Information Disclosure
Monthly
A privacy issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A privacy issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A denial-of-service issue was addressed with improved input validation. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.
A race condition was addressed with additional validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved UI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A correctness issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
Rejected reason: DO NOT USE THIS CVE RECORD. No vendor patch available.
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in PHPGurukul News Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in PHPGurukul News Portal 1.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Web UI Malfunction when setting unexpected locale via API.19.5; BLU-IC4: through 1.19.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).19.5; BLU-IC4: through 1.19.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Import WP - Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication cache collision in Dovecot mail server allows remote attackers to gain unauthorized access to other users' accounts under specific caching configurations. When passdb/userdb caching is enabled, certain drivers incorrectly use identical cache keys for multiple distinct users, causing authentication data from one user to be applied to subsequent login attempts by different users. This vulnerability enables attackers to authenticate as other users after the legitimate user's credentials are cached, with no public exploit identified at time of analysis. Despite low EPSS probability (0.03%), the network-accessible attack vector and potential for unauthorized email access warrants immediate remediation in environments using affected caching configurations.
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks.
Arbitrary file read vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress plugin (versions up to 4.23.81) allows authenticated Subscriber-level users to read sensitive files from the server via unprotected AJAX endpoints. The vulnerability combines missing capability checks with information exposure in multiple GOTMLS_* AJAX actions, enabling attackers with minimal WordPress privileges to access arbitrary file contents including configuration files and credentials. No public exploit code has been confirmed at this time, though the vulnerability is trivial to exploit given the low authentication barrier.
Missing authorization in Facebook for WooCommerce plugin versions up to 3.5.7 allows authenticated attackers to bypass access controls and dismiss administrative notices through incorrectly configured security levels. The vulnerability enables privilege escalation or information disclosure via improper access control enforcement, though the low EPSS score (0.03%, 9th percentile) suggests limited real-world exploitation likelihood despite the broken access control flaw.
Use-after-free vulnerability in Mozilla Firefox 142 and 143 enables compromised renderer processes to trigger memory corruption in the GPU or browser process via malicious WebGPU IPC calls, potentially achieving sandbox escape. Affecting Firefox versions 142.0 through 144.0.1, this CWE-416 flaw carries CVSS 9.8 despite low real-world exploitation probability (EPSS 0.06%, 18th percentile). No public exploit identified at time of analysis. Patched in Firefox 144.0.2 released January 2025.
Broken access control in QuantumCloud ChatBot plugin for WordPress through version 7.7.3 allows authenticated attackers with low privileges to exploit misconfigured authorization checks, potentially leading to high-impact data breaches, unauthorized modifications, and service disruption. EPSS scoring indicates low exploitation probability (0.05%, 15th percentile), and no public exploit identified at time of analysis. The vulnerability stems from missing authorization controls (CWE-862), requiring only network access and low-privilege credentials with no user interaction, making it readily exploitable once an account is compromised.
Sensitive data exposure in the Publitio WordPress plugin (versions ≤2.2.5) allows unauthenticated remote attackers to retrieve embedded sensitive information through network requests. The vulnerability exposes confidential data with high impact to confidentiality (CVSS C:H), though exploitation probability remains low (EPSS 3rd percentile). No public exploit identified at time of analysis, and exploitation requires no privileges or user interaction (PR:N/UI:N), making it trivially exploitable if targeted.
Sensitive system information disclosure in ThemeHunk WP Popup Builder plugin for WordPress (versions ≤1.3.8) allows unauthenticated remote attackers to retrieve embedded sensitive data without authentication. The vulnerability presents a CVSS 7.5 HIGH severity with confirmed network-based exploitation requiring no user interaction. EPSS score of 0.03% (10th percentile) indicates minimal observed exploitation activity, and no public exploit identified at time of analysis. The flaw stems from improper exposure of sensitive information to unauthorized control spheres (CWE-497).
