Vulnerabilities

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> misc: pci_endpoint_test: Avoid issue of interrupts remaining after request_irq error<br /> <br /> After devm_request_irq() fails with error in pci_endpoint_test_request_irq(),<br /> the pci_endpoint_test_free_irq_vectors() is called assuming that all IRQs<br /> have been released.<br /> <br /> However, some requested IRQs remain unreleased, so there are still<br /> /proc/irq/* entries remaining, and this results in WARN() with the<br /> following message:<br /> <br /> remove_proc_entry: removing non-empty directory &amp;#39;irq/30&amp;#39;, leaking at least &amp;#39;pci-endpoint-test.0&amp;#39;<br /> WARNING: CPU: 0 PID: 202 at fs/proc/generic.c:719 remove_proc_entry +0x190/0x19c<br /> <br /> To solve this issue, set the number of remaining IRQs to test-&gt;num_irqs,<br /> and release IRQs in advance by calling pci_endpoint_test_release_irq().<br /> <br /> [kwilczynski: commit log]

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses<br /> <br /> Acquire a lock on kvm-&gt;srcu when userspace is getting MP state to handle a<br /> rather extreme edge case where "accepting" APIC events, i.e. processing<br /> pending INIT or SIPI, can trigger accesses to guest memory. If the vCPU<br /> is in L2 with INIT *and* a TRIPLE_FAULT request pending, then getting MP<br /> state will trigger a nested VM-Exit by way of -&gt;check_nested_events(), and<br /> emuating the nested VM-Exit can access guest memory.<br /> <br /> The splat was originally hit by syzkaller on a Google-internal kernel, and<br /> reproduced on an upstream kernel by hacking the triple_fault_event_test<br /> selftest to stuff a pending INIT, store an MSR on VM-Exit (to generate a<br /> memory access on VMX), and do vcpu_mp_state_get() to trigger the scenario.<br /> <br /> =============================<br /> WARNING: suspicious RCU usage<br /> 6.14.0-rc3-b112d356288b-vmx/pi_lockdep_false_pos-lock #3 Not tainted<br /> -----------------------------<br /> include/linux/kvm_host.h:1058 suspicious rcu_dereference_check() usage!<br /> <br /> other info that might help us debug this:<br /> <br /> rcu_scheduler_active = 2, debug_locks = 1<br /> 1 lock held by triple_fault_ev/1256:<br /> #0: ffff88810df5a330 (&amp;vcpu-&gt;mutex){+.+.}-{4:4}, at: kvm_vcpu_ioctl+0x8b/0x9a0 [kvm]<br /> <br /> stack backtrace:<br /> CPU: 11 UID: 1000 PID: 1256 Comm: triple_fault_ev Not tainted 6.14.0-rc3-b112d356288b-vmx #3<br /> Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 0.0.0 02/06/2015<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x7f/0x90<br /> lockdep_rcu_suspicious+0x144/0x190<br /> kvm_vcpu_gfn_to_memslot+0x156/0x180 [kvm]<br /> kvm_vcpu_read_guest+0x3e/0x90 [kvm]<br /> read_and_check_msr_entry+0x2e/0x180 [kvm_intel]<br /> __nested_vmx_vmexit+0x550/0xde0 [kvm_intel]<br /> kvm_check_nested_events+0x1b/0x30 [kvm]<br /> kvm_apic_accept_events+0x33/0x100 [kvm]<br /> kvm_arch_vcpu_ioctl_get_mpstate+0x30/0x1d0 [kvm]<br /> kvm_vcpu_ioctl+0x33e/0x9a0 [kvm]<br /> __x64_sys_ioctl+0x8b/0xb0<br /> do_syscall_64+0x6c/0x170<br /> entry_SYSCALL_64_after_hwframe+0x4b/0x53<br />

A vulnerability, which was classified as critical, has been found in PHPGurukul Land Record System 1.0. This issue affects some unknown processing of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well.

A vulnerability, which was classified as critical, was found in PHPGurukul Employee Record Management System 1.3. Affected is an unknown function of the file changepassword.php. The manipulation of the argument currentpassword leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 due to lack of randomization of a user controlled key. This makes it possible for unauthenticated attackers to access customer shopping carts and edit product links, add or delete products, and discover coupon codes.

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.3 via the &amp;#39;process_payment_data&amp;#39; due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to change the quantity of a product to a negative number, which subtracts the product cost from the total order cost. The attack will only work with Manual Checkout mode, as PayPal and Stripe will not process payments for a negative quantity.

The WordPress Simple Shopping Cart plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s &amp;#39;wp_cart_button&amp;#39; shortcode in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The AM LottiePlayer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded lottie files in all versions up to, and including, 3.5.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

A vulnerability classified as critical has been found in PCMan FTP Server up to 2.0.7. This affects an unknown part of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in PCMan FTP Server up to 2.0.7. This vulnerability affects unknown code of the component ASCII Command Handler. The manipulation leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Incorrect Privilege Assignment vulnerability in Brainstorm Force OttoKit suretriggers allows Privilege Escalation.This issue affects OttoKit: from n/a through