Vulnerabilities

Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting (XSS) via id_generator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'.

In wxWidgets before 3.2.7, a crash can be triggered in wxWidgets apps when connections are refused in wxWebRequestCURL.

A vulnerability in Cisco Nexus Dashboard could allow an unauthenticated, remote attacker to enumerate LDAP user accounts.<br /> <br /> This vulnerability is due to the improper handling of LDAP authentication requests. An attacker could exploit this vulnerability by sending authentication requests to an affected system. A successful exploit could allow an attacker to determine which usernames are valid LDAP user accounts.

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker with valid administrative credentials to execute arbitrary commands as root on the underlying operating system.<br /> <br /> <br /> This vulnerability is due to insufficient integrity checks within device backup files. An attacker with valid administrative credentials could exploit this vulnerability by crafting a malicious backup file and restoring it to an affected device. A successful exploit could allow the attacker to obtain shell access on the underlying operating system with the privileges of root.

Server-Side Request Forgery (SSRF) vulnerability in Apache HertzBeat.<br /> <br /> This issue affects Apache HertzBeat (incubating): before 1.7.0.<br /> <br /> Users are recommended to upgrade to version 1.7.0, which fixes the issue.

A vulnerability classified as critical has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the component Login Handler. The manipulation of the argument login_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

A vulnerability classified as critical was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This vulnerability affects unknown code of the file /search/search_stock. php. The manipulation of the argument Name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

A vulnerability, which was classified as critical, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. This issue affects some unknown processing of the file /edit-product.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update<br /> <br /> Check if policy is NULL before dereferencing it in amd_pstate_update.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> watch_queue: fix pipe accounting mismatch<br /> <br /> Currently, watch_queue_set_size() modifies the pipe buffers charged to<br /> user-&gt;pipe_bufs without updating the pipe-&gt;nr_accounted on the pipe<br /> itself, due to the if (!pipe_has_watch_queue()) test in<br /> pipe_resize_ring(). This means that when the pipe is ultimately freed,<br /> we decrement user-&gt;pipe_bufs by something other than what than we had<br /> charged to it, potentially leading to an underflow. This in turn can<br /> cause subsequent too_many_pipe_buffers_soft() tests to fail with -EPERM.<br /> <br /> To remedy this, explicitly account for the pipe usage in<br /> watch_queue_set_size() to match the number set via account_pipe_buffers()<br /> <br /> (It&amp;#39;s unclear why watch_queue_set_size() does not update nr_accounted;<br /> it may be due to intentional overprovisioning in watch_queue_set_size()?)

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> ALSA: timer: Don&amp;#39;t take register_mutex with copy_from/to_user()<br /> <br /> The infamous mmap_lock taken in copy_from/to_user() can be often<br /> problematic when it&amp;#39;s called inside another mutex, as they might lead<br /> to deadlocks.<br /> <br /> In the case of ALSA timer code, the bad pattern is with<br /> guard(mutex)(&amp;register_mutex) that covers copy_from/to_user() -- which<br /> was mistakenly introduced at converting to guard(), and it had been<br /> carefully worked around in the past.<br /> <br /> This patch fixes those pieces simply by moving copy_from/to_user() out<br /> of the register mutex lock again.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> RISC-V: KVM: Teardown riscv specific bits after kvm_exit<br /> <br /> During a module removal, kvm_exit invokes arch specific disable<br /> call which disables AIA. However, we invoke aia_exit before kvm_exit<br /> resulting in the following warning. KVM kernel module can&amp;#39;t be inserted<br /> afterwards due to inconsistent state of IRQ.<br /> <br /> [25469.031389] percpu IRQ 31 still enabled on CPU0!<br /> [25469.031732] WARNING: CPU: 3 PID: 943 at kernel/irq/manage.c:2476 __free_percpu_irq+0xa2/0x150<br /> [25469.031804] Modules linked in: kvm(-)<br /> [25469.031848] CPU: 3 UID: 0 PID: 943 Comm: rmmod Not tainted 6.14.0-rc5-06947-g91c763118f47-dirty #2<br /> [25469.031905] Hardware name: riscv-virtio,qemu (DT)<br /> [25469.031928] epc : __free_percpu_irq+0xa2/0x150<br /> [25469.031976] ra : __free_percpu_irq+0xa2/0x150<br /> [25469.032197] epc : ffffffff8007db1e ra : ffffffff8007db1e sp : ff2000000088bd50<br /> [25469.032241] gp : ffffffff8131cef8 tp : ff60000080b96400 t0 : ff2000000088baf8<br /> [25469.032285] t1 : fffffffffffffffc t2 : 5249207570637265 s0 : ff2000000088bd90<br /> [25469.032329] s1 : ff60000098b21080 a0 : 037d527a15eb4f00 a1 : 037d527a15eb4f00<br /> [25469.032372] a2 : 0000000000000023 a3 : 0000000000000001 a4 : ffffffff8122dbf8<br /> [25469.032410] a5 : 0000000000000fff a6 : 0000000000000000 a7 : ffffffff8122dc10<br /> [25469.032448] s2 : ff60000080c22eb0 s3 : 0000000200000022 s4 : 000000000000001f<br /> [25469.032488] s5 : ff60000080c22e00 s6 : ffffffff80c351c0 s7 : 0000000000000000<br /> [25469.032582] s8 : 0000000000000003 s9 : 000055556b7fb490 s10: 00007ffff0e12fa0<br /> [25469.032621] s11: 00007ffff0e13e9a t3 : ffffffff81354ac7 t4 : ffffffff81354ac7<br /> [25469.032664] t5 : ffffffff81354ac8 t6 : ffffffff81354ac7<br /> [25469.032698] status: 0000000200000100 badaddr: ffffffff8007db1e cause: 0000000000000003<br /> [25469.032738] [] __free_percpu_irq+0xa2/0x150<br /> [25469.032797] [] free_percpu_irq+0x30/0x5e<br /> [25469.032856] [] kvm_riscv_aia_exit+0x40/0x42 [kvm]<br /> [25469.033947] [] cleanup_module+0x10/0x32 [kvm]<br /> [25469.035300] [] __riscv_sys_delete_module+0x18e/0x1fc<br /> [25469.035374] [] syscall_handler+0x3a/0x46<br /> [25469.035456] [] do_trap_ecall_u+0x72/0x134<br /> [25469.035536] [] handle_exception+0x148/0x156<br /> <br /> Invoke aia_exit and other arch specific cleanup functions after kvm_exit<br /> so that disable gets a chance to be called first before exit.