Sensitive data exposure in Atarim Visual Collaboration WordPress plugin (versions through 4.2.1) allows unauthenticated remote attackers to retrieve embedded confidential information via network-accessible endpoints. The vulnerability enables direct extraction of sensitive data with no authentication required and low attack complexity. EPSS score of 0.03% (10th percentile) indicates minimal current exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` If we add a new entity with id 0 or a duplicated ID, it will be marked as UVC_INVALID_ENTITY_ID. In a previous attempt commit 3dd075fe8ebb ("media: uvcvideo: Require entities to have a non-zero unique ID"), we ignored all the invalid units, this broke a lot of non-compatible cameras. Hopefully we are more lucky this time. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? [ 21.038518] usb 1-1: string descriptor 0 read error: -71 [ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201) [ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized! [ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized! [ 21.042218] ------------[ cut here ]------------ [ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0 [ 21.043195] Modules linked in: [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444 [ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 21.044639] Workqueue: usb_hub_wq hub_event [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0 [ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00 [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246 [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1 [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290 [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000 [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003 [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000 [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0 [ 21.051136] PKRU: 55555554 [ 21.051331] Call Trace: [ 21.051480] <TASK> [ 21.051611] ? __warn+0xc4/0x210 [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0 [ 21.052252] ? report_bug+0x11b/0x1a0 [ 21.052540] ? trace_hardirqs_on+0x31/0x40 [ 21.052901] ? handle_bug+0x3d/0x70 [ 21.053197] ? exc_invalid_op+0x1a/0x50 [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20 [ 21.053924] ? media_create_pad_link+0x91/0x2e0 [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0 [ 21.054834] ? media_create_pad_link+0x91/0x2e0 [ 21.055131] ? _raw_spin_unlock+0x1e/0x40 [ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210 [ 21.055837] uvc_mc_register_entities+0x358/0x400 [ 21.056144] uvc_register_chains+0x1 ---truncated---
Local applications on macOS can bypass access controls to read sensitive user data through a logic flaw in permission enforcement, fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. The vulnerability requires user interaction to trigger (such as launching a malicious app) and affects all three recent macOS versions. With an EPSS score of 0.01% and no confirmed active exploitation, this represents a low real-world exploitation probability despite moderate CVSS severity.
Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.
A security vulnerability in A data corruption vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
Unauthenticated attackers can access sensitive information through publicly exposed log files in the Content Writer WordPress plugin versions up to 3.6.8. The plugin fails to properly restrict access to log files, allowing remote attackers without authentication or user interaction to view potentially sensitive data stored in these logs. This vulnerability carries a moderate CVSS score of 5.3 with confirmed public information disclosure impact.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User interface spoofing in Firefox and Firefox Focus for Android's custom tab implementation allows remote attackers to misrepresent subdomain origins, enabling phishing attacks through crafted URLs. The custom tab feature truncates displayed hostnames to show only the parent domain, allowing malicious content on attacker-controlled subdomains (e.g., evil.example.com) to appear as legitimate sibling subdomains (e.g., legitimate.example.com). With CVSS 8.1 (High Confidentiality/Integrity impact) and no authentication required, this represents significant phishing risk for Android Firefox users. Patched in Firefox 144; no public exploit identified at time of analysis, though the UI flaw is straightforward to exploit.
Firefox on Android allows remote attackers to display a fake address bar by exploiting the visibilitychange event when the legitimate address bar is hidden due to scrolling, enabling phishing attacks and user deception. The vulnerability affects Firefox versions prior to 144 and requires user interaction (clicking on the fake address bar). Mozilla released patched version Firefox 144 to address this issue, and there is no evidence of active exploitation at the time of analysis.
Firefox for Android leaks password-related screen content through the Android task switcher card carousel, exposing sensitive information to local attackers with physical or remote access to the device. Affects Firefox for Android versions prior to 144. No public exploit identified at time of analysis, but exploitation is trivial requiring only device access and standard OS features. CVSS 9.1 reflects the unauthenticated network attack vector, though real-world exploitation typically requires local device access, making the practical risk moderate for most threat models.
