CVE-2022-48758 – scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put()
https://notcve.org/view.php?id=CVE-2022-48758
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remove_group() as the controller rport device attributes are removed too early. Replace the fcoe_port's destroy_work queue. It's not needed. The problem is easily reproducible with the following steps. Example: $ dmesg -w & $ systemctl enable --now fcoe $ fipvlan -s -c ens2f1 $ fcoeadm -d ens2f1.802 [ 583.464488] host2: libfc: Link down on port (7500a1) [ 583.472651] bnx2fc: 7500a1 - rport not created Yet!! [ 583.490468] ------------[ cut here ]------------ [ 583.538725] sysfs group 'power' not found for kobject 'rport-2:0-0' [ 583.568814] WARNING: CPU: 3 PID: 192 at fs/sysfs/group.c:279 sysfs_remove_group+0x6f/0x80 [ 583.607130] Modules linked in: dm_service_time 8021q garp mrp stp llc bnx2fc cnic uio rpcsec_gss_krb5 auth_rpcgss nfsv4 ... [ 583.942994] CPU: 3 PID: 192 Comm: kworker/3:2 Kdump: loaded Not tainted 5.14.0-39.el9.x86_64 #1 [ 583.984105] Hardware name: HP ProLiant DL120 G7, BIOS J01 07/01/2013 [ 584.016535] Workqueue: fc_wq_2 fc_rport_final_delete [scsi_transport_fc] [ 584.050691] RIP: 0010:sysfs_remove_group+0x6f/0x80 [ 584.074725] Code: ff 5b 48 89 ef 5d 41 5c e9 ee c0 ff ff 48 89 ef e8 f6 b8 ff ff eb d1 49 8b 14 24 48 8b 33 48 c7 c7 ... [ 584.162586] RSP: 0018:ffffb567c15afdc0 EFLAGS: 00010282 [ 584.188225] RAX: 0000000000000000 RBX: ffffffff8eec4220 RCX: 0000000000000000 [ 584.221053] RDX: ffff8c1586ce84c0 RSI: ffff8c1586cd7cc0 RDI: ffff8c1586cd7cc0 [ 584.255089] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffb567c15afc00 [ 584.287954] R10: ffffb567c15afbf8 R11: ffffffff8fbe7f28 R12: ffff8c1486326400 [ 584.322356] R13: ffff8c1486326480 R14: ffff8c1483a4a000 R15: 0000000000000004 [ 584.355379] FS: 0000000000000000(0000) GS:ffff8c1586cc0000(0000) knlGS:0000000000000000 [ 584.394419] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 584.421123] CR2: 00007fe95a6f7840 CR3: 0000000107674002 CR4: 00000000000606e0 [ 584.454888] Call Trace: [ 584.466108] device_del+0xb2/0x3e0 [ 584.481701] device_unregister+0x13/0x60 [ 584.501306] bsg_unregister_queue+0x5b/0x80 [ 584.522029] bsg_remove_queue+0x1c/0x40 [ 584.541884] fc_rport_final_delete+0xf3/0x1d0 [scsi_transport_fc] [ 584.573823] process_one_work+0x1e3/0x3b0 [ 584.592396] worker_thread+0x50/0x3b0 [ 584.609256] ? rescuer_thread+0x370/0x370 [ 584.628877] kthread+0x149/0x170 [ 584.643673] ? • https://git.kernel.org/stable/c/0cbf32e1681d870632a1772601cbaadd996dc978 https://git.kernel.org/stable/c/2a12fe8248a38437b95b942bbe85aced72e6e2eb https://git.kernel.org/stable/c/262550f29c750f7876b6ed1244281e72b64ebffb https://git.kernel.org/stable/c/c93a290c862ccfa404e42d7420565730d67cbff9 https://git.kernel.org/stable/c/de6336b17a1376db1c0f7a528cce8783db0881c0 https://git.kernel.org/stable/c/bf2bd892a0cb14dd2d21f2c658f4b747813be311 https://git.kernel.org/stable/c/00849de10f798a9538242824a51b1756e7110754 https://git.kernel.org/stable/c/b11e34f7bab21df36f02a5e54fb69e858 •
CVE-2024-37091 – WordPress Consulting Elementor Widgets plugin <= 1.3.0 - Remote Code Execution (RCE) vulnerability
https://notcve.org/view.php?id=CVE-2024-37091
Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0. Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in StylemixThemes Consulting Elementor Widgets, StylemixThemes Masterstudy Elementor Widgets allows OS Command Injection.This issue affects Consulting Elementor Widgets: from n/a through 1.3.0; Masterstudy Elementor Widgets: from n/a through 1.2.2. The Consulting Elementor Widgets plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.3.0. This makes it possible for authenticated attackers, with contributor-level access and above, to execute code on the server. • https://patchstack.com/database/vulnerability/consulting-elementor-widgets/wordpress-consulting-elementor-widgets-plugin-1-3-0-remote-code-execution-rce-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/masterstudy-elementor-widgets/wordpress-masterstudy-elementor-widgets-plugin-1-2-2-remote-code-execution-rce-vulnerability?_s_id=cve • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-33335
https://notcve.org/view.php?id=CVE-2024-33335
SQL Injection vulnerability in H3C technology company SeaSQL DWS V2.0 allows a remote attacker to execute arbitrary code via a crafted file. Vulnerabilidad de inyección SQL en H3C SeaSQL DWS v.2.0 permite a un atacante remoto ejecutar código arbitrario a través de un archivo manipulado. • https://gist.github.com/vrhappy/08cb4c8721eed8a74fe786ecdff1ec1e https://www.h3c.com/cn https://www.h3c.com/cn/Service/Online_Help/psirt • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-37109 – WordPress WishList Member X plugin < 3.26.7 - Authenticated Arbitrary PHP Code Execution vulnerability
https://notcve.org/view.php?id=CVE-2024-37109
Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a before 3.26.7. • https://patchstack.com/database/vulnerability/wishlist-member-x/wordpress-wishlist-member-x-plugin-3-25-1-authenticated-arbitrary-php-code-execution-vulnerability?_s_id=cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2024-28397 – Pyload Remote Code Execution
https://notcve.org/view.php?id=CVE-2024-28397
An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitrary code via a crafted API call. Un problema en el componente js2py.disable_pyimport() de js2py hasta v0.74 permite a atacantes ejecutar código arbitrario a través de una llamada API manipulada. CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. • https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape https://github.com/CYBER-WARRIOR-SEC/CVE-2024-28397-js2py-Sandbox-Escape https://github.com/Marven11 • CWE-94: Improper Control of Generation of Code ('Code Injection') •