Vulnerabilities

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat()<br /> <br /> The syzbot reported issue in hfsplus_delete_cat():<br /> <br /> [ 70.682285][ T9333] =====================================================<br /> [ 70.682943][ T9333] BUG: KMSAN: uninit-value in hfsplus_subfolders_dec+0x1d7/0x220<br /> [ 70.683640][ T9333] hfsplus_subfolders_dec+0x1d7/0x220<br /> [ 70.684141][ T9333] hfsplus_delete_cat+0x105d/0x12b0<br /> [ 70.684621][ T9333] hfsplus_rmdir+0x13d/0x310<br /> [ 70.685048][ T9333] vfs_rmdir+0x5ba/0x810<br /> [ 70.685447][ T9333] do_rmdir+0x964/0xea0<br /> [ 70.685833][ T9333] __x64_sys_rmdir+0x71/0xb0<br /> [ 70.686260][ T9333] x64_sys_call+0xcd8/0x3cf0<br /> [ 70.686695][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.687119][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.687646][ T9333]<br /> [ 70.687856][ T9333] Uninit was stored to memory at:<br /> [ 70.688311][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0<br /> [ 70.688779][ T9333] hfsplus_create_cat+0x148e/0x1800<br /> [ 70.689231][ T9333] hfsplus_mknod+0x27f/0x600<br /> [ 70.689730][ T9333] hfsplus_mkdir+0x5a/0x70<br /> [ 70.690146][ T9333] vfs_mkdir+0x483/0x7a0<br /> [ 70.690545][ T9333] do_mkdirat+0x3f2/0xd30<br /> [ 70.690944][ T9333] __x64_sys_mkdir+0x9a/0xf0<br /> [ 70.691380][ T9333] x64_sys_call+0x2f89/0x3cf0<br /> [ 70.691816][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.692229][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.692773][ T9333]<br /> [ 70.692990][ T9333] Uninit was stored to memory at:<br /> [ 70.693469][ T9333] hfsplus_subfolders_inc+0x1c2/0x1d0<br /> [ 70.693960][ T9333] hfsplus_create_cat+0x148e/0x1800<br /> [ 70.694438][ T9333] hfsplus_fill_super+0x21c1/0x2700<br /> [ 70.694911][ T9333] mount_bdev+0x37b/0x530<br /> [ 70.695320][ T9333] hfsplus_mount+0x4d/0x60<br /> [ 70.695729][ T9333] legacy_get_tree+0x113/0x2c0<br /> [ 70.696167][ T9333] vfs_get_tree+0xb3/0x5c0<br /> [ 70.696588][ T9333] do_new_mount+0x73e/0x1630<br /> [ 70.697013][ T9333] path_mount+0x6e3/0x1eb0<br /> [ 70.697425][ T9333] __se_sys_mount+0x733/0x830<br /> [ 70.697857][ T9333] __x64_sys_mount+0xe4/0x150<br /> [ 70.698269][ T9333] x64_sys_call+0x2691/0x3cf0<br /> [ 70.698704][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.699117][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.699730][ T9333]<br /> [ 70.699946][ T9333] Uninit was created at:<br /> [ 70.700378][ T9333] __alloc_pages_noprof+0x714/0xe60<br /> [ 70.700843][ T9333] alloc_pages_mpol_noprof+0x2a2/0x9b0<br /> [ 70.701331][ T9333] alloc_pages_noprof+0xf8/0x1f0<br /> [ 70.701774][ T9333] allocate_slab+0x30e/0x1390<br /> [ 70.702194][ T9333] ___slab_alloc+0x1049/0x33a0<br /> [ 70.702635][ T9333] kmem_cache_alloc_lru_noprof+0x5ce/0xb20<br /> [ 70.703153][ T9333] hfsplus_alloc_inode+0x5a/0xd0<br /> [ 70.703598][ T9333] alloc_inode+0x82/0x490<br /> [ 70.703984][ T9333] iget_locked+0x22e/0x1320<br /> [ 70.704428][ T9333] hfsplus_iget+0x5c/0xba0<br /> [ 70.704827][ T9333] hfsplus_btree_open+0x135/0x1dd0<br /> [ 70.705291][ T9333] hfsplus_fill_super+0x1132/0x2700<br /> [ 70.705776][ T9333] mount_bdev+0x37b/0x530<br /> [ 70.706171][ T9333] hfsplus_mount+0x4d/0x60<br /> [ 70.706579][ T9333] legacy_get_tree+0x113/0x2c0<br /> [ 70.707019][ T9333] vfs_get_tree+0xb3/0x5c0<br /> [ 70.707444][ T9333] do_new_mount+0x73e/0x1630<br /> [ 70.707865][ T9333] path_mount+0x6e3/0x1eb0<br /> [ 70.708270][ T9333] __se_sys_mount+0x733/0x830<br /> [ 70.708711][ T9333] __x64_sys_mount+0xe4/0x150<br /> [ 70.709158][ T9333] x64_sys_call+0x2691/0x3cf0<br /> [ 70.709630][ T9333] do_syscall_64+0xd9/0x1d0<br /> [ 70.710053][ T9333] entry_SYSCALL_64_after_hwframe+0x77/0x7f<br /> [ 70.710611][ T9333]<br /> [ 70.710842][ T9333] CPU: 3 UID: 0 PID: 9333 Comm: repro Not tainted 6.12.0-rc6-dirty #17<br /> [ 70.711568][ T9333] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014<br /> [ 70.712490][ T9333] =====================================================<br /> [ 70.713085][ T9333] Disabling lock debugging due to kernel taint<br /> [ 70.713618][ T9333] Kernel panic - not syncing: kmsan.panic set ...<br /> [ 70.714159][ T9333] <br /> ---truncated---