Command injection via Firefox/Thunderbird 'Copy as cURL' feature on Windows allows remote attackers to execute arbitrary commands when users copy network requests as cURL commands and paste them into terminals. Affects Firefox <144, Firefox ESR <140.4, Thunderbird <144, and Thunderbird <140.4 exclusively on Windows platforms. No public exploit identified at time of analysis, but attack vector requires only user interaction (CVSS PR:N/UI:R) with no privileges needed.
Modify read-only JavaScript Object properties in Firefox and Thunderbird via crafted web content, allowing attackers to bypass property immutability protections and alter application state. Affects Firefox versions below 144, Firefox ESR below 115.29 and 140.4, Thunderbird below 144 and 140.4. Requires user interaction (malicious website visit) but no authentication. CVSS 6.5 reflects high integrity impact with user-interaction requirement; no evidence of active exploitation or public exploit code at time of analysis.
Information disclosure in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to extract privileged browser process memory via malicious IPC messages from a compromised web content process. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. CVSS 9.8 indicates network-exploitable with no auth required, though actual exploitation requires first compromising a web content process. Vendor-released patches available (Firefox 144, Firefox ESR 115.29/140.4, Thunderbird 144/140.4). No public exploit identified at time of analysis; EPSS data not provided.
Remote code execution in Mozilla Firefox (all versions prior to 144, ESR prior to 140.4) and Thunderbird (all versions prior to 144, ESR prior to 140.4) allows unauthenticated remote attackers to execute arbitrary code, disclose sensitive information, or cause denial of service through a use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). With a critical CVSS score of 9.8 and no authentication required, this memory corruption flaw represents a severe security risk. No public exploit identified at time of analysis, though EPSS data not available to assess exploitation probability.
Unauthenticated attackers can access sensitive information through publicly exposed log files in the Code Quality Control Tool WordPress plugin versions 2.1 and earlier, due to inadequate access controls on the error_logger.php component. The vulnerability allows remote attackers to read potentially sensitive data without authentication or user interaction, presenting a confidentiality risk to WordPress installations using affected versions.
An information leak vulnerability exists in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem within the tipc_topsrv_kern_subscr() function. The vulnerability occurs due to incomplete initialization of the sub.usr_handle field, leaving four bytes uninitialized when setsockopt() is called with SOL_TIPC options, allowing kernel memory contents to be leaked to user space. This affects Linux kernel versions including 6.1-rc1 and potentially others; while the EPSS score is extremely low at 0.01% percentile, the vulnerability requires local access and low privileges to trigger, making it a lower-priority but real information disclosure issue that has been patched by multiple vendors.
A memory leak vulnerability exists in the Linux kernel's test_firmware module initialization function (test_firmware_init) where allocated memory for test_fw_config->name is not properly freed when misc_register() fails. This affects all versions of the Linux kernel with the test_firmware module compiled, allowing local authenticated attackers to exhaust kernel memory and cause a denial of service. The vulnerability has a patch available from the Linux kernel maintainers, with an EPSS score of 0.01% indicating very low real-world exploitation probability despite the moderate CVSS score.
CVE-2022-50522 is a security vulnerability (CVSS 3.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
WP Reset plugin for WordPress versions up to 2.05 expose sensitive license keys and site data through unauthenticated access to the WF_Licensing::log() method when debugging is enabled by default. Remote attackers can extract confidential information including license credentials without authentication, creating a direct pathway to account compromise and unauthorized access to site administration features. No public exploit code or active exploitation has been confirmed, but the low attack complexity and default dangerous configuration significantly elevate real-world risk.
A security vulnerability in SeriaWei ZKEACMS (CVSS 5.4). Remediation should follow standard vulnerability management procedures.
In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline] BUG: KASAN:...
In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mm_struct teardown exit_mmap() will tear down the VMAs and maple tree with the mmap_lock held in write mode.
In the Linux kernel, the following vulnerability has been resolved: ipmi_si: fix a memleak in try_smi_init() Kmemleak reported the following leak info in try_smi_init(): unreferenced object 0xffff00018ecf9400 (size 1024): comm "modprobe", pid...
CVE-2023-53610 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2023-53609 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates...
CVE-2023-53606 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory leakage This commit fixes memory leakage in dc_construct_ctx() function.
CVE-2023-53604 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod.
