CVE Catalog

A critical SQL injection vulnerability has been identified in liujianview gymxmjpa version 1.0. The issue resides in the EquipmentDaoImpl function within the EquipmentController.java file. The vulnerability allows for remote exploitation by manipulating the hyname parameter, which is not properly sanitized before being used in SQL queries.

A critical SQL injection vulnerability has been identified in Liujianview Gymxmjpa version 1.0. The issue arises in the SubjectDaoImpl function within the SubjectController.java file, where the subname parameter is not properly sanitized. This flaw allows for blind SQL injection attacks that can be executed remotely.

A critical SQL injection vulnerability has been identified in Liujianview Gymxmjpa version 1.0. The issue arises in the GoodsDaoImpl function within the GoodsController.java file, where the goodsName parameter is not properly sanitized. This flaw allows for remote exploitation by injecting malicious SQL that could be executed by the database.

A critical SQL injection vulnerability has been identified in Liujianview Gymxmjpa version 1.0. The issue resides in the CoachController, specifically within the count method, where the coachName parameter is not properly sanitized. This oversight allows for blind SQL injection attacks, which can be executed remotely.

An information disclosure vulnerability has been identified in Reggie version 1.0, specifically within the Phone Number Validation Handler component. The issue arises in the '/user/sendMsg' file, where the 'code' argument can be manipulated, leading to unauthorized access to sensitive information. This vulnerability can be exploited remotely, and the details have been made public.

A critical vulnerability in Reggie version 1.0 allows for unrestricted file uploads. The issue arises in the upload function of the CommonController.java file, where only front-end validation of file extensions is performed. This flaw enables attackers to upload any type of file, potentially leading to further exploitation. The vulnerability can be exploited remotely, and details of the exploit have been made public.

A critical path traversal vulnerability has been identified in the Reggie application, version 1.0. The issue arises in the CommonController's download method, located in src/main/java/com/itheima/reggie/controller/CommonController.java. The vulnerability allows remote attackers to manipulate the name parameter, enabling them to download arbitrary files without authentication. The default file upload and download paths are set to D:\img\, as specified in the application.yml configuration file.

A cross-site scripting (XSS) vulnerability has been identified in StarSea99's Starsea-Mall version 1.0. The issue arises in the admin categories update interface, where the categoryName parameter is not properly sanitized. This lack of filtering allows attackers to inject malicious JavaScript, potentially leading to the execution of harmful scripts in the user's browser. The vulnerability can be exploited remotely.

A critical vulnerability exists in StarSea99's starsea-mall version 1.0, specifically within the UploadController function of the file src/main/java/com/siro/mall/controller/common/uploadController.java. This vulnerability allows for unrestricted file uploads, as the upload method does not properly validate the types of files being uploaded. Attackers can exploit this issue remotely by uploading JSP and HTML files, potentially leading to further exploitation.

A vulnerability exists in HCL MyXalytics version 6.3, allowing the cleartext transmission of sensitive information. The application sends security-critical data over a communication channel that can be intercepted by unauthorized parties.

A vulnerability allowing malicious file uploads has been identified in HCL MyXalytics. The application improperly validates file uploads, accepting invalid files that include incorrect content types, double extensions, null bytes, and special characters. This flaw enables attackers to upload and execute harmful files.

A vulnerability in HCL MyXalytics allows for the disclosure of sensitive information through the HTTP response header, which reveals the server's name and version as Microsoft-HTTP API/2.0. This issue could potentially be exploited to gather information about the server that could be useful in a broader attack.

A cross-site scripting (XSS) vulnerability has been identified in Longpi Warehouse version 1.0. The issue arises in the Backend component, specifically within the file '/resources/..;/inport/updateInport'. The vulnerability is triggered by manipulating the 'remark' argument, allowing for remote exploitation.

A vulnerability exists in IBM Robotic Process Automation versions 21.0.0 through 21.0.7.19 and 23.0.0 through 23.0.19. This vulnerability could enable a remote attacker to access sensitive data through certain crypto-analytic attacks.

