CVE-2024-1654
published 2024-03-14CVE-2024-1654: This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin…
PriorityP345high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.31%
67.0th percentile
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| papercut | papercut_mf | < 20.1.10 | 20.1.10 |
| papercut | papercut_mf | >= 21.0.0 < 21.2.14 | 21.2.14 |
| papercut | papercut_mf | >= 22.0.0 < 22.1.5 | 22.1.5 |
| papercut | papercut_mf | >= 23.0.1 < 23.0.7 | 23.0.7 |
| papercut | papercut_ng | < 20.1.10 | 20.1.10 |
| papercut | papercut_ng | >= 21.0.0 < 21.2.14 | 21.2.14 |
| papercut | papercut_ng | >= 22.0.0 < 22.1.5 | 22.1.5 |
| papercut | papercut_ng | >= 23.0.1 < 23.0.7 | 23.0.7 |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hv4j-7wh2-m4p5: This vulnerability potentially allows unauthorized write operations which may lead to remote code execution
ghsa_unreviewed·2024-03-14
CVE-2024-1654 [HIGH] CWE-183 GHSA-hv4j-7wh2-m4p5: This vulnerability potentially allows unauthorized write operations which may lead to remote code execution
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this.
Red Hat
kernel: iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
vendor_redhat·2024-11-09·CVSS 5.5
CVE-2024-50231 [MEDIUM] CWE-401 kernel: iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
kernel: iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
In the Linux kernel, the following vulnerability has been resolved:
iio: gts-helper: Fix memory leaks in iio_gts_build_avail_scale_table()
modprobe iio-test-gts and rmmod it, then the following memory leak
occurs:
unreferenced object 0xffffff80c810be00 (size 64):
comm "kunit_try_catch", pid 1654, jiffies 4294913981
hex dump (first 32 bytes):
02 00 00 00 08 00 00 00 20 00 00 00 40 00 00 00 ........ ...@...
80 00 00 00 00 02 00 00 00 04 00 00 00 08 00 00 ................
backtrace (crc a63d875e):
[] kmemleak_alloc+0x34/0x40
[] __kmalloc_noprof+0x2bc/0x3c0
[] devm_iio_init_iio_gts+0x4b4/0x16f4
[] 0xffffffdf052a62e0
[] 0xffffffdf052a6488
[] kunit_try_run_case+0x13c/0x3ac
[] kunit_generic_run_threadfn_adapter+0x80/0
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-03-14
Published