CVE-2023-53601 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in...
In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUS_IO_TIMEOUT exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT),...
In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devres_release_all() only gets called if the device has a bus and has been probed.
In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource.
CVE-2023-53593 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2023-53592 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock[0] when peer flows are created while holding the devcom rw semaphore.
CVE-2023-53588 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUN_RESET handling This fixes a bug where an initiator thinks a LUN_RESET has cleaned up running commands when it hasn't.
CVE-2023-53585 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's...
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach.
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() Syzbot reported a bug as following: ===================================================== BUG: KMSAN:...
A privacy issue was addressed with improved handling of temporary files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
A privacy issue was addressed by removing the vulnerable code. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds access issue was addressed with improved bounds checking. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with improved validation of symlinks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A permissions issue was addressed with additional restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A logic issue was addressed with improved state management. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A denial-of-service issue was addressed with improved input validation. Rated low severity (CVSS 2.8), this vulnerability is low attack complexity. No vendor patch available.
A race condition was addressed with additional validation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An out-of-bounds read was addressed with improved bounds checking. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
The issue was addressed with improved UI. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.
A correctness issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
The issue was addressed by adding additional logic. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
This issue was addressed with additional entitlement checks. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A logic issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
By failing to authenticate three times to an unconfigured Abilis CPX device via SSH, an attacker can login to a restricted shell on the fourth attempt, and from there, relay connections. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A potential vulnerability was reported in some Lenovo Tablets that could allow a local authenticated user or application to gain access to sensitive device specific information. Rated medium severity (CVSS 6.8), this vulnerability is low attack complexity. No vendor patch available.
Nagios XI versions prior to 2024R1.1.3, under certain circumstances, disclose sensitive user account information (including API keys and hashed passwords) to authenticated users who should not have. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The KMIP response parser built into mongo binaries is overly tolerant of certain malformed packets, and may parse them into invalid objects. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable. No vendor patch available.
Rejected reason: DO NOT USE THIS CVE RECORD. No vendor patch available.
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue in Raspberry Pi Imager version 1.9.6 for Windows, affecting its OS customization feature. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
An issue in NetSurf v3.11 causes the application to read uninitialized heap memory when creating a dom_event structure. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
A vulnerability was detected in PHPGurukul News Portal 1.0. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
A security vulnerability has been detected in PHPGurukul News Portal 1.0. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.
Web UI Malfunction when setting unexpected locale via API.19.5; BLU-IC4: through 1.19.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Multiple Devices are Sharing the Same Secrets for SDKSocket (TCP/5000).19.5; BLU-IC4: through 1.19.5. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Import WP - Export and Import CSV and XML files to WordPress plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 2.14.16. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Advanced Ads - Ad Manager & AdSense plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.0.12 via the select_one() function. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The WP Discourse plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The List category posts plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 0.92.0 via the 'catlist' shortcode due to insufficient restrictions on which. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.14 via the action parameter in one of its shortcodes. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Authentication cache collision in Dovecot mail server allows remote attackers to gain unauthorized access to other users' accounts under specific caching configurations. When passdb/userdb caching is enabled, certain drivers incorrectly use identical cache keys for multiple distinct users, causing authentication data from one user to be applied to subsequent login attempts by different users. This vulnerability enables attackers to authenticate as other users after the legitimate user's credentials are cached, with no public exploit identified at time of analysis. Despite low EPSS probability (0.03%), the network-accessible attack vector and potential for unauthorized email access warrants immediate remediation in environments using affected caching configurations.
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successful calls to `cifs_sb_tlink()`. Three calls fail to update refcount accordingly, leading to possible resource leaks.
Arbitrary file read vulnerability in Anti-Malware Security and Brute-Force Firewall WordPress plugin (versions up to 4.23.81) allows authenticated Subscriber-level users to read sensitive files from the server via unprotected AJAX endpoints. The vulnerability combines missing capability checks with information exposure in multiple GOTMLS_* AJAX actions, enabling attackers with minimal WordPress privileges to access arbitrary file contents including configuration files and credentials. No public exploit code has been confirmed at this time, though the vulnerability is trivial to exploit given the low authentication barrier.