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete files, with the permissions of dvr user, on the server using path traversal in the alog script.<br /> <br /> This issue was fixed in version 6.44.44

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to read or delete any file on the server using path traversal in the ilog script. This script is being run with root privileges.<br /> <br /> This issue was fixed in version 6.44.44

A vulnerability was detected in Xiongwei Smart Catering Cloud Platform 2.1.6446.28761. The affected element is an unknown function of the file /dishtrade/dish_trade_detail_get. The manipulation of the argument filter results in sql injection. The attack can be executed remotely. The exploit is now public and may be used.

WaveView client allows users to execute restricted set of predefined commands and scripts on the connected WaveStore Server. A malicious attacker with high-privileges is able to execute arbitrary OS commands on the server using path traversal in the showerr script.<br /> <br /> This issue was fixed in version 6.44.44

A flaw was found in ose-openshift-apiserver. This vulnerability allows internal network enumeration, service discovery, limited information disclosure, and potential denial-of-service (DoS) through Server-Side Request Forgery (SSRF) due to missing IP address and network-range validation when processing user-supplied image references.

Authorization Bypass Through User-Controlled Key vulnerability in Menulux Software Inc. Mobile App allows Exploitation of Trusted Identifiers.This issue affects Mobile App: before 9.5.8.

The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Change Categories plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getAuthors function in all versions up to, and including, 4.9.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to retrieve emails for all users with edit_posts capability.

The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin&amp;#39;s Text Path widget in all versions up to, and including, 3.33.3 due to insufficient neutralization of user-supplied input used to build SVG markup inside the widget. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.

The WPCOM Member plugin for WordPress is vulnerable to authentication bypass via brute force in all versions up to, and including, 1.7.16. This is due to weak OTP (One-Time Password) generation using only 6 numeric digits combined with a 10-minute validity window and no rate limiting on verification attempts. This makes it possible for unauthenticated attackers to brute-force the verification code and authenticate as any user, including administrators, if they know the target&amp;#39;s phone number, and the target does not notice or ignores the SMS notification with the OTP.

Missing Authorization vulnerability in merkulove Huger for Elementor huger-elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Huger for Elementor: from n/a through