A critical command injection vulnerability has been identified in Exelban Stats versions prior to 2.11.22. The issue resides in the XPC service, specifically within the 'shouldAcceptNewConnection' function, which lacks proper validation, allowing unauthorized clients to connect and execute arbitrary commands with root privileges. This vulnerability could lead to unauthorized access and manipulation of system functions.

A cross-site scripting vulnerability has been identified in IBM watsonx.ai versions 1.1 through 2.0.3, as well as in IBM watsonx.ai on Cloud Pak for Data versions 4.8 through 5.0.3. This vulnerability allows authenticated users to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential disclosure within a trusted session.

A cross-site scripting vulnerability has been identified in IBM Jazz Foundation versions 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2. This issue allows users to inject arbitrary JavaScript into the Web UI, potentially altering functionality and leading to credential disclosure within a trusted session.

A vulnerability in the Linux kernel's memory management code can lead to a null pointer dereference. This issue arises in the split_large_buddy() function, where the pfn_to_page() function may be called on a page frame number (PFN) that does not exist. This situation can occur in specific scenarios, such as freeing the highest page block in the last memory section, particularly with CONFIG_SPARSEMEM enabled and CONFIG_SPARSEMEM_EXTREME disabled. The problem was identified through code inspection.

A vulnerability in the Linux kernel's ASoC Intel SDW component has been addressed. The issue arose because the code relied on an initialized member of the asoc_sdw_dailink structure to check if an array member was in use. This approach led to an out-of-bounds access when the array was full. The vulnerability has been resolved by expanding the array to include a terminator, preventing the access beyond the array's end.

A vulnerability in the Bluetooth subsystem of the Linux kernel has been addressed. The issue arose in the isochronous listening function, where the device handle was not properly released after use. The function 'hci_get_route' retains the device before returning, so the handle should be released with 'hci_dev_put' at the end of 'iso_listen_bis', even if an error occurs.

A vulnerability in the Linux kernel's ptrace implementation for arm64 architecture has been addressed. The issue arose because the fpmr_set() function did not properly initialize a temporary variable. As a result, a SETREGSET call with a zero length could leave this variable uninitialized, leading to the potential leakage of up to 64 bits of memory from the kernel stack into a target thread's user-visible floating-point register set. While the vulnerability allowed reading arbitrary stack data, it did not provide a mechanism to write such data. The flaw has been fixed by ensuring the temporary value is initialized before copying the register set from userspace, similar to the handling of other register sets. After the patch, a zero-length write to NT_ARM_FPMR retains the existing register contents, preventing the leakage issue.

A vulnerability in the Linux kernel's ptrace implementation for arm64 architecture has been addressed. The issue arose in the NT_ARM_POE regset handling, where a temporary variable was not properly initialized. This oversight allowed a SETREGSET call with a zero length to write an uninitialized value back to the target's thread.por_el0, potentially leaking up to 64 bits of memory from the kernel stack. The vulnerability was limited to reading a specific slot on the stack without providing a mechanism to write back. The issue has been fixed by ensuring the temporary variable is initialized before copying the regset from userspace, similar to the handling of other regsets. As a result, a zero-length write now retains the existing contents of POR_EL1.

A race condition vulnerability has been identified in the Linux kernel's Direct Rendering Manager (DRM) handling of DisplayPort Multi-Stream Transport (MST) sideband messages. This vulnerability arises when the MST topology is removed while another thread is processing MST down replies or up requests. The concurrent access to the message reception state, without proper locking, can lead to memory corruption in the message parser. The issue has been addressed by ensuring the reception state is reset before parsing messages, preventing the race condition.

