Vulnerabilities

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /edit-photo.php. The manipulation of the argument userImage leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as problematic has been found in SourceCodester Online Student Clearance System 1.0. Affected is an unknown function of the file /admin/add-admin.php. The manipulation of the argument txtusername/txtfullname/txtpassword/txtpassword2 leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as problematic was found in SourceCodester Online Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/add-student.php. The manipulation of the argument Fullname leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

The 1 Click WordPress Migration Plugin – 100% FREE for a limited time plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'start_restore' function in all versions up to, and including, 2.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7. This is due to the plugin not properly validating a user's identity prior to updating their details like email via the flr_blocks_user_settings_handle_ajax_callback() function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/edit-admin.php. The manipulation of the argument id/txtfullname/txtemail/cmddesignation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pds_core: handle unsupported PDS_CORE_CMD_FW_CONTROL result<br /> <br /> If the FW doesn&amp;#39;t support the PDS_CORE_CMD_FW_CONTROL command<br /> the driver might at the least print garbage and at the worst<br /> crash when the user runs the "devlink dev info" devlink command.<br /> <br /> This happens because the stack variable fw_list is not 0<br /> initialized which results in fw_list.num_fw_slots being a<br /> garbage value from the stack. Then the driver tries to access<br /> fw_list.fw_names[i] with i &gt;= ARRAY_SIZE and runs off the end<br /> of the array.<br /> <br /> Fix this by initializing the fw_list and by not failing<br /> completely if the devcmd fails because other useful information<br /> is printed via devlink dev info even if the devcmd fails.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> net/mlx5: Fix null-ptr-deref in mlx5_create_{inner_,}ttc_table()<br /> <br /> Add NULL check for mlx5_get_flow_namespace() returns in<br /> mlx5_create_inner_ttc_table() and mlx5_create_ttc_table() to prevent<br /> NULL pointer dereference.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ASoC: ops: Consistently treat platform_max as control value<br /> <br /> This reverts commit 9bdd10d57a88 ("ASoC: ops: Shift tested values in<br /> snd_soc_put_volsw() by +min"), and makes some additional related<br /> updates.<br /> <br /> There are two ways the platform_max could be interpreted; the maximum<br /> register value, or the maximum value the control can be set to. The<br /> patch moved from treating the value as a control value to a register<br /> one. When the patch was applied it was technically correct as<br /> snd_soc_limit_volume() also used the register interpretation. However,<br /> even then most of the other usages treated platform_max as a<br /> control value, and snd_soc_limit_volume() has since been updated to<br /> also do so in commit fb9ad24485087 ("ASoC: ops: add correct range<br /> check for limiting volume"). That patch however, missed updating<br /> snd_soc_put_volsw() back to the control interpretation, and fixing<br /> snd_soc_info_volsw_range(). The control interpretation makes more<br /> sense as limiting is typically done from the machine driver, so it is<br /> appropriate to use the customer facing representation rather than the<br /> internal codec representation. Update all the code to consistently use<br /> this interpretation of platform_max.<br /> <br /> Finally, also add some comments to the soc_mixer_control struct to<br /> hopefully avoid further patches switching between the two approaches.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: gadget: aspeed: Add NULL pointer check in ast_vhub_init_dev()<br /> <br /> The variable d-&gt;name, returned by devm_kasprintf(), could be NULL.<br /> A pointer check is added to prevent potential NULL pointer dereference.<br /> This is similar to the fix in commit 3027e7b15b02<br /> ("ice: Fix some null pointer dereference issues in ice_ptp.c").<br /> <br /> This issue is found by our static analysis tool

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> usb: xhci: Fix isochronous Ring Underrun/Overrun event handling<br /> <br /> The TRB pointer of these events points at enqueue at the time of error<br /> occurrence on xHCI 1.1+ HCs or it&amp;#39;s NULL on older ones. By the time we<br /> are handling the event, a new TD may be queued at this ring position.<br /> <br /> I can trigger this race by rising interrupt moderation to increase IRQ<br /> handling delay. Similar delay may occur naturally due to system load.<br /> <br /> If this ever happens after a Missed Service Error, missed TDs will be<br /> skipped and the new TD processed as if it matched the event. It could<br /> be given back prematurely, risking data loss or buffer UAF by the xHC.<br /> <br /> Don&amp;#39;t complete TDs on xrun events and don&amp;#39;t warn if queued TDs don&amp;#39;t<br /> match the event&amp;#39;s TRB pointer, which can be NULL or a link/no-op TRB.<br /> Don&amp;#39;t warn if there are no queued TDs at all.<br /> <br /> Now that it&amp;#39;s safe, also handle xrun events if the skip flag is clear.<br /> This ensures completion of any TD stuck in &amp;#39;error mid TD&amp;#39; state right<br /> before the xrun event, which could happen if a driver submits a finite<br /> number of URBs to a buggy HC and then an error occurs on the last TD.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> s390/sclp: Add check for get_zeroed_page()<br /> <br /> Add check for the return value of get_zeroed_page() in<br /> sclp_console_init() to prevent null pointer dereference.<br /> Furthermore, to solve the memory leak caused by the loop<br /> allocation, add a free helper to do the free job.