CVE-2024-6567
published 2024-08-02CVE-2024-6567: The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing…
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.45%
35.8th percentile
The Ebook Store plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 5.8001. This is due to the plugin utilizing fpdi-protection and not preventing direct access to test files that have display_errors set to true. This makes it possible for unauthenticated attackers to retrieve the full path of the web application, which can be used to aid other attacks. The information displayed is not useful on its own, and requires another vulnerability to be present for damage to an affected website. The plugin vendor removed the test files, however, did not increment the version meaning this is inadequately patched in the same version that is affected.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| motovnet | ebook_store | <= 5.8001 | — |
| shopfiles | ebook_store | <= 5.8001 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2024-41073 kernel: nvme: avoid double free special payload
bugzilla·2024-07-30·CVSS 7.8
CVE-2024-41073 [HIGH] CVE-2024-41073 kernel: nvme: avoid double free special payload
CVE-2024-41073 kernel: nvme: avoid double free special payload
In the Linux kernel, the following vulnerability has been resolved:
nvme: avoid double free special payload
The Linux kernel CVE team has assigned CVE-2024-41073 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024072909-CVE-2024-41073-1fb9@gregkh/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2301638]
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:6567 https://access.redhat.com/errata/RHSA-2024:6567
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2026:13578 https://access.redhat.com/errata/RHSA-2026:13578
---
This issue has been addressed in t
Bugzilla
CVE-2024-26629 kernel: nfsd: fix RELEASE_LOCKOWNER
bugzilla·2024-03-13·CVSS 5.5
CVE-2024-26629 [MEDIUM] CVE-2024-26629 kernel: nfsd: fix RELEASE_LOCKOWNER
CVE-2024-26629 kernel: nfsd: fix RELEASE_LOCKOWNER
In the Linux kernel, the following vulnerability has been resolved:
nfsd: fix RELEASE_LOCKOWNER
The Linux kernel CVE team has assigned CVE-2024-26629 to this issue.
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/[email protected]/T
Discussion:
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2269435]
---
This was fixed for Fedora with the 6.7.3 stable kernel updates.
---
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2024:6567 https://access.redhat.com/errata/RHSA-2024:6567
https://plugins.trac.wordpress.org/browser/ebook-store/trunk/fpdi/fpdi-protection-master/local-tests/simple.phphttps://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3138305%40ebook-store%2Ftrunk&old=3051174%40ebook-store%2Ftrunk&sfp_email=&sfph_mail=https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3138305%40ebook-store&new=3138305%40ebook-store&sfp_email=&sfph_mail=https://www.wordfence.com/threat-intel/vulnerabilities/id/ebe431a7-b552-4891-9784-c6a7353228da?source=cve
2024-08-02
Published