A vulnerability in the Linux kernel's handling of disk zone management has been addressed. The issue arose from improper management of the conventional zones bitmap during disk revalidation, which could lead to invalid memory references. This vulnerability has been mitigated by implementing RCU protection for the disk's conventional zones bitmap pointer. The helper function 'disk_zone_is_conv()' has been updated to operate under the RCU read lock, and a new function, 'disk_set_conv_zones_bitmap()', has been introduced to safely update the conventional zones bitmap pointer using 'rcu_replace_pointer()' while holding the 'disk_zone_wplugs_lock' spinlock. Additionally, 'disk_free_zone_resources()' has been modified to call 'disk_update_zone_resources()' with a NULL bitmap pointer to release the conventional zones bitmap. The 'disk_set_conv_zones_bitmap()' function is also utilized in 'disk_update_zone_resources()' to apply the new (revalidated) bitmap and free the previous one.

A vulnerability in the Linux kernel's ptrace implementation for AArch64 tasks has been addressed. The issue arose because the 'ctrl' variable in the tagged_addr_ctrl_set() function was not properly initialized. This flaw allowed a SETREGSET call with a length of zero to read an uninitialized value, potentially leaking up to 64 bits of memory from the kernel stack. While the leak was limited to a specific stack slot and did not include a write capability, it could still expose sensitive information. The vulnerability occurred in the NT_ARM_TAGGED_ADDR_CTRL regset, which is used by native AArch64 tasks to manipulate each other. The problem has been fixed by ensuring the temporary value is initialized before copying the regset from userspace, similar to other regsets.

A vulnerability in the Linux kernel's SCSI UFS platform handling has been addressed. The issue involved improper deallocation of the Host Bus Adapter (HBA) during the removal of the UFS host controller, which could lead to memory leaks. The vulnerability has been resolved by ensuring that the SCSI host is properly released using the 'scsi_host_dev_release()' function.

A memory corruption vulnerability has been identified in the Linux kernel's JFFS2 file system, specifically within the rtime decompression routine. The issue arises because the routine fails to properly check bounds during the entire decompression process. As a result, if the compressed data is corrupted, it can lead to memory corruption outside the designated decompression buffer. This vulnerability has been addressed by adding the necessary bounds checks to prevent such memory corruption.

A vulnerability in the Linux kernel's handling of CPU hotplug events in the s390 architecture can lead to a use-after-free condition. When a CPU is removed, the hotplug handler deallocates all sampling data buffers for that CPU. However, if a performance event is still active on the removed CPU, the kernel attempts to read the samples from these buffers, which have already been freed and may have been reassigned. This can result in accessing invalid data, potentially leading to memory corruption.

A vulnerability in the Linux kernel's virtio-net implementation can lead to a buffer overflow in the virtnet_rq_alloc function. This issue arises when the fragment size is one page and the combined size of the buffer and virtnet_rq_dma exceeds one page, causing an overflow. The problem was introduced by a previous commit and has been causing reliable crashes or failures when transferring large files via SCP to a virtual machine, especially when a specific sysctl value is set.

A vulnerability in the Linux kernel's handling of read-ahead operations can cause the system to hang when used with NFS. This issue arises because the read-ahead size can be inadvertently reduced, leading to negative values being passed to the page cache read-ahead function. The problem has been traced back to a specific commit that altered the read-ahead logic, and while reverting this change may decrease read-ahead efficiency, it is preferable to the system hanging entirely.

A vulnerability in the Linux kernel's handling of interrupt request (IRQ) entries on the s390 architecture has been addressed. The issue arose because the .irqentry.text section was empty, preventing proper filtering and de-duplication of stack traces in the stack depot. This lack of filtering could lead to stack depot warnings about reaching limit capacity, especially with certain kernel features enabled. The vulnerability was resolved by moving asynchronous IO/EXT interrupt handlers into the .irqentry.text section, allowing for proper stack trace management while preserving important context for synchronous interrupts.

A vulnerability in the Linux kernel's PCI suspend/resume support on the i.MX6QDL platform has been addressed. This issue, documented in the NXP errata ERR005723, caused the suspend/resume functionality to fail, particularly when a PCIe device was connected. The vulnerability arose because critical registers were modified, disrupting PCIe functionality, and certain drivers, such as ath10k and iwlwifi, would crash upon resuming. The patch resolves these issues by aligning the suspend/resume sequences with those used by other i.MX devices, resetting the connected PCIe device when possible to prevent driver crashes.

