Security Vulnerabilities - CVEs Published In May 2024
In the Linux kernel, the following vulnerability has been resolved:
Revert "drm/amd/pm: resolve reboot exception for si oland"
This reverts commit e490d60a2f76bff636c68ce4fe34c1b6c34bbd86.
This causes hangs on SI when DC is enabled and errors on driver
reboot and power off cycles.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-05-17
In the Linux kernel, the following vulnerability has been resolved:
Revert "net/mlx5: Block entering switchdev mode with ns inconsistency"
This reverts commit 662404b24a4c4d839839ed25e3097571f5938b9b.
The revert is required due to the suspicion it is not good for anything
and cause crash.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-05-17
In the Linux kernel, the following vulnerability has been resolved:
phonet/pep: fix racy skb_queue_empty() use
The receive queues are protected by their respective spin-lock, not
the socket lock. This could lead to skb_peek() unexpectedly
returning NULL or a pointer to an already dequeued socket buffer.
CVSS Score
5.8
EPSS Score
0.0
Published
2024-05-17
Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes EmpowerWP.This issue affects EmpowerWP: from n/a through 1.0.21.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-17
Cross-Site Request Forgery (CSRF) vulnerability in CodeBard Fast Custom Social Share by CodeBard fast-custom-social-share-by-codebard.This issue affects Fast Custom Social Share by CodeBard: from n/a through <= 1.1.2.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-05-17
Incorrect Privilege Assignment vulnerability in Sirv CDN and Image Hosting Sirv sirv.This issue affects Sirv: from n/a through <= 7.2.2.
CVSS Score
8.8
EPSS Score
0.011
Published
2024-05-17
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeKraft BuddyForms allows Server Side Request Forgery, Relative Path Traversal.This issue affects BuddyForms: from n/a through 2.8.8.
CVSS Score
8.6
EPSS Score
0.013
Published
2024-05-17
Improper Restriction of Excessive Authentication Attempts vulnerability in Metagauss ProfileGrid allows Removing Important Client Functionality.This issue affects ProfileGrid : from n/a through 5.8.2.
CVSS Score
4.3
EPSS Score
0.004
Published
2024-05-17
Authentication Bypass by Spoofing vulnerability in WP Royal Royal Elementor Addons allows Functionality Bypass.This issue affects Royal Elementor Addons: from n/a through 1.3.93.
CVSS Score
5.3
EPSS Score
0.001
Published
2024-05-17
Zabbix server can perform command execution for configured scripts. After command is executed, audit entry is added to "Audit Log". Due to "clientip" field is not sanitized, it is possible to injection SQL into "clientip" and exploit time based blind SQL injection.
CVSS Score
9.1
EPSS Score
0.921
Published
2024-05-17