CVE-2024-4352
published 2024-05-16CVE-2024-4352: The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on…
PriorityP353high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.18%
63.9th percentile
The Tutor LMS Pro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on the 'get_calendar_materials' function. The plugin is also vulnerable to SQL Injection via the ‘year’ parameter of that function due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| themeum | tutor_lms | < 2.7.1 | 2.7.1 |
| themeum | tutor_lms_pro | <= 2.7.0 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2021-47310 kernel: net: ti: fix UAF in tlan_remove_one
bugzilla·2024-05-22·CVSS 7.8
CVE-2021-47310 [HIGH] CVE-2021-47310 kernel: net: ti: fix UAF in tlan_remove_one
CVE-2021-47310 kernel: net: ti: fix UAF in tlan_remove_one
In the Linux kernel, the following vulnerability has been resolved:
net: ti: fix UAF in tlan_remove_one
The Linux kernel CVE team has assigned CVE-2021-47310 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052128-CVE-2021-47310-a59d@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
Re
Bugzilla
CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
bugzilla·2024-05-22·CVSS 7.8
CVE-2023-52835 [HIGH] CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
CVE-2023-52835 kernel: perf/core: Bail out early if the request AUX area is out of bound
In the Linux kernel, the following vulnerability has been resolved:
perf/core: Bail out early if the request AUX area is out of bound
The Linux kernel CVE team has assigned CVE-2023-52835 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052109-CVE-2023-52835-80ee@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
---
This issue has been addressed in the following products:
Red Hat Ente
Bugzilla
CVE-2021-47311 kernel: net: qcom/emac: fix UAF in emac_remove
bugzilla·2024-05-22·CVSS 7.8
CVE-2021-47311 [HIGH] CVE-2021-47311 kernel: net: qcom/emac: fix UAF in emac_remove
CVE-2021-47311 kernel: net: qcom/emac: fix UAF in emac_remove
In the Linux kernel, the following vulnerability has been resolved:
net: qcom/emac: fix UAF in emac_remove
The Linux kernel CVE team has assigned CVE-2021-47311 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052129-CVE-2021-47311-47f4@gregkh/T
Discussion:
Hi Rohit, can we have kpatch trackers created for these releases:
rhel-8.6
rhel-8.8
rhel-8.10
(http://redbot.usersys.redhat.com/kpatch/kpatch-sla-kernels.json)
Thanks.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 h
Bugzilla
CVE-2021-47353 kernel: udf: Fix NULL pointer dereference in udf_symlink function
bugzilla·2024-05-22·CVSS 5.5
CVE-2021-47353 [MEDIUM] CVE-2021-47353 kernel: udf: Fix NULL pointer dereference in udf_symlink function
CVE-2021-47353 kernel: udf: Fix NULL pointer dereference in udf_symlink function
In the Linux kernel, the following vulnerability has been resolved:
udf: Fix NULL pointer dereference in udf_symlink function
The Linux kernel CVE team has assigned CVE-2021-47353 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052141-CVE-2021-47353-8d3a@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
Bugzilla
CVE-2021-47356 kernel: mISDN: fix possible use-after-free in HFC_cleanup()
bugzilla·2024-05-22·CVSS 7.7
CVE-2021-47356 [HIGH] CVE-2021-47356 kernel: mISDN: fix possible use-after-free in HFC_cleanup()
CVE-2021-47356 kernel: mISDN: fix possible use-after-free in HFC_cleanup()
In the Linux kernel, the following vulnerability has been resolved:
mISDN: fix possible use-after-free in HFC_cleanup()
The Linux kernel CVE team has assigned CVE-2021-47356 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024052142-CVE-2021-47356-a3d4@gregkh/T
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8.6 Advanced Mi
Bugzilla
CVE-2024-35835 kernel: net/mlx5e: fix a double-free in arfs_create_groups
bugzilla·2024-05-17·CVSS 5.3
CVE-2024-35835 [MEDIUM] CVE-2024-35835 kernel: net/mlx5e: fix a double-free in arfs_create_groups
CVE-2024-35835 kernel: net/mlx5e: fix a double-free in arfs_create_groups
In the Linux kernel, the following vulnerability has been resolved:
net/mlx5e: fix a double-free in arfs_create_groups
The Linux kernel CVE team has assigned CVE-2024-35835 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024051730-CVE-2024-35835-d75f@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2281166]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