A potential deadlock vulnerability has been identified in the Linux kernel's SCSI megaraid_sas driver. This issue arises from a circular locking dependency, where two CPUs can become stuck waiting for each other to release locks, potentially leading to a deadlock situation. The vulnerability has been addressed by modifying the locking mechanism to temporarily release one of the mutexes, preventing the circular dependency.

A vulnerability in the Linux kernel's Btrfs file system has been identified, related to the management of simple quotas. When quotas are enabled, an incompatibility bit should be set before the transaction is committed. However, the current implementation only sets the bit after the transaction, leading to a potential assertion failure. This issue can be reproduced by enabling quotas on a Btrfs file system, unmounting it, and then remounting without committing a new transaction, which causes the missing incompatibility bit to trigger an assertion error.

A vulnerability in the Linux kernel's ASoC SOF Intel HDA-DAI component allows for improper management of link DMA channels. When a stream is stopped, the link DMA should not be released, as this can create a window for other streams to interfere and 'steal' the link DMA, leading to mixed-up channels. This mismanagement can cause firmware errors or crashes. While the issue is not commonly reproducible under normal conditions, it can occur if another stream is initiated between the stop and restart of a stream, mixing up the link DMA channels and causing errors.

A vulnerability in the Linux kernel's SCSI MPI3MR driver has been addressed, which involved corruption of configuration pages related to SAS I/O units and SAS expanders. This issue arose when multiple PHYs were rapidly disabled and enabled, leading to a corruption of the persistent and current configuration pages. The vulnerability was caused by the driver, through the SAS transport, exposing a sysfs interface that allowed for quick toggling of PHY states in a controller/expander setup. The solution involves using separate memory for each configuration request to prevent such corruption.

A vulnerability in the Linux kernel's ALSA subsystem has been addressed. The issue arose because the snd_hda_intel device driver did not properly check for errors when mapping DMA addresses, which can lead to potential memory management issues. This vulnerability was highlighted by a warning generated with CONFIG_DMA_API_DEBUG enabled, indicating that the driver failed to verify the mapping of a specific device address before using it. The warning pointed to a violation of recommended practices in DMA address handling, which could result in improper memory access or resource management.

A vulnerability in the Linux kernel's handling of the Rockchip HDMI PHY can lead to a NULL pointer dereference. This issue arises because the function rk_hdptx_phy_runtime_resume() may be called before the platform_set_drvdata() function has a chance to execute during the probe phase. As a result, when dev_get_drvdata() is called, it returns a NULL value, causing a dereference error. The vulnerability has been addressed by ensuring that platform_set_drvdata() is invoked before devm_pm_runtime_enable().

A vulnerability in the Linux kernel's handling of DisplayPort Multi-Stream Transport (MST) can lead to a NULL dereference and use-after-free condition. This issue arises in the DRM (Direct Rendering Manager) when an MST 'up' request is processed. If the MST topology is modified concurrently by another thread, the primary MST pointer can be freed and set to NULL. This creates a race condition where the 'up' request handler attempts to use the now-invalid pointer, leading to a crash or potential exploitation.

A vulnerability in the Linux kernel's handling of decrypted memory in TDX guest virtual machines has been addressed. In CoCo VMs, an untrusted host can cause the 'set_memory_decrypted()' function to fail, leading to a leak of decrypted memory that is shared. This situation arises because the error is not properly managed, allowing decrypted memory to be returned to the page allocator, potentially causing functional or security problems. The vulnerability involves leaking decrypted memory when 'set_memory_decrypted()' fails, without printing an error, since 'set_memory_decrypted()' will already call 'WARN_ONCE()'.

A vulnerability in the Linux kernel's power supply GPIO charger component allows for improper handling of charge current limits. This issue affects devices that can set the lowest charge current limit above zero. When a requested charge current limit falls below this minimum, the system erroneously accesses memory beyond what has been allocated, potentially leading to memory corruption.

