CVE-2024-1036
published 2024-01-30CVE-2024-1036: A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.91%
55.5th percentile
A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openbi | openbi | <= 1.0.8 | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-7pvg-hvr4-rj6w: A vulnerability was found in openBI up to 1
ghsa_unreviewed·2024-01-30
CVE-2024-1036 [HIGH] CWE-434 GHSA-7pvg-hvr4-rj6w: A vulnerability was found in openBI up to 1
A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311.
Red Hat
kernel: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking
vendor_redhat·2025-01-11·CVSS 5.5
CVE-2024-57800 [MEDIUM] CWE-20 kernel: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking
kernel: ALSA: memalloc: prefer dma_mapping_error() over explicit address checking
In the Linux kernel, the following vulnerability has been resolved:
ALSA: memalloc: prefer dma_mapping_error() over explicit address checking
With CONFIG_DMA_API_DEBUG enabled, the following warning is observed:
DMA-API: snd_hda_intel 0000:03:00.1: device driver failed to check map error[device address=0x00000000ffff0000] [size=20480 bytes] [mapped as single]
WARNING: CPU: 28 PID: 2255 at kernel/dma/debug.c:1036 check_unmap+0x1408/0x2430
CPU: 28 UID: 42 PID: 2255 Comm: wireplumber Tainted: G W L 6.12.0-10-133577cad6bf48e5a7848c4338124081393bfe8a+ #759
debug_dma_unmap_page+0xe9/0xf0
snd_dma_wc_free+0x85/0x130 [snd_pcm]
snd_pcm_lib_free_pages+0x1e3/0x440 [snd_pcm]
snd_pcm_common_ioctl+0x1c9a/0x2960 [snd_pcm]
s
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-30
Published