Security Vulnerabilities - CVEs Published In September 2024
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds read of df_v1_7_channel_number
Check the fb_channel_number range to avoid the array out-of-bounds
read error
CVSS Score
7.1
EPSS Score
0.0
Published
2024-09-18
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: Fix out-of-bounds write warning
Check the ring type value to fix the out-of-bounds
write warning
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-18
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Ensure index calculation will not overflow
[WHY & HOW]
Make sure vmid0p72_idx, vnom0p8_idx and vmax0p9_idx calculation will
never overflow and exceess array size.
This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
CVSS Score
5.5
EPSS Score
0.001
Published
2024-09-18
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
[Why]
Coverity reports NULL_RETURN warning.
[How]
Add otg_master NULL check.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-09-18
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check index for aux_rd_interval before using
aux_rd_interval has size of 7 and should be checked.
This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-09-18
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
CVSS Score
8.8
EPSS Score
0.003
Published
2024-09-18
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-09-18
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
CVSS Score
5.3
EPSS Score
0.004
Published
2024-09-18
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-09-18
There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVSS Score
4.5
EPSS Score
0.002
Published
2024-09-18