Security Vulnerabilities - CVEs Published In September 2024
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add otg_master NULL check within resource_log_pipe_topology_update
[Why]
Coverity reports NULL_RETURN warning.
[How]
Add otg_master NULL check.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-09-18
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Check index for aux_rd_interval before using
aux_rd_interval has size of 7 and should be checked.
This fixes 3 OVERRUN and 1 INTEGER_OVERFLOW issues reported by Coverity.
CVSS Score
5.5
EPSS Score
0.0
Published
2024-09-18
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Fix incorrect size calculation for loop
[WHY]
fe_clk_en has size of 5 but sizeof(fe_clk_en) has byte size 20 which is
lager than the array size.
[HOW]
Divide byte size 20 by its element size.
This fixes 2 OVERRUN issues reported by Coverity.
CVSS Score
7.8
EPSS Score
0.0
Published
2024-09-18
SQL injection vulnerability in Welcart e-Commerce prior to 2.11.2 allows an attacker who can login to the product to obtain or alter the information stored in the database.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-09-18
Welcart e-Commerce prior to 2.11.2 contains a cross-site scripting vulnerability. If this vulnerability is exploited, an arbitrary script may be executed on the user's web browser.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-09-18
The WP Hardening – Fix Your WordPress Security plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 1.2.6. This is due to use of an incorrect regular expression within the "Stop User Enumeration" feature. This makes it possible for unauthenticated attackers to bypass intended security restrictions and expose site usernames.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-09-18
Heap-based buffer overflow vulnerability in Assimp versions prior to 5.4.3 allows a local attacker to execute arbitrary code by importing a specially crafted file into the product.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-09-18
There is a buffer overflow vulnerability in ZTE MF296R. Due to insufficient validation of the SMS parameter length, an authenticated attacker could use the vulnerability to perform a denial of service attack.
CVSS Score
4.5
EPSS Score
0.003
Published
2024-09-18
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11.
CVSS Score
5.9
EPSS Score
0.002
Published
2024-09-18
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Royal Royal Elementor Addons allows Stored XSS.This issue affects Royal Elementor Addons: from n/a through 1.3.982.
CVSS Score
6.5
EPSS Score
0.003
Published
2024-09-18