CVE-2024-2640
published 2024-07-12CVE-2024-2640: The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been…
PriorityP423medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.39%
31.3th percentile
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kibokolabs | watu_quiz | < 3.4.1.2 | 3.4.1.2 |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat4.7MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-c7x7-vc85-8vmc: The Watu Quiz WordPress plugin before 3
ghsa_unreviewed·2024-07-12
CVE-2024-2640 [MEDIUM] CWE-79 GHSA-c7x7-vc85-8vmc: The Watu Quiz WordPress plugin before 3
The Watu Quiz WordPress plugin before 3.4.1.2 does not sanitise and escape some of its settings, which could allow users such as authors (if they've been authorized by admins) to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.
Red Hat
kernel: drm/xe/guc_submit: fix race around suspend_pending
vendor_redhat·2024-12-27·CVSS 4.7
CVE-2024-56552 [MEDIUM] kernel: drm/xe/guc_submit: fix race around suspend_pending
kernel: drm/xe/guc_submit: fix race around suspend_pending
In the Linux kernel, the following vulnerability has been resolved:
drm/xe/guc_submit: fix race around suspend_pending
Currently in some testcases we can trigger:
xe 0000:03:00.0: [drm] Assertion `exec_queue_destroyed(q)` failed!
....
WARNING: CPU: 18 PID: 2640 at drivers/gpu/drm/xe/xe_guc_submit.c:1826 xe_guc_sched_done_handler+0xa54/0xef0 [xe]
xe 0000:03:00.0: [drm] *ERROR* GT1: DEREGISTER_DONE: Unexpected engine state 0x00a1, guc_id=57
Looking at a snippet of corresponding ftrace for this GuC id we can see:
162.673311: xe_sched_msg_add: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3
162.673317: xe_sched_msg_recv: dev=0000:03:00.0, gt=1 guc_id=57, opcode=3
162.673319: xe_exec_queue_scheduling_disable: dev=0000:03:00.0, 1:0x2, gt=1,
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-07-12
Published