---
This issue has
Bugzilla
CVE-2024-26982 kernel: Squashfs: check the inode number is not the invalid value of zero
bugzilla·2024-05-01·CVSS 7.1
CVE-2024-26982 [HIGH] CVE-2024-26982 kernel: Squashfs: check the inode number is not the invalid value of zero
CVE-2024-26982 kernel: Squashfs: check the inode number is not the invalid value of zero
In the Linux kernel, the following vulnerability has been resolved:
Squashfs: check the inode number is not the invalid value of zero
The Linux kernel CVE team has assigned CVE-2024-26982 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050141-CVE-2024-26982-8675@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2278338]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-
Bugzilla
CVE-2024-26974 kernel: crypto: qat - resolve race condition during AER recovery
bugzilla·2024-05-01·CVSS 7.0
CVE-2024-26974 [HIGH] CVE-2024-26974 kernel: crypto: qat - resolve race condition during AER recovery
CVE-2024-26974 kernel: crypto: qat - resolve race condition during AER recovery
In the Linux kernel, the following vulnerability has been resolved:
crypto: qat - resolve race condition during AER recovery
The Linux kernel CVE team has assigned CVE-2024-26974 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024050132-CVE-2024-26974-13eb@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2278355]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
---
Th
Bugzilla
CVE-2024-26859 kernel: net/bnx2x: Prevent access to a freed page in page_pool
bugzilla·2024-04-17·CVSS 4.7
CVE-2024-26859 [MEDIUM] CVE-2024-26859 kernel: net/bnx2x: Prevent access to a freed page in page_pool
CVE-2024-26859 kernel: net/bnx2x: Prevent access to a freed page in page_pool
In the Linux kernel, the following vulnerability has been resolved:
net/bnx2x: Prevent access to a freed page in page_pool
The Linux kernel CVE team has assigned CVE-2024-26859 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024041735-CVE-2024-26859-a906@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2275734]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
Bugzilla
CVE-2024-26801 kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset
bugzilla·2024-04-04·CVSS 5.5
CVE-2024-26801 [MEDIUM] CVE-2024-26801 kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset
CVE-2024-26801 kernel: Bluetooth: Avoid potential use-after-free in hci_error_reset
In the Linux kernel, the following vulnerability has been resolved:
Bluetooth: Avoid potential use-after-free in hci_error_reset
The Linux kernel CVE team has assigned CVE-2024-26801 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040403-CVE-2024-26801-da9f@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2273430]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
Bugzilla
CVE-2024-26656 kernel: drm/amdgpu: use-after-free vulnerability
bugzilla·2024-04-02·CVSS 5.5
CVE-2024-26656 [MEDIUM] CVE-2024-26656 kernel: drm/amdgpu: use-after-free vulnerability
CVE-2024-26656 kernel: drm/amdgpu: use-after-free vulnerability
In the Linux kernel, the following vulnerability has been resolved:
drm/amdgpu: fix use-after-free bug
The Linux kernel CVE team has assigned CVE-2024-26656 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040247-CVE-2024-26656-ffaa@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2272693]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4352
---
This issue has been addressed in the fol
Bugzilla
CVE-2024-26675 kernel: ppp_async: limit MRU to 64K
bugzilla·2024-04-02·CVSS 5.5
CVE-2024-26675 [MEDIUM] CVE-2024-26675 kernel: ppp_async: limit MRU to 64K
CVE-2024-26675 kernel: ppp_async: limit MRU to 64K
In the Linux kernel, the following vulnerability has been resolved:
ppp_async: limit MRU to 64K
The Linux kernel CVE team has assigned CVE-2024-26675 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024040252-CVE-2024-26675-5b19@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2272830]
---
This was fixed for Fedora with the 6.7.5 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4211 https://access.redhat.com/errata/RHSA-2024:4211
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2024:4352 https://access.redhat.com/errata/RHSA-2024:4
2024-05-16
Published