CVE-2024-1114
published 2024-01-31CVE-2024-1114: A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file…
PriorityP358critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.86%
53.8th percentile
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472.
Affected
10 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| openbi | openbi | <= 1.0.8 | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
| openbi | openbi | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.4MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-jhv9-m6q4-wc38: A vulnerability has been found in openBI up to 1
ghsa_unreviewed·2024-01-31
CVE-2024-1114 [MEDIUM] CWE-284 GHSA-jhv9-m6q4-wc38: A vulnerability has been found in openBI up to 1
A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472.
Red Hat
kernel: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
vendor_redhat·2024-11-09·CVSS 5.5
CVE-2024-50212 [MEDIUM] CWE-667 kernel: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
kernel: lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
In the Linux kernel, the following vulnerability has been resolved:
lib: alloc_tag_module_unload must wait for pending kfree_rcu calls
Ben Greear reports following splat:
------------[ cut here ]------------
net/netfilter/nf_nat_core.c:1114 module nf_nat func:nf_nat_register_fn has 256 allocated at module unload
WARNING: CPU: 1 PID: 10421 at lib/alloc_tag.c:168 alloc_tag_module_unload+0x22b/0x3f0
Modules linked in: nf_nat(-) btrfs ufs qnx4 hfsplus hfs minix vfat msdos fat
...
Hardware name: Default string Default string/SKYBAY, BIOS 5.12 08/04/2020
RIP: 0010:alloc_tag_module_unload+0x22b/0x3f0
codetag_unload_module+0x19b/0x2a0
? codetag_load_module+0x80/0x80
nf_nat module exit calls kfree_rcu on those addresses, bu
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-01-31
Published