A vulnerability in the Linux kernel's implementation of the SMC (Shared Memory Communication) protocol can lead to a deadlock condition. This issue arises because the length of messages received over the network can be manipulated, allowing values to exceed the buffer length expected by the kernel. When this happens, the kernel may enter a dead loop while trying to process the excess data, effectively causing a denial-of-service condition. The vulnerability has been addressed by adding a check on the return value of the message-receiving function, preventing the deadlock scenario.

A race condition vulnerability has been identified in the Linux kernel's Ethernet OA_TC6 component, specifically related to the management of transmission socket buffers (SKBs) between two pointers: 'waiting_tx_skb' and 'ongoing_tx_skb'. This vulnerability arises from the concurrent handling of SKBs in different threads without proper synchronization. When the 'ongoing_tx_skb' is processed, the next SKB is moved from 'waiting_tx_skb' to 'ongoing_tx_skb' without checking if 'waiting_tx_skb' is NULL. This oversight can lead to one SKB being left unprocessed, causing packet loss and a memory leak.

A denial-of-service vulnerability has been identified in the Linux kernel's tun driver. The issue arises in version 6.13.0-rc1 due to a flaw in the 'tun_napi_alloc_frags' function, where the implementation incorrectly processes I/O vector components. This oversight leads to the creation of a malformed socket buffer, causing a kernel crash. The vulnerability was reported by syzbot, a tool that detects bugs in the Linux kernel.

A vulnerability in the Linux kernel's Direct Rendering Manager (DRM) module has been addressed. The issue was a divide-by-zero vulnerability in the drm_mode_vrefresh() function, which calculates the vertical refresh rate of a display mode. The function attempted to prevent division by zero by checking if the horizontal or vertical total values were zero. However, this check was insufficient, leading to a potential divide-by-zero error when the total values were manipulated.

A vulnerability in the Linux kernel's handling of the ring buffer can lead to a slab-out-of-bounds memory access, causing memory corruption. This issue arises from an overflow in the calculation of the number of pages, which fails to account for certain conditions, allowing for improper memory access. The vulnerability has been reported in version 6.13.0-rc2.

A vulnerability in the Linux kernel's Hyper-V utility driver can lead to a NULL pointer dereference, causing a kernel panic. This issue occurs if the KVP (Key-Value Pair) or VSS (Volume Shadow Copy Service) daemon starts before the VMBus channel's ringbuffer is fully initialized. The problem arises because the KVP/VSS channel callback can be invoked prematurely, leading to the panic. The vulnerability affects Linux kernel versions through 6.11.0-rc3.

A vulnerability in the Linux kernel's KVM component for x86 architecture has been addressed. The issue arose in the 'complete_hypercall_exit()' function, where the wrong method was used to determine if a hypercall was made in 64-bit mode. This misstep could lead to improper handling of hypercalls for guests in a protected state, such as those using SEV-ES or SEV-SNP, where the necessary vCPU state information is unavailable. The vulnerability was exposed by modifying a self-test to generate a specific hypercall, which triggered a warning about the improper hypercall exit handling.

A potential deadlock vulnerability has been identified in the Linux kernel's handling of zoned block device writes. The issue arises during the error recovery process for zone write plugging, which is designed to manage writes to specific zones by ensuring the correct tracking of write pointers. When a write operation fails, the system schedules a zone report to correct the tracking. However, if a device queue freeze is initiated while write operations are still plugged and one fails, the reporting process can block, leading to a deadlock. This occurs because the plugged write operations hold a reference that prevents the queue freeze from completing, causing a standstill in processing the plugged writes.

A vulnerability in the Linux kernel's XFS filesystem has been identified, related to improper quota management during error handling. When a link operation fails due to metadata I/O errors, the system attempts to unmount the filesystem but gets stuck because it fails to unlock the inodes that were being processed. This issue can lead to a system hang, requiring manual intervention to resolve.