Vulnerabilities

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in vCita Online Booking & Scheduling Calendar for WordPress by vcita allows Stored XSS.This issue affects Online Booking & Scheduling Calendar for WordPress by vcita: from n/a through 4.4.0.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in 5 Star Plugins Easy Age Verify allows Stored XSS.This issue affects Easy Age Verify: from n/a through 1.8.2.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Theme Horse Interface allows Stored XSS.This issue affects Interface: from n/a through 3.1.0.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Job Portal allows Stored XSS.This issue affects WP Job Portal: from n/a through 2.1.3.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer<br /> <br /> The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the<br /> maximum transfer length and the size of the transfer buffer. As such, it<br /> does not account for the 4 bytes of header that prepends the SPI data<br /> frame. This can result in out-of-bounds accesses and was confirmed with<br /> KASAN.<br /> <br /> Introduce SPI_HDRSIZE to account for the header and use to allocate the<br /> transfer buffer.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> tracing/probes: fix error check in parse_btf_field()<br /> <br /> btf_find_struct_member() might return NULL or an error via the<br /> ERR_PTR() macro. However, its caller in parse_btf_field() only checks<br /> for the NULL condition. Fix this by using IS_ERR() and returning the<br /> error up the stack.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> bpf: Allow delete from sockmap/sockhash only if update is allowed<br /> <br /> We have seen an influx of syzkaller reports where a BPF program attached to<br /> a tracepoint triggers a locking rule violation by performing a map_delete<br /> on a sockmap/sockhash.<br /> <br /> We don&amp;#39;t intend to support this artificial use scenario. Extend the<br /> existing verifier allowed-program-type check for updating sockmap/sockhash<br /> to also cover deleting from a map.<br /> <br /> From now on only BPF programs which were previously allowed to update<br /> sockmap/sockhash can delete from these map types.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dma-mapping: benchmark: handle NUMA_NO_NODE correctly<br /> <br /> cpumask_of_node() can be called for NUMA_NO_NODE inside do_map_benchmark()<br /> resulting in the following sanitizer report:<br /> <br /> UBSAN: array-index-out-of-bounds in ./arch/x86/include/asm/topology.h:72:28<br /> index -1 is out of range for type &amp;#39;cpumask [64][1]&amp;#39;<br /> CPU: 1 PID: 990 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #29<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)<br /> Call Trace:<br /> <br /> dump_stack_lvl (lib/dump_stack.c:117)<br /> ubsan_epilogue (lib/ubsan.c:232)<br /> __ubsan_handle_out_of_bounds (lib/ubsan.c:429)<br /> cpumask_of_node (arch/x86/include/asm/topology.h:72) [inline]<br /> do_map_benchmark (kernel/dma/map_benchmark.c:104)<br /> map_benchmark_ioctl (kernel/dma/map_benchmark.c:246)<br /> full_proxy_unlocked_ioctl (fs/debugfs/file.c:333)<br /> __x64_sys_ioctl (fs/ioctl.c:890)<br /> do_syscall_64 (arch/x86/entry/common.c:83)<br /> entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)<br /> <br /> Use cpumask_of_node() in place when binding a kernel thread to a cpuset<br /> of a particular node.<br /> <br /> Note that the provided node id is checked inside map_benchmark_ioctl().<br /> It&amp;#39;s just a NUMA_NO_NODE case which is not handled properly later.<br /> <br /> Found by Linux Verification Center (linuxtesting.org).

Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in WPDeveloper Typing Text allows Stored XSS.This issue affects Typing Text: from n/a through 1.2.5.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dma-buf/sw-sync: don&amp;#39;t enable IRQ from sync_print_obj()<br /> <br /> Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from<br /> known context") by error replaced spin_unlock_irqrestore() with<br /> spin_unlock_irq() for both sync_debugfs_show() and sync_print_obj() despite<br /> sync_print_obj() is called from sync_debugfs_show(), lockdep complains<br /> inconsistent lock state warning.<br /> <br /> Use plain spin_{lock,unlock}() for sync_print_obj(), for<br /> sync_debugfs_show() is already using spin_{lock,unlock}_irq().

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> dma-mapping: benchmark: fix node id validation<br /> <br /> While validating node ids in map_benchmark_ioctl(), node_possible() may<br /> be provided with invalid argument outside of [0,MAX_NUMNODES-1] range<br /> leading to:<br /> <br /> BUG: KASAN: wild-memory-access in map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)<br /> Read of size 8 at addr 1fffffff8ccb6398 by task dma_map_benchma/971<br /> CPU: 7 PID: 971 Comm: dma_map_benchma Not tainted 6.9.0-rc6 #37<br /> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996)<br /> Call Trace:<br /> <br /> dump_stack_lvl (lib/dump_stack.c:117)<br /> kasan_report (mm/kasan/report.c:603)<br /> kasan_check_range (mm/kasan/generic.c:189)<br /> variable_test_bit (arch/x86/include/asm/bitops.h:227) [inline]<br /> arch_test_bit (arch/x86/include/asm/bitops.h:239) [inline]<br /> _test_bit at (include/asm-generic/bitops/instrumented-non-atomic.h:142) [inline]<br /> node_state (include/linux/nodemask.h:423) [inline]<br /> map_benchmark_ioctl (kernel/dma/map_benchmark.c:214)<br /> full_proxy_unlocked_ioctl (fs/debugfs/file.c:333)<br /> __x64_sys_ioctl (fs/ioctl.c:890)<br /> do_syscall_64 (arch/x86/entry/common.c:83)<br /> entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:130)<br /> <br /> Compare node ids with sane bounds first. NUMA_NO_NODE is considered a<br /> special valid case meaning that benchmarking kthreads won&amp;#39;t be bound to a<br /> cpuset of a given node.<br /> <br /> Found by Linux Verification Center (linuxtesting.org).