Missing authorization in Facebook for WooCommerce plugin versions up to 3.5.7 allows authenticated attackers to bypass access controls and dismiss administrative notices through incorrectly configured security levels. The vulnerability enables privilege escalation or information disclosure via improper access control enforcement, though the low EPSS score (0.03%, 9th percentile) suggests limited real-world exploitation likelihood despite the broken access control flaw.
Use-after-free vulnerability in Mozilla Firefox 142 and 143 enables compromised renderer processes to trigger memory corruption in the GPU or browser process via malicious WebGPU IPC calls, potentially achieving sandbox escape. Affecting Firefox versions 142.0 through 144.0.1, this CWE-416 flaw carries CVSS 9.8 despite low real-world exploitation probability (EPSS 0.06%, 18th percentile). No public exploit identified at time of analysis. Patched in Firefox 144.0.2 released January 2025.
Broken access control in QuantumCloud ChatBot plugin for WordPress through version 7.7.3 allows authenticated attackers with low privileges to exploit misconfigured authorization checks, potentially leading to high-impact data breaches, unauthorized modifications, and service disruption. EPSS scoring indicates low exploitation probability (0.05%, 15th percentile), and no public exploit identified at time of analysis. The vulnerability stems from missing authorization controls (CWE-862), requiring only network access and low-privilege credentials with no user interaction, making it readily exploitable once an account is compromised.
Sensitive data exposure in the Publitio WordPress plugin (versions ≤2.2.5) allows unauthenticated remote attackers to retrieve embedded sensitive information through network requests. The vulnerability exposes confidential data with high impact to confidentiality (CVSS C:H), though exploitation probability remains low (EPSS 3rd percentile). No public exploit identified at time of analysis, and exploitation requires no privileges or user interaction (PR:N/UI:N), making it trivially exploitable if targeted.
Sensitive system information disclosure in ThemeHunk WP Popup Builder plugin for WordPress (versions ≤1.3.8) allows unauthenticated remote attackers to retrieve embedded sensitive data without authentication. The vulnerability presents a CVSS 7.5 HIGH severity with confirmed network-based exploitation requiring no user interaction. EPSS score of 0.03% (10th percentile) indicates minimal observed exploitation activity, and no public exploit identified at time of analysis. The flaw stems from improper exposure of sensitive information to unauthorized control spheres (CWE-497).
Sensitive data exposure in Atarim Visual Collaboration WordPress plugin (versions through 4.2.1) allows unauthenticated remote attackers to retrieve embedded confidential information via network-accessible endpoints. The vulnerability enables direct extraction of sensitive data with no authentication required and low attack complexity. EPSS score of 0.03% (10th percentile) indicates minimal current exploitation probability, and no public exploit code or CISA KEV listing exists at time of analysis.
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. ``` Each Unit and Terminal within the video function is assigned a unique identification number, the Unit ID (UID) or Terminal ID (TID), contained in the bUnitID or bTerminalID field of the descriptor. The value 0x00 is reserved for undefined ID, ``` If we add a new entity with id 0 or a duplicated ID, it will be marked as UVC_INVALID_ENTITY_ID. In a previous attempt commit 3dd075fe8ebb ("media: uvcvideo: Require entities to have a non-zero unique ID"), we ignored all the invalid units, this broke a lot of non-compatible cameras. Hopefully we are more lucky this time. This also prevents some syzkaller reproducers from triggering warnings due to a chain of entities referring to themselves. In one