /> worker_thread+0x2c4/0x3e0<br /> kthread+0x118/0x1c0<br /> ret_from_fork+0x10/0x20<br /> <br /> The issue was reported on 12th of August and was ignored by author of<br /> commits introducing issue for two weeks. Only after complaining author<br /> produced a fix which did not work, so if original commits cannot be<br /> reliably fixed for 5 weeks, they obviously are buggy and need to be<br /> dropped.

A vulnerability was determined in Sangfor Operation and Maintenance Security Management System 3.0. Impacted is an unknown function of the file /fort/portal_login of the component Frontend. This manipulation of the argument loginUrl causes command injection. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. Upgrading to version 3.0.11 and 3.0.12 is recommended to address this issue. It is advisable to upgrade the affected component.

A vulnerability was found in 70mai X200 up to 20251019. This issue affects some unknown processing of the component Init Script Handler. The manipulation results in file inclusion. The attack requires a local approach. A high complexity level is associated with this attack. The exploitability is assessed as difficult. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in aaPanel BaoTa up to 11.1.0. This vulnerability affects unknown code of the file /database?action=GetDatabaseAccess of the component Backend. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

A flaw has been found in code-projects Responsive Hotel Site 1.0. This affects an unknown part of the file /admin/roomdel.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.

The CYAN Backup plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the &amp;#39;delete&amp;#39; functionality in all versions up to, and including, 2.5.4. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

The Alex Reservations: Smart Restaurant Booking plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the /wp-json/srr/v1/app/upload/file REST endpoint in all versions up to, and including, 2.2.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site&amp;#39;s server which may make remote code execution possible.

The Saphali LiqPay for donate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the &amp;#39;saphali_liqpay&amp;#39; shortcode in all versions up to, and including, 1.0.2. This is due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The aThemes Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in versions up to, and including, 1.1.5 due to insufficient input sanitization and output escaping on user-supplied values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Gallery Plugin for WordPress – Envira Photo Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the &amp;#39;/envira-convert/v1/bulk-convert&amp;#39; REST API endpoint in all versions up to, and including, 1.11.0. This makes it possible for authenticated attackers, with contributor-level access and above, to convert galleries to Envira galleries.

The Mail Mint plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the process_contact_attribute_import function in all versions up to, and including, 1.18.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site&amp;#39;s server which may make remote code execution possible.