Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]<br /> <br /> Recent reports have shown how we sometimes call vsock_*_has_data()<br /> when a vsock socket has been de-assigned from a transport (see attached<br /> links), but we shouldn&amp;#39;t.<br /> <br /> Previous commits should have solved the real problems, but we may have<br /> more in the future, so to avoid null-ptr-deref, we can return 0<br /> (no space, no data available) but with a warning.<br /> <br /> This way the code should continue to run in a nearly consistent state<br /> and have a warning that allows us to debug future problems.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iomap: avoid avoid truncating 64-bit offset to 32 bits<br /> <br /> on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a<br /> 32-bit position due to folio_next_index() returning an unsigned long.<br /> This could lead to an infinite loop when writing to an xfs filesystem.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> pmdomain: imx8mp-blk-ctrl: add missing loop break condition<br /> <br /> Currently imx8mp_blk_ctrl_remove() will continue the for loop<br /> until an out-of-bounds exception occurs.<br /> <br /> pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)<br /> pc : dev_pm_domain_detach+0x8/0x48<br /> lr : imx8mp_blk_ctrl_shutdown+0x58/0x90<br /> sp : ffffffc084f8bbf0<br /> x29: ffffffc084f8bbf0 x28: ffffff80daf32ac0 x27: 0000000000000000<br /> x26: ffffffc081658d78 x25: 0000000000000001 x24: ffffffc08201b028<br /> x23: ffffff80d0db9490 x22: ffffffc082340a78 x21: 00000000000005b0<br /> x20: ffffff80d19bc180 x19: 000000000000000a x18: ffffffffffffffff<br /> x17: ffffffc080a39e08 x16: ffffffc080a39c98 x15: 4f435f464f006c72<br /> x14: 0000000000000004 x13: ffffff80d0172110 x12: 0000000000000000<br /> x11: ffffff80d0537740 x10: ffffff80d05376c0 x9 : ffffffc0808ed2d8<br /> x8 : ffffffc084f8bab0 x7 : 0000000000000000 x6 : 0000000000000000<br /> x5 : ffffff80d19b9420 x4 : fffffffe03466e60 x3 : 0000000080800077<br /> x2 : 0000000000000000 x1 : 0000000000000001 x0 : 0000000000000000<br /> Call trace:<br /> dev_pm_domain_detach+0x8/0x48<br /> platform_shutdown+0x2c/0x48<br /> device_shutdown+0x158/0x268<br /> kernel_restart_prepare+0x40/0x58<br /> kernel_kexec+0x58/0xe8<br /> __do_sys_reboot+0x198/0x258<br /> __arm64_sys_reboot+0x2c/0x40<br /> invoke_syscall+0x5c/0x138<br /> el0_svc_common.constprop.0+0x48/0xf0<br /> do_el0_svc+0x24/0x38<br /> el0_svc+0x38/0xc8<br /> el0t_64_sync_handler+0x120/0x130<br /> el0t_64_sync+0x190/0x198<br /> Code: 8128c2d0 ffffffc0 aa1e03e9 d503201f

The Drag and Drop Multiple File Upload – Contact Form 7 plugin for WordPress is vulnerable to limited arbitrary file deletion due to insufficient file path validation in the dnd_codedropz_upload_delete() function in all versions up to, and including, 1.3.8.5. This makes it possible for unauthenticated attackers to delete limited arbitrary files on the server. It is not possible to delete files like wp-config.php that would make RCE possible.

The The AI Infographic Maker plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 4.9.0. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.

The eHive Objects Image Grid plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s &amp;#39;ehive_objects_image_grid&amp;#39; shortcode in all versions up to, and including, 2.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s &amp;#39;bf_new_submission_link&amp;#39; shortcode in all versions up to, and including, 2.8.13 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

The The WooCommerce Product Table Lite plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.9.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes. The same &amp;#39;sc_attrs&amp;#39; parameter is vulnerable to Reflected Cross-Site Scripting as well.

Cross-Site Request Forgery (CSRF) vulnerability in Overt Software Solutions LTD EZPZ SAML SP Single Sign On (SSO) allows Cross Site Request Forgery. This issue affects EZPZ SAML SP Single Sign On (SSO): from n/a through 1.2.5.

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in algol.plus Advanced Dynamic Pricing for WooCommerce advanced-dynamic-pricing-for-woocommerce allows Reflected XSS.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in integrationdevpaytm Paytm Payment Donation paytm-donation allows Reflected XSS.This issue affects Paytm Payment Donation: from n/a through

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Reflected XSS.This issue affects RegistrationMagic: from n/a through