particular case, an Output Unit is connected to an Input Unit, both with the same ID of 1. But when looking up for the source ID of the Output Unit, that same entity is found instead of the input entity, which leads to such warnings. In another case, a backward chain was considered finished as the source ID was 0. Later on, that entity was found, but its pads were not valid. Here is a sample stack trace for one of those cases. [ 20.650953] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 20.830206] usb 1-1: Using ep0 maxpacket: 8 [ 20.833501] usb 1-1: config 0 descriptor?? [ 21.038518] usb 1-1: string descriptor 0 read error: -71 [ 21.038893] usb 1-1: Found UVC 0.00 device <unnamed> (2833:0201) [ 21.039299] uvcvideo 1-1:0.0: Entity type for entity Output 1 was not initialized! [ 21.041583] uvcvideo 1-1:0.0: Entity type for entity Input 1 was not initialized! [ 21.042218] ------------[ cut here ]------------ [ 21.042536] WARNING: CPU: 0 PID: 9 at drivers/media/mc/mc-entity.c:1147 media_create_pad_link+0x2c4/0x2e0 [ 21.043195] Modules linked in: [ 21.043535] CPU: 0 UID: 0 PID: 9 Comm: kworker/0:1 Not tainted 6.11.0-rc7-00030-g3480e43aeccf #444 [ 21.044101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1 04/01/2014 [ 21.044639] Workqueue: usb_hub_wq hub_event [ 21.045100] RIP: 0010:media_create_pad_link+0x2c4/0x2e0 [ 21.045508] Code: fe e8 20 01 00 00 b8 f4 ff ff ff 48 83 c4 30 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc 0f 0b eb e9 0f 0b eb 0a 0f 0b eb 06 <0f> 0b eb 02 0f 0b b8 ea ff ff ff eb d4 66 2e 0f 1f 84 00 00 00 00 [ 21.046801] RSP: 0018:ffffc9000004b318 EFLAGS: 00010246 [ 21.047227] RAX: ffff888004e5d458 RBX: 0000000000000000 RCX: ffffffff818fccf1 [ 21.047719] RDX: 000000000000007b RSI: 0000000000000000 RDI: ffff888004313290 [ 21.048241] RBP: ffff888004313290 R08: 0001ffffffffffff R09: 0000000000000000 [ 21.048701] R10: 0000000000000013 R11: 0001888004313290 R12: 0000000000000003 [ 21.049138] R13: ffff888004313080 R14: ffff888004313080 R15: 0000000000000000 [ 21.049648] FS: 0000000000000000(0000) GS:ffff88803ec00000(0000) knlGS:0000000000000000 [ 21.050271] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 21.050688] CR2: 0000592cc27635b0 CR3: 000000000431c000 CR4: 0000000000750ef0 [ 21.051136] PKRU: 55555554 [ 21.051331] Call Trace: [ 21.051480] <TASK> [ 21.051611] ? __warn+0xc4/0x210 [ 21.051861] ? media_create_pad_link+0x2c4/0x2e0 [ 21.052252] ? report_bug+0x11b/0x1a0 [ 21.052540] ? trace_hardirqs_on+0x31/0x40 [ 21.052901] ? handle_bug+0x3d/0x70 [ 21.053197] ? exc_invalid_op+0x1a/0x50 [ 21.053511] ? asm_exc_invalid_op+0x1a/0x20 [ 21.053924] ? media_create_pad_link+0x91/0x2e0 [ 21.054364] ? media_create_pad_link+0x2c4/0x2e0 [ 21.054834] ? media_create_pad_link+0x91/0x2e0 [ 21.055131] ? _raw_spin_unlock+0x1e/0x40 [ 21.055441] ? __v4l2_device_register_subdev+0x202/0x210 [ 21.055837] uvc_mc_register_entities+0x358/0x400 [ 21.056144] uvc_register_chains+0x1 ---truncated---
Local applications on macOS can bypass access controls to read sensitive user data through a logic flaw in permission enforcement, fixed in macOS Sequoia 15.6, Sonoma 14.7.7, and Ventura 13.7.7. The vulnerability requires user interaction to trigger (such as launching a malicious app) and affects all three recent macOS versions. With an EPSS score of 0.01% and no confirmed active exploitation, this represents a low real-world exploitation probability despite moderate CVSS severity.
Mail in Lockdown Mode on iOS and iPadOS allows information disclosure through remote image loading when forwarding emails, bypassing Lockdown Mode's protections designed to prevent such tracking. Apple released patches in iOS 18.6 and iPadOS 18.6 that prevent remote image loading in this scenario. The vulnerability requires user interaction (forwarding an email) and affects unauthenticated remote attackers, with an EPSS score of 0.03% indicating low real-world exploitation probability despite the network attack vector.
