CVE-2024-1252
published 2024-02-06CVE-2024-1252: A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file…
PriorityP352critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
0.65%
46.5th percentile
A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | >= 0 < 6.1.106-1 | 6.1.106-1 |
| linux | linux_kernel | >= 0 < 6.10.6-1 | 6.10.6-1 |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda | oa_2017 | — | — |
| tongda2000 | tongda_office_anywhere | < 11.10 | 11.10 |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.05.2MEDIUMAV:A/AC:L/Au:S/C:P/I:P/A:P
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2024-43903: In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane
osv·2024-08-26
CVE-2024-43903 CVE-2024-43903: In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add NULL check for 'afb' before dereferencing in amdgpu_dm_plane_handle_cursor_update
This commit adds a null check for the 'afb' variable in the
amdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was
assumed to be null, but was used later in the code without a null check.
This could potentially lead to a null pointer dereference.
Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)
GHSA
GHSA-44xm-468v-w3hq: A vulnerability classified as critical was found in Tongda OA 2017 up to 11
ghsa_unreviewed·2024-02-06
CVE-2024-1252 [MEDIUM] CWE-89 GHSA-44xm-468v-w3hq: A vulnerability classified as critical was found in Tongda OA 2017 up to 11
A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991.
Red Hat
kernel: drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)
vendor_redhat·2024-10-21·CVSS 5.5
CVE-2024-49905 [MEDIUM] CWE-476 kernel: drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)
kernel: drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)
In the Linux kernel, the following vulnerability has been resolved:
drm/amd/display: Add null check for 'afb' in amdgpu_dm_plane_handle_cursor_update (v2)
This commit adds a null check for the 'afb' variable in the
amdgpu_dm_plane_handle_cursor_update function. Previously, 'afb' was
assumed to be null, but was used later in the code without a null check.
This could potentially lead to a null pointer dereference.
Changes since v1:
- Moved the null check for 'afb' to the line where 'afb' is used. (Alex)
Fixes the below:
drivers/gpu/drm/amd/amdgpu/../display/amdgpu_dm/amdgpu_dm_plane.c:1298 amdgpu_dm_plane_handle_cursor_update() error: we previously assumed 'afb' could be null (see line 1252)
Pack
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-02-06
Published