Vulnerabilities

Memory corruption when IPC callback handle is used after it has been released during register callback by another thread.

Memory corruption when more scan frequency list or channels are sent from the user space.

Information disclosure while handling T2LM Action Frame in WLAN Host.

Memory corruption in TZ Secure OS while Tunnel Invoke Manager initialization.

An unauthenticated remote attacker can change the admin password in a moneo appliance due to weak password recovery mechanism.<br />

Cross-Site Request Forgery (CSRF) vulnerability in JumpDEMAND Inc. ActiveDEMAND.This issue affects ActiveDEMAND: from n/a through 0.2.43.

Server-Side Request Forgery (SSRF) vulnerability in andy_moyle Church Admin church-admin.This issue affects Church Admin: from n/a through

Improper Neutralization of Input During Web Page Generation (&amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Webliberty Simple Spoiler simple-spoiler.This issue affects Simple Spoiler: from n/a through

An improper removal of sensitive information before storage or transfer vulnerability [CWE-212] in FortiSOAR version 7.3.0, version 7.2.2 and below, version 7.0.3 and below may allow an authenticated low privileged user to read Connector passwords in plain-text via HTTP responses.

Improper Neutralization of Input During Web Page Generation (XSS or &amp;#39;Cross-site Scripting&amp;#39;) vulnerability in Tomas Cordero Safety Exit allows Stored XSS.This issue affects Safety Exit: from n/a through 1.7.0.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/vmwgfx: Fix invalid reads in fence signaled events<br /> <br /> Correctly set the length of the drm_event to the size of the structure<br /> that&amp;#39;s actually used.<br /> <br /> The length of the drm_event was set to the parent structure instead of<br /> to the drm_vmw_event_fence which is supposed to be read. drm_read<br /> uses the length parameter to copy the event to the user space thus<br /> resuling in oob reads.

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> thermal/debugfs: Fix two locking issues with thermal zone debug<br /> <br /> With the current thermal zone locking arrangement in the debugfs code,<br /> user space can open the "mitigations" file for a thermal zone before<br /> the zone&amp;#39;s debugfs pointer is set which will result in a NULL pointer<br /> dereference in tze_seq_start().<br /> <br /> Moreover, thermal_debug_tz_remove() is not called under the thermal<br /> zone lock, so it can run in parallel with the other functions accessing<br /> the thermal zone&amp;#39;s struct thermal_debugfs object. Then, it may clear<br /> tz-&gt;debugfs after one of those functions has checked it and the<br /> struct thermal_debugfs object may be freed prematurely.<br /> <br /> To address the first problem, pass a pointer to the thermal zone&amp;#39;s<br /> struct thermal_debugfs object to debugfs_create_file() in<br /> thermal_debug_tz_add() and make tze_seq_start(), tze_seq_next(),<br /> tze_seq_stop(), and tze_seq_show() retrieve it from s-&gt;private<br /> instead of a pointer to the thermal zone object. This will ensure<br /> that tz_debugfs will be valid across the "mitigations" file accesses<br /> until thermal_debugfs_remove_id() called by thermal_debug_tz_remove()<br /> removes that file.<br /> <br /> To address the second problem, use tz-&gt;lock in thermal_debug_tz_remove()<br /> around the tz-&gt;debugfs value check (in case the same thermal zone is<br /> removed at the same time in two different threads) and its reset to NULL.<br /> <br /> Cc :6.8+ # 6.8+