A security vulnerability in A data corruption vulnerability (CVSS 4.4). Remediation should follow standard vulnerability management procedures.
Unauthenticated attackers can access sensitive information through publicly exposed log files in the Content Writer WordPress plugin versions up to 3.6.8. The plugin fails to properly restrict access to log files, allowing remote attackers without authentication or user interaction to view potentially sensitive data stored in these logs. This vulnerability carries a moderate CVSS score of 5.3 with confirmed public information disclosure impact.
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
User interface spoofing in Firefox and Firefox Focus for Android's custom tab implementation allows remote attackers to misrepresent subdomain origins, enabling phishing attacks through crafted URLs. The custom tab feature truncates displayed hostnames to show only the parent domain, allowing malicious content on attacker-controlled subdomains (e.g., evil.example.com) to appear as legitimate sibling subdomains (e.g., legitimate.example.com). With CVSS 8.1 (High Confidentiality/Integrity impact) and no authentication required, this represents significant phishing risk for Android Firefox users. Patched in Firefox 144; no public exploit identified at time of analysis, though the UI flaw is straightforward to exploit.
Firefox on Android allows remote attackers to display a fake address bar by exploiting the visibilitychange event when the legitimate address bar is hidden due to scrolling, enabling phishing attacks and user deception. The vulnerability affects Firefox versions prior to 144 and requires user interaction (clicking on the fake address bar). Mozilla released patched version Firefox 144 to address this issue, and there is no evidence of active exploitation at the time of analysis.
Firefox for Android leaks password-related screen content through the Android task switcher card carousel, exposing sensitive information to local attackers with physical or remote access to the device. Affects Firefox for Android versions prior to 144. No public exploit identified at time of analysis, but exploitation is trivial requiring only device access and standard OS features. CVSS 9.1 reflects the unauthenticated network attack vector, though real-world exploitation typically requires local device access, making the practical risk moderate for most threat models.
Command injection via Firefox/Thunderbird 'Copy as cURL' feature on Windows allows remote attackers to execute arbitrary commands when users copy network requests as cURL commands and paste them into terminals. Affects Firefox <144, Firefox ESR <140.4, Thunderbird <144, and Thunderbird <140.4 exclusively on Windows platforms. No public exploit identified at time of analysis, but attack vector requires only user interaction (CVSS PR:N/UI:R) with no privileges needed.
Modify read-only JavaScript Object properties in Firefox and Thunderbird via crafted web content, allowing attackers to bypass property immutability protections and alter application state. Affects Firefox versions below 144, Firefox ESR below 115.29 and 140.4, Thunderbird below 144 and 140.4. Requires user interaction (malicious website visit) but no authentication. CVSS 6.5 reflects high integrity impact with user-interaction requirement; no evidence of active exploitation or public exploit code at time of analysis.
Information disclosure in Mozilla Firefox and Thunderbird allows unauthenticated remote attackers to extract privileged browser process memory via malicious IPC messages from a compromised web content process. Affects Firefox <144, Firefox ESR <115.29 and <140.4, and Thunderbird <144 and <140.4. CVSS 9.8 indicates network-exploitable with no auth required, though actual exploitation requires first compromising a web content process. Vendor-released patches available (Firefox 144, Firefox ESR 115.29/140.4, Thunderbird 144/140.4). No public exploit identified at time of analysis; EPSS data not provided.
Remote code execution in Mozilla Firefox (all versions prior to 144, ESR prior to 140.4) and Thunderbird (all versions prior to 144, ESR prior to 140.4) allows unauthenticated remote attackers to execute arbitrary code, disclose sensitive information, or cause denial of service through a use-after-free vulnerability in MediaTrackGraphImpl::GetInstance(). With a critical CVSS score of 9.8 and no authentication required, this memory corruption flaw represents a severe security risk. No public exploit identified at time of analysis, though EPSS data not available to assess exploitation probability.
