CVE-2024-32768
published 2024-11-22CVE-2024-32768: A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have…
PriorityP424medium5.4CVSS 3.1
AVNACLPRLUIRSCCLILAN
EPSS
0.36%
27.9th percentile
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| qnap | photo_station | >= 6.4.0 < 6.4.3 | 6.4.3 |
| qnap_systems_inc | photo_station | >= 6.4.x < 6.4.3 ( 2024/07/12 ) | 6.4.3 ( 2024/07/12 ) |
CVSS provenance
nvdv3.15.4MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
vendor_redhat5.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6mqr-4g8p-wrvx: A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station
ghsa_unreviewed·2024-11-22
CVE-2024-32768 [MEDIUM] CWE-79 GHSA-6mqr-4g8p-wrvx: A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station
A cross-site scripting (XSS) vulnerability has been reported to affect Photo Station. If exploited, the vulnerability could allow remote attackers who have gained user access to inject malicious code.
We have already fixed the vulnerability in the following version:
Photo Station 6.4.3 ( 2024/07/12 ) and later
Red Hat
kernel: rtc: tps6594: Fix integer overflow on 32bit systems
vendor_redhat·2025-02-27·CVSS 5.5
CVE-2024-57953 [MEDIUM] CWE-190 kernel: rtc: tps6594: Fix integer overflow on 32bit systems
kernel: rtc: tps6594: Fix integer overflow on 32bit systems
In the Linux kernel, the following vulnerability has been resolved:
rtc: tps6594: Fix integer overflow on 32bit systems
The problem is this multiply in tps6594_rtc_set_offset()
tmp = offset * TICKS_PER_HOUR;
The "tmp" variable is an s64 but "offset" is a long in the
(-277774)-277774 range. On 32bit systems a long can hold numbers up to
approximately two billion. The number of TICKS_PER_HOUR is really large,
(32768 * 3600) or roughly a hundred million. When you start multiplying
by a hundred million it doesn't take long to overflow the two billion
mark.
Probably the safest way to fix this is to change the type of
TICKS_PER_HOUR to long long because it's such a large number.
Package: kernel (Red Hat Enterprise Linux 10) - Will not
Red Hat
kernel: erofs: handle overlapped pclusters out of crafted images properly
vendor_redhat·2024-10-21·CVSS 5.5
CVE-2024-47736 [MEDIUM] CWE-404 kernel: erofs: handle overlapped pclusters out of crafted images properly
kernel: erofs: handle overlapped pclusters out of crafted images properly
In the Linux kernel, the following vulnerability has been resolved:
erofs: handle overlapped pclusters out of crafted images properly
syzbot reported a task hang issue due to a deadlock case where it is
waiting for the folio lock of a cached folio that will be used for
cache I/Os.
After looking into the crafted fuzzed image, I found it's formed with
several overlapped big pclusters as below:
Ext: logical offset | length : physical offset | length
0: 0.. 16384 | 16384 : 151552.. 167936 | 16384
1: 16384.. 32768 | 16384 : 155648.. 172032 | 16384
2: 32768.. 49152 | 16384 : 537223168.. 537239552 | 16384
...
Here, extent 0/1 are physically overlapped although it's entirely
_impossible_ for normal filesystem images generat
Red Hat
kernel: net: atlantic: Fix DMA mapping for PTP hwts ring
vendor_redhat·2024-04-02·CVSS 5.5
CVE-2024-26680 [MEDIUM] CWE-20 kernel: net: atlantic: Fix DMA mapping for PTP hwts ring
kernel: net: atlantic: Fix DMA mapping for PTP hwts ring
In the Linux kernel, the following vulnerability has been resolved:
net: atlantic: Fix DMA mapping for PTP hwts ring
Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes
for PTP HWTS ring but then generic aq_ring_free() does not take this
into account.
Create and use a specific function to free HWTS ring to fix this
issue.
Trace:
[ 215.351607] ------------[ cut here ]------------
[ 215.351612] DMA-API: atlantic 0000:4b:00.0: device driver frees DMA memory with different size [device address=0x00000000fbdd0000] [map size=34816 bytes] [unmap size=32768 bytes]
[ 215.351635] WARNING: CPU: 33 PID: 10759 at kernel/dma/debug.c:988 check_unmap+0xa6f/0x2360
...
[ 215.581176] Call Trace:
[ 215.583632]
[ 215.585745] ? show_trace_l
No detection rules found.
No public exploits indexed.
2024-11-22
Published