Vulnerabilities

Reflected Cross-Site Scripting (XSS) vulnerability in Kelio Visio 1, Kelio Visio X7 and Kelio Visio X4, in versions between 3.2C and 5.1K. This vulnerability could allow an attacker to execute a JavaScript payload by making a POST request and injecting malicious code into the editable ‘username’ parameter of the ‘/PageLoginVisio.do’ endpoint.

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Apache Felix Webconsole.<br /> <br /> This issue affects Apache Felix Webconsole 4.x up to 4.9.8 and 5.x up to 5.0.8.<br /> <br /> Users are recommended to upgrade to version 4.9.10 or 5.0.10 or higher, which fixes the issue.

This vulnerability exists in Tapo C500 Wi-Fi camera due to hard-coded RSA private key embedded within the device firmware. An attacker with physical access could exploit this vulnerability to obtain cryptographic private keys which can then be used to perform impersonation, data decryption and man in the middle attacks on the targeted device.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> platform/x86: lenovo-yoga-tab2-pro-1380-fastcharger: fix serdev race<br /> <br /> The yt2_1380_fc_serdev_probe() function calls devm_serdev_device_open()<br /> before setting the client ops via serdev_device_set_client_ops(). This<br /> ordering can trigger a NULL pointer dereference in the serdev controller&amp;#39;s<br /> receive_buf handler, as it assumes serdev-&gt;ops is valid when<br /> SERPORT_ACTIVE is set.<br /> <br /> This is similar to the issue fixed in commit 5e700b384ec1<br /> ("platform/chrome: cros_ec_uart: properly fix race condition") where<br /> devm_serdev_device_open() was called before fully initializing the<br /> device.<br /> <br /> Fix the race by ensuring client ops are set before enabling the port via<br /> devm_serdev_device_open().<br /> <br /> Note, serdev_device_set_baudrate() and serdev_device_set_flow_control()<br /> calls should be after the devm_serdev_device_open() call.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> gpio: xilinx: Convert gpio_lock to raw spinlock<br /> <br /> irq_chip functions may be called in raw spinlock context. Therefore, we<br /> must also use a raw spinlock for our own internal locking.<br /> <br /> This fixes the following lockdep splat:<br /> <br /> [ 5.349336] =============================<br /> [ 5.353349] [ BUG: Invalid wait context ]<br /> [ 5.357361] 6.13.0-rc5+ #69 Tainted: G W<br /> [ 5.363031] -----------------------------<br /> [ 5.367045] kworker/u17:1/44 is trying to lock:<br /> [ 5.371587] ffffff88018b02c0 (&amp;chip-&gt;gpio_lock){....}-{3:3}, at: xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))<br /> [ 5.380079] other info that might help us debug this:<br /> [ 5.385138] context-{5:5}<br /> [ 5.387762] 5 locks held by kworker/u17:1/44:<br /> [ 5.392123] #0: ffffff8800014958 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3204)<br /> [ 5.402260] #1: ffffffc082fcbdd8 (deferred_probe_work){+.+.}-{0:0}, at: process_one_work (kernel/workqueue.c:3205)<br /> [ 5.411528] #2: ffffff880172c900 (&amp;dev-&gt;mutex){....}-{4:4}, at: __device_attach (drivers/base/dd.c:1006)<br /> [ 5.419929] #3: ffffff88039c8268 (request_class#2){+.+.}-{4:4}, at: __setup_irq (kernel/irq/internals.h:156 kernel/irq/manage.c:1596)<br /> [ 5.428331] #4: ffffff88039c80c8 (lock_class#2){....}-{2:2}, at: __setup_irq (kernel/irq/manage.c:1614)<br /> [ 5.436472] stack backtrace:<br /> [ 5.439359] CPU: 2 UID: 0 PID: 44 Comm: kworker/u17:1 Tainted: G W 6.13.0-rc5+ #69<br /> [ 5.448690] Tainted: [W]=WARN<br /> [ 5.451656] Hardware name: xlnx,zynqmp (DT)<br /> [ 5.455845] Workqueue: events_unbound deferred_probe_work_func<br /> [ 5.461699] Call trace:<br /> [ 5.464147] show_stack+0x18/0x24 C<br /> [ 5.467821] dump_stack_lvl (lib/dump_stack.c:123)<br /> [ 5.471501] dump_stack (lib/dump_stack.c:130)<br /> [ 5.474824] __lock_acquire (kernel/locking/lockdep.c:4828 kernel/locking/lockdep.c:4898 kernel/locking/lockdep.c:5176)<br /> [ 5.478758] lock_acquire (arch/arm64/include/asm/percpu.h:40 kernel/locking/lockdep.c:467 kernel/locking/lockdep.c:5851 kernel/locking/lockdep.c:5814)<br /> [ 5.482429] _raw_spin_lock_irqsave (include/linux/spinlock_api_smp.h:111 kernel/locking/spinlock.c:162)<br /> [ 5.486797] xgpio_irq_unmask (drivers/gpio/gpio-xilinx.c:433 (discriminator 8))<br /> [ 5.490737] irq_enable (kernel/irq/internals.h:236 kernel/irq/chip.c:170 kernel/irq/chip.c:439 kernel/irq/chip.c:432 kernel/irq/chip.c:345)<br /> [ 5.494060] __irq_startup (kernel/irq/internals.h:241 kernel/irq/chip.c:180 kernel/irq/chip.c:250)<br /> [ 5.497645] irq_startup (kernel/irq/chip.c:270)<br /> [ 5.501143] __setup_irq (kernel/irq/manage.c:1807)<br /> [ 5.504728] request_threaded_irq (kernel/irq/manage.c:2208)

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> irqchip/gic-v3-its: Don&amp;#39;t enable interrupts in its_irq_set_vcpu_affinity()<br /> <br /> The following call-chain leads to enabling interrupts in a nested interrupt<br /> disabled section:<br /> <br /> irq_set_vcpu_affinity()<br /> irq_get_desc_lock()<br /> raw_spin_lock_irqsave()

The Super Store Finder plugin for WordPress is vulnerable to SQL Injection via the ‘ssf_wp_user_name’ parameter in all versions up to, and including, 7.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into an already existing query to store cross-site scripting in store reviews.

The DWT - Directory &amp; Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the &amp;#39;wp_dp_enquiry_agent_contact_form_submit_callback&amp;#39; function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, if they have access to the username.