Unauthenticated attackers can access sensitive information through publicly exposed log files in the Code Quality Control Tool WordPress plugin versions 2.1 and earlier, due to inadequate access controls on the error_logger.php component. The vulnerability allows remote attackers to read potentially sensitive data without authentication or user interaction, presenting a confidentiality risk to WordPress installations using affected versions.
An information leak vulnerability exists in the Linux kernel's TIPC (Transparent Inter-Process Communication) subsystem within the tipc_topsrv_kern_subscr() function. The vulnerability occurs due to incomplete initialization of the sub.usr_handle field, leaving four bytes uninitialized when setsockopt() is called with SOL_TIPC options, allowing kernel memory contents to be leaked to user space. This affects Linux kernel versions including 6.1-rc1 and potentially others; while the EPSS score is extremely low at 0.01% percentile, the vulnerability requires local access and low privileges to trigger, making it a lower-priority but real information disclosure issue that has been patched by multiple vendors.
A memory leak vulnerability exists in the Linux kernel's test_firmware module initialization function (test_firmware_init) where allocated memory for test_fw_config->name is not properly freed when misc_register() fails. This affects all versions of the Linux kernel with the test_firmware module compiled, allowing local authenticated attackers to exhaust kernel memory and cause a denial of service. The vulnerability has a patch available from the Linux kernel maintainers, with an EPSS score of 0.01% indicating very low real-world exploitation probability despite the moderate CVSS score.
CVE-2022-50522 is a security vulnerability (CVSS 3.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
WP Reset plugin for WordPress versions up to 2.05 expose sensitive license keys and site data through unauthenticated access to the WF_Licensing::log() method when debugging is enabled by default. Remote attackers can extract confidential information including license credentials without authentication, creating a direct pathway to account compromise and unauthorized access to site administration features. No public exploit code or active exploitation has been confirmed, but the low attack complexity and default dangerous configuration significantly elevate real-world risk.
A security vulnerability in SeriaWei ZKEACMS (CVSS 5.4). Remediation should follow standard vulnerability management procedures.
In the Linux kernel, the following vulnerability has been resolved: jfs: fix invalid free of JFS_IP(ipimap)->i_imap in diUnmount syzbot found an invalid-free in diUnmount: BUG: KASAN: double-free in slab_free mm/slub.c:3661 [inline] BUG: KASAN:...
In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix race with VMA iteration and mm_struct teardown exit_mmap() will tear down the VMAs and maple tree with the mmap_lock held in write mode.
In the Linux kernel, the following vulnerability has been resolved: ipmi_si: fix a memleak in try_smi_init() Kmemleak reported the following leak info in try_smi_init(): unreferenced object 0xffff00018ecf9400 (size 1024): comm "modprobe", pid...
CVE-2023-53610 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2023-53609 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential UAF of struct nilfs_sc_info in nilfs_segctor_thread() The finalization of nilfs_segctor_thread() can race with nilfs_segctor_kill_thread() which terminates...
CVE-2023-53606 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: drm: amd: display: Fix memory leakage This commit fixes memory leakage in dc_construct_ctx() function.
CVE-2023-53604 is a security vulnerability (CVSS 7.8). High severity vulnerability requiring prompt remediation. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix memory leak in WMI firmware stats Memory allocated for firmware pdev, vdev and beacon statistics are not released during rmmod.
CVE-2023-53601 is a security vulnerability (CVSS 5.5). Risk factors: public PoC available. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in...
In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUS_IO_TIMEOUT exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT),...
In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devres_release_all() only gets called if the device has a bus and has been probed.
In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource.
CVE-2023-53593 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2023-53592 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix deadlock in tc route query code Cited commit causes ABBA deadlock[0] when peer flows are created while holding the devcom rw semaphore.
CVE-2023-53588 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix multiple LUN_RESET handling This fixes a bug where an initiator thinks a LUN_RESET has cleaned up running commands when it hasn't.
CVE-2023-53585 is a security vulnerability (CVSS 5.5). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's...
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach.
In the Linux kernel, the following vulnerability has been resolved: net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() Syzbot reported a bug as following: ===================================================== BUG: KMSAN:...