Lizhe

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.37 Description: The issue is related to the cpufreq component of the Linux kernel, where the exit() callback is optional and should not be called without checking a valid pointer first. Additionally, the freq table pointer must be cleared even if the exit() callback is not present. There is also a mention of a vulnerability in the ALSA component related to improper input validation in the snd timer start1() function, which could allow an attacker to cause a denial of service. Recommendations: To resolve the issue, update the Linux kernel to version 6.6.37 or later. As a temporary workaround, consider disabling the vulnerable cpufreq component until a patch is available. Restrict access to the ALSA component to minimize the risk of exploitation. Avoid using the vulnerable snd timer start1() function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** SourceCodester Air Cargo Management System version 1.0 **Description** A critical issue was found in the SourceCodester Air Cargo Management System. It affects an unknown function of the file admin/user/manage user.php, specifically the component GET Parameter Handler. The manipulation of the `id` argument leads to sql injection. This issue can be exploited remotely. **Recommendations** For SourceCodester Air Cargo Management System version 1.0, consider restricting access to the `manage user.php` file until a patch is available. As a temporary workaround, avoid using the `id` argument in the affected GET Parameter Handler to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.