Security Vulnerabilities - CVEs Published In July 2024
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.4.0.
CVSS Score
6.5
EPSS Score
0.002
Published
2024-07-06
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.3.0.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-06
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in StaxWP Elementor Addons, Widgets and Enhancements – Stax allows Stored XSS.This issue affects Elementor Addons, Widgets and Enhancements – Stax: from n/a through 1.4.4.1.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-06
Missing Authorization vulnerability in WpDevArt Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-06
Server-Side Request Forgery (SSRF) vulnerability in Theme-Ruby Foxiz.This issue affects Foxiz: from n/a through 2.3.5.
CVSS Score
7.2
EPSS Score
0.003
Published
2024-07-06
In the Linux kernel, the following vulnerability has been resolved:
drm/drm_file: Fix pid refcounting race
<maarten.lankhorst@linux.intel.com>, Maxime Ripard
<mripard@kernel.org>, Thomas Zimmermann <tzimmermann@suse.de>
filp->pid is supposed to be a refcounted pointer; however, before this
patch, drm_file_update_pid() only increments the refcount of a struct
pid after storing a pointer to it in filp->pid and dropping the
dev->filelist_mutex, making the following race possible:
process A process B
========= =========
begin drm_file_update_pid
mutex_lock(&dev->filelist_mutex)
rcu_replace_pointer(filp->pid, <pid B>, 1)
mutex_unlock(&dev->filelist_mutex)
begin drm_file_update_pid
mutex_lock(&dev->filelist_mutex)
rcu_replace_pointer(filp->pid, <pid A>, 1)
mutex_unlock(&dev->filelist_mutex)
get_pid(<pid A>)
synchronize_rcu()
put_pid(<pid B>) *** pid B reaches refcount 0 and is freed here ***
get_pid(<pid B>) *** UAF ***
synchronize_rcu()
put_pid(<pid A>)
As far as I know, this race can only occur with CONFIG_PREEMPT_RCU=y
because it requires RCU to detect a quiescent state in code that is not
explicitly calling into the scheduler.
This race leads to use-after-free of a "struct pid".
It is probably somewhat hard to hit because process A has to pass
through a synchronize_rcu() operation while process B is between
mutex_unlock() and get_pid().
Fix it by ensuring that by the time a pointer to the current task's pid
is stored in the file, an extra reference to the pid has been taken.
This fix also removes the condition for synchronize_rcu(); I think
that optimization is unnecessary complexity, since in that case we
would usually have bailed out on the lockless check above.
CVSS Score
7.0
EPSS Score
0.0
Published
2024-07-06
A Cross-Site Request Forgery (CSRF) vulnerability exists in mudler/LocalAI versions up to and including 2.15.0, which allows attackers to trick victims into deleting installed models. By crafting a malicious HTML page, an attacker can cause the deletion of a model, such as 'gpt-4-vision-preview', without the victim's consent. The vulnerability is due to insufficient CSRF protection mechanisms on the model deletion functionality.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-06
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del
CVSS Score
5.4
EPSS Score
0.001
Published
2024-07-05
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-05
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close
CVSS Score
8.8
EPSS Score
0.001
Published
2024-07-05